Slashdot Mirror


User: TheLink

TheLink's activity in the archive.

Stories
0
Comments
12,789
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 12,789

  1. Re:Well in that case on Mozilla Debates Whether To Trust Chinese CA · · Score: 1

    See post #5 (and the other posts further down).

    > Ian Grigg 2005-03-15 12:14:26 PST
    > #4. I'd agree with that.
    > The critical change is when a new cert comes in signed by a *different* CA.

    It's all there.

    People could submit a different bug, but if anyone submits a vaguely related bug it would be marked as a duplicate of this bug.

    Just look at the various different bugs that are already marked as duplicates of this bug.

    The Mozilla team haven't done much from that bug report. 5 years later, they're debating about Chinese CAs. Doesn't solve the real problem. Not as if _ALL_ the other CAs are going to be better - because with the current system it just takes one CA.

  2. Re:When do people get this on 86% of Windows 7 PCs Maxing Out Memory · · Score: 5, Informative

    Yeah I don't know why they don't set up the counter by default.

    Anyway to set it up yourself:

    Start perfmon.msc
    Then add counters
    go to Memory, add "Pages Output/sec".

    I'm not an authority on virtual memory but from what I know:
    Page Faults/sec is not usually relevant for this - the virtual memory stuff will have page fault even if it's not swapping to/from disk - it's part of how virtual memory works.
    Page Inputs/sec could happen when you launch programs (then the O/S starts paging in the stuff it needs) - it's no indication of running out of memory.
    Page Output/sec on the other hand is when the O/S is low and needs to copy stuff in RAM and write it OUT to disk so that it can reuse that RAM for something else. This is the one you want to monitor.

  3. Available memory != Free memory on 86% of Windows 7 PCs Maxing Out Memory · · Score: 4, Interesting

    Yeah. I don't have low mem problems with Windows 7. There's stuff I don't like about Windows 7 but "memory hog" is not on the list.

    For work I'm using Windows 7 64 bit on a 4GB notebook PC with tons of windows open e.g. a few Explorer windows open, a few Excel "windows"[1], a few Word windows, one Visio doc, Notepad++, Google Chrome, Firefox, putty, Outlook (a resource hog), Communicator, MSN Messenger windows, a Virtual Box Linux vm machine, Microsoft Security Essentials (it's my work PC so it's supposed to have AV) and it typically says 1700 to 2000MB _available_ (depending on how many firefox tabs, how many word docs and virtual machines etc). But overall no mem problem.

    And guess which is using the most RAM? Not Virtual Box, not Word, outlook or Excel. It's Firefox with a 173MB working set and 142MB Private Working Set!

    Yes it only has 500MB free memory, but so what? The O/S says there's 1700MB available. And so far I haven't had much slowdowns due to low memory issues.

    To me the relevant metric for "low on memory" is "Pages Output/sec" (go launch perfmon.msc and add that counter). If that's a constant zero when you or the O/S switches from app to app, window to window, it means it's not swapping out. If it's not swapping out and not getting "out of memory" messages, it's not low in RAM no matter what some random "expert" thinks. And it's zero for me.

    The equivalent in Linux for that is the swap "so" column when you run vmstat 1 (or vmstat 2). Same thing there - stuck at zero = not swapping.

    I don't think my usage can be considered "light", as it is, what are those users running that's using up so much memory? Symantec or McAfee antivirus? ;).

    FWIW, my laptop is not running any of the "OEM crapware" - I did a clean install of Windows 7 months ago when I got the laptop.

    If that "expert CTO" can't even give an example of one memory hogging program (or show where Windows 7 itself is using so much memory that it's a problem), then it's likely he's full of crap.

    Lastly, it's true my taskbar looks messy with two rows of task buttons, but I don't see the advantage of closing and reopening documents or programs if I'm not running out of RAM yet. I close them if I really do not need them (e.g. the document is out of date and not used for comparison). Otherwise it's much faster to just click a button to show the desired doc, rather than have to reopen it again from scratch (uses less battery power too - except in the case of MS Word which seems to use CPU even when "idle" - haven't figured that one out yet).

    [1] By default Excel actually just has one window which changes to display the relevant document depending on which Excel taskbar button you click, whereas Word actually has separate windows for each doc.

  4. Re:Effective viewing angle? on No Glasses Needed For TI's New 3D Display · · Score: 1
  5. Re:Effective viewing angle? on No Glasses Needed For TI's New 3D Display · · Score: 1

    That's called having a decent dynamic range.

    In the real world the loudness difference between explosions and whispers can be way greater.

