Reviews are much more trustworthy when they exist in context. If I came to your site and thought, oh, there's someone like me, and s/he really liked that product, that's far more valuable to me than seeing a similar review in the middle of a bunch of other faceless reviews.
Your own site will (ideally) give readers a pretty good idea of your taste and background. Leave them there.
I don't care if Amazon sees what my family does on the public internet. But if they're going to proxy my GMail, bank account, and other HTTPS sites, then we have a problem. And, most likely, a Congressional investigation. Because unlike Opera Mini, Silk isn't being billed as a stripped down mobile browser. There really isn't any need for them to expose themselves to our private data, if all they are trying to do is optimize the public web for their CPU.
I wonder how we'll be able to tell if they do this, anyway? Will they release the source code? Will they admit to it, if no one important enough asks?
It's a problem because part of the genius of the original Kindle was the ability to purchase, download, and read a new book from anywhere.
No connecting to a PC. No figuring out Wifi settings. It just worked.
Yes, it also made the Kindle much more expensive. But the value, especially to non-technical users who just want to read a book, cannot be underestimated. Removing the WhisperNet makes Kindle more like every other gadget, and less like a truly polished product.
The people who buy such things (nerds like you and me) don't see the value of zero-config, and the result is that end users (like your grandma) won't think Kindle is worth it. So yeah, it's a problem. They didn't keep it simple, and they could have.
Maybe they have gotten better in recent years, but Newegg always struck me as somewhat hostile to Linux users. Now if the nerds are the only ones buying aftermarket parts (which I somehow doubt, but anyway) maybe we'll get better treatment, more attention in tech specs, etc.
They could also focus on the Maker/hacker market. But who are we to deliver a crowdsourced marketing strategy? Know your customers, and your business won't dry up overnight!
So at this point, Hewlett-Packard is just a shell company that exists to funnel the long-term campaign contributions of conservatives into Meg Whitman's war chest by means that are not subject to contribution limits or public oversight... right?
Why would anybody invest in HP if not to directly support the new CEO's compensation package?
Anyone who can come up with a way to sign and encrypt email that makes sense to lawyers (my lawyer still uses AOL!) will make a helluva lot of money.
They should have been doing it ten years ago. It should be illegal to send attoney-client privileged emails in plaintext. But guess who makes the laws?
Try moving to web development. PHP is a very easy move from C (it's basically weakly-typed C without pointers), and if that turns you off, Python and Ruby shouldn't be that much more difficult to learn.
...and then be prepared to re-make every mistake that shitty web developers have made over the last 10 years. Web coding has to be fast, secure and scalable, you can't just pick any two anymore. You also need to write clean, semantic markup, CSS, and JavaScript. You need to know how those will interact with various kinds of media in different browsers. Now learn html5. Now learn to work with a graphic designer. What do you mean it isn't pixel-perfect in IE6? What do you mean I can't use this font? Did I mention it needs to look good on a Blackberry?
I don't want to turn anyone off, but gees, if the only thing you know is C then you are going to have a hell of a learning curve getting into web programming today. You'll be better off re-factoring parts of an existing web app into C for the scalability bump.
defend yourself by proving that you didn't download the material.
I wonder how I would prove that I didn't download something?
I suppose if I was provably away from home when the download allegedly occurred. Or perhaps the absence of log messages in the system log could prove that the system wasn't turned on. I could submit my computer to forensic examination to prove that a particular copyrighted sequence of bits is not found on the hard drive. I could claim that such-and-such copyrighted work disgusts me and I would never download it.
None of these approaches seem particularly effective. I predict much fun to be had by hacking unpatched wi-fi routers and installing bittorrent clients on them in NZ this year.
In a perfect world, I should install my bank's certificate as a trusted certificate, and distrust Thawte, Verisign, etc when visiting mybank.com. But alas, that is hard.
