Microsoft Windows XP:
* Released: August 2001
* Support expiry: April 2014
* Supported period: 12.75 years
Correction: Microsoft Windows XP (without any service packs):
* Released: August 2001
* Support expiry: April 2004
* Supported period: 3 years If you are going to count installing SP1/2/3 as extending the support of XP then to be fair you should include upgrading to Ubuntu 10.04 brining Ubuntu's support timeline to 7 years, oh and 6.06 was the first LTS release and was released within XP's life which brings is to ~9 years. Oh, and 12.04 will extend that further. And 14.04 further still. That $0 looks like a better investment when you consider those facts.
Oh, and no end user has had free technical support for XP since April 2009 when it officially dropped into extended support. Find an issue phone them up and see... Security updates yes, other support no. MS relented from not releasing non-security fixes for free (another difference between "mainstream" and "extended" support) after April 2009 because of competition from Linux in the then rapidly growing netbook market where XP was the only product MS had that could compete (Vista was no hope on those machines, XP was bad enough on 512Mb and a cheap SSD, and 7 was not ready for release and while not as beefy as Vista was still expected to have significantly larger disk and memory footprints than XP).
The comment you were replying to was inflammatory (MS have improved a lot in recent years security wise).
Your observation about Ubuntu (well, you interpretation of that observation) is incorrect too though as it is not comparing oranges to oranges: many of those updates will be for packages you have install that are not core to the OS or the main desktop environment, so shouldn't be considered when comparing Ubuntu updates with Windows Updates (as MS wouldn't include patches to other people's software).
To pick some examples: my Ubuntu install updates Chromium every day or two, but that is nothing to do with Ubuntu other than it runs through there package management client. Chrome probably updates just as often on Windows: I just don't see the evidence unless I look for it (and Chrome updates are not MS's responsibility any more than they are Ubuntu's).
I also see updates to GIMP, InkScape, and any number of other packages that you would just never see in Windows Update as MS's package management is not open to those packages in that way. So comparing number/frequency of updates between Ubuntu's GUI apt client and Windows' update feature is not really meaningful.
3 years for desktop, 5 years for server use. Though I'm not sure how they decide which packages are desktop only (some are very clear cut, some not so). Definitely shorter than XP's support Window, but still good value for money for my use.
The 11 year count, especially when talking about free/paid support, is misleading.
* XP without a service pack dropped out of support in 2004, 3 years after its release.
* With only SP1? 2006, 4 years after general availability
* With only SP2? 2010, 6 years after general availability
* SP3 is supported with security updates until April 2014, 6 years after general availability, but it should be noted that there is no free technical support at all: this ended in April 2009 (when XP dropped from "mainstream" to "extended" support), only one year after SP3 was released.
So XP's support, on average over its lifetime, can't IMO be claimed to be significantly better than a LTS release from Ubuntu. SP3 going from "new release" to "extended support" in one year would have meant far fewer updates since then (security updates only for free, so the performance and feature updates/fixes including simple things like SSL signing certificate trust updates potentially being paid for if the customer wanted them). MS relented on this matter, effectively meaning SP3 has had mainstream support in all but name (with the exception of not getting DX10+, IE9, and some other additions that are Vista/7 only) for the last two years, but MS only did this because of competition from Linux in the then ballooning netbook market. It would have been difficult for the manufacturers to justify selling models with XP if non-security related bugs would not be officially fixed for free (i.e. without this policy change), Vista just wasn't suitable for those small machine specs (IMO XP was not suitable for many machines it sold on, as it can be painful in 512Mb of RAM when swapping to a slow SSD and doesn't leave much room to spare on an 8Gb SSD, but Vista's larger disk and memory footprints would have made matters far worse), and they did not want to try rush Windows 7 out in order to try compete that way.
She didn't show the 63 years either. OK so she was obviously no spring chicken, but she was in very good mental and physical condition compared to many 63 year olds.
I've heard more than a few people here in Sweden wonder if the average Hollywood movie could be an indication of there being some truth behind the "dumb american" stereotype...
It isn't just the yanks (though their population size means that the lower intelligence percentiles cover a large number of people over there). Most movies, especially the average summer blockbuster, aim for the largest market possible and that means not confusing the idiots too much or they might not come back for your next movie.
Yes, but they could buy one major label and have it work in a less evil manner. If that turns out to be profitable and/or attractive to the talent then the others will be forced to follow suit to compete. There would have to be some compelling reason to give the the shareholders (and the only reason most of them will find compelling is "it'll make us a pile more cash"), of course, and Google would have to be careful not to change things to far from the beaten track too quickly lest they get hauled in front of a court to prove they are not abusing their position in other markets.
If a company can't do anything about it then admit it, don't storm out like a petulant child who has been told he can't have a second cake.
