The other issue is when someone reports a bug in your website, you want to be able to know which version of the browser was used in order to reproduce the environment. The harder it is to find the version, the longer the helpdesk call.
It also makes it hard for vendors selling web applications. They say it works for Firefox--does it work for all versions? Does it break when a new version of Firefox is released? Some major educational applications still require Firefox 3. Ideally, they would be written to stable standards. Practically, they aren't. You can say that it's the developer's fault, but that is small consolation for the user.
And the misspelling of Quick as Qwik... this has all the telltale signs of a 50yo CEO listening to 30yo consultants about what a 15-20yo would find "hip" and "cool".
I gree that it smacks of that, however I don't think the DVD-by-mail business generally targets 15-20 year olds. They target 30+-something codgers who still primarily uses DVD/Bluray as their media of choice.
Whether or not Google's problems with Javascript are reasonable, it's perfectly understandable that now is the time that they would start caring so much about the future of JS. We're starting to really push the envelope, and when you do that, the shortcomings often rear their ugly heads much more dramatically.
2b. "Moderation online is the norm"? Please. Just browse/. at -1 to be proven wrong. There are plenty of folk misbehaving online. There are plenty folk who seem to have little to no moderation. Hence the need for online moderators.
UID doesn't mean much--just that you're probably older. Sometimes older people have the dumbest ideas. They get more frightened and paranoid the less life they have left.
You also dont have to worry about random failure in about 1.5 years because noone knows what the real-world MTBF is on these SSDs, but noone seems to want to think about that little issue.
Did you align your partitions to the erase block boundary? Otherwise your SDD performance could be severely degraded as the drive has to do two read/modify/write cycles when one would suffice.
Yeah, I fought with that for a while because I also wanted to keep a Windows partition on there. I did get the alignment correct.
I've heard of other people with similar experiences. The only thing I can imagine is that I wasn't very disk-bound before, and so the upgrade didn't help as much as with some other people.
Of course not, but the higher up in the thread to which I replied were either operating under that assumption or were otherwise talking about individual drives. And one of them didn't seem to understand that the one 3.5" drive was being RAIDed internally. You can add a multiplier to the discussions and it pretty much comes out the same, just with higher dollar values.
Not the GP, but I suspect he was referring to the fact that the OCZ Colossus 1TB SSD is internally a RAID 0. If an enterprise is running these, they're running RAID0, but may not even realize it.
That said, it starts at $2500. The 600GB 15k SAS drives start at $650. $1200 (comparing 2 SAS to 1 SSD) buys you a lot of rack space and cooling. If you look at "Enterprise SSD" (whatever that means), you're looking at requiring a PCI-E card to get close to that density, and it's going to cost even more. 1.2TB run over $4k. At least you can get, what, maybe 3 PCI-E cards into a 2U box? Of course, you can fit 2 SAS drives per U pretty easliy.
I have one, and I have not noticed significant increases in speed. I probably shaved 5 seconds off of a 20 second boot time, but I rarely shut the computer down, so that isn't such a big deal.
its actually more centralized than SSL/TLS, which is what is desired
Centralization only works if you place a high amount of trust in the central organization. Do you trust ICANN? Do you trust.us?.ir?.uk?
The CA system is only broken because there are weak links. The client trusts 200 CAs, and any one of them can sign for any domain. But what if we required 2 CAs to agree? 5? 10? It would be up to the admins of the server to decide how many CAs they wanted to use, and users could decide for themselves how many are required to agree in order to consider the cert valid.
Moxie Marlinspike has some other ideas that sound pretty neat. Unfortunately, at first glance, his techniques seem to also rely on SSL, creating a chicken-and-egg problem. I may have been misunderstanding him, though.
I agree. So warn about it, fight against the trend, and try to keep it from happening. But calling them evil like the_B0fh does seems a bit premature, if your worries are all about the future.
It's definitely a meatspace problem. I think another part of the problem is when people don't think about timezones. If I'm on the west coast, and I have a conference call on the east coast, and they schedule it for 11am, whose time zone is it? If they don't specify, I assume that they mean 11am their time. I assume this because if they went to the trouble of correcting the time for my time zone, I would expect them to also specify the time zone--most problems of this sort stem from people not thinking about it. But then I've assumed this and been wrong before, with someone correcting for my time but not telling me that.
Then, of course, there are times when someone says "CST" but they really mean "CDT". At least I've never seen that problem vice versa.
What all of this really means is that time is a difficult problem to solve, and I don't think there is one universal way to manage time that would be best for everyone.
I believe the idea is to load the keys into the debug registers, and then erase the keys from memory. Then cold-boot attacks won't work.
Yes, the keys do go into RAM, but you significantly reduce the amount of time that they are there. Normally, keys are in RAM as long as there is a mounted cryptfs.
Come on. Based on that premise, all black hats should be targeting Windows Update servers. WU happens automatically for most Windows users. So far, WU's held strong. There's no reason to believe that said netboot code wouldn't be similarly hardened and protected.
