Source Forge and linux.com are the first things that come to my mind, but I know there are many more.
A shutdown or down-sizing of sourceforge would deal quite a blow to many projects.
Re:Hosting Images From (A Higher Bandwidth) Server
on
Web Bug Detector
·
· Score: 2
After I made that post, I did quite a bit more reading about their little plugin, and it looks like I was not entirely correct.
They classify each image according to a variety of criteria, including the size (pixels, not bytes), if it was from a different domain, if it sent cookies, and some other things I don't recall at the moment. They classify each image based on the number of criteria that are matched, and each image is either a web bug (red), warning (yellow), or not significant (or something like that). They don't document exactly what the criteria are, but it looks like they won't consider an image a web bug unless it's "tiny"... again, no specific documentation of what size an image must be to be considered tiny. The images on my site probably fall into the warning or non-issue categories.
It didn't go so far as to actually set up a machine (or virtual machine with vmware) and actually install windows, IE and their plugin.
Only like 10 people actually went to the site and even fewer went to the articles linked to about the site by the slashdot post. Everyone started bitching about Microsoft and IE. What the fuck. Do you not read slashdot or something?
In those first 20-30 minutes, when the vast majority of highly visible user posts were made, this very well may have been true. Slashdot's forums reward those who leap before they look, because by the time anybody could read the linked material, there's already a lot of posts.
Reading these posts, I think it's best to keep in mind that (the tiny fraction of slashdot's readership that posts messages) automatically assumes whatever the slashdot editor's commnets are true, largely because there isn't time to actually read the linked material (or do other research). There's a big difference between automatically assuming something is true, for the sole purpose of posting within the first 100 messages, than automatically believing it's true because it was posted by a slashdot editor.
It's important to remember that only a tiny
fraction of slashdot's readership actually reads user comments and a very very tiny portion posts. You really can't draw any conclusions about slashdot's impact on its readership based on the comments posted by a tiny tiny minority (who have an incentive to post quickly and thus rashly).
It's easy to claim there's a lack of editorial control, but it's a fact that many major media sources print bogus information regularily. What many major newspapers don't regularily do is admit they were wrong, in at least as conspicious way as the original wrong information. Many never admit to anything, and those that do often place it where it's not easily seen.
Sure, it'd be nice if everything were so carefully reviewed that nothing was inaccurate or misleading, but given the choice between always correct and always honest, I'd rather read honesty every time!
(...I'm not claiming slashdot and/or it's editors are always honest... set your threshold to -1 on any story posted by Michael to read some -1 Trolls about a rather ugly little dispute between Michael and other members of the former censorware.org)
Hosting Images From (A Higher Bandwidth) Server
on
Web Bug Detector
·
· Score: 2
My little web site is hosted from a slow 128k frame relay link. Doing this gets the server on my LAN, which really is needed to enable me to spend my free time working on it. As the traffic has grown (now about 150k pageview/month), my low bandwidth link couldn't keep up. The simple solution was to move the images to a higher bandwidth server.
If you poke around in the html you'll see that the images are hosted at "www.inetarena.com/~pjrc", and of course my site is "www.pjrc.com". Saddly, this web bug thingy will probably tell you that I'm conspiring with inetarena.com to track you, when in fact they're just my ISP providing some server space for the images. There are not web bugs on my site.
I really ought to set up the image server with a domain name like images.pjrc.com. That costs extra (ISPs love to find things to charge for that don't cost anything)... but the cost isn't the primary concern. My little ISP has changed admins and they're not as stable as one might expect paying for frame relay service. I'll probably move to a new ISP soon, and that'll be a good time to set up a proper name for the image server.
The point is that it makes a lot of sense for a site to host bandwidth hogging files from a different server. In my case, it's to facilitate spending my creative energy in my free time on the site (didn't do much on it for a couple years without direct access to the server). I regularily poke around looking at people's html source, and I've seen several major sites use a different server for images, PDF files, etc. It's not an uncommon practice, and there's a lot of good reasons to do it other than tracking users. From what I can see, it looks like the folks at the
Privacy Foundation aren't aware of this.
Yes, you're right, and as an added bonus now we'll all be able to have "legal" cable descramblers so we won't have to pay for cable service ever again.
Now all I need is a TV. Too bad spammers don't hawk those!
... I'll really be able to make money fast, work from home with little or no experience, super-charge my sex drive with over-the-counter herbs, lose weight without diets or excersize, get super-low mortgage rates, and so on...
Sure, complain that 1.0 is late, but the fact is that you can download nightly builds and regular milestones (and even CVS), so there's virtually no delay from the developer to the bleeding-edge or even somewhat adventurous user. A 1.0 delay is really just a delay in name game.
Some of Mozilla is currently dual-licensed, but saddly much of it is not. Is the dream of a GPL'd Mozilla dead??
Even though games and porn may make it more likely that they be violent...
The trick is to conclusively verify this hypothesis. Many of the world's best have tried and tried.
But often people will believe there is a causal relationship where porn, video games, movies, television shows, rock & roll music, paper-dice roll playing games (or any other entertainment form that the listener doesn't enjoy or understand) leads to actual violent acts.
With a only a small handful on notable exceptions, most video games feature a heavy dose of violence and gore in the game itself, but virtually no mature sex themes. Several times I've seen a sexually charged add for a game, but it turns out the sexual implications in the ad aren't representative of any part of the game itself.
Sex sells (when marketed well and not censored). I'd probably buy a game or two with more sex and less violence.
For example, Maxis would part $50 from my wallet for a adult-themes addon to the Sims! I suspect I'm not the only one.
