If grandma-joesixpack is that computer-illiterate, she shouldn't have to be watching out. She should be letting someone more computer-literate set her computer up, including antivirus and automatic updates and all, and when the AV program and Microsoft's MSRT started alerting she should've called said computer-literate helper to fix things.
And why would we assume she's computer-illiterate? My mother knows enough to call for the tech when things get weird, and she's 70 and just got her first computer. My generation is pushing 50, and we grew up with computers around. Which means my parents' generation had to deal with kids bringing homework from their computer classes home. We're past the point where "they don't know about computers" is a legitimate excuse. If by now you don't know at least a bit about computers and haven't built up a list of people you trust to help you with them and give you advice on them, you're beyond help.
The "rightful owners" were the malware authors who were infecting PCs and running the botnet. The FBI got the authority when they charged those authors and got a warrant to seize the servers.
http://www.dcwg.org/
It's been in every antivirus program update since January. It's been covered on every PC-related Web site out there. Facebook has been warning anyone who visits while infected about the problem since early June. It's been the Malicious Software Removal Tool Microsoft sends monthly through Windows Update for months now. The only people who don't know about the problem are the ones who've been willfully refusing to look at anything related to the security of their computers. Well, you can't safely do that. That's been, or should have been, common knowledge for the last 20 years.
The FBI didn't change any settings. The malware did that, it alters the infected computer's DNS settings to use a set of servers run by the malware authors. What the FBI did was take over those servers and replace the malicious software running on them with software that does normal DNS so infected computers were no longer being redirected to the malware author's sites. And now the FBI's looking at shutting down the servers entirely, which would leave the infected computers with no DNS servers at all.
It's not like this is coming out of the blue. Every one of the owners of those machines has had at least 6 months' warning of the problem. If they haven't done anything before this, they won't do anything about it until their Internet stops working and they have no choice. So stop with the hand-wringing, shut 'em down and let those people suffer the consequences of their own willful stupidity. It's the only way they'll learn.
Well, duh. I pin the (relatively) small selection of programs I use regularly. I pin the most common couple to the taskbar, because space there is really limited. The majority of the ones I pin get pinned to the more spacious start menu, or get put as icons on the desktop. The start menu itself, the full one, is for the programs that're installed but that I don't use constantly. I want them accessible because I do use them, just not every day. Take away the start menu and now I have to find somewhere to hold the icons for the hundred-plus programs I need access to that I'm not using every day (or even every month for that matter). So, Microsoft, if you're going to remove the start menu, what are you replacing it with that serves the same purpose? And if you aren't, why should I bother upgrading to something that makes life harder for me until I have software I have to use that absolutely won't run on what I've got working now?
Because then every business would argue that it can't install ramps. And usually the argument would boil down to it being possible, it'd just cost money and the business doesn't want to spend money.
Society, OTOH, has decided that it's not in it's best interests for a significant number of it's members to not be able to do the basic things everyone else can, like get into a store and shop for goods or go to the theater and watch a movie. Just like it decided it wasn't in it's best interests for a significant number of it's members to be relegated to the back of the bus and to second-rate schools just because of the color of their skin. Businesses don't like it now, just like they didn't like it then, but society doesn't make it's decisions based on what's best for businesses (just like businesses don't make their decisions based on what's best for society, apparently). I've a little sympathy for them, but since in large part they've demonstrated that nothing short of application of a blunt instrument will get them to behave my general attitude's become "If they don't like the terms society wants, they're free to pack their businesses up and go elsewhere.".
Most of the videos on Netflix are movies or TV shows. Every movie I've seen since DVDs came out have subtitling on them, it should just be a matter of including that information in the streamed video (assuming Flash allows for displaying subtitles). Most TV shows are close-captioned already, again it should be just a matter of including the close-captioning information in the stream. There should only be a minority of content that isn't already ADA-compliant.
