I'm quite certain that Apple made a good decision when the Mac had a teeny tiny black and white screen and every pixel of vertical space was precious and when people were essentially single tasking most of the time. And even when Finder let people multitask, apps jumped to the front in an all or nothing way so it was very clear which one had focus. Delegating the menu to the OS made sense in that context.
It doesn't mean it applies as screen sizes increase, or where users may use two apps side by side, or even two instances of the same app side by side that a global menu makes sense. Because it doesn't. It's a pain in the arse quite frankly.
Global menus are fine on low resolution, space constrained screens. For example a netbook might such low resolution that a user appreciates combining the system bar, the app frame and the app menu all into one strip instead of 3. And the chances are on that size of screen that I probably have one app open and maximized the whole time more often than not.
But the bigger the screen, the stupider a global menu becomes. Users more likely have more than one app open at a time, and they're more likely to be unmaximized - either stacked, tiled or some other arrangement. It's a pain to have to activate an app to see its menu. It's a pain to then haul the mouse to the top to navigate it's menu. I bet if someone ran a mousemeter comparing the two systems that the global menu would involve way more travel.
Therefore, there should be an option to control this behaviour. It should have been there from the beginning in fact. The same goes for those ridiculous elevator style scrollbars in Ubuntu. They're great for saving space when you need to save space but boy are they unintuitive and fiddly. If someone has a hi resolution screen the scrollbars should always be visible and easy to locate.
Step 1: Announce you are queuing up for an iPhone 6, offering no more evidence than a few photos of yourself dressed up in some pathetic attention grabbing costume. Step 2: Watch as the story is used as filler for lazy news outlets who can't be bothered to find real news to report on.
Not in my back yard. You can always count on people to pull excuses out of their asses why public infrastructure projects should go somewhere else just so long as it doesn't go through their area. In the case of power lines, all the usual excuses are pulled out - it affects health (no it doesn't), it affects property prices (it might, it might not and compensation might be offered in some cases), it should be buried underground (not always practical and vastly more expensive). And so on.
Ireland is suffering a similar public campaign for an interconnector meant to supply power to the West of Ireland more attractive to business by ensuring adequate power provision. You'd think people in the region would be happy about that since it would mean tens of thousands of jobs but a relatively small number of people affected by the route and politicians scared by the outcry have put the entire project on hold.
It was corporate suicide for Nokia to go with Windows Phone. Maybe Microsoft waved a large wad of money under their noses. Maybe Elop's intention all along was to drive the corp into the ground and clean up from its sale. Whatever happened, they really fucked up big time with their choice.
None of the ATM machines I've used there has offered to let me change my PIN on my current debit card.
No, because as you say you don't hold an account with the bank.
The thief would have the card and the PIN, and the owner would be notified by the bank when the account went negative. I.e., if you don't have your card, you aren't putting it into an ATM machine to be asked for your PIN which you would then find out has been changed, right? The thief would have to change it because he doesn't know the current one and thus cannot use the card. That's the whole point of the PIN isn't it?
I was referring to a cloned card. If someone cloned the card then by changing the pin they are just drawing attention to their theft and increasing the chance that the card will be cancelled before the funds can be drained. e.g. if the real owner used a machine and their card was swallowed, they'd contact the bank and complain.
And if the criminal outright stole the real card and had the pin, then changing the pin is pointless too since they have the card in their possession so why bother?
I suppose there are situations where it might benefit a thief if the pin was shared between cards, but the flip side is someone who cannot change the pin of their cards would be more likely to write down each number and put them in their wallet.
Then you haven't been to Europe where if someone inserts their card into their bank's machine they CAN change it. And it works like any website - supply the old PIN and an option appears allowing them to change it. I don't see how this increases risk since if a thief can access an account with an old PIN then it would be pretty stupid for them to alert the real owner to their presence by changing it to something else.
Who says a browser has to show a padlock for an unsigned cert? It could be presented the same as plain http but if someone was interested then clicking on the site icon might drop down a box with a simple checklist which says the link was encrypted, the fingerprint was validated with EFF (if SSL observatory is enabled) but it does NOT authenticate the other end OR guarantee protection from man in the middle attacks. A signed cert might show more info, e.g. trust based on the distance to an ultimately trusted signatory. Browsers could also cache fingerprints and trust and alert users if certs change, e.g. fingerprint changes, or signatories disappear.
