It looks like a pretty good set of rules, ones quite similar to those presented by a number of regular/.ers when talking about dealing with spyware. One that particularly attracted my attention was this one:
CLEAR BEHAVIOR
Applications that affect or change your user experience should make clear they are the reason for those changes. For example, if an application opens a window, that window should identify the application responsible for it. Applications should not intentionally obscure themselves under multiple or confusing names. You should be given means to control the application in a straightforward manner, such as by clicking on visible elements generated by the application. If an application shows you ads, it should clearly mark them as advertising and inform you that they originate from that application. If an application makes a change designed to affect the user experience of other applications (such as setting your home page) then those changes should be made clear to you.
I'm not sure about things like changing your home page, but it seems to me that it should be possible to impliment some of the other steps at the level of the windowing system without needing cooperation from the application. You could design it, for instance, so that you could right-click on any window's title bar and find out which program was responsible for that window. The idea undoubtedly needs some more thought so that programs couldn't hide their responsibility by calling another program to do their dirty work, but I'd guess that including some facility like this would be a lot easier than convincing spyware writers to admit their handywork.
apt is available for Fedora, though it isn't included in the install. You can download it from Fedora.us, which also has some instructions on configuring it. You might also want to consider using yum, which is included by default. yum's capabilities are very similar to apt's, including all the good stuff like automatically resolving and downloading dependencies, so it's definitely worth learning. I find that yum is good enough that the first thing I do when installing Fedora is to disable up2date.
I think that you're seeing a false dichotomy. On the Debian side, you have a distribution that's strongly dedicated to making systems that are easy to admin (e.g. apt for package management) and can be kept very up-to-date by running unstable or testing. On the RedHat side, you have a distribution that refuses to distribute an mp3 decoder or NTFS support because of worries about IP issues. AFAIK, Fedora includes only software that's available under OSS licenses, and is actually quite proud of this fact.
That's an argument for why you'd want to lie, but it has nothing to do with compatibility. In the case cited above, the game writer was allowed to use material from the console in order to get its game to run at all, i.e. to maintain compatibility with the console. That's not the case with a Linux module license. The module will load no matter what license you export, so being dishonest about the license is not necessary for reasons of compatibility.
The problem with the compatibility argument is that it's wrong. The primary purpose of the license string is to track whether the kernel has loaded a closed-source module. Many kernel hackers choose to ignore bug reports from systems that have loaded closed-source modules since there's a very good chance that the bug is in code that they can't access and fix. But failing to export a GPL compatible license string doesn't have any effect on the kernel's ability to load and run a module, so there's no compatibility reason to export a dishonest description of the module's license.
Re:Why were MP ever such a big deal?
on
Beyond Megapixels
·
· Score: 3, Interesting
Whether digital or film is cheaper depends a lot on how many pictures you want to take and how many prints you want to make. A cheap film camera is probably a good choice if you're going to take a roll of snapshots once a year at Christmas and share one set of prints with your family. But if you want to take a few thousands photos a year and share them with everyone you know, the digital will pay for itself in reduced film, developing, and printing costs in fairly short order.
Digital also has some real practical advantages. The images are available immediately, which can be very handy in some cases. I went to a party not too long ago where I took pictures that we were able to view on the host's computer before everyone went home. That would be a lot harder with a film camera. Digital photos are also very easy to organize, which is a big plus.
Diffraction limits will become increasingly important. For an F/10 lens, the minimum spot size that can be well-resolved is about 10 microns.
Interestingly, most DSLR sensor elements are about 8-10 microns across. It sounds as though there won't be much advantage to making them a whole lot smaller.
As sensors get more and more pixels, the silicon area will have to increase - otherwise, there's just no point. Since silicon cost goes up exponentially with die area, we likely won't see huge megapixel arrays make it to the consumer anytime soon.
Yes and no. Canon has managed to put a roughly 22mm by 15mm sensor into a DSLR that retails for about $1000 including a starter lens. That's not a huge sensor, but it's a heck of a lot bigger than what's in most point-and-shoot digital cameras. I'd assume that they could increase the pixel count a lot by going to smaller pixels on the same sized sensor without increasing the cost too much. They'd need a faster processor and data pipe to be able to take the higher pixel-count pictures at a reasonable shutter rate, but that's something that Moore's Law can handle. So camera makers can continue to increase their pixel counts at a vaguely reasonable price-point for some time yet.
