This program, which is intended to prevent people from getting into your computer, will happily ignore all cracking that takes place through the same loopholes as this so-called Magic Lantern.
It certainly raises the possibility... but if McAfee is competant, it's only a small one. Magic Lantern is probably going to log information passively, and maybe send it to fbi.gov . It's not going to open up ports with shells attached to them. It's not going to propagate itself. It's not going to mail passwords to leet@haxors.ru . It's basically not going to do anything that a self-respecting malware author wants.
So sure, maybe you could write Amazing Lightbulb, that McAfee can't distinguish from Magic Lantern. But it probably couldn't do anything interesting, because if it tried, McAfee would know it isn't Magic Lantern.
(Ultimately, of course, malware versus anti-malware is an arms race, and a sufficiently clever hack can no doubt evade McAfee. Possibly, Magic Lantern code in McAfee might make it marginally easier; but anyone who's smart enough to evade McAfee can probably do it either way. And in a week or three, McAfee will issue an update, and the next round will begin.)
FWIW, my take is that if court-authorized spyware warrants get the FBI to relax their anti-encryption stance, they're probably a good thing.
The main reason is that Mozilla makes pretty heavy use of pthreads, and
pthreads don't exactly fly on Linux.
In your own words, nice try. pthreads on Linux have their problems, but
entirely implausible that mozilla bottlenecks on thread creation. From what
I can see (strace seems to fall down:-/ ), mozilla (0.9.5 linux) may create
a thread or two for some "big" operations like opening a window or loading a
page, but not for typical UI operations. And there's no way that the
creation of a few threads accounts for the painful slowness of the "big"
operations.
I don't know the specific answer (one friend who dabbled in mozilla
debugging told me the performance problems "defy explanation"), but it
doesn't take much staring at top to see that the main thread sucks CPU hard
when you perform any UI operations. So I suspect that the the unix front
end is just not as well tuned as the Windows front end (which jives with
what I've heard about the priorities of Netscape employees). It's also
worth noting that the Netscape 4 unix front end was designed by legendary
hacker Jamie Zawinski:-)
Take a look at your typical consumer laptop. About a foot by a foot by an
inch or two: a rectangular prism, to a close approximation. Sure, some are
more rounded than others (think iBook), but it's still a fundamentally
square shape.
Now, think about how often you've damaged a laptop in minor accidents. Even
in a case, a short fall is likely to require a trip to the shop. The
durability on these things is hardly industrial grade.
Ok, I'm going to try you on this. Reason is, I've written fairly serious server code in Java, and didn't use many "application server" facilities, because I didn't see the advantage.
Container managed persistance
Far as I can tell, this saves you writing some trivial SQL statements. Plus, as soon as you have any interesting data (ie, not just one row in a table) or performance needs (this is backed up by benchmarks by an experienced app-server user), container manager persistence is impractical anyway, so you have to learn how to do it yourself.
transactional support
Unless you have some exotic need, a transactional data store is the beginning and the end of the solution.
message queues
Easily implemented over an SQL database (I wrote some pseudo-code, but it's too hard to format in slashdot).
naming and lookup services
I know Java has some facilities for this, but what do they do that's not easy with LDAP or similar?
Integration with existing business objects and processes?
You'd be surprised how many of these are already in Perl.:-) That aside, most of this means accessing an SQL database. I mean, sure, Java will integrate better with a Java shop and other Java software, if that's important.
Now that is proper requirements management, unusual in most open source projects.
The difference between the cathedral and the bazarre is not the presence or absence of project management. This is one of the most misguided readings of Raymond's paper, as he himself makes clear.
What "The Cathedral and the Bazarre" argues (and this is frankly no great insight on Raymond's part) is that good project management doesn't require formal rules, processes, and bureaucracy. Ideally, it is based on talented leadership, shared vision, and a spirit of collaboration. This strategy is not fool-proof, of course, and is perhaps riskier than traditional management. But when it works, it demonstrably produces amazing results.
Maybe this can't work for mozilla. It wouldn't be all that shocking, since mozilla is different from most free software projects: large, built on a traditionally proprietary codebase, run largely by a major corporation. But that's no reason to slam all the projects for which it does work.