There would still be an incentive for sites which need it to obtain signatures (which includes CAs) but it shouldn't be required for basic security. And yes it is a hassle, otherwise the majority of sites would implement https. Browser makers have it in their power to set a timeline to sunset plain text and implement a new protocol.
Those schemes are quite prevalent in Europe even if they are not in the US. I assume that vendors implement them at the insistence of credit card systems, or to benefit from a better rate.
It's not an order of magnitude less secure because RFID encompasses various kinds of active and passive technologies and therefore it's easy to envisage a card which was issued a challenge and in conjunction with the PIN returned a unique response. A card cloner wouldn't even bother to rip off such a card in such a manner. It would be easier to skim cards the old fashioned way for as long as they had a magnetic stripe on them.
Besides which, most PIN numbers can be changed. At least they can where I live. So you get a random PIN, walk over to a cash machine and change it to a more memorable one. Really difficult.
It is a valid reason. It's a hassle to get a CA to bestow their worthless signature on a cert and to do this year in and year out just to make some silly browser warning go away. And doing this every year forever after. Even if a CA was a well known name and boiled signing down to dragging and dropping a cert onto a box to receive a signature it would still be too onerous.
Why can't Apache just generate a cert when it installs and sites can go off and use that? Ah you might say, it doesn't protect against man-in-the-middle attacks. But it's still better than plain text and it's still sufficient for many sites that want crypto to be on by default. And browsers could store the fingerprint of the cert if they wished and add-ons like HTTPS Everywhere could collate these fingerprints to look for attacks (they already implement this in something called the SSL observatory).
AND it wouldn't stop certs being signed if users wished. For some people, a CA may still be a meaningless signatory and it has its own security problems. Why can't the likes of Google, Amazon, Microsoft hold a key signing party? Would you trust Amazon's signature more if it was signed by Google? I would. And it would be hard to forge certs because there could be multiple signatories and each signatory could have their own. That's a web of trust and scales.
CAs can still be signatories in a web of trust but the existing model where certs MUST have a single CA signature is broken.
I think this is one add-on that Mozilla should incorporate, or at least heavily promote to encourage people to use it.
And develop a long term strategy to put crypto in all comms - e.g. use response headers from servers to push requests over to https where they are supported. Better yet produce an https+ which allows sites to use unsigned keys, CA signed keys, or even web of trust signed keys and present that info to the user in a meaningful way. Get rid of the CA tax and there would be far less reason for sites to use plain http any more.
Perhaps you should actually read the definition rather than regurgitate it. People were working on it.
Er what? I know what moribund means and I used it without expecting someone to start nitpicking. The definition is there. It applies.
Oh my bad. You see, when you said: " So in a sense we should thank Hurd for being so badly mismanaged, mired in politics", I thought you meant that the Hurd was being mismanaged and mired in politics. Looking back at your post it seems obvious now and I can't imagine how I misunderstood you.
Ah yes, it was my fault that you misinterpreted what I said. I see now. It's so obvious.
The value of the US dollar doesn't crash in the space of hours to a fraction of its previous values because of extreme volatility caused by borderline legality, broken exchanges, mass thefts, and flighty investors who panic as every blow lands. So I expect people who use US dollars or other currencies sleep pretty well at night all things considered.
Clearly it was. Linus was itching to produce a kernel that ran on his 386 hardware but was more Unix-like than Minix. And Hurd wasn't scratching that itch. It seems it didn't scratch anybody's itch for that matter.
I'm not sure what your point is or if "morbiund" is even right. The Hurd was only started a year before Linux.
The 3rd definition of moribund on dictionary.com is what I meant - not progressing or advancing; stagnant. Of course perhaps my frame of reference was too short. Maybe I should have measured progress across decades.
Do you have any citiaions that the hurd was mired in politics and mismanagement in late 1990/early 1991, before Linux was released?
I didn't say it was. Linux didn't become better and more useful the instant that 0.01 came out. But it was the utter lack of progress with Hurd which meant Linux gained critical mass. Hurd couldn't even bootstrap until mid-1994 and a dist only crawled out into the light of day in 1997. It was too late by then.
But Linux *didn't* exist when Hurd was started. It was the moribund state of development 23 years ago which motivated Linus to write his own kernel. So in a sense we should thank Hurd for being so badly mismanaged, mired in politics and kernel correctness that it drove someone to produce something better and more useful. Pragmatism won the day.
