"the same high-level source code can be executed either client-side on the browser, or server-side, or even both, depending on the requirements"
Careful when you blur the lines.
The gains might not be as much, because there's a very big difference between running your code on an untrusted client vs running your code on your server.
It may be rather hard to enforce the integrity and security checks at server side when you start to do more and more stuff on the client.
If the server has to counter check each step, then you still get that round trip latency effect. If you do most of the stuff client side that could mean the server has to figure out what are valid _end_ states from tons of possible intermediate states. Sometimes that might not be possible.
It's not a problem for things like google maps, if you modify their client side javascript to behave differently it's not a big issue.
I hear many of the smart ones in the US schools are unhappy in the playground and sometimes even in class too.
There's a lot more "outside" than "inside", so maybe we should euthanize the smart ones;).
I sure see lots of stupid people around here (including me), we're lucky that nobody is going around euthanizing us just because we don't meet some arbitrary standard.
Seriously, in the long run the odds appear to be => we are all dead. Even if we somehow make it out of this solar system to another viable one, we're likely to be still doomed in the long run.
But I bet we're going to try anyway.
Why? Because the creatures that went "It's too hard, dying is easier" on the first sign of trouble, died out billions of years ago.
Happy? Usually unless badly mistreated. Stupid? Yes. Short lifespan? Yes. Health complications? Yes for many breeds. Requires lots of care and attention? Typically.
If you're stupid enough, you might not even know what's the big deal about being stupid.
What really would be sad would be something like in the story "Flowers for Algernon", but that already kind of happens to people with Alzheimers or age onset dementia.
Lastly, if Bush really does get away with what he has done then he's smarter than most of the US citizens.
In fact if the assumption is the pace of technology and speed of distribution + communication have increased dramatically over the years, the monopoly lengths should actually _decrease_, for the same amount of "encouragement of innovation/creation".
But "strangely" enough they have been increasing instead.
"You don't need the CAs, once applications are rewritten to grab keys from the DNS instead."
1) Why would they rewrite browsers to do that? They're not even rewriting browsers to allow the option of making things more secure.
2) Could you trust Verisign to sign the real free-dns.com key AND only the real free-dns.com key? http://www.microsoft.com/technet/security/bulletin/MS01-017.mspx http://slashdot.org/article.pl?no_d2=1&sid=08/01/08/1920215 http://yro.slashdot.org/article.pl?sid=04/02/26/235256&tid=123
2.1) Will free-dns sign any key for jonaskoelker.free-dns.com from anyone claiming to be Jonas Koelker? How do they know it's the right Jonas?
Sorry, I still don't see how you get better (or actual) security with that scheme.
They may know in one way that fish has a head and tail and are living creatures that swim in the waters. And they may know in another way that fish is a tasty dish when battered and fried.
But a fair number do not want to see that head when they are eating that fish.
This seems more common in the Anglo Saxon cultures.
In contrast the more traditional chinese want the fish whole - since they eat the cheek of the fish (and sometimes the eyes).
Similar thing - some people would not eat a chicken if it is presented to them with the head intact. They may know that chickens generally have heads, but they don't want their roast chicken to have a head.
Some people may be unwilling to eat the "independent parts", but willing to eat it in a sausage or pie or burger.
Speaking of milk. I heard that they use some device to suck milk from the cow's udders. And sometimes that device gets loose and falls onto the floor. And if you know cows, let's just say the floor is unlikely to be extremely sanitary;)... They do filter the milk of course.
If they ever start introducing high fibre milk, you might wish to do some research on it first;).
Actually eating more types of animals and more parts of the animal is a good thing. It spreads the damage. And in some parts of the world, you can't grow human edible crops there, but some other vegetation can grow, so you need an animal to eat the vegetation first, then you eat the animal. The more edible parts of the animal you are willing to eat, the less vegetation is wasted.
PETA think that eating animals = wrong, but there's plenty of scientific research that humans do much better if their diet includes fish.
