Also, there will presumably be nothing to stop web servers using both HTTP2.0 and 1.0/1.1 - reverting to the older protocol if the client does not indicate it supports the older one.
Given how long these processes take, by the time the standard is finalised both XP and Android 2 will be outside any promised support window so they should not be used as a reason to hamper this new version of the standard. If people are still using those clients by then they will (or should) have far greater worries than a few "invalid certificate" warnings. Heck, hopefully IPv6 support will be common place by then (while people saying it'll all hit the fan this year are being a bit premature IMO, I can't see IPv4 lasting until the endof XP's life) making the IPv4 based limitations irrelevant anyway.
Even if XP is still around and causing trouble, the only browsers affected are IE variants or similarly old hat code: recent (anything from the last two years or more IIRC) Firefox, Chrome and Opera versions support SNI even on XP as does Firefox on Android (I don't know about others like Opera Mobile).
With SNI you can drop the IP-address-per-name requirement too. You will give security errors to people using IE6/7/8 on XP though, and I'm not sure what the current state is with regard to SNI support with mobile browsers (it used to be bad).
Because you can't get certificates signed by a CA any reasonably uptodate browser trusts for free...
http://www.startssl.com/
And as for governments getting their own CAs in so they can snoop: how is that different from plain HTTP where they don't even have to bother with CAs if they want to snoop?
From the point of view of the infrastructure/security go-to man for a small company, what options are there for locating unauthorised APs? We scan for unauthorised MAC addresses turning up on the network so an alert goes out if something unwanted is plugged into the LAN, but that wouldn't detect a soft-AP running on an otherwise expected machine (nor would it spot a device with a faked MAC, but that is another matter). Are there any reliable methods of picking up on new APs turning up (even those that are not broadcasting their ID) and then finding their approximate physical location (we are in a manged office block, so a new AP turning up is most likely to be on one of their LANs so not something we need to worry about).
Some of our clients trust us with data that they are (understandable) sensitive regarding the safety of, so if there is anything I can do to decrease the chance we'll ever be the source of any leak is useful to reduce my paranoia levels!
Clearly A/C has never had to do an enterprise deployment.
Clearly you have misread A/C's point.
He wasn't (unless my understanding is wrong, of course) commenting on the expense of the equipment, he was commenting on the fact that the parent post looked like a very amateur paid shill. A worthwhile informative post would not have simply stated "we use this stuff, here go look at this link", it would explain how that equipment was pertinent to the article at hand. Perhaps it makes solving the problem easier in some way, if so he could have stated that rather than just getting the link in as fast as possible to try get it as close to the top of the post list as possible - just slapping "cisco cisco csico link cisco" in a post is essentially spam.
It is a fairly new thing, at least globally. And if you open things in tabs and close the tab rather than hitting "back", or just don't log in to Google services, you'd never see it.
One ~100px tall advert isn't going to trip this, even if it is full page width.
The intention as I see it is to "punish" sites where, on common browser window sizes, you need to scroll before you see anything that isn't advertising of site logos.
It could be a pain for sites that use images an other binary objects for what should be textual content, but they need a slap any way.
1. Click Expert Sex Change result
2. Click back
3. You will see a link appear offering to "block all expertsexchange.com" links from your search results.
Only works if you are logged in to Google in some way, of course.
When the petition reaches 25,000 signatures the White House is obligated to respond to it in an official capacity.
Will this response be of a similar nature to how the UK government response to its equivalent petition site? i.e. the official response is to make it clear they are officially ignoring the petition?
Well apparently corporations are people too. Since when do we, as American people, not have an obligation to solve our problems?
They are an international company. If the company considers itself a pesron at all then it considers itself to be an international person, not American one. They'll say they consider themselves American of course, as that increases the chance of the average American buying into their output (and vastly increases the chance of the well-below-average "I ain't be havin' non of that there foreign muck" Americans doing so).
It is the same with any rich individual or body of people. Bono for instance is Irish by birth, states he is proud to be Irish, but he isn't too proud so swindle the tax office of his homeland. How much tax does he pay there? Sod all (or as close to as makes no odds) as all his income is registered in some tax haven or another.
Exactly. If what they are trying to imply was remotely possible, then someone somewhere is guilty of a gross display of incompetence. A massive due diligence failure on his part, or the relevant agency's part, or both. Either that or there was no significant risk and mentioning the possibility was somewhere between "a bit of spin" and "complete bull fodder".
Puts me in mind of the wonderful move to SATA connectors.. you know, those damn things which come loose and you have to shut down, open cabinet and push back in place?