I think you'll be waiting a very long time. Look how long it took for Wine to get to 1.0 and even that is still hit and miss. And Reactos is Wine cobbled together with a bunch of other Win32 / NT replacement parts so its problems are multiplied. And almost certainly it will never implement.NET, or Internet Explorer. The best it can hope for is it can fool the genuine MS components to run over the faux Windows.
Anyway, perhaps the best use of Reactos will be found in server farms and VMs. Not for enterprise apps but for cloud gaming, app hosting, automated testing where 100% uptime is not a big deal but the expense of licensing a genuine MS operating system might well be.
I would think that would be obvious if Panasonic were thinking it through. It would deliver an app to their store with less bugs, more functionality and in a shorter time. Making people write it from scratch isn't going to do them or devs any favours.
Slashdot Mirror
It doesn't mean it applies as screen sizes increase, or where users may use two apps side by side, or even two instances of the same app side by side that a global menu makes sense. Because it doesn't. It's a pain in the arse quite frankly.
But the bigger the screen, the stupider a global menu becomes. Users more likely have more than one app open at a time, and they're more likely to be unmaximized - either stacked, tiled or some other arrangement. It's a pain to have to activate an app to see its menu. It's a pain to then haul the mouse to the top to navigate it's menu. I bet if someone ran a mousemeter comparing the two systems that the global menu would involve way more travel.
Therefore, there should be an option to control this behaviour. It should have been there from the beginning in fact. The same goes for those ridiculous elevator style scrollbars in Ubuntu. They're great for saving space when you need to save space but boy are they unintuitive and fiddly. If someone has a hi resolution screen the scrollbars should always be visible and easy to locate.
You don't have to redefine the average. If people lower their consumption then the average drops by itself.
This sounds like the suckiest pub in the world.
Thank goodness there is absolutely no way known to science or man of disabling a small LED.
Don't buy Google Glass. It's inherently creepy and rude, at least within a social setting.
Step 1: Announce you are queuing up for an iPhone 6, offering no more evidence than a few photos of yourself dressed up in some pathetic attention grabbing costume. Step 2: Watch as the story is used as filler for lazy news outlets who can't be bothered to find real news to report on.
Ireland is suffering a similar public campaign for an interconnector meant to supply power to the West of Ireland more attractive to business by ensuring adequate power provision. You'd think people in the region would be happy about that since it would mean tens of thousands of jobs but a relatively small number of people affected by the route and politicians scared by the outcry have put the entire project on hold.
It was corporate suicide for Nokia to go with Windows Phone. Maybe Microsoft waved a large wad of money under their noses. Maybe Elop's intention all along was to drive the corp into the ground and clean up from its sale. Whatever happened, they really fucked up big time with their choice.
None of the ATM machines I've used there has offered to let me change my PIN on my current debit card.
No, because as you say you don't hold an account with the bank.
The thief would have the card and the PIN, and the owner would be notified by the bank when the account went negative. I.e., if you don't have your card, you aren't putting it into an ATM machine to be asked for your PIN which you would then find out has been changed, right? The thief would have to change it because he doesn't know the current one and thus cannot use the card. That's the whole point of the PIN isn't it?
I was referring to a cloned card. If someone cloned the card then by changing the pin they are just drawing attention to their theft and increasing the chance that the card will be cancelled before the funds can be drained. e.g. if the real owner used a machine and their card was swallowed, they'd contact the bank and complain.
And if the criminal outright stole the real card and had the pin, then changing the pin is pointless too since they have the card in their possession so why bother?
I suppose there are situations where it might benefit a thief if the pin was shared between cards, but the flip side is someone who cannot change the pin of their cards would be more likely to write down each number and put them in their wallet.
Then you haven't been to Europe where if someone inserts their card into their bank's machine they CAN change it. And it works like any website - supply the old PIN and an option appears allowing them to change it. I don't see how this increases risk since if a thief can access an account with an old PIN then it would be pretty stupid for them to alert the real owner to their presence by changing it to something else.
There would still be an incentive for sites which need it to obtain signatures (which includes CAs) but it shouldn't be required for basic security. And yes it is a hassle, otherwise the majority of sites would implement https. Browser makers have it in their power to set a timeline to sunset plain text and implement a new protocol.