Check again. Under your account settings it'll show your primary e-mail. What you want to do is go to your profile and scroll down to the contact information section and the e-mail address there. That's the one they forcibly changed. To fix that one, go and edit your profile.
A terabyte of RAM costs quite a lot of money, far more than a terabyte of hard drive does. And it's not as big as it sounds, I've dealt with databases bigger. Usually the ones that demand the highest performance are also the ones that eat the most space once you start taking indexes and such into account.
And multiple power supplies? Won't help you when the data center rack loses all power. I recall at least 2, maybe more, reports of total loss at data centers in the last 12 months, so it's not like it's that rare an event. That's not counting partial losses, or cases where someone simply fumble-fingered and powered down or rebooted the wrong server. And it certainly doesn't count maintenance outages when the server or the database software had to be restarted to upgrade software. Redundant power supplies won't help against that, and while it's no big deal normally it's a really big deal when it means losing 100% of the contents of the database when memory gets cleared. Sooner or later you need the data on persistent storage, disk or an equivalent. You can handwave that need over the short term, minutes to maybe hours, but when you start talking about maintaining the database for months to years it's a different story. And if you want to say you don't need that kind of up-time, well, the business people where I work would probably boot you out the door so hard you'd bounce twice for suggesting they could just live with losing all our data a couple of times a year. Having it happen even once would probably be the end of the company.
Speed's fine, but what kind? Or more specifically, over what timeframe? High transaction rates are fine, but they don't do any good if you can only sustain them for a few seconds or minutes before the whole thing collapses. I want to know the transaction rate the thing can sustain over 24 hours of continuous operation. In the real world you have to be able to keep processing transactions continuously.
That long-time-period test also shows up another potential problem area: disk bottleneck. In-memory's fine, but few serious databases are small enough to fit completely in memory. And even if it will fit, you can't lose your database when you shut down to upgrade the software so eventually the data has to be written to disk. And that becomes a bottleneck. If your system can't flush to disk at least as rapidly as you're handling transactions, your disk writes start to lag behind. Sooner or later that'll cause a collapse as the buffers needed to hold data waiting to be written to disk compete for memory with the actual data. You can play algorithmic games to minimize the competition, but sooner or later you run up against the hard wall of disk throughput. And the higher your transactions rates are, the harder you're going to hit that wall.
If I don't know what's wrong, I can't fix it. A vague dismissal doesn't help me improve things. And I'd posit that it doesn't help the VC either. VCs don't themselves come up with startup ideas, or they'd be doing that startup instead of looking for startups to fund. Where do they think the startups they can fund will come from? The more marginal ones take the feedback and use it to improve their plan, the more good opportunities the VCs will have to choose from.
Having tried them, for me it comes down to the same issue Windows people have raised about non-Windows devices: integration, or lack thereof. Over time I've gotten a lot of stuff tied in to Google's services. Whether you like Google or not, the fact is my stuff's there and my desktop etc. all integrate with it. The Android phone does, the WP7 phone... doesn't, at least not easily. My contacts list, my calendar, maps, voicemail, e-mail, e-books, on-line documents, it's all quickly and easily available on the Android device while on the WP7 device I have to mess around installing third-party stuff and getting the phone to stop trying to use it's default services (which I'm not using) and use the ones I'm actually using instead.
The WP7 phone would probably be superior as a corporate phone, it'll integrate better with the Windows domain and the rest of the corporate stuff. But I don't have that environment, and I want a phone that works with what I do have. WP7 isn't it.
True, but the flip side is that I have the ability to keep a one-day non-cloud outage to one day by putting effort into it. I have control over what happens. If it's a non-cloud outage I have no control over how long it'll last. That all depends on the vendor and how much priority they put on fixing things, which leaves me in the unenviable position not of laying on the beach but of constantly being on conference calls having to tell upper management "No, we don't know what happened. No, we don't know when it'll be fixed. No, we can't do anything to speed recovery up.". Which, trust me, upper management does not like one bit.