At least the move to SATA had more legitimate reasons to be pushed than phasing out DVI. At the speeds data is moving these data a serial link is much easier to keep correctly in sync (we would not have pushed PATA much beyond where it got, speed wise) while also creating less EMI and the thinner cables are much better for cable management (both in terms of getting them to go where you want them, and them not causing air-flow problems in systems that need good flow in order not to set themselves on fire).
Even non-latching connectors seem to hold firmer now, in my experience.
Phasing out DVI in favour of DisplayPort seems far more arbitrary to me. You need a rather large high-res monitor to hit dual-link DVI's transmission limits and the change doesn't solve any cabling problems. The only problem with DVI for most users is the size of the connector - but there is mini-DVI for when that is a problem.
One of the points mentioned in the news coverage over here was that John Prescott had high security clearance in his position as deputy prime minister, so the "hackers" could have gained access to significant secrets. Am I the only one that finds this worrying? Why was The Right Honourable Bumbling Hypocrite of Hull given any access to supposedly secure information when he wasn't even capable of setting a pin on his voicemail?! Why would anyone else leave such information in voicemail anyway? I'm hoping this is just Prescott's camp trying to big up him and the charges against Murdoch rather than a sign of how shite our intelligence services are...
In the past I've completely replace my main PC about every three or four years, with small upgrades (more RAM, an extra drive, maybe a graphics card upgrade (though that is more rare)) in between as needed. The only upgrade I've made since the last rebuild is an extra drive. My little server is in need of replacement though (it has cut out under heavy load a couple of times, I suspect the CPU is about to burn something out) and so I'm planning a rebuild of the desktop and putting the server's drives into the old one.
Here is my quandary: a large part of the build cost is games related (a fancy pants graphics card and a Windows license: neither of which are cheap), and stories like this make me wonder why I'm bothering with that. I could just do without this sort of game (it isn't like I have much time to play them anyway at the moment) and spend that cash on something else entirely. I'm never likely to buy a console, so it isn't like companies like gaming related companies or Microsoft are going to make their money back off me that way. Without considering games I could get a far cheaper GFX card (I'm only planning on replacing the perfectly serviceable card I have now because I want something that supports three or more monitors, not because the current card isn't up to playing the games I have - there are far cheaper cards that have three independent outputs) and drop Windows completely at home.
Decisions decisions: drop Windows and my back catalogue of games now, or give in this time around and do that next time (by when hopefully games will have been forced to be more cross-platform, operating via browsers using WebGL instead of OS specific graphics stacks)...
It doesn't accumulate cruft like the Windows Registry or something, does it?
I've seen suggestions that it does, particularly after upgrades, though I've not looked into the issue myself so I'm handing over unverified anecdotal evidence here.
Even if cruft doesn't build up in the profile itself, the filesystem objects used to store it may become fragmented and spread all over your driver over time as the cache is constantly updated and the database files it keeps (for abusive locations lookups and so on) grow. This could cause performance to degrade over time even if the profile itself clean internally.
but I just can't help wondering whether they come with custom Red Army EEPROM
I might not be able to help wondering if it were real at all, not just if the EEPROM is untouched. With the amount of tails around of fake iProducts (what looks like an iPhone on eBay turns out to be a cheap grotty under-powered Android based tablet in a convincing-enough-for-the-photos-on-eBay fake Apple case) is not conceivable that other similar devices are also being copied in appearance and the copies being sold as the real thing. While this may sound paranoid, it is probably no more paranoid than the Red Army option.
As important as the release schedule is, another important factor for Enterprise users is the time it takes to test new releases against all their standard environments and internal apps: if each ESR is only supported its year plans a couple of month this will still deter enterprise use.
I would suggest that 30 months be the minimum support window: two full years since release plus some overlap time between release N being available and version N-2 dropping off security patch support. Like to Ubuntu's LTS support windows server-side (two year release cycle, support for 2.5 cycles). Longer might by advisable (our biggest clients, two of the largest banking organisations in the UK, only upgraded to IE8 late last year: more than two full years after its first non-beta availability - going by news I get from other people I know in relevant positions, I'm pretty sure this is a common situation elsewhere in corporate circles rather than just our clients) though I accept that longer than 2.5 years may not be at all practical for Mozilla (who would fund the tail of such a long support window?). In fact, if it were my decision I'd probably go for a longer release cycle as it would make a longer support cycle more practical: say releasing every two years and supporting each release for three or three-ana-half.