To me the big problem is bycatch (google it). Imagine so many fishing boats throwing away 80% of their catch away _dead_, just because they are the "wrong" creatures. A prawn boat throws away sardines because they aren't prawns, and a sardine boat throws away prawns because they aren't sardines.
I regard that as terribly immoral and unethical. If it were up to me I'd make that illegal.
Killing and throwing away 80% of an animal, even though that 80% is edible is similar but not as bad for farmed animals, since the buyer will have to pay $$$ for the whole animal (so it's in their interest to use more of it). Doesn't work for stuff like fishing.
Uh it's just a way for CAs to make money _twice_ (or more times).
You'll still need CAs.
How does DNSSEC stop the browser from giving Joe User a warning box that the https cert is not signed by a recognized CA?
That's the only real reason why you pay CAs to sign your certs - to stop Joe User from being bothered it.
That CA signing bullshit is little to do with security. Because the last I checked:
1) nobody really goes through all the CAs bundled with their browser and says: "Yes I trust this CA, no I don't so I'll delete this". There are tons, do you know who they are and how trustworthy they really are? Do you really care? No all you care is that you don't get that warning. 2) Verisign has proven that they voluntarily do dubious stuff and they've even misissued Microsoft certs (go look under Untrusted Publishers in IE's list of certs;) ), and yet people _will_ leave the Verisign root certs in - because all you care is you don't that get warning. 3) Do browser makers actually remove CAs who don't comply to some standard? Do they even have some meaningful standard in terms of security? 4) AFAIK browsers don't warn you if the a valid cert changes to a different valid cert (even if it is signed by a different CA).
As you can see, they're not really safer than self-signed certs. To me browsers should do that SSH thing and warn you if the cert has changed (whether it's self-signed or CA signed).
In that light, forgive me if I'm not convinced that DNSSEC is really going to make things more secure:).
It'll just be more of the same. One more way for Verisign and gang to make money for making people feel safe.
Yep living longer is good, just _lasting_ longer is pointless.
Well my philosophy is if your body has made it to 50 on whatever you're doing with no major ill effects ( stuff like cholesterol a bit on the high side doesn't really count, whereas needing a bypass or having angina does count), then maybe changing is not such a good idea unless you actually like the change:).
I figure if some old lady has made it to 80 while smoking and drinking lots of coffee (coffee is good for health if you can tolerate it), you'd probably kill her if you made her stop. Or it takes a fair bit of joy out of her life.
But if you're already getting heart problems when you're 40ish, I figure it is a bit too soon to go yet, and there's probably plenty more stuff you'd want to do other than eat twinkies or whatever it is that's giving you health problems.
I personally like fish (salmon mmmm:p ), so it's not a minus to me to eat more fish.
OK they claim they're smuggling cellphones into prisons somehow (heh I wonder if they put them in vibrate mode;) ).
To me the big problem really is that if they can smuggle in stuff the size of a cellphone they can smuggle in lots of other more dangerous stuff.
I don't get why are cellphones themselves a problem, and why the solution is jamming them. After all:
1) If you're actually going to use the cellphones to communicate wirelessly (rather than use them to play games or other stuff), they will emit a very detectable signal.
So it's trivial to find them if they're on.
2) It's a prison, if prisoners are not allowed cellphones, guards can probably walk in at any time, and confiscate them after detecting them by whatever means. And the culprits involved get the usual punishment stuff.
3) The prison could put their own cell stations and listen in. For typical GSM stuff, while the comms between the phone and the base stations are encrypted (albeit intentionally weakened crypto), the comms from the base station to the rest of the network is in plaintext. No really expensive fancy stuff needed.
Slashdotters (and other people) should be learning to not just click on any link they see.
There are far worse things that could happen than getting a youtube video...
My sig actually used to go to a slashdot logout link - which made more sense since if people click on it they'll be posting at a lower comment threshold:).
But I eventually changed it to something I figured would be more neutral - it was amazing so many people kept clicking on it.