Way back in the Netscape past, I guess someone decided that managing security certificates was completely unsexy, and so they handed it off to the engineers that no one else wanted on their team. The resulting arcane interfaces and dialogs led us all to believe that it's hard to manage and that we don't have any actual control, and so the entire CA industry has grown up in the shadows where no one wants to look. "Just make it work, I don't want to have to understand it."
Some things that could be done differently:
1) Certificates have fingerprint hashes. Fingerprints can be stored in DNS, correlated with other trusted sites, distributed out of band, to be manually verified before certificate acceptance.
2) CAs should be untrusted by default, and only trusted on a domain by domain basis. CA -> Domain authority mappings can also be stored in DNS, correlated with other trusted sites, distributed out of band, to be manually verified before certificate acceptance.
3) Decentralize. It should be dead simple to create an open source CA appliance that generates self-signed certificates in a reasonably secure fashion, if only browser weren't so brain dead about handling self-signed (and trusted!) certificates.
As long as we're stuck with the Netscape UI legacy, and the idea that "SSL is for eCommerce so trust has to be implicit otherwise we'll lose sales" we're toast.
So now you know what will happen to Google, eventually. Engineers cost real money. Boards and shareholders don't like spending real money on anything but executives.
A nuke plant the size of a CARRY-ON SUITCASE. I don't see any problems with that getting into the wrong hands...
Yeah, in the hands of the wrong person it might just allow poor people to have heat, light, refrigeration, filtered water, cooked food, and the Internet without paying a dime to the local energy conglomerate. That absolutely must not be allowed to happen!
Okay, we get it now. Being a leading browser is a huge deal, and it's a massive thing just to keep up with the bug reports, much less the bugs themselves.
This story points to a need, among *successful* software projects, to somehow limit bug reporting and feature requests to a smallish group of relatively savvy users, and then let the masses +1 their favorite bugs/features once confirmed.
How to distinguish savvy users? Maybe they have to pass a test first in order to post, or make a small monetary contribution.
And probably never will. Maybe it requires an MBA to understand how chasing away paying customers is good for business?
One possible answer: marketing. By doing this, they get an article on Slashdot. They remove the DRM restriction with a mea culpa in a few days, and get another article. Two-for-one!
Then again, maybe I'm just being cynical, and Ubisoft management is really as stupid as they think their customers are.
Did Apple really write a new custom certificate validation stack for iOS? Really?
And then the developers failed to test it against this basic condition (using a valid certificate to sign a fake certificate)? On a device where you can only connect via wi-fi networks, which are inherently untrustworthy!
Why, Jobs, why?
THIS is the kind of gross incompetence that deserves a Congressional investigation. Who was behind this? Was it stupidity or actual malice?
What's really interesting is the relatively small degree of un-humanness which triggers the response. Tiny little things, like the number of milliseconds difference between a face's left and right eyes blinking cause the response.
Meditate for a while on the evolutionary basis for having such a fine-tuned mechanism. There must have been times in our genetic past when our ancestors had to distinguish between humans and entities who looked and acted remarkably human but not quite. Is this a hedge against mental illness? A means of selecting for fine motor skills? Selecting for ability to mimic behavioral norms?
I prefer to believe in the Battlestar Galactica hypothesis: we are the descendants of a race of humanoids who fought epic battles against look-alike robots.
All hail The Firefox Mozilla, which will clean up mobile fragmentation using open source!
I thought that this was the worst/. summary I'd read in a while.
But then I considered the quality of code and product development coming out of the Mozilla Foundation these days. I think that six months from now, this summary will be in better shape than the project it describes. So, well done, karthikmns!
Forcing users of an internet service to post using their legal name is an anti-feature, just like limiting passwords to six characters or installing software without permission.
There are plenty of decent, law-abiding people who do not want to reveal their real names: folks in various witness protection programs, those hiding from abusive partners/spouses, and people with politically-sensitive jobs (or bosses), to name just three classes.