The problem with SSL certs is that anyone can create them. People have gotten SSL certs for domains that they didn't own or have any control over. Any one of the numerous CAs might be subverted to provide a cert which will appear valid to any browser. The weakness in SSL stems from this--too many orgs are trusted by the browsers, too many orgs can sign certificates, and too much signing is delegated.
they've had a history of dominating the market. Now, they're not. This is what's making people wonder.
The 3DS was a horrible idea.
It cost $100 more than the DS when the DS launched. $150 more than the DS Lite at the time of the 3DS launch. The primary upgrade from the DSi was a 3D display, but Nintendo warns parents that it can damage children's eyesight and cause eyestrain in adults. It also sports a lower battery life than the previous handhelds.
The launch titles were a joke. The previous DS handhelds relied heavily on backwards compatibility to inflate the number of titles that the unit could play at launch. They tried the same trick with the 3DS. The problem is that they've sold so many DS compatible devices that their own marketshare is working against them. They've sold a DS, DS Lite, DSi, or DSi XL to just about anyone who's going to buy one. Now they want to sell a 3DS to some of these same people at a huge price increase with few launch titles and fewer good ones. They shouldn't be shocked that sales didn't meet expectations.
You can only sell people the same thing so many times. Nintendo's been great at doing that for the past 10 years, with rerelease titles on the GBA, DS, and Virtual Consoles, as well as barely-differentiated hardware revisions. Now we're in a recession and they're trying to sell us practically the same device at a considerably higher price tag. They've gotten fat and lazy, and they expect their fans to lap up anything they put out.
Dropping the price to $170 was a good start, but that alienates early adopters. The ambassador program might help some with that.
That's my experience exactly. I've downloaded dozens of iPad games, and I don't think I've once found one that engrossed me enough to play them when I'm not bored. There's not one that I'd set time aside to play. And I think that's fine. They are what they are, they're good for what they're good for.
That's very disappointing to hear, but it matches up with the minimal research I'd done. I'd love the feature set (networked, local caching, kinda like Google Gears but for a home directory) but it sounds like a very big hassle with lots and lots of warts.
Slashdot Mirror
The other issue is when someone reports a bug in your website, you want to be able to know which version of the browser was used in order to reproduce the environment. The harder it is to find the version, the longer the helpdesk call.
It also makes it hard for vendors selling web applications. They say it works for Firefox--does it work for all versions? Does it break when a new version of Firefox is released? Some major educational applications still require Firefox 3. Ideally, they would be written to stable standards. Practically, they aren't. You can say that it's the developer's fault, but that is small consolation for the user.
And the misspelling of Quick as Qwik... this has all the telltale signs of a 50yo CEO listening to 30yo consultants about what a 15-20yo would find "hip" and "cool".
I gree that it smacks of that, however I don't think the DVD-by-mail business generally targets 15-20 year olds. They target 30+-something codgers who still primarily uses DVD/Bluray as their media of choice.
Whether or not Google's problems with Javascript are reasonable, it's perfectly understandable that now is the time that they would start caring so much about the future of JS. We're starting to really push the envelope, and when you do that, the shortcomings often rear their ugly heads much more dramatically.
2b. "Moderation online is the norm"? Please. Just browse /. at -1 to be proven wrong. There are plenty of folk misbehaving online. There are plenty folk who seem to have little to no moderation. Hence the need for online moderators.
You know how I know you're a troll?
UID doesn't mean much--just that you're probably older. Sometimes older people have the dumbest ideas. They get more frightened and paranoid the less life they have left.
You also dont have to worry about random failure in about 1.5 years because noone knows what the real-world MTBF is on these SSDs, but noone seems to want to think about that little issue.
Well, some people do.
Did you align your partitions to the erase block boundary? Otherwise your SDD performance could be severely degraded as the drive has to do two read/modify/write cycles when one would suffice.
Yeah, I fought with that for a while because I also wanted to keep a Windows partition on there. I did get the alignment correct.
I've heard of other people with similar experiences. The only thing I can imagine is that I wasn't very disk-bound before, and so the upgrade didn't help as much as with some other people.
Of course not, but the higher up in the thread to which I replied were either operating under that assumption or were otherwise talking about individual drives. And one of them didn't seem to understand that the one 3.5" drive was being RAIDed internally. You can add a multiplier to the discussions and it pretty much comes out the same, just with higher dollar values.
Not the GP, but I suspect he was referring to the fact that the OCZ Colossus 1TB SSD is internally a RAID 0. If an enterprise is running these, they're running RAID0, but may not even realize it.
http://www.ocztechnology.com/ocz-colossus-lt-series-sata-ii-3-5-ssd.html
That said, it starts at $2500. The 600GB 15k SAS drives start at $650. $1200 (comparing 2 SAS to 1 SSD) buys you a lot of rack space and cooling. If you look at "Enterprise SSD" (whatever that means), you're looking at requiring a PCI-E card to get close to that density, and it's going to cost even more. 1.2TB run over $4k. At least you can get, what, maybe 3 PCI-E cards into a 2U box? Of course, you can fit 2 SAS drives per U pretty easliy.