One of RIMs key selling points IIRC is end-to-end security. If they can't offer assurance of that feature in all the territories they operate (by standing up to people who demand otherwise, or not operating in territories where they can't offer that assurance) then the feature does not actually exist and any sale based on the fact that it does is effectively fraudulent.
Valid responses to the question would have included:
* "we are still arguing the point in our corner, and do not intend to give any organisation (even a government one) access to things we've promised our customers that we'll keep secure"
* "we have put our foot down and are waiting for the respective agencies to back down or ban us"
* "yeah, we can't really offer end-to-end security any more because at least one agency has access to a back door into what we've promised out customers is secure, and while the risk of the keys getting into the wrong hands is small it is now higher (as RIM is no longer the only key holder) which we of course explain to our (potential) customers"
Valid but unsatisfying (i.e. evasive) responses:
* "Now, you know we are not here to talk about that" (even more valid if the reporter had agreed not to talk about it, in which case I'd go for "now we agreed not to talk about that, and I thought the BBC could be trusted not to lie" - though that could come across as hypocritical if you agree with my interpretation of the situation)
* "we are here to talk about x, if you want to talk about y let my secretary know and we'll arrange another interview with me or someone else relevant" (repeat, calmly, ad infinitum, perhaps interjecting with "we've got z minutes left, do you have any other questions?" occasionally, and let the reporter be the one to go off in a huff if anyone does)
Making flippant insinuations based on lack of information to the contrary of those insinuations, while far from productive, is hardly less mature than stumbling out of the interview like he did.
You are not the first person I've seen suggest it will turn up this weekend instead so I'll be checking my Steam client daily (where the game sits pre-loaded ready for release day) to see if it does turn up early, but I'm guessing the official blog has a pretty good chance of being accurate.
And where HL2 does push (the helicopter chasing you through the storm drains for instance) it is well paced with frnetic runs broken by slower spots when you are progressing under cover. Pacing and encouraged (rather than forced) progression seems to be something Valve do particularly well - we'll find out next week if they have kept that nack in the development of Portal 2...
It took them 6 years to make Half Life 2. It took them ONE year to make left 4 dead 2.
L4D2 is hardly the same level of work though. Designed primarily for co-op multiple player play with paper thin plot they didn't have to plan narrative elements of any complexity, the engine and was basically there already (as it was for L4D, but not HL2) as was the game framework on top of it. The amount of work needed on just EP3 is much higher then L4D2 - getting the story elements right will be a massive task compared to another chapter of zombie onslaught as there are many plot points to close (plus presumably a few to leave open enough for another sequel down the line), new ideas to develop for this instalment, all while staying tru to what has gone before and maintaining a quality that won't leve the long-time players feeling let down. If there are genuinely new things going on in EP3 then there may be much more significant engine and game framework tweaks than there could have been between L4D and L4D2. Considering how much extra work EP3 is compared to L4D2, you can see why HL2 was a ball-acher of a project relatively speaking: they were writing the core engine pretty much from scratch at that point, rather than making evolutionary changes, on top of developing the game around that engine.
Nah, it'll be like some club nights and those dating lines you see advertised between programs on late-night TV: ABSOLUTELY FREE* (* free for women, some £ per minute for others) only in this case the desired people (those pretending to be the cloud friend in this case, real life women in my examples) will be paid a little and the money is planned to be made back (with profit) from the others, perhaps through targeted advertising.
It sounds particularly hateful to me, however it is planned to work. If you are ever tempted by a service like this just download one of those odd romance games that seem popular with certain age groups in Japan. Or start reading a good book - a much better way to use excess free time.
And probably quite impractical to turn a profit on too, if I'm guessing the service's business plan right.
The whole point there was that they wanted to continue the series, but the actor didn't.
It isn't that he didn't want to, some reports say that he'd have been quite happy to carry on for a while. But his health was failing, including his memory which is not a good problem to have if you are the lead actor with a tight shooting schedule, and the show was fairly taxing. There are also reports of problems between him and the new production team (the team had seen a few key changes over his last series or so), but I'm pretty sure the health thing was the key driver for his exit from the show.
"Sure," you say, "but my Android phone could do all of that with the right software. And it would be faster at it, too, because the processor is much faster than the calculator. If I wanted to do graphs, the graphs would look nicer, too, because the screen is better." All true. And yet, where is "the right software"? I know of no package for an Android phone that can do all that.
I've spotted some emulations of popular "graphing calculators", though I've not tried them so I can't say how stable or feature complete they are (and if they are using ROM images from the real calculators, they aren't going to be legal).
Given have many times this discussion turns up and how many people complain that their phone from 5+ years ago was more powerful and they'd not need to buy a graphing calculator if the right software was out there, I'm surprised no-one has tried to write a full featured software version of Android or iOS to see if there really is any money in the market. I suspect there isn't enough interest to make it a viable commercial product (it'd never be permitted in exams or some classrooms, and most people beyond that point in their career tend to have far more powerful tools on their desktop/laptop/netbook instead) but if it were done as a project-for-fun the time spent writing it won't be wasted as such and what money can be made would be a welcome bonus. I have too many "for fun" projects that would interest me far more on back-burners already so it isn't something I'd do, but someone out there could be working on it as we speak.