Probably it wouldn't, but think a moment. How many thieves with experience picking locks would be wandering around the offices where I work looking for computer passwords? The kind of thief who'd break in would be looking for physical goods, and the kind that'd be looking for access to the computers wouldn't likely be the sort to be physically breaking into the building.
And even if they did get into that drawer, note that I said I wrote down the password. I did not say anything about making any notation that it was the password. And after several years that bit of paper's covered with a lot of passwords, only a few of which work. And of course there's more than a few other scribbles on it that aren't passwords at all. I know which ones are the right ones, but good luck on anyone else finding the right ones. And they don't just have to find the right one, they have to find it in no more than 3 tries. Third failure, my account locks itself and even the right password won't work anymore.
So yeah, I'm more worried about a keylogger arriving attached to an e-mail than I am about someone finding the written-down password in my desk drawer.
And of course, how many attackers will have access to my desk? For my desk at home I can count them on my fingers and not run out, and I know where they live. For my desk at work, that's why one drawer has a lock on it and the key's on my key-ring. Sure Security or Facilities could open it, but if they're compromised they've got access to far more lucrative places in the building without needing to mess with my desk.
I wouldn't be surprised if that's the case. I know I use "strong" passwords mainly out of habit, and a bit of laziness (it's easier to get random sequences past password rules). I'm well aware that at best the only protection that gives me is the possibility that whoever compromised the password database will be satisfied with the results of a dictionary attack and not bother doing a brute-force attack on what's left. I'm also aware that I get more protection from a site locking my account out after repeated failures than from the password being hard to guess (the likely failure limit being a lot less than the number needed to guess even a "weak" password). And I find it amusing that a site classifies "kwo5*f(2n" as a weak password (no upper-case letters) (no, that's not one of my actual passwords) while "Jn4thon!" is considered strong (mix of upper-case, lower-case, numbers and symbols, no dictionary words present).
Yep, and since I must track your IP address and port number to maintain any TCP/IP connections, I'm now risking legal action if I do anything other than just drop the fucking connection.
Nope. You need to know the IP address and port while the connection's maintained, but you don't need to collect and store that information. You can let the OS forget about it the moment the connection's closed. And since you didn't collect or store it, it isn't there to be abused.
No, it's like entrapment. Here's a website I'm giving a bunch of data to, and I'm telling them not to do anything with it, but expecting a service from them based on this data they're not supposed to do anything with.
Again, nope. Receiving the data's a completely different matter from collecting and storing it. It's entirely possible to receive the data, do what you need to do with it and discard it as soon as you're done. You send the page back to the browser, close the connection and chuck the information in the bit bucket and presto, no more problem. This seems to be a common theme among certain types: that if they aren't allowed to store positively every single scrap of information and do anything they please with it forever, they can't do business at all. That's like saying that if the 7-11 store can't run a full credit report on you they can't sell you a can of soda for cash, and it's just as laughable. You won't be able to offer some services if people don't permit some degree of collection of data, but I've seen very very few Web sites that couldn't operate with "DNT: 1" set (I've run into many that won't, but that's usually because the site designers chose to make it that way and not because they had to).
Not for tracking, no. But if I end up taking legal action because a Web site collected data about me and it ended up harming me (eg. it got stolen and used to impersonate me, causing me to have to clean up the financial mess that resulted), I have something I can bring up in court: "There is a standard way of indicating to the site that I do not consent to having data about me collected. I used that standard method to tell the site I did not consent. The site knew about this standard. The site knew or should have known I had refused to consent, and willfully ignored this and collected the data anyway. They are liable for the consequences of their decision.". Having a standard DNT signal doesn't prevent the site from collecting data, but it makes it harder for them to shrug and say "Not our problem." when the data gets abused.
It's like "No Trespassing" signs on a fence: the sign doesn't stop anyone from hopping over the fence, they can't claim later that they didn't know they weren't allowed on the property.