By forcing the use of "real names" on a service, it seems to me that a company opens itself up to legal action in two different ways. First, action from classes of users who used the service but were subsequently denied access for not using a real name. Second, and more seriously, action from individuals who suffer identity theft, impersonation, fraud, or some other id-related crime as a direct result of their use of the service. I'm not a lawyer; Google has plenty of lawyers, but think about it. Why would they open themselves up to this when they don't need to?
Also, the use of real names has not, in the past, been a requirement of using other Google services. I have set up plenty of GMail accounts that are role-based: dev@example.org, help@example.org, support@example.org, and so on. Are those role-based accounts not allowed to participate in a social network? Why not? Are the organizations I work with at risk of losing their accounts because of these Gmail addresses? It's all so seemingly arbitrary that it really does feel like it could go either way. After all, most of them are non-profits and pay nothing for their accounts, so Google has nothing to lose.
This is a stupid policy. If they can't work around it, then Google+ will be going the way of Buzz and Wave, and the C-level billionaires will be left scratching their heads.
Just copy the downloaded Lion to a thumb drive and install it on all the corporate computers. If anything, it's easier than windows. Complaining about each person downloading it is retarded. You only need to download it one time, copy it to a drive and use it all over the place. IT, once again, showing ignorant and lazy they can be.
Also, you don't need to keep track of licenses or enter activation keys. And you don't have to install Security Essentials.
Slashdot Mirror
Duh! I forgot about client IP address. Thx.
...and let Google sort 'em out.
Reviews are much more trustworthy when they exist in context. If I came to your site and thought, oh, there's someone like me, and s/he really liked that product, that's far more valuable to me than seeing a similar review in the middle of a bunch of other faceless reviews.
Your own site will (ideally) give readers a pretty good idea of your taste and background. Leave them there.
So, will Amazon follow Opera Mini's lead (see http://www.opera.com/mobile/help/faq/#security) and rewrite WebKit's security stack so that it doesn't check SSL certificates?
That's the million dollar question, here.
I don't care if Amazon sees what my family does on the public internet. But if they're going to proxy my GMail, bank account, and other HTTPS sites, then we have a problem. And, most likely, a Congressional investigation. Because unlike Opera Mini, Silk isn't being billed as a stripped down mobile browser. There really isn't any need for them to expose themselves to our private data, if all they are trying to do is optimize the public web for their CPU.
I wonder how we'll be able to tell if they do this, anyway? Will they release the source code? Will they admit to it, if no one important enough asks?
You don't understand how HTTPS works, do you?
Or maybe s/he does -- Amazon controls the browser AND controls the proxy, so we have to trust them to follow the rules.
If they rewrite the part of WebKit's TLS stack that checks certificates then they can successfully and silently man-in-the-middle any secure site.
How would you know this was happening? After all, iOS was subject to a similar "bug" for years before anyone noticed.
It's a problem because part of the genius of the original Kindle was the ability to purchase, download, and read a new book from anywhere.
No connecting to a PC. No figuring out Wifi settings. It just worked.
Yes, it also made the Kindle much more expensive. But the value, especially to non-technical users who just want to read a book, cannot be underestimated. Removing the WhisperNet makes Kindle more like every other gadget, and less like a truly polished product.
The people who buy such things (nerds like you and me) don't see the value of zero-config, and the result is that end users (like your grandma) won't think Kindle is worth it. So yeah, it's a problem. They didn't keep it simple, and they could have.
Um, let's see... become more Linux friendly?
Maybe they have gotten better in recent years, but Newegg always struck me as somewhat hostile to Linux users. Now if the nerds are the only ones buying aftermarket parts (which I somehow doubt, but anyway) maybe we'll get better treatment, more attention in tech specs, etc.
They could also focus on the Maker/hacker market. But who are we to deliver a crowdsourced marketing strategy? Know your customers, and your business won't dry up overnight!
So at this point, Hewlett-Packard is just a shell company that exists to funnel the long-term campaign contributions of conservatives into Meg Whitman's war chest by means that are not subject to contribution limits or public oversight... right?