If companies can beat the other companies even though they stick to standard free software, that's a good thing. Why waste money on paying programmers?
As long as companies have nonstandard needs, there will be jobs for programmers.
But my bet is lots of bosses will want something different:).
CEO to staff: "Yes we make widget type X just like our competitor, but we are different!"
CEO thinking silently: if we weren't that different the shareholders/owners would approve a merger - then we give golden handshakes to the CxOs that leave, and the CxOs that stay get bonuses for sacking redundant people.
Actually it may be a good thing _overall_ if the people who aren't good at designing bridges get discouraged from trying to design new bridges, or get put out of business if they are already doing crappy bridges.
To me that's more of a benefit than a problem;). A raising of standards.
A lot of OSS software out there isn't that good (much of it is just tolerable), so if your Closed Source stuff is worse than free/Free stuff, maybe the world would be better off if you were doing something else instead.
Audacity has its problems. OpenOffice still sucked the last time I checked (haven't checked the latest though).
And it's been the year of "Desktop Linux" for how many years;).
In contrast look at how long Mac OSX took to overtake "Desktop Linux" in market share.
If Desktop Linux discourages "yet another crappy closed source O/S" from being made, it's worth it even if the Desktop Linux market share remains abysmal. If you want to make a new closed source O/S, you better know what you are doing. If you don't, please do something else.
I doubt we really need a new closed source OS that's worse than Desktop Linux. Nor do we need a new closed source audio tool that's worse than Audacity.
Do we want to have to keep paying big bucks for something that's only a bit better than OSS software? I doubt it.
My advice - take regular brisk walks and eat enough fish (but avoid high mercury fish) every week.
Lastly you're going to lose _everything_ anyway.
So calculate the number of weekends left till the typical life expectancy where you are. Get a program to remind you how many weekends you have left till that age, or figure some other reliable way of doing it.
You may find that this helps improve your concentration. At least on things that are important.
I haven't done it yet, maybe that's why I'm posting on Slashdot;).
While they may improve some bits it could continue to be significantly crap (and crappier than other stuff) and still get lots of new users if there are network effects.
High chance is some kids were looking at porn sites using the school computer(s). Or even drawing naughty pics with a paint program and giggling.
All while the teachers can barely figure out how to run the Educational Programs. Bonus points if the teacher is capable of email.
Seriously, kids get scarred by porn popups?
Back when I was a 7 year old kid I wouldn't have got scarred by porn popups.
Higher chance that I would have got scarred if my teacher was sent to jail just because of some stupid popups. Someone in the class/school would have found out what really happened to the teacher, and then everyone would know.
Just imagine the nightmares kids would get, when they learn that having something pop up on your screen could cause you to be locked up in prison for 40 years.
The kids will be thinking what a terrible and wicked world they are living in.
While they would be right, don't the parents want their children be shielded from certain truths till they are much older?
"the same high-level source code can be executed either client-side on the browser, or server-side, or even both, depending on the requirements"
Careful when you blur the lines.
The gains might not be as much, because there's a very big difference between running your code on an untrusted client vs running your code on your server.
It may be rather hard to enforce the integrity and security checks at server side when you start to do more and more stuff on the client.
If the server has to counter check each step, then you still get that round trip latency effect. If you do most of the stuff client side that could mean the server has to figure out what are valid _end_ states from tons of possible intermediate states. Sometimes that might not be possible.
It's not a problem for things like google maps, if you modify their client side javascript to behave differently it's not a big issue.
I read it as 1:40 with target of 1:30.
Where 40 times = lent out 40 for every 1, under US GAAP.
But I'm not an accountant or banker.
I hear many of the smart ones in the US schools are unhappy in the playground and sometimes even in class too.
;).
There's a lot more "outside" than "inside", so maybe we should euthanize the smart ones
I sure see lots of stupid people around here (including me), we're lucky that nobody is going around euthanizing us just because we don't meet some arbitrary standard.