It's not length or lack thereof. It's that what you want are good candidates, and what HR's passing are candidates whose resumes match the keyword list. The two aren't the same, and I'm suspecting that HR's filter is biased against people who describe what they did instead of what languages and technologies they used.
And what I've strongly suspected is that the good candidates, the ones you'd want to hire, get screened out in HR because they don't have that 20-page resume listing every skill under the sun and so don't get through the keyword filtering HR uses on resumes. I've sometimes wondered how much difference it'd make if HR was told "Don't screen. Send every resume down to the engineers and let them tell you which ones they want phone interviews for.". Then set aside the afternoon one day for a couple of the guys to just do a quick sort of the resumes into "OMGgethiminherenow!", "looks good" and "rubbish".
I'd love to see a judge rule "The right to recourse through the courts, including participating in a class-action suit, is a right granted by law. A mere contract cannot gainsay the law. If the plaintiff has breached a contract with the defendant by engaging in a class-action suit after signing a contract not to do so, the defendant may of course sue the plaintiff for breach of contract and demand the remedies available to them under the law. That, however, has no bearing on the present action.".
This sounds like going back to a variation on self-signed certificates. The server signs it's certificate with it's own local-CA private key, plus has it signed by someone like Verisign. The first time you hit the server, you check the Verisign signature as well as the self-signature. If both check out, you remember the self-signature and proceed to ignore Verisign from there on out. If you see a certificate purporting to be from the site but not signed with the local-CA key you remember it using before, you throw up an error. This reminds me of a system I suggested before: let users tie SSL certificates to a list of servers and associate the list with a human-readable name (an entity). Then let the user activate a secure mode to visit a particular entity, at which point the browser would reject content from any server not in the remembered list or not presenting a remembered certificate. The two systems have the same vulnerability: the browser can be fooled into accepting a false certificate during the first visit, and if it is the user'll never see any indication of a problem after that. TACK though has the advantage of potentially requiring the browser to remember only one TACK key instead of multiple certificates.
How about we just admit that the current PKI is fatally compromised: it assumes CAs will act contrary to their own self-interest by turning down customers and their money. If you want a PKI based on signing certificates by CAs, the CAs need to be entities whose primary income does not derive from signing certificates.
What I've found is that having the keypad on the right shoves the main keyboard off-center when I'm working on the laptop. If I have the screen centered, the keyboard's off-center to my left and not comfortable. If I center the keyboard, the laptop's shoved off to the right and doesn't feel comfortable when sitting at it. For maximum comfort I want the main keyboard centered under the screen, and that means leaving off the separate keypad.
I also don't use the keypad much for business use. It's mostly the main keyboard and the mouse/trackpad. The keypad's primarily used for gaming, which isn't something I'm going to do a lot of on a business laptop. If I'm using the keyboard I'm primarily entering text. If I'm entering numbers I'm rarely doing the kind of intensive entry I'd want a ten-key keypad for.
So overall I end up wanting the separate keypad primarily for consumer-oriented stuff like games, not business use. And since I don't game on my laptops, I'm usually looking for one without a separate keypad.
It depends on the math involved. Almost all math involves less than full accuracy, because the inputs themselves aren't exact. If I multiply 5 (with an error margin of +/- 0.05) times 10 (with an error margin of +/- 0.05), what's the result? Somewhere between 49.2525 and 50.7525. We don't know exactly where, because we don't know exactly what our starting numbers were closer than the error margins. And we probably don't care, because most of the time we only require a certain degree of accuracy from our results. As long as the total error in our calculation doesn't exceed our acceptable error margin, we're fine. We have errors in our inputs. We have errors because we can only carry a finite number of significant digits at each step of the calculation. If our calculations themselves are slightly wrong, that's just another source of error to take into account. As long as our results are repeatable to within the acceptable error margin, that they're not exactly repeatable isn't a problem (if it is, your acceptable error margin is too large).