The real reason that you aren't going to see an increase in sensor size is because it isn't convenient. To take advantage of a bigger sensor, you need a bigger, heavier, more expensive lens. Camera buyers, as a group, have shown a great preference for light, convenient cameras that take decent pictures over heavier, less convenient ones that take better pictures, and I don't see that changing any time soon.
Re:As an ex-commercial photographer
on
Beyond Megapixels
·
· Score: 1
Once I did, I grew to love it, great little SLR, and the first one I can see retiring my beloved old FM2 to use on a daily basis.
If you have a lot of money invested in Nikon lenses, you should probably consider the D-70. It will accept any Nikon mount lens (though you obviously won't get all the snazzy features with older lenses) and has gotten very good reviews. I don't know if its ergonomics will satisfy you- it sounds as though it has a lot of controls that are activated by pushing a button with one finger and turning a dial with another- but it sounds like a nice camera.
I'm actually in the market for my first SLR- I'm addicted to digital so it'll be a DSLR- and I'm finding the whole lens business very tough. Is there really a big difference in lens quality between makers? I know that there's an obvious difference in quality between the consumer and pro grade lenses from each manufacturer, but, for example, is there any real difference between a Nikon 200mm F:2.8 lens and a Cannon 200mm F:2.8?
Take the car in for an oil change once every few thousand miles, make sure it gets its 10k/15k/20k/whatever k service, and keep the gas tank full, and 95% of the time it will run good for years, the other 5% there's nothing that they could do even if they knew how the thing worked.
And the same thing would probably be true if people took the same attitude toward keeping their computer running that they do toward keeping their car running. People accept that cars are complicated and require routine service. They understand that if they're not competent to do the service themselves that it makes sense to pay a professional to do it for them. They're willing to plunk down some serious coin to get the thing fixed if/when it breaks.
The problem is that many, if not most, people don't take the same attitude toward computers. They're encouraged to believe that computers are so easy to use that anyone can use and maintain one with little or no training. When problems do come up, they tend to try to solve them by asking a friend who is supposed to know this stuff what to do rather than spending money on a professional. Combine that attitude with deliberate attacks against computers by things like worms and spyware, and it should be no surprise that the average car is much better maintained than the average computer.
What the author is proposing is that patches need to be distributed in two stages. First the distributor would pass out the patch itself, but with the wrinkle that it would be encrypted. The decryption key would only be released after a delay calculated to give people enough time to learn about the problem and download the patch.
The theory is that this gives the good guys an advantage in the information race. The distributor can give users plenty of time to find out about the patch and download it while still not providing the malware writers any usable information. When the decryption key is finally released, everyone should be able to download it in short order- the key itself is likely to be smaller than the network overhead it takes to transport it- and be done patching well before even a fast coder can understand the patch and turn it into a workable exploit.
There are still some obvious problems, of course. It won't work with the common Free Software development model, since the patches will still be visible. It also won't work for users who want to test a patch before trying it out on their production systems. It also depends on warnings about the vulnerability remaining vague enough that malware authors can't derive useful information from the warning. It may not be possible to find a vulnerability just because you know it's somewhere in a very large program, but once you know that it's localized in a particular subsystem there may be enough info to find it yourself.
In "world terms", there are only two major sports: soccer and basketball.
You'd better restrict that to major team sports. I think that you'll find that many individual sports- like track and field, golf, tennis, etc.- are fairly important on an international scale. Some people also count auto racing as a sport, and it clearly has significant worldwide appeal.
You might want to check out cricket, www.cricinfo.org and Wisden for some serious stats.
Perhaps it is you who needs to be enlightened. A brief look at the stats glossary at Baseball Prospectus might show you just how far out the geekier baseball fans are willing to go. Some other sites of interest include Baseball Reference, which contains complete statistics for every player ever to appear in a major league game, and Retrosheet, an organization attempting to gather historical play-by-play information on every game in MLB history. The detail put into these things is frightening.
I assume that part of the reason for wanting a SATA optical drive is convenience, rather than need for the increased speed. Since there's every reason to think that SATA is superior for hard drives, you know that you're going to want a SATA controller. It would be really handy if you could plug your optical drive into that same controller without needing a kludge like a SATA to parallel ATA adapter; that way you'd need only one controller for all your drives. Hence it would be nice to have a SATA capable optical drive, even if it's not strictly necessary.