The two methods are always combined to a degree, of course. But they are not entirely compatible, so you can't just say "let's do both". Bureaucracy diminishes the importance of a leader, subjugates vision to process, and dampens enthusiasm. So I'll take bazaar management any day.
There is a reason Solaris, NT, and all RTOS are preemptible inside the kernel: it is the only way to achieve real-time response.
I thought that what (certain) kernel hackers really objected to is preemption while locks are held. The complications (eg priority inversion) they talked about seem only to arise in that case.
So, first, does "fully-preemtive" traditionally mean with or without locks? Are Solaris, NT, and RTOS preemtible when locks are held?
Second, observed results aside, what reason do you have to believe that preempting the lock-less parts of the kernel is "good enough". All else equal, one would expect the latency distribution to be similar with and without locks, so you would expect plenty of "worst cases" to occur with locks. Of course, there is already a pressure to reduce the time that critical locks are held, but I wouldn't be surprised to see non-contended locks (especially outside the kernel core) held for long times. So is there a good reason that the important "worst cases" are happen without locks?
If you want to be "J2EE certified" you cannot distribute the source.
Ok, that makes sense. But then Lutris could distribute an uncertified free version of their product, in parallel with a certified non-free edition of the exact some bits (minus source). (They would need to get a special agreement from external contributers, but that can be arranged.)
JBoss has a "clean room" implementation of the Sun J2EE API classes.
Good.
However, there some jars that are not part of the J2EE platform (at least not yet) that are licensed using the standard Sun Binary License
Huh? If they're not part of J2EE, why does JBoss need or want them? What do they do? Can you run JBoss without them? (Ie, is the core of JBoss entirely free?)
Plenty of free software implements proprietary standards (Mesa, Lesstif, all the *nix utilities in GNU, really). This has typically not been a legal problem, so I don't understand why implementing J2EE might be a legal problem. Perhaps someone can enlighten me.
My understanding is that J2EE comes from Sun in basicall three parts: specification and other documentation in natural language; the Java API; and a sample implementation. I think these parts are fairly distinct. I want to know which of these is the "problem".
Obviously, every implementor must make use of the documentation. Normally, this does not taint an implementation, but Lutris claims that "reading the specification for J2EE forces the reader to agree to the SCSL". The J2EE specification license I can find doesn't say that. Though it is fairly restrictive, it doesn't seem to prohibit a free implementation. So is the specification a problem or not?
The JBoss response says that JBoss uses "seven jars" from Sun. I'm guessing these jars define the API, ie, they consist entirely of interfaces, abstract classes, and (maybe) trivial classes. Is this necessary? Most free implementations of proprietary API's include their own header files as free software. Does Sun claim a copyright on the API itself? What is the legal status of such claims, since there is basically only one way to express an API? Or did JBoss simply choose not to write their own versions?
Finally, does Enterprise Enhydra use essentially the same Sun classes as JBoss, or do they borrow some of the sample implementation as well? Do they claim that their commercial nature, or some pre-existing agreement with Sun, makes their situation different?
Thanks if you can untangle this.
Re:Mozilla 0.9.5 is getting better and better
on
Mozilla 0.9.5
·
· Score: 2
Plus, I don't have to keep mozilla running all the time.
Yes you do, it's just not showing any windows.
LWN deserves to live
on
LWN in Trouble
·
· Score: 5, Insightful
LWN is in the narrow category of truly worthwhile things. Good selection of topics, nice organization and length, lucid writing, thoughtful opinions, attention to detail, good taste, and deep knowledge of, and clear passion for, the subject. These qualities are attributable to the awesome people involved; they are not commodity parts. LWN is not replaceable.
They indicate that the problem is funding the staff, not hosting the site. If new sponsorship can't be found, I think we need to find out how much effort the staff can affort to spend on a volunteer basis, and then look for ways to spread out their talents. See if we can find a way for the community to provide some of the raw material, legwork, and editing, with Liz and Jon providing coaching and putting the pieces together.
For starters, there is a great quantity of raw material in the comments on slashdot. A lot of the high-rated posts are really good stuff, even if they're not polished. Many of them could be turned into stories with some revision, fact-checking, and proofing. Perhaps slashdot or a parallel system could even provide the infrastructure for doing revisions of high-quality comments.