Once cheap tablets get better, I can see more competition forming in the market. You can get reasonably specced 7" tablets with 800x480 screens running 'droid 2.1 for $100 (the even cheaper models with QVGA of HVGA screens would not be enough) though I can't speak of the quality as I don't own one (http://www.dealextreme.com/p/7-touch-screen-lcd-google-android-2-2-tablet-pc-w-wifi-camera-tf-arm-v5-349-79mhz-70053 is the first decent looking candidate from a quick search, I'm sure I've seen similar cheaper elsewhere too). A "for schools" tablet could be made for $50 soon, less over time. You'd not need lots of storage, the camera and GPS could go, no need for the Google apps so take the free Android build instead of paying license for them, and so on. Have a physical button to disable all wireless features (actually make it pull power from the wifi and bt radios) and it would be usable in exams - schools could even have a collection of them to hand out in exams then they know the kids have nothing else installed (and if the software were modular enough they could remove functions that they don't want used in the exam), the kids could borrow from that stock or have their own or install the calculator software on their phone/tablet/what-ever for lessons and homework. That might force HP and TI to drop their prices to compete, or become the standard because they refuse to drop their prices. Of course battery life would not be so good, and it would have no nice tactile physical keys.
You'll probably find half the keys stop working (or don't work well to start with). The brains of a scientific calculator (the main chip and extra gubbins that run the shop) can be had for a fraction of a penny if you buy bulk and the other parts (LCD screen, keypad parts, case) aren't going to be a lot more. The expensive parts for a manufacturer are putting the things together (child labour might be cheap, but it ain't free or if it is you at least need to pay the slave drivers) and getting them distributed to places where you or I can buy them. Distribution is game in itself. The only way to lower costs on production, so your dollar store calculator is possible, is only going to be done by buying cheap parts and having them thrown together as cheaply as possible.
Unless of course they've got hold of some remaindered stock and are shifting that for a $. Then you might be getting a model nominally worth $5+ rather than one that was always intended to be the bottom of the quality pile with a price to match.
I've not knowingly bought anything with Sony's mark on is since the rootkit incident in 2005 (or there abouts). Of course it has had no effect on Sony, but it has had no effect on my life either. It helps that their hardware, while once great quality, is these days as cheap and unreliable as the next guy, their insistence on releasing products that don't properly support the de-facto standard formats & access methods and with other features missing from competing products that are cheaper.
I may have been to see a couple of movies with their brand attached over the years, but that is it.
I doubt a couple of thousand people making an inconvenience of themselves on one day is going to make a lot more difference than my personal (in)action has, but by all means let the children play.
It is hardly a new idea: I've seen similar things done before, though with the images as the backgrounds to divs rather than as multiple background values for the html or body tags.
Heck, some old 8/16-bit games (scrollers mainly) used a similar technique to draw their backgrounds, and it can also be a cheap way to distribute items around a map (pick a few of pseudo-random primes, and use them in a 2D grid to decide where to put things: items go on or near points where the patterns produced by the primes coincide). Modifications of the method can be used in many places where you want a regular, reasonably "fair", but not easily predictable distribution - and if done right the result feels natural because we are used to nature being very regular at a macro level but not so predictable at a more detailed scale. Something that is too regular seems wrong, and something too irregular does too - this method produces a handy middle ground.
It can even be a handy way to pick test data from a larger set ("select * from somewhere where rowid is a multiple of 17 or a multiple of 37" or some such): the resulting set is not regular (so you are there is less chance of accidentally introducing a bias that skips some important cases while picking data by other means) but is repeatable (so if the test produces odd results you can rerun it exactly the same way again to analyse the situation, just by plugging the same set of primes into the selection filter).
You would want more than one key pair though, otherwise handing it over gives access to all the credentials protected by that key in one go. A moot point if the legal demand is for all your stored credentials anyway, but if the law turns up with a more selective warrant you want to be able to give them the data requested and not everything else. So you'd need one key pair per user/account, and need some sufficiently secure way to update the collection of private keys. Decrypting the passwords using the private key yourself isn't enough to comply with the letter of the law: they would request you hand over everything needed to get the password, including that key.
An easier method to implement would be to stick with good hashes for everyone else, and if you detect a French user (by IP address, email address, or such) store the password plain and warn the user that you have in order to comply with a brain-dead law that they need to complain about. Or just refuse to take accounts from French citizens as some others have suggested, but that is hardly something that you'll find easy to justify to your shareholders.