Though please don't rush overly on my account Mr Gove: one of the advantages of the current system from my PoV is that it wasn't training up any young enthusiastic replacements for me, so I might be able to keep my career moving when I get old(er) and (more) belligerent!
More a "it was your choice, you were given more than adequate warning that doing X might cause health problem Y" anti-discount. I'd probably "qualify" for such if it came to liver problems due to my drinking habit - I'm not just talking about people different to myself. I think such things would encourage people away from self-damaging behaviours, and if it does it would mean those that avoid those behaviours don't end up paying for someone else's personal choices.
What would be most useful is an independent site listing which phones (on which networks) are missing updates, also listing the phones' state when not in a network subsidised form (often the lack of updates is down to the manufacturer, not the network provider).
That would allow buyers to see which manufacturer is most likely to leave them in the dust six months after they buy a given phone, and which network is more secure with regard to releasing updates (when available from the manufacturers) compared to the others.
Unfortunately any such site would face legal battles as companies try to stop them posting information that does not show them in the best light, and funding it would be a problem: providing accurate information would require some research and information verification effort which will not be cheap.
No, I'm saying it is the fault of the people who pointedly don't look after themselves yet expect the same care at the same price as the rest of us. In countries with national health provisions our taxes pay for their idiocy and in other places it pushes up insurance costs, like idiots wrapping cars around trees at high speed push up the insurance costs for more careful drivers.
I removed the "e" as a linguistic play: many heavy smokers would collapse if they pronounced the word with a long a vowel sound as generally used. I know the final e in this particular word is more a historic artefact then a pronunciation guide, but I'm drunk and making excuses for earlier spelling mistakes so don't expect me to make perfect sense.
So how about approaching it from a non-ignorant point of view the next time? You will be positively surprised by the results.
I think you find I know full well what power addiction has. For my part, I fully expect to die of some liver failure related disorder at some point. But I'm not going to blame anyone else for it: I know the risks, I know I should cut down, but I don't.
I know McD and Big Tobacco are far from innocent, but string them up for the big stuff they are guilty of: lying to everyone, blocking scientific reporting on their products, ruining the careers of people that speak out against them. Don't do them for the lesser crime against humanity of selling fools stuff that said fools (myself chubby "pickled liver" self included) have been told, time and time again, will do them harm.
Slashdot Mirror
Also, there will presumably be nothing to stop web servers using both HTTP2.0 and 1.0/1.1 - reverting to the older protocol if the client does not indicate it supports the older one.
Given how long these processes take, by the time the standard is finalised both XP and Android 2 will be outside any promised support window so they should not be used as a reason to hamper this new version of the standard. If people are still using those clients by then they will (or should) have far greater worries than a few "invalid certificate" warnings. Heck, hopefully IPv6 support will be common place by then (while people saying it'll all hit the fan this year are being a bit premature IMO, I can't see IPv4 lasting until the endof XP's life) making the IPv4 based limitations irrelevant anyway.
Even if XP is still around and causing trouble, the only browsers affected are IE variants or similarly old hat code: recent (anything from the last two years or more IIRC) Firefox, Chrome and Opera versions support SNI even on XP as does Firefox on Android (I don't know about others like Opera Mobile).
With SNI you can drop the IP-address-per-name requirement too. You will give security errors to people using IE6/7/8 on XP though, and I'm not sure what the current state is with regard to SNI support with mobile browsers (it used to be bad).
Because you can't get certificates signed by a CA any reasonably uptodate browser trusts for free...
http://www.startssl.com/
And as for governments getting their own CAs in so they can snoop: how is that different from plain HTTP where they don't even have to bother with CAs if they want to snoop?
From the point of view of the infrastructure/security go-to man for a small company, what options are there for locating unauthorised APs? We scan for unauthorised MAC addresses turning up on the network so an alert goes out if something unwanted is plugged into the LAN, but that wouldn't detect a soft-AP running on an otherwise expected machine (nor would it spot a device with a faked MAC, but that is another matter). Are there any reliable methods of picking up on new APs turning up (even those that are not broadcasting their ID) and then finding their approximate physical location (we are in a manged office block, so a new AP turning up is most likely to be on one of their LANs so not something we need to worry about).
Some of our clients trust us with data that they are (understandable) sensitive regarding the safety of, so if there is anything I can do to decrease the chance we'll ever be the source of any leak is useful to reduce my paranoia levels!
Clearly A/C has never had to do an enterprise deployment.
Clearly you have misread A/C's point.