If you're the type that says "if it ain't broke, don't fix it", consider that good-ole MBR partition tables have 16 bytes per partition, and all 16 of those bytes have a defined purpose already... there's no room to add anything. There's a byte for the partition type, one for the "active flag". Six bytes define the partition start and end in terms of CHS, and eight bytes define the start (32 bits) and length (32 bits) of the partition in terms of LBA. There's still plenty of CHS usage today (but only with drives under 8.4 gigs of course), so you can't reclaim those bytes.
Now admittedly, that's 32 bits of 512 byte sectors, which works out to be two terrabytes... the 128 gig limit is due to ATA's definition of LBA being 28 bits, which is due to byte-wide registers for cylinder and sector but only a single nibble for the head, all of which got recycled for LBA, with a then unthinkable 128 gig limit!
Rumor has it (from Hale Landis, a pretty good source) that ATA/ATAPI-6 will allocate 48 bits (somehow?) for LBA numbers. It's gonna be pretty damn hard to fit those 48 bit LBA start and length numbers into the 32 bit wide slots of legacy MBR partition table.
Thus continues the saga of hard drive size barriers and the long PC legacy of kludge upon kludge, 512 megs (CHS bios call), 2 gig (fat16), 8 gigs (kludged CHS bios call), numerous bios bugs along the way... just when it seems like all that's behind us, >128 gig IDE drives will be upon us soon since you can already get SCSI larger than that, and someday two terrabytes hard limit within the partition table will also become an issue. Hopefully by then we'll all have fiber-to-the-home, so it'll be easier to fill up a couple terrabytes with mp3z, p0rn, DivXs, etc.
In an ideal world, one might expect that the PC industry could collectively plan ahead and make a smooth migration to new standardized formats long before the legacy ones how signs of obsolescence... Oh well.
Please please please moderate up post
#141, which links to the paper by Matt Blaze that effectively killed the Clipper chip and the US government's key escrow plans. I wish I could have remembered it when I posted earlier.
Jonathan, I'm glad you posted your comment. It's interesting that it too somehow got to -1 (troll), even though it was posted on May 17, days after this article has moved off slashdot's main page.
I don't believe
your comment is a troll, though it would have been better had you not posted anonymously... assuming it really is you.
It wasn't my intention to "get in the middle" of this ugly dispute, nor did I intend to re-ignite a flame war... I just read Seth's rant and wondered two things:
Is the story true? It was obviously written with the passion of a flame-war and it seems unlikely that Mike Sims (or anyone) would intentionally take down a website like that. The overall tone of Seth's writing is so strongly antagonistic that it almost automatically discredits itself, or alternately anyone reading it would at least wonder if Seth or others did something to really offend Mike. I disagree that a sysadmin should never take a site down, but refusing to provide an archive of the materials seems pretty bad in my mind.
Are all slashdot comments about Michael Sims's involvment with censorware.org automatically moderated to -1, which is effectively censorship? At first this seems almost unbelievable... but this thread has changed my view of slashdot's moderation system. I'm still not ready to leap to the conclusing that Mike is censoring unfavorable posts about himself, but my overall opinion of the likelyhood of censorship right here on slashdot has gone from "impossible" to "hmmm...."
Dear moderator (assuming you're not actually a slashdot editor), if you're about to click off-topic or troll, please take a moment to ask yourself if it might actually be a good idea to let some questions about the integrity of slashdot's moderation system to be allowed to see the light of day, instead of grouped together with the likes of first post, goat-whatever, name calling, etc.
Likewise, dear reader, if this comment reaches -1, take a moment to ask yourself how likely that is, being posted a full four days after the article was on slashdot's main page. I post to slashdot maybe 2-3 times a week, and my earlier post was the second time I have ever been moderated down (the other was intended as a joke that I thought might be funny at the time, but it wasn't). I've been at the karma cap for a long time, and this post will start at +2, so it you see it at -1, that means it was three times moderated down, four days after the article was on the main page.
This thread has certainly raised some questions in my mind about slashdot's moderation and the possibility of abuse by slashdot staff. There's certainly not nearly enough evidence to reach a well reasoned conclusion the speech is being supressed/censored here, but I think asking the question is a valuable expression of free speech.
Clipper was a big deal, and a lot of geek types were really concerned about it. There was considerable outcry against it, and it seemed like nothing anybody could say was going to actually stop it. Then there was a paper published by one researcher (and I wish I could remember his name) the showed that the it would be possible to build third party implementations that could interoperate with clipper chips without having their keys placed in escrow with the government. Almost overnight clipper was dead.
Well, at least that's how I remember this whole saga going down... though a few quick searches on google didn't turn up info about this. Did I just imagine it that way?
I have a little website with resouces for technical projects, mostly microcontroller based. A lot of people get a lot of good use out of the material, and sometimes a student will email some code to me that they've obviously put a lot of work into, and in those cases I'll give it a look and see if I can figure out what's wrong (it can be very frustrating to debug 8-bit microcontrollers without an in-circuit emulator). Unfortunately, those students are the exceptions.... many of the student emails I get are quite lame and it's obvious they don't want to even try if they can get me to give them some code.
Every now and then I get a request from somewhere in the far East (can't recall which country they come from) for an "elevator control program". I usually just reply with "every bit of free material I have it already on the web". I get all sorts of crazy "this is my project, will you help by doing it all for me?" requests... but this elevator control program was getting to be a common theme. Well, eventually some guy made the request with a 4-slide powerpoint file attached. Fortunately, Robin uses windows so I was spared from having to reboot... and the PPT file turned out to be a class project assignment, complete with the grading requirements. A sure sign of an academic assignment is the arbitrary requirement for a flowchart, even when it doens't make a lot of sense to draw one. For a moment I considered making a web page with the PPT file converted to four gifs, sort of a FAQ. Sad as it is, we had a good laugh.