Of course the law doesn't just cover French citizens. Any account credentials stored on services within France would be covered by my understanding, so if you are elsewhere in the EU (if you are not EU based and none of your servers/services are then this is all moot anyway) you can probably get away with selectively applying credential hashing, but not for services hosted in France and your customers in other EU territories won't be happy putting up with lower security because of a French law. This is the point Google and the other companies and such are making: "if you enact and intend to enforce this law, we will have to host our services in a country other than France (we'd rather not move as it would be hassle and there will be costs involved, but we will if we have to and your citizens may get slower and slightly more expensive service because the servers are elsewhere and people who live and pay tax in France are unlikely to end up working in our UK/German/where-ever DC so your economy will suffer a little)".
Point 1: While requiring that the plain password be stored does not stop hashed+salted passwords being stored, it does defeat the purpose of the hash. So they are not banned by the law, just made pointless by complying with the law.
Point 2: But what constitutes "collection"? If you take a plain password to the server and hash it there it could be said that the server has collected the password (even if it didn't eventually store it anywhere more permanent than RAM).
Pretty much. My understanding is that the extra collision vectors found thus far don't reduce the effort of faking a value that produces the same hash or working out the original value (without the use of a full rainbow table for the salt used) significantly (i.e. to a point where an attack it at all practical), but the fact that these issues do exist indicates a flaw in the initial assumptions of the hash algorithms "security" and so may imply a more fundamental and/or practical attack is waiting to be found.
The general recommendation is that md5 and sha1 are currently fine for existing code but new code should use something stronger (SHA256 for instance) just in case, and when upgrading systems you should consider supporting the stronger hashes with a view to deprecating the older ones sooner rather than later.
Ah, the "you didn't ask the right question so you're too stupid for me to bother with you" approach.
No. The "you haven't provided information that anyone with half a brain might know could be useful" answer. It is like when our users raise reports along the lines of "I opened a form and got an error" to which we have to reply back with "which form?" (lest we have to test every single form for every record in the DB to see which one(s) report an error) and "what was the error?" (to which the response is almost always "I don't know" or "I didn't read it" which is bloody annoying especially in places where the app explicitly says "please report the code XYZ1234 when reporting this error as it will help us find information in the code and logs that might help us find the solution faster"). Another good one is "some of the counts in report B don't look right" when report B contains many figures rolled up over a large data-set. It is just lazy not to type one example when you know at least one.
Or... You could realize in a tech blog that just about every system is represented by the readership and a generic question and multi-part answer is appropriate. Or would you rather see it clogged with "how about Windows 2000", "how about Windows 2003", "how about Windows 2008", "how about Unbuntu", "how about Linux", "how about Unix", "how about Solaris"... questions.
What if the responder doesn't know how to do what you are asking in *every* browser on *every* operating system available? What if that one person doesn't have time to type out seven sets of instructions on the off-chance one of them might be the set that you were looking for?
If you are asking for help, give relevant details without asking. It helps us help you and reduces the chance that we'll just ignore you because the question is too generic and we don't have time to respond with a full article on the subject.
Sorry to come over so snarky, but I've spent too much time lately dealing with bad issue reports (some of them from people who claim to be developers so should damn well know better), I had some crap to vent, and you raised your "viable target" flag!
It isn't just people though, a lot of code does the same crap-condition-reporting thing. MS SQL reports "string or binary data would be truncated" when you have given it X thousand rows with YZ string columns. It *knows* at least one of the errant values, the first one it hit, so why doesn't it *report* the value as that might give massive clue as to what we have done wrong.
On the "having to pay" thing, there is at least one CA with a signing cert trusted by the majority of current browsers who use that signing cert to sign free server certificates.
See http://en.wikipedia.org/wiki/Startssl#StartSSL for details. Unfortunately under XP the certificate updates are not sent out marked as important so many people won't have them installed on that OS (and perhaps Vista too?) but this only affects IE users. So if you feel safe letting some XP+IE users get certificate warning messages and having to explain the messages to them, there is a free option.
IIRC none of the other free cert groups (like cacert.org) have this level of trust on common browser configurations, though if startssl gain a good chunk of market share out of offering the free certs maybe other CAs will start signing low assurance certs for nothing too (rather than, as several currently do, just giving you one year free as part of some offer linked to a registrar) - which would be nice as that way even the backwards XP+IE users will trust certs you can get signed for free...
How long do you usually keep a phone? If you are someone who churns through them, even high-end smartphone models, at one every 12 or 18 months then this makes no difference: the apps that exist will still exist and there will be phones out there so people developing for them (or at least maintaining existing apps) for at least that long. If you are looking at the phone with a view to it lasting three years or more then this announcement will have greater potential to be an issue for you.