He wasn't (unless my understanding is wrong, of course) commenting on the expense of the equipment, he was commenting on the fact that the parent post looked like a very amateur paid shill. A worthwhile informative post would not have simply stated "we use this stuff, here go look at this link", it would explain how that equipment was pertinent to the article at hand. Perhaps it makes solving the problem easier in some way, if so he could have stated that rather than just getting the link in as fast as possible to try get it as close to the top of the post list as possible - just slapping "cisco cisco csico link cisco" in a post is essentially spam.
It is a fairly new thing, at least globally. And if you open things in tabs and close the tab rather than hitting "back", or just don't log in to Google services, you'd never see it.
One ~100px tall advert isn't going to trip this, even if it is full page width.
The intention as I see it is to "punish" sites where, on common browser window sizes, you need to scroll before you see anything that isn't advertising of site logos.
It could be a pain for sites that use images an other binary objects for what should be textual content, but they need a slap any way.
1. Click Expert Sex Change result
2. Click back
3. You will see a link appear offering to "block all expertsexchange.com" links from your search results.
Only works if you are logged in to Google in some way, of course.
It would seem very unusual for a nation to permit extradition of a person for acts which are not in that country illegal
Unfortunately not true, at least for the UK it would seem.
When the petition reaches 25,000 signatures the White House is obligated to respond to it in an official capacity.
Will this response be of a similar nature to how the UK government response to its equivalent petition site? i.e. the official response is to make it clear they are officially ignoring the petition?
Well apparently corporations are people too. Since when do we, as American people, not have an obligation to solve our problems?
They are an international company. If the company considers itself a pesron at all then it considers itself to be an international person, not American one. They'll say they consider themselves American of course, as that increases the chance of the average American buying into their output (and vastly increases the chance of the well-below-average "I ain't be havin' non of that there foreign muck" Americans doing so).
It is the same with any rich individual or body of people. Bono for instance is Irish by birth, states he is proud to be Irish, but he isn't too proud so swindle the tax office of his homeland. How much tax does he pay there? Sod all (or as close to as makes no odds) as all his income is registered in some tax haven or another.
Exactly. If what they are trying to imply was remotely possible, then someone somewhere is guilty of a gross display of incompetence. A massive due diligence failure on his part, or the relevant agency's part, or both. Either that or there was no significant risk and mentioning the possibility was somewhere between "a bit of spin" and "complete bull fodder".
Puts me in mind of the wonderful move to SATA connectors .. you know, those damn things which come loose and you have to shut down, open cabinet and push back in place?
At least the move to SATA had more legitimate reasons to be pushed than phasing out DVI. At the speeds data is moving these data a serial link is much easier to keep correctly in sync (we would not have pushed PATA much beyond where it got, speed wise) while also creating less EMI and the thinner cables are much better for cable management (both in terms of getting them to go where you want them, and them not causing air-flow problems in systems that need good flow in order not to set themselves on fire).
Even non-latching connectors seem to hold firmer now, in my experience.
Phasing out DVI in favour of DisplayPort seems far more arbitrary to me. You need a rather large high-res monitor to hit dual-link DVI's transmission limits and the change doesn't solve any cabling problems. The only problem with DVI for most users is the size of the connector - but there is mini-DVI for when that is a problem.
One of the points mentioned in the news coverage over here was that John Prescott had high security clearance in his position as deputy prime minister, so the "hackers" could have gained access to significant secrets. Am I the only one that finds this worrying? Why was The Right Honourable Bumbling Hypocrite of Hull given any access to supposedly secure information when he wasn't even capable of setting a pin on his voicemail?! Why would anyone else leave such information in voicemail anyway? I'm hoping this is just Prescott's camp trying to big up him and the charges against Murdoch rather than a sign of how shite our intelligence services are...
This is part of why the CP game market is dying.
In the past I've completely replace my main PC about every three or four years, with small upgrades (more RAM, an extra drive, maybe a graphics card upgrade (though that is more rare)) in between as needed. The only upgrade I've made since the last rebuild is an extra drive. My little server is in need of replacement though (it has cut out under heavy load a couple of times, I suspect the CPU is about to burn something out) and so I'm planning a rebuild of the desktop and putting the server's drives into the old one.
Here is my quandary: a large part of the build cost is games related (a fancy pants graphics card and a Windows license: neither of which are cheap), and stories like this make me wonder why I'm bothering with that. I could just do without this sort of game (it isn't like I have much time to play them anyway at the moment) and spend that cash on something else entirely. I'm never likely to buy a console, so it isn't like companies like gaming related companies or Microsoft are going to make their money back off me that way. Without considering games I could get a far cheaper GFX card (I'm only planning on replacing the perfectly serviceable card I have now because I want something that supports three or more monitors, not because the current card isn't up to playing the games I have - there are far cheaper cards that have three independent outputs) and drop Windows completely at home.