What on earth do you use all these CDRs for? Seriously, how can you amass so much data so quickly that you need spindles atop spindles of them?
A couple years ago, I purchased several hundred CDRs at Fry's one night, and I got this attitude from the woman at the checkout counter... that I was mass copying music, software, etc.
I had recently put together a cdrom-based catalogue for the company where I work. I ended up doing it because I was the only guy who both had a cd writer (at home) and cared enough to put a bit of time into it.
Some company was supposed to duplicate the disc for us, but they dropped the ball. I never did find out if they couldn't do it or were just late.
There was a major trade show going on, and a few of our sales guys were going to head out to the show the next morning, and they need a big pile of cdroms to take with them.
The cleck at Fry's was a bit embarrased to learn that there actually are some legitimate uses for a big pile of CDRs.
Years ago, I worked on a pump design project which used some of these Nd-Fe-B magnets for a non-contact coupling mechanism. They are really quite amazing, and at the time they were relatively new. In the course of the project, I did quite a bit of reading about permanent magnets. Before these rare earth magnets were discovered, it was widely believed that Al-Ni-Co magnets were the strongest possible permanent magnet. The discovery that permanent magnets could be made with 3X to 8X the "strength" from rare earth materials, first Sm-Co and then Nd-Fe-B really was quite revolutionary, or at least "novel". It was also quite clearly "non-obvious".
Just because these magnets are now so widely used doesn't means that whomever did the R&D and ultimately "invented" them doesn't deserve a patent. There's a lot of bogus patents in the world, and IMHO, this probably isn't one of them.
... we need to reward Micron & Infineon by purchasing their RAM products.
I would think this will happen more or less automatically, if the other manufacturers are paying a $2 per 128 MB chip royalty for DDR (as mentioned in the article) and some other relatively high royalty for normal SDRAM.
You buy a CDROM drive for your PC for $49. That $49 buys you a metal box, with a plastic front side, moving tray, connectors on the back, and inside there is presumably a motor, a laser, some optical sensor, gears, motors, and lots of circuitry. All the physical stuff probably costs at least $15-25 (maybe more) to mass produce? There's got to be some profit for the manufacturer, a distributor, and perhaps even some for the retailer who sold it to you. It cost those folks something to package and ship the product from whereever it was made to the store or internet/mail-order house where you bought it. If that $49 CDROM really cost only $15 to manufacture, and $25 of your sale is profit to be split somehow between the manufacturer, distributor and retailer, then perhaps $9 could be for tech support costs. (in reality, the portion of the purchase price that pays for tech support is probably much less).
Now in truth, many people who buy the product won't need tech support at all, but still, take a look at the price of computer hardware and ask yourself how many minutes of time you've paid for of that technician's time.
The fact of the matter is that the computer market is very competitive, and most consumers (home end-users) shop almost exclusively based on price, or at least getting a "good deal" is among the top concerns. Businesses are usually a bit wiser, taking into account the fact that it's expensive if things don't work, but again, price is still a major concern. Time and time again, better but more expensive has lost the battle against cheaper and "good enough"... at least in computers.
Just like everything else, you get what you pay for, and indeed in the computer business, very little is paid for tech support.
This is why when someone brings a law suit against someone else and looses, they should not only compensate that person/company, but should do so 100X the costs it took to defend themselves. Then the RIAA would have to reconsider next time it was to use terrorism and its bought Senators to push researchers around.
Unfortunately, a policy like this works both ways, and it would almost certainly chill the efforts of individuals to sue companies who've wronged them.
...then a paper detailing techniques that could be used to create such a program is a circumvention device.
The DMCA goes much further than just to prohibit "devices". Here's a list of some other forbidden acts:
(b) ADDITIONAL VIOLATIONS- (1) No person shall manufacture, import,
offer to the public, provide, or otherwise traffic in any technology, product, service, device, component, or part thereof...
Of course, we all know there's supposed to be an exception for encryption research. At the risk of making this post entirely too long, here's the full text of the encryption research exception:
(g) ENCRYPTION RESEARCH-
`(1) DEFINITIONS- For purposes of this subsection--
`(A) the term `encryption research' means activities necessary to identify and analyze flaws
and vulnerabilities of encryption technologies applied to copyrighted works, if these activities
are conducted to advance the state of knowledge in the field of encryption technology or to
assist in the development of encryption products; and
`(B) the term `encryption technology' means the scrambling and descrambling of information
using mathematical formulas or algorithms.
`(2) PERMISSIBLE ACTS OF ENCRYPTION RESEARCH- Notwithstanding the provisions of
subsection (a)(1)(A), it is not a violation of that subsection for a person to circumvent a technological measure as applied to a copy, phonorecord, performance, or display of a published work in the course of an
act of good faith encryption research if--
(A) the person lawfully obtained the encrypted copy, phonorecord, performance, or display
of the published work;
(B) such act is necessary to conduct such encryption research;
(C) the person made a good faith effort to obtain authorization before the circumvention; and
(D) such act does not constitute infringement under this title or a violation of applicable law
other than this section, including section 1030 of title 18 and those provisions of title 18
amended by the Computer Fraud and Abuse Act of 1986.