Slashdot Mirror
If grandma-joesixpack is that computer-illiterate, she shouldn't have to be watching out. She should be letting someone more computer-literate set her computer up, including antivirus and automatic updates and all, and when the AV program and Microsoft's MSRT started alerting she should've called said computer-literate helper to fix things.
And why would we assume she's computer-illiterate? My mother knows enough to call for the tech when things get weird, and she's 70 and just got her first computer. My generation is pushing 50, and we grew up with computers around. Which means my parents' generation had to deal with kids bringing homework from their computer classes home. We're past the point where "they don't know about computers" is a legitimate excuse. If by now you don't know at least a bit about computers and haven't built up a list of people you trust to help you with them and give you advice on them, you're beyond help.
The "rightful owners" were the malware authors who were infecting PCs and running the botnet. The FBI got the authority when they charged those authors and got a warrant to seize the servers.
http://www.dcwg.org/
It's been in every antivirus program update since January. It's been covered on every PC-related Web site out there. Facebook has been warning anyone who visits while infected about the problem since early June. It's been the Malicious Software Removal Tool Microsoft sends monthly through Windows Update for months now. The only people who don't know about the problem are the ones who've been willfully refusing to look at anything related to the security of their computers. Well, you can't safely do that. That's been, or should have been, common knowledge for the last 20 years.
The FBI didn't change any settings. The malware did that, it alters the infected computer's DNS settings to use a set of servers run by the malware authors. What the FBI did was take over those servers and replace the malicious software running on them with software that does normal DNS so infected computers were no longer being redirected to the malware author's sites. And now the FBI's looking at shutting down the servers entirely, which would leave the infected computers with no DNS servers at all.
It's not like this is coming out of the blue. Every one of the owners of those machines has had at least 6 months' warning of the problem. If they haven't done anything before this, they won't do anything about it until their Internet stops working and they have no choice. So stop with the hand-wringing, shut 'em down and let those people suffer the consequences of their own willful stupidity. It's the only way they'll learn.
Well, duh. I pin the (relatively) small selection of programs I use regularly. I pin the most common couple to the taskbar, because space there is really limited. The majority of the ones I pin get pinned to the more spacious start menu, or get put as icons on the desktop. The start menu itself, the full one, is for the programs that're installed but that I don't use constantly. I want them accessible because I do use them, just not every day. Take away the start menu and now I have to find somewhere to hold the icons for the hundred-plus programs I need access to that I'm not using every day (or even every month for that matter). So, Microsoft, if you're going to remove the start menu, what are you replacing it with that serves the same purpose? And if you aren't, why should I bother upgrading to something that makes life harder for me until I have software I have to use that absolutely won't run on what I've got working now?
Because then every business would argue that it can't install ramps. And usually the argument would boil down to it being possible, it'd just cost money and the business doesn't want to spend money.
Society, OTOH, has decided that it's not in it's best interests for a significant number of it's members to not be able to do the basic things everyone else can, like get into a store and shop for goods or go to the theater and watch a movie. Just like it decided it wasn't in it's best interests for a significant number of it's members to be relegated to the back of the bus and to second-rate schools just because of the color of their skin. Businesses don't like it now, just like they didn't like it then, but society doesn't make it's decisions based on what's best for businesses (just like businesses don't make their decisions based on what's best for society, apparently). I've a little sympathy for them, but since in large part they've demonstrated that nothing short of application of a blunt instrument will get them to behave my general attitude's become "If they don't like the terms society wants, they're free to pack their businesses up and go elsewhere.".
Most of the videos on Netflix are movies or TV shows. Every movie I've seen since DVDs came out have subtitling on them, it should just be a matter of including that information in the streamed video (assuming Flash allows for displaying subtitles). Most TV shows are close-captioned already, again it should be just a matter of including the close-captioning information in the stream. There should only be a minority of content that isn't already ADA-compliant.