Honestly, I think it's pretty hard to compare.
I have one, and I have not noticed significant increases in speed. I probably shaved 5 seconds off of a 20 second boot time, but I rarely shut the computer down, so that isn't such a big deal.
Good additions/modifications to the idea.
its actually more centralized than SSL/TLS, which is what is desired
Centralization only works if you place a high amount of trust in the central organization. Do you trust ICANN? Do you trust .us? .ir? .uk?
The CA system is only broken because there are weak links. The client trusts 200 CAs, and any one of them can sign for any domain. But what if we required 2 CAs to agree? 5? 10? It would be up to the admins of the server to decide how many CAs they wanted to use, and users could decide for themselves how many are required to agree in order to consider the cert valid.
Moxie Marlinspike has some other ideas that sound pretty neat. Unfortunately, at first glance, his techniques seem to also rely on SSL, creating a chicken-and-egg problem. I may have been misunderstanding him, though.
I agree. So warn about it, fight against the trend, and try to keep it from happening. But calling them evil like the_B0fh does seems a bit premature, if your worries are all about the future.
What? They aren't forcing you to do anything. If they were, yeah, it would be evil.
And when you create a Google profile, they ask for your first and last name, not for your pseudonym.
It's definitely a meatspace problem. I think another part of the problem is when people don't think about timezones. If I'm on the west coast, and I have a conference call on the east coast, and they schedule it for 11am, whose time zone is it? If they don't specify, I assume that they mean 11am their time. I assume this because if they went to the trouble of correcting the time for my time zone, I would expect them to also specify the time zone--most problems of this sort stem from people not thinking about it. But then I've assumed this and been wrong before, with someone correcting for my time but not telling me that.
Then, of course, there are times when someone says "CST" but they really mean "CDT". At least I've never seen that problem vice versa.
What all of this really means is that time is a difficult problem to solve, and I don't think there is one universal way to manage time that would be best for everyone.
So becoming used to Google and then Google providing an optional service you don't like the terms of makes them evil?
No, actually, you can't. Read up on TrustedGrub if you want to comment intelligently.
I believe the idea is to load the keys into the debug registers, and then erase the keys from memory. Then cold-boot attacks won't work.
Yes, the keys do go into RAM, but you significantly reduce the amount of time that they are there. Normally, keys are in RAM as long as there is a mounted cryptfs.
Lets not forget you can't encrypt your initrd...
You can compute its hash, though, and fail to boot if the hash has changed. See TrustedGrub.
Think of it like a hobby. It may not be really practical, but it's interesting to some people.
Come on. Based on that premise, all black hats should be targeting Windows Update servers. WU happens automatically for most Windows users. So far, WU's held strong. There's no reason to believe that said netboot code wouldn't be similarly hardened and protected.
The problem with SSL certs is that anyone can create them. People have gotten SSL certs for domains that they didn't own or have any control over. Any one of the numerous CAs might be subverted to provide a cert which will appear valid to any browser. The weakness in SSL stems from this--too many orgs are trusted by the browsers, too many orgs can sign certificates, and too much signing is delegated.
The fewer people you have to trust, the better.
they've had a history of dominating the market. Now, they're not. This is what's making people wonder.
The 3DS was a horrible idea.
It cost $100 more than the DS when the DS launched. $150 more than the DS Lite at the time of the 3DS launch. The primary upgrade from the DSi was a 3D display, but Nintendo warns parents that it can damage children's eyesight and cause eyestrain in adults. It also sports a lower battery life than the previous handhelds.
The launch titles were a joke. The previous DS handhelds relied heavily on backwards compatibility to inflate the number of titles that the unit could play at launch. They tried the same trick with the 3DS. The problem is that they've sold so many DS compatible devices that their own marketshare is working against them. They've sold a DS, DS Lite, DSi, or DSi XL to just about anyone who's going to buy one. Now they want to sell a 3DS to some of these same people at a huge price increase with few launch titles and fewer good ones. They shouldn't be shocked that sales didn't meet expectations.
You can only sell people the same thing so many times. Nintendo's been great at doing that for the past 10 years, with rerelease titles on the GBA, DS, and Virtual Consoles, as well as barely-differentiated hardware revisions. Now we're in a recession and they're trying to sell us practically the same device at a considerably higher price tag. They've gotten fat and lazy, and they expect their fans to lap up anything they put out.
Dropping the price to $170 was a good start, but that alienates early adopters. The ambassador program might help some with that.
That's my experience exactly. I've downloaded dozens of iPad games, and I don't think I've once found one that engrossed me enough to play them when I'm not bored. There's not one that I'd set time aside to play. And I think that's fine. They are what they are, they're good for what they're good for.
That's very disappointing to hear, but it matches up with the minimal research I'd done. I'd love the feature set (networked, local caching, kinda like Google Gears but for a home directory) but it sounds like a very big hassle with lots and lots of warts.