I don't have the time or imagination to come up with a full solution now, but I really think there is some promise along these lines.
2 things folks don't understand about Linus
on
Torvalds Tells All
·
· Score: 3, Insightful
Linux is his hobby. He just wants to make something cool and have fun with it. That's the whole agenda. Linux is not about competion for Linus--and, please, "world domination" is a joke! As others have put it, "Chase the dream, not the competition".
He only really cares about the kernel. When he says "Linux", he's usually not talking about the whole system the way most of us are. You say, "well, the only point of the kernel is to serve as the foundation for the rest of the system"; but that's not the way Linus et al think. They mostly want to build a beautiful kernel. Ask a glibc developer if you doubt this. (They'll say Linus doesn't give a flying fig about user-space, which is an exaggeration, but....)
None of this should be a revelation. Read what Linus has said during any of the last ten years.
I log into my home machine (via ssh) from work, mostly to read my mail with mutt. I usually have no problems during the day, but in the evening, the latency often gets really bad--like a second or five to show the next message. Occasionally, the connection dies. But it's intermittant.
I don't know much about how to diagnose the problem, but my net connection at work is fine, and I don't notice anything funny when I list connections with netstat or watch total traffic with/proc/net/dev. So I assume it's just overloading of my provider's network.
My situation may be anomalous because I care more about outbound traffic, which is more limited with cable. I've never noticed any problem at home--but then again, I don't usually use my computer at home in the evening, and when I do it's web browsing rather than interactive remote logins.
My service is AT&T Broadband (formerly MediaOne) in 02140.
[ You should reply to my message, not your own, if you want me to notice. ]
not only do somehow twist my statement into insult EVERY unix user
I'm sure there are unix users who avoid modal applications, but the common unix experience is highly modal. And this is not an insult.
but you also get that moronic leap of logic modded up
Uh, no. I got my other moronic leaps of logic modded up, so my score starts at 2.
And you even throw a couple insults my way also. Bravo!
-bows-
(You made a glib criticism, so I took the liberty of calling you a funny name. Welcome to slashdot.)
Modes are bad. Very bad. I'll even give you an example.
Your example had nothing to do with modes. You didn't show that modes are bad in general or that vi is bad in particular. Try this on: in every browser I've seen, the navigation keys behave differently if you're in a text box (they move in the text box, not the page). This is a mode. Is it bad?
I would give my left foot for a vim-like mode in mozilla.
You send me your left foot and I'll make Mozilla support a vim-like mode.
I am such a klutz! I meant to type "left food". I have some pasta here I can't finish (with fra diavolo sauce, which should be appealing if you are who you suggest). Let me know where I can send it. I'll give you half as an advance, and put the rest in the freezer until you finish.
It would be strange if pagedown worked in a textbox
Ok, but now you seem to be acknowledging that even "normal" users (presumably, pagedown is among the more egalitarian keys) can cope with a keyboard command having different meanings in page focus and inputbox focus. Your original point seemed to be that this is too confusing for novices and must be avoided. I guess you were referring only to menu accelerators; but in that case, you shouldn't be to concerned about vim mode, because almost all of the single-key commands would be navigation commands (like pagedown).
And FWIW, I would be in favor of pagedown scrolling the page in single-line textboxes, since it can't have any other meaning.
Poorly chosen modes can be terrible, and modes in general tend to cause difficulty for beginners. But only a brainwashed UI weenie would say "modes are bad". Do you really think that all of the hackers who find unix and vi to be the most productive work environment are masochists?
If Mozilla used single-letter keyboard shortcuts, users would find themselves stuck whenever they went to a search engine's front page.
I wouldn't force anyone to use single-letter shortcuts. vim controls are for experts, obviously.
Anyway, mozilla doesn't work the way you want now. When I go to a search engine, neither the PageDown nor the Ctrl-W keys "work". (This is 0.9.4 on linux. In the unix tradition, Ctrl-W means erase the last word, and mozilla respects this.) But it's hard to tell bugs from features in mozilla. . . .
It's not just that keyboard controls are good on general principles; it's also the ridiculous extent to which browsers neglect them. Do you realize that when the focus is in the page (> 90% of the time), almost every single keypress does absolutely nothing? What a waste!