    What you might want is audio dynamic range compression or similar (limiters).

    http://en.wikipedia.org/wiki/Dynamic_range_compression

    You can find it in use in most music studios nowadays.

  6. Re:Well in that case on Mozilla Debates Whether To Trust Chinese CA · · Score: 1

    > You forget that any CA can sign for any web site.

    That attack won't work if Mozilla stopped the useless debates and just fixed their browser:

    https://bugzilla.mozilla.org/show_bug.cgi?id=286107

    That bug is already nearly FIVE years old.

    The concern of "same site, different CA" is overblown, warn and let the user approve the new CA for the site - if the user gets lots of "New CA" warnings for the same site the user SHOULD get suspicious and not do anything till the user gets out-of-band confirmation that stuff is actually OK.

    Users who don't want or can't handle such warnings should use the "Stop bothering me, I don't care that much about security" browser setting.

    It won't really matter - they can (and already do) get pwned in so many other ways.

    The thing is Mozilla doesn't really care about actual security, and neither do the CAs or most websites. They just care about the appearance of security. It's all about "pay us every year and your users won't get scary warnings".

    In case anyone thinks DNSSEC will help, DNSSEC will just allow people to collect more tolls/taxes without really improving security (it actually facilitates DoS attacks :) ).

  7. Re:Well in that case on Mozilla Debates Whether To Trust Chinese CA · · Score: 1

    > If the Chinese registry starts publishing bogus certs we can just blacklist them and it will all be a failed experiment in diplomacy.

    And how would you catch them? The few affected users won't notice.

    The real problem is the CA + browser stuff is broken as implemented.

    I don't think it's just me who has suggested stuff like this before but anyway here we go again:

    Browsers should remember certs and warn you if:
    1) The CA has changed (in normal mode)
    2) The cert has changed way before its expiry (in cautious mode).
    3) The cert has changed (in paranoid mode, or when the user has told the browser to "lock" the site's cert)

    It should also show you both the previous and new cert details so that you yourself can compare them.

    Instead with the current systems, it's just a way for CA's to collect a tax.

    It's little to do with security, it's about a way of making people pay so that their users don't get those pesky browser warnings.

    The way things are, self signed certs aren't really more risky - you'll get a warning if they change, your exposure is only at the first time you get the cert (or its renewed cert), and you can have some control over that. Whereas with CA signed certs, your exposure is ANYTIME - you won't get a warning if some evil/hacked CA is signing the new certs.

    Mozilla shouldn't even waste time debating this. They should just fix their browser.

  8. Re:It's on the internet on White House Press Secretary's Tweets Archived · · Score: 1

    If your organization has a legal department, it's not so silly to consult them over stuff like this.

    It's not something personal that's completely up to him. As he said: "What I write and what I tweet is archived ... because it is work product created as part of my job at the White House,"

    Once he's got that decision from "Legal" he can then tell "IT" to start taking measures to archive the stuff. Without that, "IT" might put his request on a lower priority - somewhere way below "fixing the cute intern's laptop".

  9. Re:linearity on PageRank-Type Algorithm From the 1940s Discovered · · Score: 1

    > The way to solve this problem better is for Google to get to know you and your preferences
    > if Google knows that you are mainly interested in academic sorts of things, then it can automatically return that sort of thing when you do a search for Brittany.

    What would be better is if you can choose an "Aspect" or "Point of View" or "Stereotype" for a search. After all I could be doing a search on behalf of someone else. Or I could be interested at different things at different times.

    So say I pick the "Thirsty Joe Sixpack" POV then type "beer", I should get a bunch of stuff about beer that's more related to what a thirsty beer drinker would want e.g. nearest places to buy beer, online beer ordering and delivery etc.

    Whereas if I select the "doing highschool homework" Aspect and type beer, I would probably get history of beer, making beer etc.

    Of course that's just a crude/bad example. I'm too lazy to think of better examples.

    Currently Google too often lists a lots of mailing lists for some of my searches (which would be fine but they don't have answers to the questions), and sometimes even "link spam" sites.

    Even worse is when Google lists pages in journals that I cannot read. Which is rather hypocritical of Google since they penalized BMW Germany for showing Google's spider bot different content from what the users will see.

  10. Re:zero risk on The 25 Most Dangerous Programming Errors · · Score: 2, Funny

    She's not a guy. As for her balls, she might have ripped them off the guy named Sue for all I know.

  11. Re:Slashdot doesn't recongnize this holiday! on Measuring the Speed of Light With Valentine's Day Chocolate · · Score: 1

    > While it may be conceivable to create a 'perfect' microwave with no standing wave nodes, it would be pointless.

    I see what you did there...