Check again. Under your account settings it'll show your primary e-mail. What you want to do is go to your profile and scroll down to the contact information section and the e-mail address there. That's the one they forcibly changed. To fix that one, go and edit your profile.
A terabyte of RAM costs quite a lot of money, far more than a terabyte of hard drive does. And it's not as big as it sounds, I've dealt with databases bigger. Usually the ones that demand the highest performance are also the ones that eat the most space once you start taking indexes and such into account.
And multiple power supplies? Won't help you when the data center rack loses all power. I recall at least 2, maybe more, reports of total loss at data centers in the last 12 months, so it's not like it's that rare an event. That's not counting partial losses, or cases where someone simply fumble-fingered and powered down or rebooted the wrong server. And it certainly doesn't count maintenance outages when the server or the database software had to be restarted to upgrade software. Redundant power supplies won't help against that, and while it's no big deal normally it's a really big deal when it means losing 100% of the contents of the database when memory gets cleared. Sooner or later you need the data on persistent storage, disk or an equivalent. You can handwave that need over the short term, minutes to maybe hours, but when you start talking about maintaining the database for months to years it's a different story. And if you want to say you don't need that kind of up-time, well, the business people where I work would probably boot you out the door so hard you'd bounce twice for suggesting they could just live with losing all our data a couple of times a year. Having it happen even once would probably be the end of the company.
Speed's fine, but what kind? Or more specifically, over what timeframe? High transaction rates are fine, but they don't do any good if you can only sustain them for a few seconds or minutes before the whole thing collapses. I want to know the transaction rate the thing can sustain over 24 hours of continuous operation. In the real world you have to be able to keep processing transactions continuously.
That long-time-period test also shows up another potential problem area: disk bottleneck. In-memory's fine, but few serious databases are small enough to fit completely in memory. And even if it will fit, you can't lose your database when you shut down to upgrade the software so eventually the data has to be written to disk. And that becomes a bottleneck. If your system can't flush to disk at least as rapidly as you're handling transactions, your disk writes start to lag behind. Sooner or later that'll cause a collapse as the buffers needed to hold data waiting to be written to disk compete for memory with the actual data. You can play algorithmic games to minimize the competition, but sooner or later you run up against the hard wall of disk throughput. And the higher your transactions rates are, the harder you're going to hit that wall.
If I don't know what's wrong, I can't fix it. A vague dismissal doesn't help me improve things. And I'd posit that it doesn't help the VC either. VCs don't themselves come up with startup ideas, or they'd be doing that startup instead of looking for startups to fund. Where do they think the startups they can fund will come from? The more marginal ones take the feedback and use it to improve their plan, the more good opportunities the VCs will have to choose from.
Having tried them, for me it comes down to the same issue Windows people have raised about non-Windows devices: integration, or lack thereof. Over time I've gotten a lot of stuff tied in to Google's services. Whether you like Google or not, the fact is my stuff's there and my desktop etc. all integrate with it. The Android phone does, the WP7 phone... doesn't, at least not easily. My contacts list, my calendar, maps, voicemail, e-mail, e-books, on-line documents, it's all quickly and easily available on the Android device while on the WP7 device I have to mess around installing third-party stuff and getting the phone to stop trying to use it's default services (which I'm not using) and use the ones I'm actually using instead.
The WP7 phone would probably be superior as a corporate phone, it'll integrate better with the Windows domain and the rest of the corporate stuff. But I don't have that environment, and I want a phone that works with what I do have. WP7 isn't it.
True, but the flip side is that I have the ability to keep a one-day non-cloud outage to one day by putting effort into it. I have control over what happens. If it's a non-cloud outage I have no control over how long it'll last. That all depends on the vendor and how much priority they put on fixing things, which leaves me in the unenviable position not of laying on the beach but of constantly being on conference calls having to tell upper management "No, we don't know what happened. No, we don't know when it'll be fixed. No, we can't do anything to speed recovery up.". Which, trust me, upper management does not like one bit.