Why would anybody invest in HP if not to directly support the new CEO's compensation package?
But we already had HP and RIM for that!!!
Anyone who can come up with a way to sign and encrypt email that makes sense to lawyers (my lawyer still uses AOL!) will make a helluva lot of money.
They should have been doing it ten years ago. It should be illegal to send attoney-client privileged emails in plaintext. But guess who makes the laws?
Totally. I use the smart panel in the refrigerator to download and store all my pirated movies.
Try moving to web development. PHP is a very easy move from C (it's basically weakly-typed C without pointers), and if that turns you off, Python and Ruby shouldn't be that much more difficult to learn.
...and then be prepared to re-make every mistake that shitty web developers have made over the last 10 years. Web coding has to be fast, secure and scalable, you can't just pick any two anymore. You also need to write clean, semantic markup, CSS, and JavaScript. You need to know how those will interact with various kinds of media in different browsers. Now learn html5. Now learn to work with a graphic designer. What do you mean it isn't pixel-perfect in IE6? What do you mean I can't use this font? Did I mention it needs to look good on a Blackberry?
I don't want to turn anyone off, but gees, if the only thing you know is C then you are going to have a hell of a learning curve getting into web programming today. You'll be better off re-factoring parts of an existing web app into C for the scalability bump.
defend yourself by proving that you didn't download the material.
I wonder how I would prove that I didn't download something?
I suppose if I was provably away from home when the download allegedly occurred.
Or perhaps the absence of log messages in the system log could prove that the system wasn't turned on.
I could submit my computer to forensic examination to prove that a particular copyrighted sequence of bits is not found on the hard drive.
I could claim that such-and-such copyrighted work disgusts me and I would never download it.
None of these approaches seem particularly effective. I predict much fun to be had by hacking unpatched wi-fi routers and installing bittorrent clients on them in NZ this year.
In a perfect world, I should install my bank's certificate as a trusted certificate, and distrust Thawte, Verisign, etc when visiting mybank.com. But alas, that is hard.
Way back in the Netscape past, I guess someone decided that managing security certificates was completely unsexy, and so they handed it off to the engineers that no one else wanted on their team. The resulting arcane interfaces and dialogs led us all to believe that it's hard to manage and that we don't have any actual control, and so the entire CA industry has grown up in the shadows where no one wants to look. "Just make it work, I don't want to have to understand it."
Some things that could be done differently:
1) Certificates have fingerprint hashes. Fingerprints can be stored in DNS, correlated with other trusted sites, distributed out of band, to be manually verified before certificate acceptance.
2) CAs should be untrusted by default, and only trusted on a domain by domain basis. CA -> Domain authority mappings can also be stored in DNS, correlated with other trusted sites, distributed out of band, to be manually verified before certificate acceptance.
3) Decentralize. It should be dead simple to create an open source CA appliance that generates self-signed certificates in a reasonably secure fashion, if only browser weren't so brain dead about handling self-signed (and trusted!) certificates.
As long as we're stuck with the Netscape UI legacy, and the idea that "SSL is for eCommerce so trust has to be implicit otherwise we'll lose sales" we're toast.
A company that was by engineers, for engineers.
So now you know what will happen to Google, eventually. Engineers cost real money. Boards and shareholders don't like spending real money on anything but executives.
A nuke plant the size of a CARRY-ON SUITCASE. I don't see any problems with that getting into the wrong hands...
Yeah, in the hands of the wrong person it might just allow poor people to have heat, light, refrigeration, filtered water, cooked food, and the Internet without paying a dime to the local energy conglomerate. That absolutely must not be allowed to happen!
Okay, we get it now. Being a leading browser is a huge deal, and it's a massive thing just to keep up with the bug reports, much less the bugs themselves.
This story points to a need, among *successful* software projects, to somehow limit bug reporting and feature requests to a smallish group of relatively savvy users, and then let the masses +1 their favorite bugs/features once confirmed.