I would give my left foot for a vim-like mode in mozilla. Flexible and powerful navigation, visual selection, one-key incremental regex searches, marks and jumps, macros. Some modifications would be necessary for a browser environment, but I think most of the endearing non-editing properties of vim could be carried over.
Can anyone give me any hint to what started people writing Perl as "PERL"? Ok, it is an acronym (more than one, actually), but every single piece of documentation, and every official reference, says "Perl" for the language (and "perl" for the program). Yet people must have copied it from somewhere, for who would choose to hang on to that tedious shift key longer than absolutely necessary? My only theory is that they were mislead by the practice of writing book titles in all caps, but this would suggest that there is a critical mass of simpletons who have seen the cover of these books but never dared to peek inside.
Now, I even see people write "JAVA", and that's not even an acronym! Though I suppose one might infer that it's Just Another....
Would those in attendance mind helping me by gently informing the users of this barbarism that "You sound like a freaking ignoramus!"? While I've got you, could you do the same for (stop here if you have a weak stomache and an appreciation for language) virii.
I could easily encode a message into an image, and NOBODY could detect that one was there, even through careful examination.
You are so wrong. This is just like encryption: Intuitively, everyone thinks it is easy to scramble information, but eventually, cryptanalysis got sophisticated, and we learned that only mathematically sophisticated, rigorously reviewed cryptography has a chance at being safe. Similarly, amateur steganography schemes are probably worthless.
-go through the image in a certain direction, and change each pixel value by 1 to encode a binary "1", or leave it alone to encode a binary "0".
Of course the method you describe isn't detectable to the naked eye. But it would be trivial to detect it statistically. Just look at the gradients in adjacent pixels. In you image, they will be jumpier than in a normal image. Go check out stegdetect to see some of their techniques and results.
It's called "user-centered system design" for a reason.... you have a set of designs that engineers work towards implementing.
All software is made of many layers, and there are different concepts at each layer. The highest layer deals in concepts that are exposed to the user, and should be designed in a "user-centered" way. The other layers, by and large, deal in concepts that the user shouldn't have to think about, so their design should be based mostly on engineering considerations.
The notion that every layer of design needs to be "user-centered" is a gross distortion that harms software development. It would enormously complicate the design of the lower-level functionality, impeding the development of clean, simple layers that can be used by a variety of applications (some unforseen). I think there are enough examples to make this obvious.
By your standard, it seems we should criticize CPU designers for not considering the end-user. This is the same fallacy that leads people to say foolish things like, "You can't build a beginner-friendly interface on top of Unix".
I have seen de Icaza discuss GNOME in exactly the same way
Well, even though GNOME overall is a user desktop, large parts of it are not at the user-facing level, so it is entirely appropriate for Miguel to talk about those parts of GNOME from an engineering viewpoint. Hopefully, though, other people in GNOME think more about the user-facing parts.:-)
Presumably, any key escrow system would allow for verification that a message was encrypted using an escrowed key, without actually retrieving the key or decrypting the message
Just re-encrypt the illegally encrypted data. No way to find out that the contents are unreadable without actually decrypting it. Thus the only way to spot verbotten encryption is to decrypt everything.
Oops, you're right. So the situation isn't quite as bad as I thought (since routine decryption would be a hard sell for the government).
Slashdot Mirror
It certainly raises the possibility ... but if McAfee is competant, it's only a small one. Magic Lantern is probably going to log information passively, and maybe send it to fbi.gov . It's not going to open up ports with shells attached to them. It's not going to propagate itself. It's not going to mail passwords to leet@haxors.ru . It's basically not going to do anything that a self-respecting malware author wants.
So sure, maybe you could write Amazing Lightbulb, that McAfee can't distinguish from Magic Lantern. But it probably couldn't do anything interesting, because if it tried, McAfee would know it isn't Magic Lantern.
(Ultimately, of course, malware versus anti-malware is an arms race, and a sufficiently clever hack can no doubt evade McAfee. Possibly, Magic Lantern code in McAfee might make it marginally easier; but anyone who's smart enough to evade McAfee can probably do it either way. And in a week or three, McAfee will issue an update, and the next round will begin.)