Probably it wouldn't, but think a moment. How many thieves with experience picking locks would be wandering around the offices where I work looking for computer passwords? The kind of thief who'd break in would be looking for physical goods, and the kind that'd be looking for access to the computers wouldn't likely be the sort to be physically breaking into the building.
And even if they did get into that drawer, note that I said I wrote down the password. I did not say anything about making any notation that it was the password. And after several years that bit of paper's covered with a lot of passwords, only a few of which work. And of course there's more than a few other scribbles on it that aren't passwords at all. I know which ones are the right ones, but good luck on anyone else finding the right ones. And they don't just have to find the right one, they have to find it in no more than 3 tries. Third failure, my account locks itself and even the right password won't work anymore.
So yeah, I'm more worried about a keylogger arriving attached to an e-mail than I am about someone finding the written-down password in my desk drawer.
And of course, how many attackers will have access to my desk? For my desk at home I can count them on my fingers and not run out, and I know where they live. For my desk at work, that's why one drawer has a lock on it and the key's on my key-ring. Sure Security or Facilities could open it, but if they're compromised they've got access to far more lucrative places in the building without needing to mess with my desk.
I wouldn't be surprised if that's the case. I know I use "strong" passwords mainly out of habit, and a bit of laziness (it's easier to get random sequences past password rules). I'm well aware that at best the only protection that gives me is the possibility that whoever compromised the password database will be satisfied with the results of a dictionary attack and not bother doing a brute-force attack on what's left. I'm also aware that I get more protection from a site locking my account out after repeated failures than from the password being hard to guess (the likely failure limit being a lot less than the number needed to guess even a "weak" password). And I find it amusing that a site classifies "kwo5*f(2n" as a weak password (no upper-case letters) (no, that's not one of my actual passwords) while "Jn4thon!" is considered strong (mix of upper-case, lower-case, numbers and symbols, no dictionary words present).
Yep, and since I must track your IP address and port number to maintain any TCP/IP connections, I'm now risking legal action if I do anything other than just drop the fucking connection.
Nope. You need to know the IP address and port while the connection's maintained, but you don't need to collect and store that information. You can let the OS forget about it the moment the connection's closed. And since you didn't collect or store it, it isn't there to be abused.
No, it's like entrapment. Here's a website I'm giving a bunch of data to, and I'm telling them not to do anything with it, but expecting a service from them based on this data they're not supposed to do anything with.
Again, nope. Receiving the data's a completely different matter from collecting and storing it. It's entirely possible to receive the data, do what you need to do with it and discard it as soon as you're done. You send the page back to the browser, close the connection and chuck the information in the bit bucket and presto, no more problem. This seems to be a common theme among certain types: that if they aren't allowed to store positively every single scrap of information and do anything they please with it forever, they can't do business at all. That's like saying that if the 7-11 store can't run a full credit report on you they can't sell you a can of soda for cash, and it's just as laughable. You won't be able to offer some services if people don't permit some degree of collection of data, but I've seen very very few Web sites that couldn't operate with "DNT: 1" set (I've run into many that won't, but that's usually because the site designers chose to make it that way and not because they had to).
Not for tracking, no. But if I end up taking legal action because a Web site collected data about me and it ended up harming me (eg. it got stolen and used to impersonate me, causing me to have to clean up the financial mess that resulted), I have something I can bring up in court: "There is a standard way of indicating to the site that I do not consent to having data about me collected. I used that standard method to tell the site I did not consent. The site knew about this standard. The site knew or should have known I had refused to consent, and willfully ignored this and collected the data anyway. They are liable for the consequences of their decision.". Having a standard DNT signal doesn't prevent the site from collecting data, but it makes it harder for them to shrug and say "Not our problem." when the data gets abused.
It's like "No Trespassing" signs on a fence: the sign doesn't stop anyone from hopping over the fence, they can't claim later that they didn't know they weren't allowed on the property.