How to distinguish savvy users? Maybe they have to pass a test first in order to post, or make a small monetary contribution.
There are bugs that where introduced back when I was still in high school like 5-6 years ago that I am still waiting on.
Too bad you didn't study programming. You could be fixing those bugs in your spare time now!
was this a problem with earlier IOS is the interesting part.
It's a problem on my my 2G iPhone, running iOS 3.1.3. So, yeah, it has been a problem for a while.
Damn! Now I have an intense urge to put a 2m ham repeater at L4.
Hell, I have an intense urge to park a Winnebago at L4.
And probably never will. Maybe it requires an MBA to understand how chasing away paying customers is good for business?
One possible answer: marketing. By doing this, they get an article on Slashdot. They remove the DRM restriction with a mea culpa in a few days, and get another article. Two-for-one!
Then again, maybe I'm just being cynical, and Ubisoft management is really as stupid as they think their customers are.
Did Apple really write a new custom certificate validation stack for iOS? Really?
And then the developers failed to test it against this basic condition (using a valid certificate to sign a fake certificate)? On a device where you can only connect via wi-fi networks, which are inherently untrustworthy!
Why, Jobs, why?
THIS is the kind of gross incompetence that deserves a Congressional investigation. Who was behind this? Was it stupidity or actual malice?
What's really interesting is the relatively small degree of un-humanness which triggers the response. Tiny little things, like the number of milliseconds difference between a face's left and right eyes blinking cause the response.
Meditate for a while on the evolutionary basis for having such a fine-tuned mechanism. There must have been times in our genetic past when our ancestors had to distinguish between humans and entities who looked and acted remarkably human but not quite. Is this a hedge against mental illness? A means of selecting for fine motor skills? Selecting for ability to mimic behavioral norms?
I prefer to believe in the Battlestar Galactica hypothesis: we are the descendants of a race of humanoids who fought epic battles against look-alike robots.
All hail The Firefox Mozilla, which will clean up mobile fragmentation using open source!
I thought that this was the worst /. summary I'd read in a while.
But then I considered the quality of code and product development coming out of the Mozilla Foundation these days. I think that six months from now, this summary will be in better shape than the project it describes. So, well done, karthikmns!
Forcing users of an internet service to post using their legal name is an anti-feature, just like limiting passwords to six characters or installing software without permission.
There are plenty of decent, law-abiding people who do not want to reveal their real names: folks in various witness protection programs, those hiding from abusive partners/spouses, and people with politically-sensitive jobs (or bosses), to name just three classes.
By forcing the use of "real names" on a service, it seems to me that a company opens itself up to legal action in two different ways. First, action from classes of users who used the service but were subsequently denied access for not using a real name. Second, and more seriously, action from individuals who suffer identity theft, impersonation, fraud, or some other id-related crime as a direct result of their use of the service. I'm not a lawyer; Google has plenty of lawyers, but think about it. Why would they open themselves up to this when they don't need to?
Also, the use of real names has not, in the past, been a requirement of using other Google services. I have set up plenty of GMail accounts that are role-based: dev@example.org, help@example.org, support@example.org, and so on. Are those role-based accounts not allowed to participate in a social network? Why not? Are the organizations I work with at risk of losing their accounts because of these Gmail addresses? It's all so seemingly arbitrary that it really does feel like it could go either way. After all, most of them are non-profits and pay nothing for their accounts, so Google has nothing to lose.
This is a stupid policy. If they can't work around it, then Google+ will be going the way of Buzz and Wave, and the C-level billionaires will be left scratching their heads.
Just copy the downloaded Lion to a thumb drive and install it on all the corporate computers. If anything, it's easier than windows. Complaining about each person downloading it is retarded. You only need to download it one time, copy it to a drive and use it all over the place. IT, once again, showing ignorant and lazy they can be.
Also, you don't need to keep track of licenses or enter activation keys. And you don't have to install Security Essentials.