(3) FACTORS IN DETERMINING EXEMPTION- In determining whether a person qualifies for the
exemption under paragraph (2), the factors to be considered shall include--
(A) whether the information derived from the encryption research was disseminated, and if
so, whether it was disseminated in a manner reasonably calculated to advance the state of
knowledge or development of encryption technology, versus whether it was disseminated in
a manner that facilitates infringement under this title or a violation of applicable law other
than this section, including a violation of privacy or breach of security;
(B) whether the person is engaged in a legitimate course of study, is employed, or is
appropriately trained or experienced, in the field of encryption technology; and
(C) whether the person provides the copyright owner of the work to which the technological
measure is applied with notice of the findings and documentation of the research, and the
time when such notice is provided.
(4) USE OF TECHNOLOGICAL MEANS FOR RESEARCH ACTIVITIES- Notwithstanding the
provisions of subsection (a)(2), it is not a violation of that subsection for a person to--
(A) develop and employ technological means to circumvent a technological measure for the
sole purpose of that person performing the acts of good faith encryption research described in
paragraph (2); and
(B) provide the technological means to another person with whom he or she is working
collaboratively for the purpose of conducting the acts of good faith encryption research
described in paragraph (2) or for the purpose of having that other person verify his or her acts
of good faith encryption research described in paragraph (2).
(5) REPORT TO CONGRESS- Not later than 1 year after the date of the enactment of this chapter, the
Register of Copyrights and the Assistant Secretary for Communications and Information of the Department of Commerce shall jointly report to the Congress on the effect this subsection has had on--
(A) encryption research and the development of encryption technology;
(B) the adequacy and effectiveness of technological measures designed to protect
copyrighted works; and
(C) protection of copyright owners against the unauthorized access to their encrypted
copyrighted works.
The report shall include legislative recommendations, if any.
It would be interesting to hear what effect on encryption research was actually reported.
Robin already posted one follow up, but I thought I'd add just a little more...
First of all, our site does in fact have
this tiny page
with a bit of a privacy policy, though it's focus is mostly about the use of a cookie to track the on-line ordering session. Unfortunately, our little web site suffers from dozens of usability issues. I recently purchased Jakob Nielson's book (the green and blue one) and I've got a giant list of things to improve about the web site. I just added a more complete privacy policy to the list. Of course, adding a better navigation system to the site is more important, since nobody can really find the tiny privacy policy page that already exists. Saddly, there's never enough time to do everything, and for at least the next couple months, improvements to the MP3 player firmware are the top priority. (also, the privacy policy isn't 100% accurate, as we do need to share the customer's info with the bank to process the charge, and with UPS or the USPS to ship the package, and we have no control over what they might do). It is also common practice for US banks to compile lists of spending habits of their card holders, which is completely out of our control.
We certainly wouldn't sell our customer list to a company like Digikey, Jameco, etc. That is mentioned on the tiny privacy/cookie policy page. We also never include images or java applets from other sites anywhere on our pages, which is the primary method that is used to track users' web browsing habits. I've never even considered using banner ads, even when it was widely believed they could generate revenue, mainly because I hate animated images. There is only one animation on the entire site, figure 14 on this page. I told myself it'd be a cold day in hell before I ever did an animation, but in this case it really is a valuable visualation of what happens, and I coded the java applet to pause if you click on it.
Since we sell circuit boards and special chips, mostly only interesting to hardware hackers, we attract quite a number of very sophisticated users. I've noticed that a small but not insignificant number have their own domain names AND appear to generate a custom email specifically for their order. Presumably they do this to see if we give the address to anyone else. Of course, we do not, but it's interesting to see these special addresses every now and then. I get about 4-5 spams daily (get rich quick, mortgage rates dropped, legal cable tv descrambler, sex pills, etc)... someday I ought to start doing those custom addresses to see who's selling the names.
"singularity" raises
a good point about being cautious of dealing with a merchant who will ship to a different address than the one on the credit card. Most merchants will do this, and there are two common cases. The most common is someone ordering with their personal credit card, where the card's address is their home, and the shipping address is their workplace, which isn't far away. The other common case is students, who have a card with an address at their home, but they need delivery to their campus. These are quite common and we've shipped many orders this way without any problems. Because these legitimate cases are so common, I think it's worth the extra effort (and risk) to allow them.
An AC posted (what looks like a bit of a troll) about the home billing address, college campus shipping address case. The truth is that these are very common cases and when it's the same name on the card, it's not in the least bit suspicious. When the billing name and shipping name are significantly different, or the addresses are in different countries, things aren't so clear. Every case is a judgement call, and even some cases with addresses in different countries are reasonable (customer has a friend in the US who will be visiting soon and will hand carry the item to avoid high customs/duty charge). I suppose you can't please everyone (like this AC), but we do try quite hard to strike a balance between good service (shipping quickly, often the same day) and avoiding fraudlent transactions (where the bank will issue a charge-back, causing us to lose the money and pay a significant fee).
Even though the bank will almost always get the merchant to cover any loss, they are still exposed to some risk if the merchant can't pay (can you say "failing dot com"?) or they can't make the merchant pay, perhaps because they're in another country. The banks and credit card processing companies do an excellent job of watching for fraud. I'm sure there are plenty of guys at the Direct Marketing Association for have dreams about a giant database of all card holder's purchasing history at their disposal, but today the banks have this data and they do a great job of using it to detect and prevent fraud without disclosing private information to the merchants.
Well, that's enough rambling on. I keep telling myself to cut back on my slashdot intake... and get back to work on the MP3 player code.
The Direct Marketing Association (study) makes an interesting point:
Since an "opt-in" approach reduces the amount of information available to sellers regarding the consumer's preferences, spending habits and typical behavior patterns, it hampers sellers' efforts to detect "unusual" purchases and alert the consumer to possible fraud.