Seriously, in the long run the odds appear to be => we are all dead. Even if we somehow make it out of this solar system to another viable one, we're likely to be still doomed in the long run.
But I bet we're going to try anyway.
Why? Because the creatures that went "It's too hard, dying is easier" on the first sign of trouble, died out billions of years ago.
Pet dog:
Happy? Usually unless badly mistreated.
Stupid? Yes.
Short lifespan? Yes.
Health complications? Yes for many breeds.
Requires lots of care and attention? Typically.
If you're stupid enough, you might not even know what's the big deal about being stupid.
What really would be sad would be something like in the story "Flowers for Algernon", but that already kind of happens to people with Alzheimers or age onset dementia.
Lastly, if Bush really does get away with what he has done then he's smarter than most of the US citizens.
KFC?
He would need to get close to the ground to land. Doesn't take a high drop to crack the skull.
So presumably that's where the helmet might come in handy.
Maybe he's confident of not making a big mistake, but not so confident he won't make a small slip up on landing.
In fact if the assumption is the pace of technology and speed of distribution + communication have increased dramatically over the years, the monopoly lengths should actually _decrease_, for the same amount of "encouragement of innovation/creation".
But "strangely" enough they have been increasing instead.
"You don't need the CAs, once applications are rewritten to grab keys from the DNS instead."
1) Why would they rewrite browsers to do that? They're not even rewriting browsers to allow the option of making things more secure.
2) Could you trust Verisign to sign the real free-dns.com key AND only the real free-dns.com key? http://www.microsoft.com/technet/security/bulletin/MS01-017.mspx
http://slashdot.org/article.pl?no_d2=1&sid=08/01/08/1920215
http://yro.slashdot.org/article.pl?sid=04/02/26/235256&tid=123
2.1) Will free-dns sign any key for jonaskoelker.free-dns.com from anyone claiming to be Jonas Koelker? How do they know it's the right Jonas?
Sorry, I still don't see how you get better (or actual) security with that scheme.
I see greater potential for higher costs.
Can you really trust Verisign more than TURKTRUST?
http://www.microsoft.com/technet/security/bulletin/MS01-017.mspx
Network Solutions is a Verisign owned company which does DNS stuff:
http://slashdot.org/article.pl?no_d2=1&sid=08/01/08/1920215
http://yro.slashdot.org/article.pl?sid=04/02/26/235256&tid=123
DNSSEC happens to be DNS + cert stuff. Go figure.
People have different types/way of knowing.
;)... They do filter the milk of course.
;).
They may know in one way that fish has a head and tail and are living creatures that swim in the waters.
And they may know in another way that fish is a tasty dish when battered and fried.
But a fair number do not want to see that head when they are eating that fish.
This seems more common in the Anglo Saxon cultures.
In contrast the more traditional chinese want the fish whole - since they eat the cheek of the fish (and sometimes the eyes).
Similar thing - some people would not eat a chicken if it is presented to them with the head intact. They may know that chickens generally have heads, but they don't want their roast chicken to have a head.
Some people may be unwilling to eat the "independent parts", but willing to eat it in a sausage or pie or burger.
Speaking of milk. I heard that they use some device to suck milk from the cow's udders. And sometimes that device gets loose and falls onto the floor. And if you know cows, let's just say the floor is unlikely to be extremely sanitary
If they ever start introducing high fibre milk, you might wish to do some research on it first
Actually eating more types of animals and more parts of the animal is a good thing. It spreads the damage. And in some parts of the world, you can't grow human edible crops there, but some other vegetation can grow, so you need an animal to eat the vegetation first, then you eat the animal. The more edible parts of the animal you are willing to eat, the less vegetation is wasted.
PETA think that eating animals = wrong, but there's plenty of scientific research that humans do much better if their diet includes fish.
To me the big problem is bycatch (google it). Imagine so many fishing boats throwing away 80% of their catch away _dead_, just because they are the "wrong" creatures. A prawn boat throws away sardines because they aren't prawns, and a sardine boat throws away prawns because they aren't sardines.