It's not length or lack thereof. It's that what you want are good candidates, and what HR's passing are candidates whose resumes match the keyword list. The two aren't the same, and I'm suspecting that HR's filter is biased against people who describe what they did instead of what languages and technologies they used.
And what I've strongly suspected is that the good candidates, the ones you'd want to hire, get screened out in HR because they don't have that 20-page resume listing every skill under the sun and so don't get through the keyword filtering HR uses on resumes. I've sometimes wondered how much difference it'd make if HR was told "Don't screen. Send every resume down to the engineers and let them tell you which ones they want phone interviews for.". Then set aside the afternoon one day for a couple of the guys to just do a quick sort of the resumes into "OMGgethiminherenow!", "looks good" and "rubbish".
I'd love to see a judge rule "The right to recourse through the courts, including participating in a class-action suit, is a right granted by law. A mere contract cannot gainsay the law. If the plaintiff has breached a contract with the defendant by engaging in a class-action suit after signing a contract not to do so, the defendant may of course sue the plaintiff for breach of contract and demand the remedies available to them under the law. That, however, has no bearing on the present action.".
This sounds like going back to a variation on self-signed certificates. The server signs it's certificate with it's own local-CA private key, plus has it signed by someone like Verisign. The first time you hit the server, you check the Verisign signature as well as the self-signature. If both check out, you remember the self-signature and proceed to ignore Verisign from there on out. If you see a certificate purporting to be from the site but not signed with the local-CA key you remember it using before, you throw up an error. This reminds me of a system I suggested before: let users tie SSL certificates to a list of servers and associate the list with a human-readable name (an entity). Then let the user activate a secure mode to visit a particular entity, at which point the browser would reject content from any server not in the remembered list or not presenting a remembered certificate. The two systems have the same vulnerability: the browser can be fooled into accepting a false certificate during the first visit, and if it is the user'll never see any indication of a problem after that. TACK though has the advantage of potentially requiring the browser to remember only one TACK key instead of multiple certificates.
How about we just admit that the current PKI is fatally compromised: it assumes CAs will act contrary to their own self-interest by turning down customers and their money. If you want a PKI based on signing certificates by CAs, the CAs need to be entities whose primary income does not derive from signing certificates.
What I've found is that having the keypad on the right shoves the main keyboard off-center when I'm working on the laptop. If I have the screen centered, the keyboard's off-center to my left and not comfortable. If I center the keyboard, the laptop's shoved off to the right and doesn't feel comfortable when sitting at it. For maximum comfort I want the main keyboard centered under the screen, and that means leaving off the separate keypad.
I also don't use the keypad much for business use. It's mostly the main keyboard and the mouse/trackpad. The keypad's primarily used for gaming, which isn't something I'm going to do a lot of on a business laptop. If I'm using the keyboard I'm primarily entering text. If I'm entering numbers I'm rarely doing the kind of intensive entry I'd want a ten-key keypad for.
So overall I end up wanting the separate keypad primarily for consumer-oriented stuff like games, not business use. And since I don't game on my laptops, I'm usually looking for one without a separate keypad.
It depends on the math involved. Almost all math involves less than full accuracy, because the inputs themselves aren't exact. If I multiply 5 (with an error margin of +/- 0.05) times 10 (with an error margin of +/- 0.05), what's the result? Somewhere between 49.2525 and 50.7525. We don't know exactly where, because we don't know exactly what our starting numbers were closer than the error margins. And we probably don't care, because most of the time we only require a certain degree of accuracy from our results. As long as the total error in our calculation doesn't exceed our acceptable error margin, we're fine. We have errors in our inputs. We have errors because we can only carry a finite number of significant digits at each step of the calculation. If our calculations themselves are slightly wrong, that's just another source of error to take into account. As long as our results are repeatable to within the acceptable error margin, that they're not exactly repeatable isn't a problem (if it is, your acceptable error margin is too large).