Several months ago, we set up a tiny business and visa merchant account to do a bit of e-commerce from our little web site, and since then we've had a couple attempted fraudlent transactions. This is a brief story about what information we have available as a (tiny) merchant, with the current state of today's information sharing.
When we get a suspicious transaction, which usually means the shipping and billing addresses are very different, the first thing we do is stall. Normally we process the order in the afternoon when there's just enough time left to get to UPS or the post office (but since this is only a part-time effort, sometimes I'll do it at lunch time or some other window of opportunity... worst case in the next morning before work). For a suspicious order, stalling a day or two and then attempting to run the credit card almost always ends up in the card being declinded. Often times we'll get transfered to an operator who instructs us to hold the card (not give it back to the customer), but since we only do on-line orders and don't have a brick-n-morter store, that's not possible.
A couple months ago, we had a very interesting fraudlent transaction that didn't get declined. Robin immediately recognized that it was similar to another declined card from a few weeks prior, where the shipping address was to Indonesia and a billing address in the US, where the billing name was an anglo-sounding name, and the shipping name was the same last name, but an obviously eastern sounding first name. The order was placed on a Friday, so we waited and ran the card Sunday evening. We expected it to be declined, but it went through.
Now at this point, a giant database of all the spending habits of every card holder (or at least the one for this particular card) would be nice. I'm sure lots of people at the Direct Marketing Association dream of such a database, as is eluded to in section 1.B of the article, but the sad fact is that as a (very small) merchant, all we have is whatever information the customer typed into the form on our web site, and the phone number of our bank and credit card processing company (Nova in our case).
So, Robin called the bank, and not quite knowing exactly what to do, she said "I've got a transaction here that I'm not very comfortable with". They did the usual address verification, and the US address we received didn't match the card's billing address. The bank will never disclose the card holder's actual billing address... you only get "match", "partial match" or "no match". The operator did actually disclose that the zip code matched. They couldn't do much more, but they gave Robin the number of the bank that had issued the card.
Then Robin called the card holder's bank, and started a similar "I've got a questionable transaction here" conversation. They were really glad that we called... they really like it when merchants call if they see anything unusual. Again, the bank would not disclose any details to us about the card holder. They would not disclose any specific details about the card holder's purchase history. They did look into the history and warned us that the card holder had contested the charged from several internet-based purchases. The bank had the card holder's phone number on file. They would not give us the phone number, but they called the card holder for us and transfered us into the call. The woman wasn't home, but Robin got her answering machine and left a message with our number to call and confirm that she had actually placed an order with us.
By the next day we hadn't heard back, so we reversed the charge to the card and sent an email to the contact address that we could not process the order due to having the incorrect billing address, and that we would process it when we received a voice phone call.
As compelling as the Direct Marketing Association's arguement is, that a giant database of consumer spending habits would be useful in combatting fraud, the truth is that there is already a pretty good system in place that doesn't disclose almost any private information to merchants. The banks have this information, and they automatically monitor spending patterns on all credit cards and place a hold on cards that appear to be abused. Anyone who's made a few large purchases in a row has probably received a call from their bank to confirm. When a merchant has a questionable transaction, they can call their bank and ultimately the customer's bank. While the banks won't disclose virtually any private information about the customer, they are very helpful when it comes to detecting fraud. In almost every case, they manage to decline new transactions when there's been unusual spending patterns, and in the rare cases where the bank hasn't already placed a hold on the card, they are very helpful and effective without disclosing the card holder's private information.
Everybody knows that even reputable vendors won't really honor opt-out requests. Sure, they'll try, but they'll soon buy another list from someone else who didn't get the opt-out... or any one of dozens of lame excuses.
The only way opt-out will ever work is if there's a relatively easy way to make a complaint and collect a couple hundred dollars (a sum large enough that many people will file complaints).
At least the DMA has to fight this opt-in vs opt-out battle. When they win with opt-out, then the battle will be for no meaningful consequences for not honoring the opt-out request effectively.
Slashdot Mirror
Source Forge and linux.com are the first things that come to my mind, but I know there are many more.
A shutdown or down-sizing of sourceforge would deal quite a blow to many projects.
They classify each image according to a variety of criteria, including the size (pixels, not bytes), if it was from a different domain, if it sent cookies, and some other things I don't recall at the moment. They classify each image based on the number of criteria that are matched, and each image is either a web bug (red), warning (yellow), or not significant (or something like that). They don't document exactly what the criteria are, but it looks like they won't consider an image a web bug unless it's "tiny"... again, no specific documentation of what size an image must be to be considered tiny. The images on my site probably fall into the warning or non-issue categories.
It didn't go so far as to actually set up a machine (or virtual machine with vmware) and actually install windows, IE and their plugin.
In those first 20-30 minutes, when the vast majority of highly visible user posts were made, this very well may have been true. Slashdot's forums reward those who leap before they look, because by the time anybody could read the linked material, there's already a lot of posts.
Reading these posts, I think it's best to keep in mind that (the tiny fraction of slashdot's readership that posts messages) automatically assumes whatever the slashdot editor's commnets are true, largely because there isn't time to actually read the linked material (or do other research). There's a big difference between automatically assuming something is true, for the sole purpose of posting within the first 100 messages, than automatically believing it's true because it was posted by a slashdot editor.
It's important to remember that only a tiny fraction of slashdot's readership actually reads user comments and a very very tiny portion posts. You really can't draw any conclusions about slashdot's impact on its readership based on the comments posted by a tiny tiny minority (who have an incentive to post quickly and thus rashly).