Slashdot Mirror
Microsoft Windows XP: * Released: August 2001 * Support expiry: April 2014 * Supported period: 12.75 years
Correction: Microsoft Windows XP (without any service packs):
* Released: August 2001
* Support expiry: April 2004
* Supported period: 3 years
If you are going to count installing SP1/2/3 as extending the support of XP then to be fair you should include upgrading to Ubuntu 10.04 brining Ubuntu's support timeline to 7 years, oh and 6.06 was the first LTS release and was released within XP's life which brings is to ~9 years. Oh, and 12.04 will extend that further. And 14.04 further still. That $0 looks like a better investment when you consider those facts.
Oh, and no end user has had free technical support for XP since April 2009 when it officially dropped into extended support. Find an issue phone them up and see... Security updates yes, other support no. MS relented from not releasing non-security fixes for free (another difference between "mainstream" and "extended" support) after April 2009 because of competition from Linux in the then rapidly growing netbook market where XP was the only product MS had that could compete (Vista was no hope on those machines, XP was bad enough on 512Mb and a cheap SSD, and 7 was not ready for release and while not as beefy as Vista was still expected to have significantly larger disk and memory footprints than XP).
The comment you were replying to was inflammatory (MS have improved a lot in recent years security wise).
Your observation about Ubuntu (well, you interpretation of that observation) is incorrect too though as it is not comparing oranges to oranges: many of those updates will be for packages you have install that are not core to the OS or the main desktop environment, so shouldn't be considered when comparing Ubuntu updates with Windows Updates (as MS wouldn't include patches to other people's software).
To pick some examples: my Ubuntu install updates Chromium every day or two, but that is nothing to do with Ubuntu other than it runs through there package management client. Chrome probably updates just as often on Windows: I just don't see the evidence unless I look for it (and Chrome updates are not MS's responsibility any more than they are Ubuntu's).
I also see updates to GIMP, InkScape, and any number of other packages that you would just never see in Windows Update as MS's package management is not open to those packages in that way. So comparing number/frequency of updates between Ubuntu's GUI apt client and Windows' update feature is not really meaningful.
Even Ubuntu's LTS is what? 2 years?
3 years for desktop, 5 years for server use. Though I'm not sure how they decide which packages are desktop only (some are very clear cut, some not so). Definitely shorter than XP's support Window, but still good value for money for my use.
The 11 year count, especially when talking about free/paid support, is misleading.
* XP without a service pack dropped out of support in 2004, 3 years after its release.
* With only SP1? 2006, 4 years after general availability
* With only SP2? 2010, 6 years after general availability
* SP3 is supported with security updates until April 2014, 6 years after general availability, but it should be noted that there is no free technical support at all: this ended in April 2009 (when XP dropped from "mainstream" to "extended" support), only one year after SP3 was released.
So XP's support, on average over its lifetime, can't IMO be claimed to be significantly better than a LTS release from Ubuntu. SP3 going from "new release" to "extended support" in one year would have meant far fewer updates since then (security updates only for free, so the performance and feature updates/fixes including simple things like SSL signing certificate trust updates potentially being paid for if the customer wanted them). MS relented on this matter, effectively meaning SP3 has had mainstream support in all but name (with the exception of not getting DX10+, IE9, and some other additions that are Vista/7 only) for the last two years, but MS only did this because of competition from Linux in the then ballooning netbook market. It would have been difficult for the manufacturers to justify selling models with XP if non-security related bugs would not be officially fixed for free (i.e. without this policy change), Vista just wasn't suitable for those small machine specs (IMO XP was not suitable for many machines it sold on, as it can be painful in 512Mb of RAM when swapping to a slow SSD and doesn't leave much room to spare on an 8Gb SSD, but Vista's larger disk and memory footprints would have made matters far worse), and they did not want to try rush Windows 7 out in order to try compete that way.
(other than the cancer, of course)
She didn't show the 63 years either. OK so she was obviously no spring chicken, but she was in very good mental and physical condition compared to many 63 year olds.
You can thank the source material for a lot of that though - they intentionally kept very close to that in both tone and detail.
I've heard more than a few people here in Sweden wonder if the average Hollywood movie could be an indication of there being some truth behind the "dumb american" stereotype...
It isn't just the yanks (though their population size means that the lower intelligence percentiles cover a large number of people over there). Most movies, especially the average summer blockbuster, aim for the largest market possible and that means not confusing the idiots too much or they might not come back for your next movie.
There is also due to be a Cloverfield 2, apparently. http://www.denofgeek.com/movies/820796/cloverfield_2_still_on_the_cards.html
Yes, but they could buy one major label and have it work in a less evil manner. If that turns out to be profitable and/or attractive to the talent then the others will be forced to follow suit to compete. There would have to be some compelling reason to give the the shareholders (and the only reason most of them will find compelling is "it'll make us a pile more cash"), of course, and Google would have to be careful not to change things to far from the beaten track too quickly lest they get hauled in front of a court to prove they are not abusing their position in other markets.
If a company can't do anything about it then admit it, don't storm out like a petulant child who has been told he can't have a second cake.