Decisions decisions: drop Windows and my back catalogue of games now, or give in this time around and do that next time (by when hopefully games will have been forced to be more cross-platform, operating via browsers using WebGL instead of OS specific graphics stacks)...
I've seen suggestions that it does, particularly after upgrades, though I've not looked into the issue myself so I'm handing over unverified anecdotal evidence here.
Even if cruft doesn't build up in the profile itself, the filesystem objects used to store it may become fragmented and spread all over your driver over time as the cache is constantly updated and the database files it keeps (for abusive locations lookups and so on) grow. This could cause performance to degrade over time even if the profile itself clean internally.
I might not be able to help wondering if it were real at all, not just if the EEPROM is untouched. With the amount of tails around of fake iProducts (what looks like an iPhone on eBay turns out to be a cheap grotty under-powered Android based tablet in a convincing-enough-for-the-photos-on-eBay fake Apple case) is not conceivable that other similar devices are also being copied in appearance and the copies being sold as the real thing. While this may sound paranoid, it is probably no more paranoid than the Red Army option.
As important as the release schedule is, another important factor for Enterprise users is the time it takes to test new releases against all their standard environments and internal apps: if each ESR is only supported its year plans a couple of month this will still deter enterprise use.
I would suggest that 30 months be the minimum support window: two full years since release plus some overlap time between release N being available and version N-2 dropping off security patch support. Like to Ubuntu's LTS support windows server-side (two year release cycle, support for 2.5 cycles). Longer might by advisable (our biggest clients, two of the largest banking organisations in the UK, only upgraded to IE8 late last year: more than two full years after its first non-beta availability - going by news I get from other people I know in relevant positions, I'm pretty sure this is a common situation elsewhere in corporate circles rather than just our clients) though I accept that longer than 2.5 years may not be at all practical for Mozilla (who would fund the tail of such a long support window?). In fact, if it were my decision I'd probably go for a longer release cycle as it would make a longer support cycle more practical: say releasing every two years and supporting each release for three or three-ana-half.
And not before time!
Though please don't rush overly on my account Mr Gove: one of the advantages of the current system from my PoV is that it wasn't training up any young enthusiastic replacements for me, so I might be able to keep my career moving when I get old(er) and (more) belligerent!
More a "it was your choice, you were given more than adequate warning that doing X might cause health problem Y" anti-discount. I'd probably "qualify" for such if it came to liver problems due to my drinking habit - I'm not just talking about people different to myself. I think such things would encourage people away from self-damaging behaviours, and if it does it would mean those that avoid those behaviours don't end up paying for someone else's personal choices.
What would be most useful is an independent site listing which phones (on which networks) are missing updates, also listing the phones' state when not in a network subsidised form (often the lack of updates is down to the manufacturer, not the network provider).
That would allow buyers to see which manufacturer is most likely to leave them in the dust six months after they buy a given phone, and which network is more secure with regard to releasing updates (when available from the manufacturers) compared to the others.
Unfortunately any such site would face legal battles as companies try to stop them posting information that does not show them in the best light, and funding it would be a problem: providing accurate information would require some research and information verification effort which will not be cheap.
No, I'm saying it is the fault of the people who pointedly don't look after themselves yet expect the same care at the same price as the rest of us. In countries with national health provisions our taxes pay for their idiocy and in other places it pushes up insurance costs, like idiots wrapping cars around trees at high speed push up the insurance costs for more careful drivers.
I removed the "e" as a linguistic play: many heavy smokers would collapse if they pronounced the word with a long a vowel sound as generally used. I know the final e in this particular word is more a historic artefact then a pronunciation guide, but I'm drunk and making excuses for earlier spelling mistakes so don't expect me to make perfect sense.
So how about approaching it from a non-ignorant point of view the next time? You will be positively surprised by the results.
I think you find I know full well what power addiction has. For my part, I fully expect to die of some liver failure related disorder at some point. But I'm not going to blame anyone else for it: I know the risks, I know I should cut down, but I don't.
I know McD and Big Tobacco are far from innocent, but string them up for the big stuff they are guilty of: lying to everyone, blocking scientific reporting on their products, ruining the careers of people that speak out against them. Don't do them for the lesser crime against humanity of selling fools stuff that said fools (myself chubby "pickled liver" self included) have been told, time and time again, will do them harm.