It's easy to claim there's a lack of editorial control, but it's a fact that many major media sources print bogus information regularily. What many major newspapers don't regularily do is admit they were wrong, in at least as conspicious way as the original wrong information. Many never admit to anything, and those that do often place it where it's not easily seen.
Sure, it'd be nice if everything were so carefully reviewed that nothing was inaccurate or misleading, but given the choice between always correct and always honest, I'd rather read honesty every time!
(...I'm not claiming slashdot and/or it's editors are always honest... set your threshold to -1 on any story posted by Michael to read some -1 Trolls about a rather ugly little dispute between Michael and other members of the former censorware.org)
If you poke around in the html you'll see that the images are hosted at "www.inetarena.com/~pjrc", and of course my site is "www.pjrc.com". Saddly, this web bug thingy will probably tell you that I'm conspiring with inetarena.com to track you, when in fact they're just my ISP providing some server space for the images. There are not web bugs on my site.
I really ought to set up the image server with a domain name like images.pjrc.com. That costs extra (ISPs love to find things to charge for that don't cost anything)... but the cost isn't the primary concern. My little ISP has changed admins and they're not as stable as one might expect paying for frame relay service. I'll probably move to a new ISP soon, and that'll be a good time to set up a proper name for the image server.
The point is that it makes a lot of sense for a site to host bandwidth hogging files from a different server. In my case, it's to facilitate spending my creative energy in my free time on the site (didn't do much on it for a couple years without direct access to the server). I regularily poke around looking at people's html source, and I've seen several major sites use a different server for images, PDF files, etc. It's not an uncommon practice, and there's a lot of good reasons to do it other than tracking users. From what I can see, it looks like the folks at the Privacy Foundation aren't aware of this.
Now all I need is a TV. Too bad spammers don't hawk those!
... I'll really be able to make money fast, work from home with little or no experience, super-charge my sex drive with over-the-counter herbs, lose weight without diets or excersize, get super-low mortgage rates, and so on ...
Sure, complain that 1.0 is late, but the fact is that you can download nightly builds and regular milestones (and even CVS), so there's virtually no delay from the developer to the bleeding-edge or even somewhat adventurous user. A 1.0 delay is really just a delay in name game.
Some of Mozilla is currently dual-licensed, but saddly much of it is not. Is the dream of a GPL'd Mozilla dead??
The trick is to conclusively verify this hypothesis. Many of the world's best have tried and tried.
But often people will believe there is a causal relationship where porn, video games, movies, television shows, rock & roll music, paper-dice roll playing games (or any other entertainment form that the listener doesn't enjoy or understand) leads to actual violent acts.
Sex sells (when marketed well and not censored). I'd probably buy a game or two with more sex and less violence.
For example, Maxis would part $50 from my wallet for a adult-themes addon to the Sims! I suspect I'm not the only one.
All movements. Wow, there's obviously a lot of wisdom bottled up in this little sentence.
Now admittedly, that's 32 bits of 512 byte sectors, which works out to be two terrabytes... the 128 gig limit is due to ATA's definition of LBA being 28 bits, which is due to byte-wide registers for cylinder and sector but only a single nibble for the head, all of which got recycled for LBA, with a then unthinkable 128 gig limit!
Rumor has it (from Hale Landis, a pretty good source) that ATA/ATAPI-6 will allocate 48 bits (somehow?) for LBA numbers. It's gonna be pretty damn hard to fit those 48 bit LBA start and length numbers into the 32 bit wide slots of legacy MBR partition table.
Thus continues the saga of hard drive size barriers and the long PC legacy of kludge upon kludge, 512 megs (CHS bios call), 2 gig (fat16), 8 gigs (kludged CHS bios call), numerous bios bugs along the way... just when it seems like all that's behind us, >128 gig IDE drives will be upon us soon since you can already get SCSI larger than that, and someday two terrabytes hard limit within the partition table will also become an issue. Hopefully by then we'll all have fiber-to-the-home, so it'll be easier to fill up a couple terrabytes with mp3z, p0rn, DivXs, etc.
In an ideal world, one might expect that the PC industry could collectively plan ahead and make a smooth migration to new standardized formats long before the legacy ones how signs of obsolescence... Oh well.
Please please please moderate up post #141, which links to the paper by Matt Blaze that effectively killed the Clipper chip and the US government's key escrow plans. I wish I could have remembered it when I posted earlier.
It wasn't my intention to "get in the middle" of this ugly dispute, nor did I intend to re-ignite a flame war... I just read Seth's rant and wondered two things:
- Is the story true? It was obviously written with the passion of a flame-war and it seems unlikely that Mike Sims (or anyone) would intentionally take down a website like that. The overall tone of Seth's writing is so strongly antagonistic that it almost automatically discredits itself, or alternately anyone reading it would at least wonder if Seth or others did something to really offend Mike. I disagree that a sysadmin should never take a site down, but refusing to provide an archive of the materials seems pretty bad in my mind.
- Are all slashdot comments about Michael Sims's involvment with censorware.org automatically moderated to -1, which is effectively censorship? At first this seems almost unbelievable... but this thread has changed my view of slashdot's moderation system. I'm still not ready to leap to the conclusing that Mike is censoring unfavorable posts about himself, but my overall opinion of the likelyhood of censorship right here on slashdot has gone from "impossible" to "hmmm...."