One of RIMs key selling points IIRC is end-to-end security. If they can't offer assurance of that feature in all the territories they operate (by standing up to people who demand otherwise, or not operating in territories where they can't offer that assurance) then the feature does not actually exist and any sale based on the fact that it does is effectively fraudulent.
Valid responses to the question would have included:
* "we are still arguing the point in our corner, and do not intend to give any organisation (even a government one) access to things we've promised our customers that we'll keep secure"
* "we have put our foot down and are waiting for the respective agencies to back down or ban us"
* "yeah, we can't really offer end-to-end security any more because at least one agency has access to a back door into what we've promised out customers is secure, and while the risk of the keys getting into the wrong hands is small it is now higher (as RIM is no longer the only key holder) which we of course explain to our (potential) customers"
Valid but unsatisfying (i.e. evasive) responses:
* "Now, you know we are not here to talk about that" (even more valid if the reporter had agreed not to talk about it, in which case I'd go for "now we agreed not to talk about that, and I thought the BBC could be trusted not to lie" - though that could come across as hypocritical if you agree with my interpretation of the situation)
* "we are here to talk about x, if you want to talk about y let my secretary know and we'll arrange another interview with me or someone else relevant" (repeat, calmly, ad infinitum, perhaps interjecting with "we've got z minutes left, do you have any other questions?" occasionally, and let the reporter be the one to go off in a huff if anyone does)
Making flippant insinuations based on lack of information to the contrary of those insinuations, while far from productive, is hardly less mature than stumbling out of the interview like he did.
Portal 2 will probably be released tomorrow actually.
Today's post on the official blog suggests it will be released on the 19th at 0700PST (so 1500 where I'm sat): http://www.thinkwithportals.com/blog.php?id=5297&p=1
You are not the first person I've seen suggest it will turn up this weekend instead so I'll be checking my Steam client daily (where the game sits pre-loaded ready for release day) to see if it does turn up early, but I'm guessing the official blog has a pretty good chance of being accurate.
And where HL2 does push (the helicopter chasing you through the storm drains for instance) it is well paced with frnetic runs broken by slower spots when you are progressing under cover. Pacing and encouraged (rather than forced) progression seems to be something Valve do particularly well - we'll find out next week if they have kept that nack in the development of Portal 2...
It took them 6 years to make Half Life 2. It took them ONE year to make left 4 dead 2.
L4D2 is hardly the same level of work though. Designed primarily for co-op multiple player play with paper thin plot they didn't have to plan narrative elements of any complexity, the engine and was basically there already (as it was for L4D, but not HL2) as was the game framework on top of it. The amount of work needed on just EP3 is much higher then L4D2 - getting the story elements right will be a massive task compared to another chapter of zombie onslaught as there are many plot points to close (plus presumably a few to leave open enough for another sequel down the line), new ideas to develop for this instalment, all while staying tru to what has gone before and maintaining a quality that won't leve the long-time players feeling let down. If there are genuinely new things going on in EP3 then there may be much more significant engine and game framework tweaks than there could have been between L4D and L4D2. Considering how much extra work EP3 is compared to L4D2, you can see why HL2 was a ball-acher of a project relatively speaking: they were writing the core engine pretty much from scratch at that point, rather than making evolutionary changes, on top of developing the game around that engine.
Nah, it'll be like some club nights and those dating lines you see advertised between programs on late-night TV: ABSOLUTELY FREE* (* free for women, some £ per minute for others) only in this case the desired people (those pretending to be the cloud friend in this case, real life women in my examples) will be paid a little and the money is planned to be made back (with profit) from the others, perhaps through targeted advertising.
It sounds particularly hateful to me, however it is planned to work. If you are ever tempted by a service like this just download one of those odd romance games that seem popular with certain age groups in Japan. Or start reading a good book - a much better way to use excess free time.
And probably quite impractical to turn a profit on too, if I'm guessing the service's business plan right.
The whole point there was that they wanted to continue the series, but the actor didn't.
It isn't that he didn't want to, some reports say that he'd have been quite happy to carry on for a while. But his health was failing, including his memory which is not a good problem to have if you are the lead actor with a tight shooting schedule, and the show was fairly taxing. There are also reports of problems between him and the new production team (the team had seen a few key changes over his last series or so), but I'm pretty sure the health thing was the key driver for his exit from the show.
"Sure," you say, "but my Android phone could do all of that with the right software. And it would be faster at it, too, because the processor is much faster than the calculator. If I wanted to do graphs, the graphs would look nicer, too, because the screen is better." All true. And yet, where is "the right software"? I know of no package for an Android phone that can do all that.
I've spotted some emulations of popular "graphing calculators", though I've not tried them so I can't say how stable or feature complete they are (and if they are using ROM images from the real calculators, they aren't going to be legal).