FWIW, my take is that if court-authorized spyware warrants get the FBI to relax their anti-encryption stance, they're probably a good thing.
In your own words, nice try. pthreads on Linux have their problems, but entirely implausible that mozilla bottlenecks on thread creation. From what I can see (strace seems to fall down :-/ ), mozilla (0.9.5 linux) may create
a thread or two for some "big" operations like opening a window or loading a
page, but not for typical UI operations. And there's no way that the
creation of a few threads accounts for the painful slowness of the "big"
operations.
I don't know the specific answer (one friend who dabbled in mozilla debugging told me the performance problems "defy explanation"), but it doesn't take much staring at top to see that the main thread sucks CPU hard when you perform any UI operations. So I suspect that the the unix front end is just not as well tuned as the Windows front end (which jives with what I've heard about the priorities of Netscape employees). It's also worth noting that the Netscape 4 unix front end was designed by legendary hacker Jamie Zawinski :-)
Don't be ashamed, Chris! We're quite used--indeed endeared--to the editors' barely intelligible brand of English. For Taco, that would be a good post.
Oh, you meant the quoted part ...
Now, think about how often you've damaged a laptop in minor accidents. Even in a case, a short fall is likely to require a trip to the shop. The durability on these things is hardly industrial grade.
Rolling one is just asking for trouble.
I damn sure hope the people who keep modding these up aren't the same people who complain about CowboyNeal in the polls.
Mozilla deliberately broke (MHO) history in 0.9.5. See bug 101832. Might be what you're seeing.
Ok, I'm going to try you on this. Reason is, I've written fairly serious server code in Java, and didn't use many "application server" facilities, because I didn't see the advantage.
Container managed persistance
Far as I can tell, this saves you writing some trivial SQL statements. Plus, as soon as you have any interesting data (ie, not just one row in a table) or performance needs (this is backed up by benchmarks by an experienced app-server user), container manager persistence is impractical anyway, so you have to learn how to do it yourself.
transactional support
Unless you have some exotic need, a transactional data store is the beginning and the end of the solution.
message queues
Easily implemented over an SQL database (I wrote some pseudo-code, but it's too hard to format in slashdot).
naming and lookup services
I know Java has some facilities for this, but what do they do that's not easy with LDAP or similar?
Integration with existing business objects and processes?
You'd be surprised how many of these are already in Perl. :-) That aside, most of this means accessing an SQL database. I mean, sure, Java will integrate better with a Java shop and other Java software, if that's important.
They pulled off clustering
Pretty easy with a remote data store.
The difference between the cathedral and the bazarre is not the presence or absence of project management. This is one of the most misguided readings of Raymond's paper, as he himself makes clear.
What "The Cathedral and the Bazarre" argues (and this is frankly no great insight on Raymond's part) is that good project management doesn't require formal rules, processes, and bureaucracy. Ideally, it is based on talented leadership, shared vision, and a spirit of collaboration. This strategy is not fool-proof, of course, and is perhaps riskier than traditional management. But when it works, it demonstrably produces amazing results.
Maybe this can't work for mozilla. It wouldn't be all that shocking, since mozilla is different from most free software projects: large, built on a traditionally proprietary codebase, run largely by a major corporation. But that's no reason to slam all the projects for which it does work.
The two methods are always combined to a degree, of course. But they are not entirely compatible, so you can't just say "let's do both". Bureaucracy diminishes the importance of a leader, subjugates vision to process, and dampens enthusiasm. So I'll take bazaar management any day.
I thought that what (certain) kernel hackers really objected to is preemption while locks are held. The complications (eg priority inversion) they talked about seem only to arise in that case.
So, first, does "fully-preemtive" traditionally mean with or without locks? Are Solaris, NT, and RTOS preemtible when locks are held?
Second, observed results aside, what reason do you have to believe that preempting the lock-less parts of the kernel is "good enough". All else equal, one would expect the latency distribution to be similar with and without locks, so you would expect plenty of "worst cases" to occur with locks. Of course, there is already a pressure to reduce the time that critical locks are held, but I wouldn't be surprised to see non-contended locks (especially outside the kernel core) held for long times. So is there a good reason that the important "worst cases" are happen without locks?
IANAKH.