I think that this is the real problem. It's OK that the blue LEDs are popping up everywhere, but there's no need to have ones that are bright enough to blind you. A new computer at my work came with a set of speakers that has a blue LED power light, and it was bright enough to be annoying to look at from all the way across the room. The computer was practically unusable with the speakers powered on because the light from this power indicator was so distracting. I eventually had to put a piece of red paper tape over it to mask most of the light; even several layers of ordinary masking tape wasn't enough.
What makes you think that this was a Cisco policy? It's far more likely that this is the work of some rogue coder within Cisco who added it without anyone else's knowledge. It's not as though adding a backdoor password is very tough for somebody who has access to the relevant code. If there aren't detailed code reviews, a backdoor could hide out for a very, very long time.
Re:Four Patches for the Internal Revenue Code
on
No EZ Fix For The IRS
·
· Score: 0, Troll
Double taxation on dividends could be prevented under such a scheme by providing full deductibility for corporations that issue dividends.
How about simply abolishing the corporate income tax completely? The corporate taxes are already vastly more complicated than personal taxes are, and they're far, far less equitable. On of the biggest problems with them is that they're so inequitable that many, if not most, large profitable corporations pay no income tax at all because of all of the loopholes in the system. Abolishing the tax completely would obviously make it more fair- everyone would be paying the same rate- and wouldn't even hurt the government that much because collections from corporate taxes are already so low. Even better (and quite possibly why it won't happen), it would prevent corporations from giving huge campaign donations to legislators in an attempt to get new loopholes written into the tax laws. It might even encourage more companies to move to the Unites States, bringing in more high-paying jobs at their headquarters.
I think that you're thinking exclusively of NiCd batteries, which typically have much lower capacities than NiMH. Most AA NiMH batteries have a capacity in the 2 Ah range. They may not be able to discharge as fast as RC plane people want, though.
And why does Mozilla prevent links to it via Slashdot?
Maybe they're afraid of the the dreaded Slashdot effect. Their servers have been hit pretty hard by/. in the past, so I wouldn't be surprised if they've just set up their system to reject anything that has slashdot as a referrer.
if it was electricity, wouldn't the creation of a recharger be trivial?
Not necessarily; there are some practical problems with this kind of charger. Consider that a typical AA NiMH battery has a charging capacity of about 2 Ah at a voltage of 1.2 V. That's 2 Ah * 3600 s/h * 1.2 V = 8640 J. To charge that in 30 seconds, you need 8640 J / 30 s = 288 W, and that's assuming no losses anywhere. If you want to recharge 4 batteries at a time, you'll need a charger that draws 10+ amps of 120 VAC. A single D battery can have a capacity of up to 11 Ah, so you'd need about 1600 W to recharge one in 30 s. That means that a dual battery charger would draw over 25 amps at 120 VAC. Since most wall sockets are only rated at 15 amps, you'd need a dedicated circut for your charger! It's not an insurmountable problem, but it would make this style of battery a bit less practical.
And IBM takes yet another spin on that. Their view is "if it breaks, figure out why and change it so that it won't break that way again". Mainframes are very powerful and have great I/O, but their greatest strength is reliability. They have tremendous failover capability, can hotswap components so that they can keep running as they're repaired or upgraded, and are instrumented so if one does fail the cause can be traced and corrected. No, make that the cause will be traced and corrected. Whenever an IBM mainframe fails, anywhere in the world, IBM will hear about it and go to the trouble of a post-mortem.
The real problem is that the low-level managers are caught in a double-bind. The company requires them to get more work done than they can actually accomplish with their given payroll. If they exceed their payroll, they'll be fired for exceeding payroll. If they cheat their employees by cutting hours, they may be fired for breaking company policy against doing so and liable for breaking the law. The real culprits are the higher level managers who set unachievable goals for their subordinates and then set up policies so that they're screwed no matter what they do. Unfortunately, the only way that those policies will be changed is if the companies get slapped with big enough punative damage awards that they decide that cheating their employees isn't worth the risk.