Those schemes are quite prevalent in Europe even if they are not in the US. I assume that vendors implement them at the insistence of credit card systems, or to benefit from a better rate.
It's not an order of magnitude less secure because RFID encompasses various kinds of active and passive technologies and therefore it's easy to envisage a card which was issued a challenge and in conjunction with the PIN returned a unique response. A card cloner wouldn't even bother to rip off such a card in such a manner. It would be easier to skim cards the old fashioned way for as long as they had a magnetic stripe on them.
The same as it does before. You give a number and the CCV. You don't give the PIN.
Besides which, most PIN numbers can be changed. At least they can where I live. So you get a random PIN, walk over to a cash machine and change it to a more memorable one. Really difficult.
Why can't Apache just generate a cert when it installs and sites can go off and use that? Ah you might say, it doesn't protect against man-in-the-middle attacks. But it's still better than plain text and it's still sufficient for many sites that want crypto to be on by default. And browsers could store the fingerprint of the cert if they wished and add-ons like HTTPS Everywhere could collate these fingerprints to look for attacks (they already implement this in something called the SSL observatory).
AND it wouldn't stop certs being signed if users wished. For some people, a CA may still be a meaningless signatory and it has its own security problems. Why can't the likes of Google, Amazon, Microsoft hold a key signing party? Would you trust Amazon's signature more if it was signed by Google? I would. And it would be hard to forge certs because there could be multiple signatories and each signatory could have their own. That's a web of trust and scales.
CAs can still be signatories in a web of trust but the existing model where certs MUST have a single CA signature is broken.
And develop a long term strategy to put crypto in all comms - e.g. use response headers from servers to push requests over to https where they are supported. Better yet produce an https+ which allows sites to use unsigned keys, CA signed keys, or even web of trust signed keys and present that info to the user in a meaningful way. Get rid of the CA tax and there would be far less reason for sites to use plain http any more.
Perhaps you should actually read the definition rather than regurgitate it. People were working on it.
Er what? I know what moribund means and I used it without expecting someone to start nitpicking. The definition is there. It applies.
Oh my bad. You see, when you said: " So in a sense we should thank Hurd for being so badly mismanaged, mired in politics", I thought you meant that the Hurd was being mismanaged and mired in politics. Looking back at your post it seems obvious now and I can't imagine how I misunderstood you.
Ah yes, it was my fault that you misinterpreted what I said. I see now. It's so obvious.
The value of the US dollar doesn't crash in the space of hours to a fraction of its previous values because of extreme volatility caused by borderline legality, broken exchanges, mass thefts, and flighty investors who panic as every blow lands. So I expect people who use US dollars or other currencies sleep pretty well at night all things considered.
Clearly it was. Linus was itching to produce a kernel that ran on his 386 hardware but was more Unix-like than Minix. And Hurd wasn't scratching that itch. It seems it didn't scratch anybody's itch for that matter.
I'm not sure what your point is or if "morbiund" is even right. The Hurd was only started a year before Linux.
The 3rd definition of moribund on dictionary.com is what I meant - not progressing or advancing; stagnant. Of course perhaps my frame of reference was too short. Maybe I should have measured progress across decades.
Do you have any citiaions that the hurd was mired in politics and mismanagement in late 1990/early 1991, before Linux was released?
I didn't say it was. Linux didn't become better and more useful the instant that 0.01 came out. But it was the utter lack of progress with Hurd which meant Linux gained critical mass. Hurd couldn't even bootstrap until mid-1994 and a dist only crawled out into the light of day in 1997. It was too late by then.
But Linux *didn't* exist when Hurd was started. It was the moribund state of development 23 years ago which motivated Linus to write his own kernel. So in a sense we should thank Hurd for being so badly mismanaged, mired in politics and kernel correctness that it drove someone to produce something better and more useful. Pragmatism won the day.
Anyway, perhaps the best use of Reactos will be found in server farms and VMs. Not for enterprise apps but for cloud gaming, app hosting, automated testing where 100% uptime is not a big deal but the expense of licensing a genuine MS operating system might well be.
I would think that would be obvious if Panasonic were thinking it through. It would deliver an app to their store with less bugs, more functionality and in a shorter time. Making people write it from scratch isn't going to do them or devs any favours.