  12. Re:Why does race or gender matter? on Google, Apple Call Workers' Race & Gender Trade Secrets · · Score: 1

    I didn't say that there weren't any significant differences in any of the averages.

    I was saying that even if there weren't significant differences, the differences could still show up in the extremes.

    For example say a particular group had the tendency to a sort of mutation which increases intelligence if only one of the parents carries it, but makes the child a complete retard if both parents have it. Then while the average might be the same (or even lower) the upper bound might be higher.

    And I suggested that the extremes are often what counts in many cases.

    The average does count in other cases. For example, in democracies or democratic republics an increase in the average intelligence is likely to be important.

  13. Re:Anyone else on Supermodel Signs Petition To Save Porn Browsing Man's Job · · Score: 1

    > "created a hostile and/or intimidating working environment."

    OK I guess I'm weird but I find a working environment where you could get sacked or harmed just for looking at the "wrong pictures" more hostile and intimidating than one where you might happen to be exposed to the "wrong pictures"- assuming it's not intentionally[1].

    [1] If someone keeps emailing "wrong pictures" to me, or leaving them on my table even though I tell them to stop then that's harassment.

    Otherwise as long as they can do their jobs and don't make so much noise (makes it hard to concentrate), I don't care.

    I personally think people shouldn't go nuts just because they people are looking at "wrong pictures". Then we'd have a safer world to live in.

    If we think playing violent video games isn't going to negatively affect adults that much (and some studies show it doesn't) then why would looking at "wrong pictures" cause so much problems?

  14. Re:we MUST hide (and protect) our african american on Google, Apple Call Workers' Race & Gender Trade Secrets · · Score: 1

    I wonder how many "white" Afrikaner South Africans in the USA have registered themselves as African American ;). Some of them might be able to trace their line in Africa back to the 1600s.

  15. Re:Why does race or gender matter? on Google, Apple Call Workers' Race & Gender Trade Secrets · · Score: 1, Interesting

    The differences in human breeds can show up at the extremes, even if they don't show up significantly for the averages. And for many purposes it's the extremes that count and not the averages.

    For example:

    Even though the average "white" guy is not very much slower than the average "black" guy, in the 100 metre sprint world records, it's the fastest members that count, not the average or the slowest. There are very few sprinters not of West African lineage (and nonmale) that have run 100 metre races in less than 10 seconds.

    Similarly nobody remembers the 100th person who proved E=MC^2. The Ashkenazi Jews have disproportionately more top scientists. Even if they have higher incidences of genetic disorders it doesn't matter for the "top scientists" criteria.

    Why do I use the term breed instead of race? There are certainly breeds of humans even though they may not be as distinct as those for dogs. Race on the other hand would typically group diverse African breeds together (e.g. the Mbuti with the Zulus). Which is like grouping a chihuahua with a greyhound if they have the same colour fur, or came from the same country. It's actually correct for some cases but ridiculous in other cases.

    Race tends to be more ambiguous, political, cultural and contextual. You have situations like the UK people using "Asian" to mean the South Asians (Indians, Pakistanis, Bangladeshis etc), whereas the US people would tend to use "Asian" to mean the East Asians. The US at some point even had some strange category called "Asian or Pacific Islander" ;).

  16. Re:How come I can't install RealPlayer on Ubuntu? on Ask Matt Asay About Ubuntu and Canonical · · Score: 1

    It's far easier for most users to use Windows 7 or XP than figure out that they could have used alt to move the window around in "Linux" till they can click the desired button.

    FWIW, Windows should have something like that alt stuff, but for the Linux GUI developers to design their stuff to REQUIRE its use for 640x480 resolutions is just further evidence of how clueless they are.

    I do use Linux, but not for my desktop. I did use Linux for my work desktop before, but they need to do a lot better than wobbly windows for me to consider them seriously. Just because lots of stuff moves around fancily on the screen(s) doesn't mean that it is making working more efficient or easier.

  17. Re:Late to the party? on Cellulosic Biofuel Finally Ready For the Road · · Score: 2, Interesting

    > That's just the way markets are. Speculation is part of an efficient market.

    Yes. But it stops being so efficient when the costs of speculation get really high.

    I think the costs have got too high already and perhaps there should be a bailout tax on speculators and their friends so that they can at least pay their share - the tax money goes solely to a fund for bailing out financial disasters resulting from speculation (and "legal financial fraud" e.g. packaging of crap as "AAA" grade).

  18. Re:Have you tested the UPS lately? on UPS Setup For a Small/Mid-Size Company? · · Score: 1

    Wrong. If you want to be pedantic, you can throw the chute plus a suitable weighted "dummy" and timed release out of the plane. Or test it in many other ways that don't involve jumping out of planes.