Cringly is generally correct, but he misses a very important point; MS's approach only works if the worst punishment available is a fine. In theory, at least, there are more drastic punishments available. The most obvious, and one that Judge Kollar-Kotelly should consider if she agrees that MS is failing to behave- is to break up the company. Breaking up the company was the originally proposed solution, but it was rejected as too drastic; if fines and behavioral constraints don't work then the courts should consider going back to the original idea.
It's actually possible to script some GUIs that were never designed with scripting in mind. Some of the programmers at my work succeeded in building a script interface for one of our instruments by using the Windows API to manipulate its dialog boxes. It was a royal PITA- they had to extract data that was displayed graphically to the user directly from memory before it was formatted into a picture, and the memory location of the data and numbers for each control changed each time the company issued a minor update- but they were eventually able to do it. It would have been a hundred times easier if the company had included programatic hooks, but it appears that it's possible to script just about any GUI with enough effort.
Slashdot Mirror
It looks like a pretty good set of rules, ones quite similar to those presented by a number of regular /.ers when talking about dealing with spyware. One that particularly attracted my attention was this one:
I'm not sure about things like changing your home page, but it seems to me that it should be possible to impliment some of the other steps at the level of the windowing system without needing cooperation from the application. You could design it, for instance, so that you could right-click on any window's title bar and find out which program was responsible for that window. The idea undoubtedly needs some more thought so that programs couldn't hide their responsibility by calling another program to do their dirty work, but I'd guess that including some facility like this would be a lot easier than convincing spyware writers to admit their handywork.
When they bought Ximian.
apt is available for Fedora, though it isn't included in the install. You can download it from Fedora.us, which also has some instructions on configuring it. You might also want to consider using yum, which is included by default. yum's capabilities are very similar to apt's, including all the good stuff like automatically resolving and downloading dependencies, so it's definitely worth learning. I find that yum is good enough that the first thing I do when installing Fedora is to disable up2date.
I think that you're seeing a false dichotomy. On the Debian side, you have a distribution that's strongly dedicated to making systems that are easy to admin (e.g. apt for package management) and can be kept very up-to-date by running unstable or testing. On the RedHat side, you have a distribution that refuses to distribute an mp3 decoder or NTFS support because of worries about IP issues. AFAIK, Fedora includes only software that's available under OSS licenses, and is actually quite proud of this fact.
That's an argument for why you'd want to lie, but it has nothing to do with compatibility. In the case cited above, the game writer was allowed to use material from the console in order to get its game to run at all, i.e. to maintain compatibility with the console. That's not the case with a Linux module license. The module will load no matter what license you export, so being dishonest about the license is not necessary for reasons of compatibility.
The problem with the compatibility argument is that it's wrong. The primary purpose of the license string is to track whether the kernel has loaded a closed-source module. Many kernel hackers choose to ignore bug reports from systems that have loaded closed-source modules since there's a very good chance that the bug is in code that they can't access and fix. But failing to export a GPL compatible license string doesn't have any effect on the kernel's ability to load and run a module, so there's no compatibility reason to export a dishonest description of the module's license.
Whether digital or film is cheaper depends a lot on how many pictures you want to take and how many prints you want to make. A cheap film camera is probably a good choice if you're going to take a roll of snapshots once a year at Christmas and share one set of prints with your family. But if you want to take a few thousands photos a year and share them with everyone you know, the digital will pay for itself in reduced film, developing, and printing costs in fairly short order.
Digital also has some real practical advantages. The images are available immediately, which can be very handy in some cases. I went to a party not too long ago where I took pictures that we were able to view on the host's computer before everyone went home. That would be a lot harder with a film camera. Digital photos are also very easy to organize, which is a big plus.
Interestingly, most DSLR sensor elements are about 8-10 microns across. It sounds as though there won't be much advantage to making them a whole lot smaller.
Yes and no. Canon has managed to put a roughly 22mm by 15mm sensor into a DSLR that retails for about $1000 including a starter lens. That's not a huge sensor, but it's a heck of a lot bigger than what's in most point-and-shoot digital cameras. I'd assume that they could increase the pixel count a lot by going to smaller pixels on the same sized sensor without increasing the cost too much. They'd need a faster processor and data pipe to be able to take the higher pixel-count pictures at a reasonable shutter rate, but that's something that Moore's Law can handle. So camera makers can continue to increase their pixel counts at a vaguely reasonable price-point for some time yet.