Ok, that makes sense. But then Lutris could distribute an uncertified free version of their product, in parallel with a certified non-free edition of the exact some bits (minus source). (They would need to get a special agreement from external contributers, but that can be arranged.)
JBoss has a "clean room" implementation of the Sun J2EE API classes.
Good.
However, there some jars that are not part of the J2EE platform (at least not yet) that are licensed using the standard Sun Binary License
Huh? If they're not part of J2EE, why does JBoss need or want them? What do they do? Can you run JBoss without them? (Ie, is the core of JBoss entirely free?)
My understanding is that J2EE comes from Sun in basicall three parts: specification and other documentation in natural language; the Java API; and a sample implementation. I think these parts are fairly distinct. I want to know which of these is the "problem".
Obviously, every implementor must make use of the documentation. Normally, this does not taint an implementation, but Lutris claims that "reading the specification for J2EE forces the reader to agree to the SCSL". The J2EE specification license I can find doesn't say that. Though it is fairly restrictive, it doesn't seem to prohibit a free implementation. So is the specification a problem or not?
The JBoss response says that JBoss uses "seven jars" from Sun. I'm guessing these jars define the API, ie, they consist entirely of interfaces, abstract classes, and (maybe) trivial classes. Is this necessary? Most free implementations of proprietary API's include their own header files as free software. Does Sun claim a copyright on the API itself? What is the legal status of such claims, since there is basically only one way to express an API? Or did JBoss simply choose not to write their own versions?
Finally, does Enterprise Enhydra use essentially the same Sun classes as JBoss, or do they borrow some of the sample implementation as well? Do they claim that their commercial nature, or some pre-existing agreement with Sun, makes their situation different?
Thanks if you can untangle this.
Yes you do, it's just not showing any windows.
They indicate that the problem is funding the staff, not hosting the site. If new sponsorship can't be found, I think we need to find out how much effort the staff can affort to spend on a volunteer basis, and then look for ways to spread out their talents. See if we can find a way for the community to provide some of the raw material, legwork, and editing, with Liz and Jon providing coaching and putting the pieces together.
For starters, there is a great quantity of raw material in the comments on slashdot. A lot of the high-rated posts are really good stuff, even if they're not polished. Many of them could be turned into stories with some revision, fact-checking, and proofing. Perhaps slashdot or a parallel system could even provide the infrastructure for doing revisions of high-quality comments.
I don't have the time or imagination to come up with a full solution now, but I really think there is some promise along these lines.
He just wants to make something cool and have fun with it. That's the whole agenda. Linux is not about competion for Linus--and, please, "world domination" is a joke! As others have put it, "Chase the dream, not the competition".
When he says "Linux", he's usually not talking about the whole system the way most of us are. You say, "well, the only point of the kernel is to serve as the foundation for the rest of the system"; but that's not the way Linus et al think. They mostly want to build a beautiful kernel. Ask a glibc developer if you doubt this. (They'll say Linus doesn't give a flying fig about user-space, which is an exaggeration, but....)
None of this should be a revelation. Read what Linus has said during any of the last ten years.
I don't know much about how to diagnose the problem, but my net connection at work is fine, and I don't notice anything funny when I list connections with netstat or watch total traffic with /proc/net/dev. So I assume it's just overloading of my provider's network.
My situation may be anomalous because I care more about outbound traffic, which is more limited with cable. I've never noticed any problem at home--but then again, I don't usually use my computer at home in the evening, and when I do it's web browsing rather than interactive remote logins.
My service is AT&T Broadband (formerly MediaOne) in 02140.
not only do somehow twist my statement into insult EVERY unix user
I'm sure there are unix users who avoid modal applications, but the common unix experience is highly modal. And this is not an insult.
but you also get that moronic leap of logic modded up
Uh, no. I got my other moronic leaps of logic modded up, so my score starts at 2.
And you even throw a couple insults my way also. Bravo!
-bows-
(You made a glib criticism, so I took the liberty of calling you a funny name. Welcome to slashdot.)
Modes are bad. Very bad. I'll even give you an example.
Your example had nothing to do with modes. You didn't show that modes are bad in general or that vi is bad in particular. Try this on: in every browser I've seen, the navigation keys behave differently if you're in a text box (they move in the text box, not the page). This is a mode. Is it bad?