Dear moderator (assuming you're not actually a slashdot editor), if you're about to click off-topic or troll, please take a moment to ask yourself if it might actually be a good idea to let some questions about the integrity of slashdot's moderation system to be allowed to see the light of day, instead of grouped together with the likes of first post, goat-whatever, name calling, etc.Likewise, dear reader, if this comment reaches -1, take a moment to ask yourself how likely that is, being posted a full four days after the article was on slashdot's main page. I post to slashdot maybe 2-3 times a week, and my earlier post was the second time I have ever been moderated down (the other was intended as a joke that I thought might be funny at the time, but it wasn't). I've been at the karma cap for a long time, and this post will start at +2, so it you see it at -1, that means it was three times moderated down, four days after the article was on the main page.
This thread has certainly raised some questions in my mind about slashdot's moderation and the possibility of abuse by slashdot staff. There's certainly not nearly enough evidence to reach a well reasoned conclusion the speech is being supressed/censored here, but I think asking the question is a valuable expression of free speech.
Well, at least that's how I remember this whole saga going down... though a few quick searches on google didn't turn up info about this. Did I just imagine it that way?
Every now and then I get a request from somewhere in the far East (can't recall which country they come from) for an "elevator control program". I usually just reply with "every bit of free material I have it already on the web". I get all sorts of crazy "this is my project, will you help by doing it all for me?" requests... but this elevator control program was getting to be a common theme. Well, eventually some guy made the request with a 4-slide powerpoint file attached. Fortunately, Robin uses windows so I was spared from having to reboot... and the PPT file turned out to be a class project assignment, complete with the grading requirements. A sure sign of an academic assignment is the arbitrary requirement for a flowchart, even when it doens't make a lot of sense to draw one. For a moment I considered making a web page with the PPT file converted to four gifs, sort of a FAQ. Sad as it is, we had a good laugh.
A couple years ago, I purchased several hundred CDRs at Fry's one night, and I got this attitude from the woman at the checkout counter... that I was mass copying music, software, etc.
I had recently put together a cdrom-based catalogue for the company where I work. I ended up doing it because I was the only guy who both had a cd writer (at home) and cared enough to put a bit of time into it.
Some company was supposed to duplicate the disc for us, but they dropped the ball. I never did find out if they couldn't do it or were just late.
There was a major trade show going on, and a few of our sales guys were going to head out to the show the next morning, and they need a big pile of cdroms to take with them.
The cleck at Fry's was a bit embarrased to learn that there actually are some legitimate uses for a big pile of CDRs.
Just because these magnets are now so widely used doesn't means that whomever did the R&D and ultimately "invented" them doesn't deserve a patent. There's a lot of bogus patents in the world, and IMHO, this probably isn't one of them.
I would think this will happen more or less automatically, if the other manufacturers are paying a $2 per 128 MB chip royalty for DDR (as mentioned in the article) and some other relatively high royalty for normal SDRAM.
Now in truth, many people who buy the product won't need tech support at all, but still, take a look at the price of computer hardware and ask yourself how many minutes of time you've paid for of that technician's time.
The fact of the matter is that the computer market is very competitive, and most consumers (home end-users) shop almost exclusively based on price, or at least getting a "good deal" is among the top concerns. Businesses are usually a bit wiser, taking into account the fact that it's expensive if things don't work, but again, price is still a major concern. Time and time again, better but more expensive has lost the battle against cheaper and "good enough"... at least in computers.
Just like everything else, you get what you pay for, and indeed in the computer business, very little is paid for tech support.
Unfortunately, a policy like this works both ways, and it would almost certainly chill the efforts of individuals to sue companies who've wronged them.
The DMCA goes much further than just to prohibit "devices". Here's a list of some other forbidden acts:
Of course, we all know there's supposed to be an exception for encryption research. At the risk of making this post entirely too long, here's the full text of the encryption research exception: It would be interesting to hear what effect on encryption research was actually reported.First of all, our site does in fact have this tiny page with a bit of a privacy policy, though it's focus is mostly about the use of a cookie to track the on-line ordering session. Unfortunately, our little web site suffers from dozens of usability issues. I recently purchased Jakob Nielson's book (the green and blue one) and I've got a giant list of things to improve about the web site. I just added a more complete privacy policy to the list. Of course, adding a better navigation system to the site is more important, since nobody can really find the tiny privacy policy page that already exists. Saddly, there's never enough time to do everything, and for at least the next couple months, improvements to the MP3 player firmware are the top priority. (also, the privacy policy isn't 100% accurate, as we do need to share the customer's info with the bank to process the charge, and with UPS or the USPS to ship the package, and we have no control over what they might do). It is also common practice for US banks to compile lists of spending habits of their card holders, which is completely out of our control.
We certainly wouldn't sell our customer list to a company like Digikey, Jameco, etc. That is mentioned on the tiny privacy/cookie policy page. We also never include images or java applets from other sites anywhere on our pages, which is the primary method that is used to track users' web browsing habits. I've never even considered using banner ads, even when it was widely believed they could generate revenue, mainly because I hate animated images. There is only one animation on the entire site, figure 14 on this page. I told myself it'd be a cold day in hell before I ever did an animation, but in this case it really is a valuable visualation of what happens, and I coded the java applet to pause if you click on it.
Since we sell circuit boards and special chips, mostly only interesting to hardware hackers, we attract quite a number of very sophisticated users. I've noticed that a small but not insignificant number have their own domain names AND appear to generate a custom email specifically for their order. Presumably they do this to see if we give the address to anyone else. Of course, we do not, but it's interesting to see these special addresses every now and then. I get about 4-5 spams daily (get rich quick, mortgage rates dropped, legal cable tv descrambler, sex pills, etc)... someday I ought to start doing those custom addresses to see who's selling the names.