Given have many times this discussion turns up and how many people complain that their phone from 5+ years ago was more powerful and they'd not need to buy a graphing calculator if the right software was out there, I'm surprised no-one has tried to write a full featured software version of Android or iOS to see if there really is any money in the market. I suspect there isn't enough interest to make it a viable commercial product (it'd never be permitted in exams or some classrooms, and most people beyond that point in their career tend to have far more powerful tools on their desktop/laptop/netbook instead) but if it were done as a project-for-fun the time spent writing it won't be wasted as such and what money can be made would be a welcome bonus. I have too many "for fun" projects that would interest me far more on back-burners already so it isn't something I'd do, but someone out there could be working on it as we speak.
Once cheap tablets get better, I can see more competition forming in the market. You can get reasonably specced 7" tablets with 800x480 screens running 'droid 2.1 for $100 (the even cheaper models with QVGA of HVGA screens would not be enough) though I can't speak of the quality as I don't own one (http://www.dealextreme.com/p/7-touch-screen-lcd-google-android-2-2-tablet-pc-w-wifi-camera-tf-arm-v5-349-79mhz-70053 is the first decent looking candidate from a quick search, I'm sure I've seen similar cheaper elsewhere too). A "for schools" tablet could be made for $50 soon, less over time. You'd not need lots of storage, the camera and GPS could go, no need for the Google apps so take the free Android build instead of paying license for them, and so on. Have a physical button to disable all wireless features (actually make it pull power from the wifi and bt radios) and it would be usable in exams - schools could even have a collection of them to hand out in exams then they know the kids have nothing else installed (and if the software were modular enough they could remove functions that they don't want used in the exam), the kids could borrow from that stock or have their own or install the calculator software on their phone/tablet/what-ever for lessons and homework. That might force HP and TI to drop their prices to compete, or become the standard because they refuse to drop their prices. Of course battery life would not be so good, and it would have no nice tactile physical keys.
You'll probably find half the keys stop working (or don't work well to start with). The brains of a scientific calculator (the main chip and extra gubbins that run the shop) can be had for a fraction of a penny if you buy bulk and the other parts (LCD screen, keypad parts, case) aren't going to be a lot more. The expensive parts for a manufacturer are putting the things together (child labour might be cheap, but it ain't free or if it is you at least need to pay the slave drivers) and getting them distributed to places where you or I can buy them. Distribution is game in itself. The only way to lower costs on production, so your dollar store calculator is possible, is only going to be done by buying cheap parts and having them thrown together as cheaply as possible.
Unless of course they've got hold of some remaindered stock and are shifting that for a $. Then you might be getting a model nominally worth $5+ rather than one that was always intended to be the bottom of the quality pile with a price to match.
I've not knowingly bought anything with Sony's mark on is since the rootkit incident in 2005 (or there abouts). Of course it has had no effect on Sony, but it has had no effect on my life either. It helps that their hardware, while once great quality, is these days as cheap and unreliable as the next guy, their insistence on releasing products that don't properly support the de-facto standard formats & access methods and with other features missing from competing products that are cheaper.
I may have been to see a couple of movies with their brand attached over the years, but that is it.
I doubt a couple of thousand people making an inconvenience of themselves on one day is going to make a lot more difference than my personal (in)action has, but by all means let the children play.
It is hardly a new idea: I've seen similar things done before, though with the images as the backgrounds to divs rather than as multiple background values for the html or body tags.
Heck, some old 8/16-bit games (scrollers mainly) used a similar technique to draw their backgrounds, and it can also be a cheap way to distribute items around a map (pick a few of pseudo-random primes, and use them in a 2D grid to decide where to put things: items go on or near points where the patterns produced by the primes coincide). Modifications of the method can be used in many places where you want a regular, reasonably "fair", but not easily predictable distribution - and if done right the result feels natural because we are used to nature being very regular at a macro level but not so predictable at a more detailed scale. Something that is too regular seems wrong, and something too irregular does too - this method produces a handy middle ground.
It can even be a handy way to pick test data from a larger set ("select * from somewhere where rowid is a multiple of 17 or a multiple of 37" or some such): the resulting set is not regular (so you are there is less chance of accidentally introducing a bias that skips some important cases while picking data by other means) but is repeatable (so if the test produces odd results you can rerun it exactly the same way again to analyse the situation, just by plugging the same set of primes into the selection filter).
You would want more than one key pair though, otherwise handing it over gives access to all the credentials protected by that key in one go. A moot point if the legal demand is for all your stored credentials anyway, but if the law turns up with a more selective warrant you want to be able to give them the data requested and not everything else. So you'd need one key pair per user/account, and need some sufficiently secure way to update the collection of private keys. Decrypting the passwords using the private key yourself isn't enough to comply with the letter of the law: they would request you hand over everything needed to get the password, including that key.
An easier method to implement would be to stick with good hashes for everyone else, and if you detect a French user (by IP address, email address, or such) store the password plain and warn the user that you have in order to comply with a brain-dead law that they need to complain about. Or just refuse to take accounts from French citizens as some others have suggested, but that is hardly something that you'll find easy to justify to your shareholders.