I regard that as terribly immoral and unethical. If it were up to me I'd make that illegal.
Killing and throwing away 80% of an animal, even though that 80% is edible is similar but not as bad for farmed animals, since the buyer will have to pay $$$ for the whole animal (so it's in their interest to use more of it). Doesn't work for stuff like fishing.
Uh it's just a way for CAs to make money _twice_ (or more times).
;) ), and yet people _will_ leave the Verisign root certs in - because all you care is you don't that get warning.
:).
You'll still need CAs.
How does DNSSEC stop the browser from giving Joe User a warning box that the https cert is not signed by a recognized CA?
That's the only real reason why you pay CAs to sign your certs - to stop Joe User from being bothered it.
That CA signing bullshit is little to do with security. Because the last I checked:
1) nobody really goes through all the CAs bundled with their browser and says: "Yes I trust this CA, no I don't so I'll delete this". There are tons, do you know who they are and how trustworthy they really are? Do you really care? No all you care is that you don't get that warning.
2) Verisign has proven that they voluntarily do dubious stuff and they've even misissued Microsoft certs (go look under Untrusted Publishers in IE's list of certs
3) Do browser makers actually remove CAs who don't comply to some standard? Do they even have some meaningful standard in terms of security?
4) AFAIK browsers don't warn you if the a valid cert changes to a different valid cert (even if it is signed by a different CA).
As you can see, they're not really safer than self-signed certs. To me browsers should do that SSH thing and warn you if the cert has changed (whether it's self-signed or CA signed).
In that light, forgive me if I'm not convinced that DNSSEC is really going to make things more secure
It'll just be more of the same. One more way for Verisign and gang to make money for making people feel safe.
Looking at efforts with chimp and mice, it's clear that genes are a significant limiting factor with intelligence.
:).
However looking at Slashdot, it's also clear that just having human genes and being able to "post" doesn't mean one is intelligent
Lastly, intelligence is overrated. Humans are an unproven branch of animals. We've only been around for a short time.
If we really make it to another solar system _alive_ then I guess we have proven ourselves.
That said some scientists believe that some bacteria have already been doing the space travel thing for a long time.
Trouble is reiserfs suffers from vendor lock-in ;).
It was amazing so many people clicked on the logout link in my old sig.
The one that led to: http://slashdot.org/my/logout
http://www.space.com/news/spaceshuttles/sts101_jetpack_safety.html
The article could be wrong, but it does imply that a space shuttle could chase and retrieve a spacewalker that drifts away.
If the shuttle can do that, I don't see why it can't retrieve a tool bag that has gone adrift at such a slow speed.
She's not the only one who made a mistake.
Someone else was also supposed to check the bag to make sure the stuff inside was secured. And the stuff inside was not secured.
Seems she's taking the heat and not trying to shift some of the blame elsewhere, which is somewhat commendable.
Yep living longer is good, just _lasting_ longer is pointless.
:).
:p ), so it's not a minus to me to eat more fish.
Well my philosophy is if your body has made it to 50 on whatever you're doing with no major ill effects ( stuff like cholesterol a bit on the high side doesn't really count, whereas needing a bypass or having angina does count), then maybe changing is not such a good idea unless you actually like the change
I figure if some old lady has made it to 80 while smoking and drinking lots of coffee (coffee is good for health if you can tolerate it), you'd probably kill her if you made her stop. Or it takes a fair bit of joy out of her life.
But if you're already getting heart problems when you're 40ish, I figure it is a bit too soon to go yet, and there's probably plenty more stuff you'd want to do other than eat twinkies or whatever it is that's giving you health problems.
I personally like fish (salmon mmmm
OK they claim they're smuggling cellphones into prisons somehow (heh I wonder if they put them in vibrate mode ;) ).
To me the big problem really is that if they can smuggle in stuff the size of a cellphone they can smuggle in lots of other more dangerous stuff.