You send me your left foot and I'll make Mozilla support a vim-like mode.
I am such a klutz! I meant to type "left food". I have some pasta here I can't finish (with fra diavolo sauce, which should be appealing if you are who you suggest). Let me know where I can send it. I'll give you half as an advance, and put the rest in the freezer until you finish.
Ok, but now you seem to be acknowledging that even "normal" users (presumably, pagedown is among the more egalitarian keys) can cope with a keyboard command having different meanings in page focus and inputbox focus. Your original point seemed to be that this is too confusing for novices and must be avoided. I guess you were referring only to menu accelerators; but in that case, you shouldn't be to concerned about vim mode, because almost all of the single-key commands would be navigation commands (like pagedown).
And FWIW, I would be in favor of pagedown scrolling the page in single-line textboxes, since it can't have any other meaning.
Poorly chosen modes can be terrible, and modes in general tend to cause difficulty for beginners. But only a brainwashed UI weenie would say "modes are bad". Do you really think that all of the hackers who find unix and vi to be the most productive work environment are masochists?
I wouldn't force anyone to use single-letter shortcuts. vim controls are for experts, obviously.
Anyway, mozilla doesn't work the way you want now. When I go to a search engine, neither the PageDown nor the Ctrl-W keys "work". (This is 0.9.4 on linux. In the unix tradition, Ctrl-W means erase the last word, and mozilla respects this.) But it's hard to tell bugs from features in mozilla. . . .
It's not just that keyboard controls are good on general principles; it's also the ridiculous extent to which browsers neglect them. Do you realize that when the focus is in the page (> 90% of the time), almost every single keypress does absolutely nothing? What a waste!
I would give my left foot for a vim-like mode in mozilla. Flexible and powerful navigation, visual selection, one-key incremental regex searches, marks and jumps, macros. Some modifications would be necessary for a browser environment, but I think most of the endearing non-editing properties of vim could be carried over.
So, anyone want to write this?
Now, I even see people write "JAVA", and that's not even an acronym! Though I suppose one might infer that it's Just Another ....
Would those in attendance mind helping me by gently informing the users of this barbarism that "You sound like a freaking ignoramus!"? While I've got you, could you do the same for (stop here if you have a weak stomache and an appreciation for language) virii.
You are so wrong. This is just like encryption: Intuitively, everyone thinks it is easy to scramble information, but eventually, cryptanalysis got sophisticated, and we learned that only mathematically sophisticated, rigorously reviewed cryptography has a chance at being safe. Similarly, amateur steganography schemes are probably worthless.
-go through the image in a certain direction, and change each pixel value by 1 to encode a binary "1", or leave it alone to encode a binary "0".
Of course the method you describe isn't detectable to the naked eye. But it would be trivial to detect it statistically. Just look at the gradients in adjacent pixels. In you image, they will be jumpier than in a normal image. Go check out stegdetect to see some of their techniques and results.
All software is made of many layers, and there are different concepts at each layer. The highest layer deals in concepts that are exposed to the user, and should be designed in a "user-centered" way. The other layers, by and large, deal in concepts that the user shouldn't have to think about, so their design should be based mostly on engineering considerations.
The notion that every layer of design needs to be "user-centered" is a gross distortion that harms software development. It would enormously complicate the design of the lower-level functionality, impeding the development of clean, simple layers that can be used by a variety of applications (some unforseen). I think there are enough examples to make this obvious.
By your standard, it seems we should criticize CPU designers for not considering the end-user. This is the same fallacy that leads people to say foolish things like, "You can't build a beginner-friendly interface on top of Unix".
I have seen de Icaza discuss GNOME in exactly the same way
Well, even though GNOME overall is a user desktop, large parts of it are not at the user-facing level, so it is entirely appropriate for Miguel to talk about those parts of GNOME from an engineering viewpoint. Hopefully, though, other people in GNOME think more about the user-facing parts. :-)
Just re-encrypt the illegally encrypted data. No way to find out that the contents are unreadable without actually decrypting it. Thus the only way to spot verbotten encryption is to decrypt everything.
Oops, you're right. So the situation isn't quite as bad as I thought (since routine decryption would be a hard sell for the government).