Of course the law doesn't just cover French citizens. Any account credentials stored on services within France would be covered by my understanding, so if you are elsewhere in the EU (if you are not EU based and none of your servers/services are then this is all moot anyway) you can probably get away with selectively applying credential hashing, but not for services hosted in France and your customers in other EU territories won't be happy putting up with lower security because of a French law. This is the point Google and the other companies and such are making: "if you enact and intend to enforce this law, we will have to host our services in a country other than France (we'd rather not move as it would be hassle and there will be costs involved, but we will if we have to and your citizens may get slower and slightly more expensive service because the servers are elsewhere and people who live and pay tax in France are unlikely to end up working in our UK/German/where-ever DC so your economy will suffer a little)".
Point 1: While requiring that the plain password be stored does not stop hashed+salted passwords being stored, it does defeat the purpose of the hash. So they are not banned by the law, just made pointless by complying with the law.
Point 2: But what constitutes "collection"? If you take a plain password to the server and hash it there it could be said that the server has collected the password (even if it didn't eventually store it anywhere more permanent than RAM).
Pretty much. My understanding is that the extra collision vectors found thus far don't reduce the effort of faking a value that produces the same hash or working out the original value (without the use of a full rainbow table for the salt used) significantly (i.e. to a point where an attack it at all practical), but the fact that these issues do exist indicates a flaw in the initial assumptions of the hash algorithms "security" and so may imply a more fundamental and/or practical attack is waiting to be found.
The general recommendation is that md5 and sha1 are currently fine for existing code but new code should use something stronger (SHA256 for instance) just in case, and when upgrading systems you should consider supporting the stronger hashes with a view to deprecating the older ones sooner rather than later.
Ah, the "you didn't ask the right question so you're too stupid for me to bother with you" approach.
No. The "you haven't provided information that anyone with half a brain might know could be useful" answer. It is like when our users raise reports along the lines of "I opened a form and got an error" to which we have to reply back with "which form?" (lest we have to test every single form for every record in the DB to see which one(s) report an error) and "what was the error?" (to which the response is almost always "I don't know" or "I didn't read it" which is bloody annoying especially in places where the app explicitly says "please report the code XYZ1234 when reporting this error as it will help us find information in the code and logs that might help us find the solution faster"). Another good one is "some of the counts in report B don't look right" when report B contains many figures rolled up over a large data-set. It is just lazy not to type one example when you know at least one.
Or... You could realize in a tech blog that just about every system is represented by the readership and a generic question and multi-part answer is appropriate. Or would you rather see it clogged with "how about Windows 2000", "how about Windows 2003", "how about Windows 2008", "how about Unbuntu", "how about Linux", "how about Unix", "how about Solaris"... questions.
What if the responder doesn't know how to do what you are asking in *every* browser on *every* operating system available? What if that one person doesn't have time to type out seven sets of instructions on the off-chance one of them might be the set that you were looking for?
If you are asking for help, give relevant details without asking. It helps us help you and reduces the chance that we'll just ignore you because the question is too generic and we don't have time to respond with a full article on the subject.
Sorry to come over so snarky, but I've spent too much time lately dealing with bad issue reports (some of them from people who claim to be developers so should damn well know better), I had some crap to vent, and you raised your "viable target" flag!
It isn't just people though, a lot of code does the same crap-condition-reporting thing. MS SQL reports "string or binary data would be truncated" when you have given it X thousand rows with YZ string columns. It *knows* at least one of the errant values, the first one it hit, so why doesn't it *report* the value as that might give massive clue as to what we have done wrong.
On the "having to pay" thing, there is at least one CA with a signing cert trusted by the majority of current browsers who use that signing cert to sign free server certificates.
See http://en.wikipedia.org/wiki/Startssl#StartSSL for details. Unfortunately under XP the certificate updates are not sent out marked as important so many people won't have them installed on that OS (and perhaps Vista too?) but this only affects IE users. So if you feel safe letting some XP+IE users get certificate warning messages and having to explain the messages to them, there is a free option.
IIRC none of the other free cert groups (like cacert.org) have this level of trust on common browser configurations, though if startssl gain a good chunk of market share out of offering the free certs maybe other CAs will start signing low assurance certs for nothing too (rather than, as several currently do, just giving you one year free as part of some offer linked to a registrar) - which would be nice as that way even the backwards XP+IE users will trust certs you can get signed for free...
How long do you usually keep a phone? If you are someone who churns through them, even high-end smartphone models, at one every 12 or 18 months then this makes no difference: the apps that exist will still exist and there will be phones out there so people developing for them (or at least maintaining existing apps) for at least that long. If you are looking at the phone with a view to it lasting three years or more then this announcement will have greater potential to be an issue for you.