The real reason that you aren't going to see an increase in sensor size is because it isn't convenient. To take advantage of a bigger sensor, you need a bigger, heavier, more expensive lens. Camera buyers, as a group, have shown a great preference for light, convenient cameras that take decent pictures over heavier, less convenient ones that take better pictures, and I don't see that changing any time soon.
If you have a lot of money invested in Nikon lenses, you should probably consider the D-70. It will accept any Nikon mount lens (though you obviously won't get all the snazzy features with older lenses) and has gotten very good reviews. I don't know if its ergonomics will satisfy you- it sounds as though it has a lot of controls that are activated by pushing a button with one finger and turning a dial with another- but it sounds like a nice camera.
I'm actually in the market for my first SLR- I'm addicted to digital so it'll be a DSLR- and I'm finding the whole lens business very tough. Is there really a big difference in lens quality between makers? I know that there's an obvious difference in quality between the consumer and pro grade lenses from each manufacturer, but, for example, is there any real difference between a Nikon 200mm F:2.8 lens and a Cannon 200mm F:2.8?
And the same thing would probably be true if people took the same attitude toward keeping their computer running that they do toward keeping their car running. People accept that cars are complicated and require routine service. They understand that if they're not competent to do the service themselves that it makes sense to pay a professional to do it for them. They're willing to plunk down some serious coin to get the thing fixed if/when it breaks.
The problem is that many, if not most, people don't take the same attitude toward computers. They're encouraged to believe that computers are so easy to use that anyone can use and maintain one with little or no training. When problems do come up, they tend to try to solve them by asking a friend who is supposed to know this stuff what to do rather than spending money on a professional. Combine that attitude with deliberate attacks against computers by things like worms and spyware, and it should be no surprise that the average car is much better maintained than the average computer.
What the author is proposing is that patches need to be distributed in two stages. First the distributor would pass out the patch itself, but with the wrinkle that it would be encrypted. The decryption key would only be released after a delay calculated to give people enough time to learn about the problem and download the patch.
The theory is that this gives the good guys an advantage in the information race. The distributor can give users plenty of time to find out about the patch and download it while still not providing the malware writers any usable information. When the decryption key is finally released, everyone should be able to download it in short order- the key itself is likely to be smaller than the network overhead it takes to transport it- and be done patching well before even a fast coder can understand the patch and turn it into a workable exploit.
There are still some obvious problems, of course. It won't work with the common Free Software development model, since the patches will still be visible. It also won't work for users who want to test a patch before trying it out on their production systems. It also depends on warnings about the vulnerability remaining vague enough that malware authors can't derive useful information from the warning. It may not be possible to find a vulnerability just because you know it's somewhere in a very large program, but once you know that it's localized in a particular subsystem there may be enough info to find it yourself.
I was trying to see WhenU's side of the story by looking at . Unfortunately, when I tried to go there, my company popped up its standard "We can't let you see this web site" message. The blocking category? "Spyware". Apparenly the State of Utah is not the only group that classifies WhenU that way.
You'd better restrict that to major team sports. I think that you'll find that many individual sports- like track and field, golf, tennis, etc.- are fairly important on an international scale. Some people also count auto racing as a sport, and it clearly has significant worldwide appeal.
Perhaps it is you who needs to be enlightened. A brief look at the stats glossary at Baseball Prospectus might show you just how far out the geekier baseball fans are willing to go. Some other sites of interest include Baseball Reference, which contains complete statistics for every player ever to appear in a major league game, and Retrosheet, an organization attempting to gather historical play-by-play information on every game in MLB history. The detail put into these things is frightening.
I assume that part of the reason for wanting a SATA optical drive is convenience, rather than need for the increased speed. Since there's every reason to think that SATA is superior for hard drives, you know that you're going to want a SATA controller. It would be really handy if you could plug your optical drive into that same controller without needing a kludge like a SATA to parallel ATA adapter; that way you'd need only one controller for all your drives. Hence it would be nice to have a SATA capable optical drive, even if it's not strictly necessary.
I think that this is the real problem. It's OK that the blue LEDs are popping up everywhere, but there's no need to have ones that are bright enough to blind you. A new computer at my work came with a set of speakers that has a blue LED power light, and it was bright enough to be annoying to look at from all the way across the room. The computer was practically unusable with the speakers powered on because the light from this power indicator was so distracting. I eventually had to put a piece of red paper tape over it to mask most of the light; even several layers of ordinary masking tape wasn't enough.