    Once you have tested your chute packing techniques/methods and chute equipment, and chutes to the desired level, you can then use the same packing techniques and same spec equipment for your main and backup chutes.

    While you will never be 100% sure your particular chute rig will work for you in a future emergency, once you test it to that level, it is far more likely that something else will hurt/kill you than both chutes failing.

    It will be a lot more expensive in terms of time and resources, but for really mission critical stuff it can be worth it.

    Probably not worth it for recreational skydiving (except maybe for the emergency/backup chutes).

  19. Re:I don't think he understands the argument on Are All Bugs Shallow? Questioning Linus's Law · · Score: 1

    > "Linus' law" does not assumed that each eyeball is a bug fixer
    > This is not about how many software engineers you have reviewing your code. It's about how your end users can interact with the software engineers.

    > It's about how your end users can interact with the software engineers.

    The original claim is still "many eyes". If that claim and what you say is true then if Microsoft has similar "interaction" they should do better than Linux without going "OSS" since Windows has way more users than Linux.

    But the fact is getting 2000 bug reports per actual bug on average isn't always better than getting 1 bug report per actual bug on average.

    To me it's not about quantity (whether users or developers). It's about quality. You can just look at the OSS world for examples. Some open source software are pretty crap and buggy (even though they have lots of users and a fair number of developers). And some are rock solid. If you have one good bug finder and one good developer, the end product could be far better than if you ahd 1 million "I didn't change anything" users and a programmer with decent ideas but just barely able to write stuff.

    And when it comes to security problems, most users will NEVER find the bugs within the lifetime of the product. It takes a skilled eye to find those bugs. There aren't that many skilled eyes, and they might be busy looking at other areas/products. So finding and getting such bugs fixed before they get exploited is more a matter of how many skilled eyes you have on your side instead of against you.

  20. Re:Ah, well, that lets Microsoft off the hook then on Rootkit May Be Behind Windows Blue Screen · · Score: 1

    Go post that reply to those posts then.

    I don't blame the user, because:

    1) Trying to figure out whether something is safe to run (without the source code and the full inputs) is harder than solving the halting problem.
    2) Only allowing the user to run Vendor Approved software is overly and unnecessarily restrictive.

    As such I have proposed to the O/S makers to do something like the following:

    https://bugs.launchpad.net/ubuntu/+bug/156693

    Basically a program will have to declare upfront the limits of what it will be able to do (based on a set of templates). And then if the user approves, the O/S will then restrict the program to those limits.

    Right now the Vista/Windows 7 UAC stuff is useless. So what if a program is signed or unsigned, it means little even to someone technically inclined- you still have no idea what the program will really do whether it's signed or not.

    So I do partly blame the operating system bunch (Linux, Windows, Mac, etc) for still being stuck in the 1960s when it comes to security. After 50 years and how many billions of dollars of "R&D", and we're still stuck with primitive security systems, where if someone runs say a "tetris clone" their documents and private data end up at risk.

    But most of the blame still goes to the people unleashing the malware on the users.

  21. Re:Gaming? on Toshiba Developing High-Density 1TB SSD · · Score: 3, Insightful

    The latest bleeding-edge SSDs aren't that reliable either. Intel has had pretty bad bugs with their SSDs.

    Most SSD manufacturers do a fair number of tricks to maintain high performance while doing wear-leveling.

    The technology hasn't got to the "boring ho-hum" stage yet.

  22. Re:what's this whole do no evil thing? on Overzealous Enforcement Means Even Legit Music Blogs Deleted · · Score: 1

    But when it gets to court, there is no perjury at all, because the copyright holder is a huge company, with one department saying "Hey it's OK to distribute it" to the blogger, and another department saying to an external company: "issue take down notices on our behalf".

    If you penalize the company for their apparent screw up, they might take the easy way out and say "from now on it's not OK".

    It's great to be a company in USA.

  23. Re:Customer of Size? on Southwest Declares Kevin Smith Too Fat To Fly · · Score: 1

    > At work they had a big article about "differently abled persons" recently. I just don't get it? How is it derogatory to call somebody disabled?

    Since I'm in the "IT line" the term disabled seems far more negative than handicapped.

  24. Re:Ah, well, that lets Microsoft off the hook then on Rootkit May Be Behind Windows Blue Screen · · Score: 1

    Who's blaming the user?

    It's not just Microsoft and the user in the world.

  25. Re:Not accurate on Father of the Frisbee Dies At 90 · · Score: 1

    If your spear does not fly back at you, it is considered a feature, not a flaw.