I don't get why are cellphones themselves a problem, and why the solution is jamming them. After all:
1) If you're actually going to use the cellphones to communicate wirelessly (rather than use them to play games or other stuff), they will emit a very detectable signal.
So it's trivial to find them if they're on.
2) It's a prison, if prisoners are not allowed cellphones, guards can probably walk in at any time, and confiscate them after detecting them by whatever means. And the culprits involved get the usual punishment stuff.
3) The prison could put their own cell stations and listen in. For typical GSM stuff, while the comms between the phone and the base stations are encrypted (albeit intentionally weakened crypto), the comms from the base station to the rest of the network is in plaintext. No really expensive fancy stuff needed.
Slashdotters (and other people) should be learning to not just click on any link they see.
:).
There are far worse things that could happen than getting a youtube video...
My sig actually used to go to a slashdot logout link - which made more sense since if people click on it they'll be posting at a lower comment threshold
But I eventually changed it to something I figured would be more neutral - it was amazing so many people kept clicking on it.
I agree.
:).
If companies can beat the other companies even though they stick to standard free software, that's a good thing. Why waste money on paying programmers?
As long as companies have nonstandard needs, there will be jobs for programmers.
But my bet is lots of bosses will want something different
CEO to staff: "Yes we make widget type X just like our competitor, but we are different!"
CEO thinking silently: if we weren't that different the shareholders/owners would approve a merger - then we give golden handshakes to the CxOs that leave, and the CxOs that stay get bonuses for sacking redundant people.
Actually it may be a good thing _overall_ if the people who aren't good at designing bridges get discouraged from trying to design new bridges, or get put out of business if they are already doing crappy bridges.
;). A raising of standards.
;).
To me that's more of a benefit than a problem
A lot of OSS software out there isn't that good (much of it is just tolerable), so if your Closed Source stuff is worse than free/Free stuff, maybe the world would be better off if you were doing something else instead.
Audacity has its problems. OpenOffice still sucked the last time I checked (haven't checked the latest though).
And it's been the year of "Desktop Linux" for how many years
In contrast look at how long Mac OSX took to overtake "Desktop Linux" in market share.
If Desktop Linux discourages "yet another crappy closed source O/S" from being made, it's worth it even if the Desktop Linux market share remains abysmal. If you want to make a new closed source O/S, you better know what you are doing. If you don't, please do something else.
I doubt we really need a new closed source OS that's worse than Desktop Linux.
Nor do we need a new closed source audio tool that's worse than Audacity.
Do we want to have to keep paying big bucks for something that's only a bit better than OSS software? I doubt it.
My advice - take regular brisk walks and eat enough fish (but avoid high mercury fish) every week.
;).
Lastly you're going to lose _everything_ anyway.
So calculate the number of weekends left till the typical life expectancy where you are. Get a program to remind you how many weekends you have left till that age, or figure some other reliable way of doing it.
You may find that this helps improve your concentration. At least on things that are important.
I haven't done it yet, maybe that's why I'm posting on Slashdot
"Your brain is powered entirely by glucose "
1) Powered, but not built or regenerated.
2) Brains can also be powered by ketone bodies.
While they may improve some bits it could continue to be significantly crap (and crappier than other stuff) and still get lots of new users if there are network effects.
;)
See PHP and MySQL.
It's a school.
High chance is some kids were looking at porn sites using the school computer(s). Or even drawing naughty pics with a paint program and giggling.
All while the teachers can barely figure out how to run the Educational Programs. Bonus points if the teacher is capable of email.
Seriously, kids get scarred by porn popups?
Back when I was a 7 year old kid I wouldn't have got scarred by porn popups.
Higher chance that I would have got scarred if my teacher was sent to jail just because of some stupid popups. Someone in the class/school would have found out what really happened to the teacher, and then everyone would know.
Just imagine the nightmares kids would get, when they learn that having something pop up on your screen could cause you to be locked up in prison for 40 years.
The kids will be thinking what a terrible and wicked world they are living in.
While they would be right, don't the parents want their children be shielded from certain truths till they are much older?