What makes you think that this was a Cisco policy? It's far more likely that this is the work of some rogue coder within Cisco who added it without anyone else's knowledge. It's not as though adding a backdoor password is very tough for somebody who has access to the relevant code. If there aren't detailed code reviews, a backdoor could hide out for a very, very long time.
How about simply abolishing the corporate income tax completely? The corporate taxes are already vastly more complicated than personal taxes are, and they're far, far less equitable. On of the biggest problems with them is that they're so inequitable that many, if not most, large profitable corporations pay no income tax at all because of all of the loopholes in the system. Abolishing the tax completely would obviously make it more fair- everyone would be paying the same rate- and wouldn't even hurt the government that much because collections from corporate taxes are already so low. Even better (and quite possibly why it won't happen), it would prevent corporations from giving huge campaign donations to legislators in an attempt to get new loopholes written into the tax laws. It might even encourage more companies to move to the Unites States, bringing in more high-paying jobs at their headquarters.
I think that you're thinking exclusively of NiCd batteries, which typically have much lower capacities than NiMH. Most AA NiMH batteries have a capacity in the 2 Ah range. They may not be able to discharge as fast as RC plane people want, though.
Maybe they're afraid of the the dreaded Slashdot effect. Their servers have been hit pretty hard by /. in the past, so I wouldn't be surprised if they've just set up their system to reject anything that has slashdot as a referrer.
Not necessarily; there are some practical problems with this kind of charger. Consider that a typical AA NiMH battery has a charging capacity of about 2 Ah at a voltage of 1.2 V. That's 2 Ah * 3600 s/h * 1.2 V = 8640 J. To charge that in 30 seconds, you need 8640 J / 30 s = 288 W, and that's assuming no losses anywhere. If you want to recharge 4 batteries at a time, you'll need a charger that draws 10+ amps of 120 VAC. A single D battery can have a capacity of up to 11 Ah, so you'd need about 1600 W to recharge one in 30 s. That means that a dual battery charger would draw over 25 amps at 120 VAC. Since most wall sockets are only rated at 15 amps, you'd need a dedicated circut for your charger! It's not an insurmountable problem, but it would make this style of battery a bit less practical.
And IBM takes yet another spin on that. Their view is "if it breaks, figure out why and change it so that it won't break that way again". Mainframes are very powerful and have great I/O, but their greatest strength is reliability. They have tremendous failover capability, can hotswap components so that they can keep running as they're repaired or upgraded, and are instrumented so if one does fail the cause can be traced and corrected. No, make that the cause will be traced and corrected. Whenever an IBM mainframe fails, anywhere in the world, IBM will hear about it and go to the trouble of a post-mortem.
The real problem is that the low-level managers are caught in a double-bind. The company requires them to get more work done than they can actually accomplish with their given payroll. If they exceed their payroll, they'll be fired for exceeding payroll. If they cheat their employees by cutting hours, they may be fired for breaking company policy against doing so and liable for breaking the law. The real culprits are the higher level managers who set unachievable goals for their subordinates and then set up policies so that they're screwed no matter what they do. Unfortunately, the only way that those policies will be changed is if the companies get slapped with big enough punative damage awards that they decide that cheating their employees isn't worth the risk.
Cringly is generally correct, but he misses a very important point; MS's approach only works if the worst punishment available is a fine. In theory, at least, there are more drastic punishments available. The most obvious, and one that Judge Kollar-Kotelly should consider if she agrees that MS is failing to behave- is to break up the company. Breaking up the company was the originally proposed solution, but it was rejected as too drastic; if fines and behavioral constraints don't work then the courts should consider going back to the original idea.
It's actually possible to script some GUIs that were never designed with scripting in mind. Some of the programmers at my work succeeded in building a script interface for one of our instruments by using the Windows API to manipulate its dialog boxes. It was a royal PITA- they had to extract data that was displayed graphically to the user directly from memory before it was formatted into a picture, and the memory location of the data and numbers for each control changed each time the company issued a minor update- but they were eventually able to do it. It would have been a hundred times easier if the company had included programatic hooks, but it appears that it's possible to script just about any GUI with enough effort.