"singularity" raises a good point about being cautious of dealing with a merchant who will ship to a different address than the one on the credit card. Most merchants will do this, and there are two common cases. The most common is someone ordering with their personal credit card, where the card's address is their home, and the shipping address is their workplace, which isn't far away. The other common case is students, who have a card with an address at their home, but they need delivery to their campus. These are quite common and we've shipped many orders this way without any problems. Because these legitimate cases are so common, I think it's worth the extra effort (and risk) to allow them.
An AC posted (what looks like a bit of a troll) about the home billing address, college campus shipping address case. The truth is that these are very common cases and when it's the same name on the card, it's not in the least bit suspicious. When the billing name and shipping name are significantly different, or the addresses are in different countries, things aren't so clear. Every case is a judgement call, and even some cases with addresses in different countries are reasonable (customer has a friend in the US who will be visiting soon and will hand carry the item to avoid high customs/duty charge). I suppose you can't please everyone (like this AC), but we do try quite hard to strike a balance between good service (shipping quickly, often the same day) and avoiding fraudlent transactions (where the bank will issue a charge-back, causing us to lose the money and pay a significant fee).
Even though the bank will almost always get the merchant to cover any loss, they are still exposed to some risk if the merchant can't pay (can you say "failing dot com"?) or they can't make the merchant pay, perhaps because they're in another country. The banks and credit card processing companies do an excellent job of watching for fraud. I'm sure there are plenty of guys at the Direct Marketing Association for have dreams about a giant database of all card holder's purchasing history at their disposal, but today the banks have this data and they do a great job of using it to detect and prevent fraud without disclosing private information to the merchants.
Well, that's enough rambling on. I keep telling myself to cut back on my slashdot intake... and get back to work on the MP3 player code.
Several months ago, we set up a tiny business and visa merchant account to do a bit of e-commerce from our little web site, and since then we've had a couple attempted fraudlent transactions. This is a brief story about what information we have available as a (tiny) merchant, with the current state of today's information sharing.
When we get a suspicious transaction, which usually means the shipping and billing addresses are very different, the first thing we do is stall. Normally we process the order in the afternoon when there's just enough time left to get to UPS or the post office (but since this is only a part-time effort, sometimes I'll do it at lunch time or some other window of opportunity... worst case in the next morning before work). For a suspicious order, stalling a day or two and then attempting to run the credit card almost always ends up in the card being declinded. Often times we'll get transfered to an operator who instructs us to hold the card (not give it back to the customer), but since we only do on-line orders and don't have a brick-n-morter store, that's not possible.
A couple months ago, we had a very interesting fraudlent transaction that didn't get declined. Robin immediately recognized that it was similar to another declined card from a few weeks prior, where the shipping address was to Indonesia and a billing address in the US, where the billing name was an anglo-sounding name, and the shipping name was the same last name, but an obviously eastern sounding first name. The order was placed on a Friday, so we waited and ran the card Sunday evening. We expected it to be declined, but it went through.
Now at this point, a giant database of all the spending habits of every card holder (or at least the one for this particular card) would be nice. I'm sure lots of people at the Direct Marketing Association dream of such a database, as is eluded to in section 1.B of the article, but the sad fact is that as a (very small) merchant, all we have is whatever information the customer typed into the form on our web site, and the phone number of our bank and credit card processing company (Nova in our case).
So, Robin called the bank, and not quite knowing exactly what to do, she said "I've got a transaction here that I'm not very comfortable with". They did the usual address verification, and the US address we received didn't match the card's billing address. The bank will never disclose the card holder's actual billing address... you only get "match", "partial match" or "no match". The operator did actually disclose that the zip code matched. They couldn't do much more, but they gave Robin the number of the bank that had issued the card.
Then Robin called the card holder's bank, and started a similar "I've got a questionable transaction here" conversation. They were really glad that we called... they really like it when merchants call if they see anything unusual. Again, the bank would not disclose any details to us about the card holder. They would not disclose any specific details about the card holder's purchase history. They did look into the history and warned us that the card holder had contested the charged from several internet-based purchases. The bank had the card holder's phone number on file. They would not give us the phone number, but they called the card holder for us and transfered us into the call. The woman wasn't home, but Robin got her answering machine and left a message with our number to call and confirm that she had actually placed an order with us.
By the next day we hadn't heard back, so we reversed the charge to the card and sent an email to the contact address that we could not process the order due to having the incorrect billing address, and that we would process it when we received a voice phone call.
As compelling as the Direct Marketing Association's arguement is, that a giant database of consumer spending habits would be useful in combatting fraud, the truth is that there is already a pretty good system in place that doesn't disclose almost any private information to merchants. The banks have this information, and they automatically monitor spending patterns on all credit cards and place a hold on cards that appear to be abused. Anyone who's made a few large purchases in a row has probably received a call from their bank to confirm. When a merchant has a questionable transaction, they can call their bank and ultimately the customer's bank. While the banks won't disclose virtually any private information about the customer, they are very helpful when it comes to detecting fraud. In almost every case, they manage to decline new transactions when there's been unusual spending patterns, and in the rare cases where the bank hasn't already placed a hold on the card, they are very helpful and effective without disclosing the card holder's private information.
The only way opt-out will ever work is if there's a relatively easy way to make a complaint and collect a couple hundred dollars (a sum large enough that many people will file complaints).
At least the DMA has to fight this opt-in vs opt-out battle. When they win with opt-out, then the battle will be for no meaningful consequences for not honoring the opt-out request effectively.
It was hard to believe the DOS world would ever catch up to the all-graphical interface of the Macintosh.
OSX is going to need to be pretty damn compelling to displace inferior but "good enough" solutions that cost less.