Yup. I'm not trolling here (look, I'm even posting from my real account!) but Microsoft does something like this and everyone screams about how they really don't do any innovation. Google does it, and they excel at things other than search.
There's a difference in whether or not such diversification is good. With Microsoft, it's typically an effort to extinguish the existing technology. The term most often used was "embrace and extend." So far, we haven't seen this type of behavior from Google.
Nonetheless, from an innovation standpoint, there's little difference in the methodologies. Both companies took something they don't excel at, threw money at the problem, and rebranded.
Cable Internet providers tend to also provide cable TV. They'd rather you watch TV on their systems than to have you download the shows you want to watch from other locations. While piracy is part of the concern, Apple selling TV shows as soon as they air is more of one, because everyone basically assumes that piracy will one day be squashed.
So if a lot of people download TV instead of watching it from the cable TV provider, ad revenues in general suffer. Worse, people might start canceling their cable TV and just sticking with cable Internet. By introducing bandwidth caps, the cable Internet providers are ensuring that they'll get your money one way or another (either by your TV subscription or by bandwidth overages.)
AppleTV, iTunes, streaming TV from the websites of the networks, hulu.com, Netflix video on demand, Amazon Unbox.... There's a lot of downloadable content out there now. The bandwidth caps that cable Internet providers are using are pretty much preemptive measures to keep the advertising revenue in their world. It's a blatant conflict of Interest, but them's the breaks.
Really? I see it in almost every story on Java (which, admittedly, are fairly few and far between) and on many stories about other programming languages (when someone will inevitably make a Java comparison, sparking off a long thread on its pros and cons.)
The threads almost always start with someone talking about how slow Java is, and then people will reply to explain that the newer versions of Java have really been tuned to be fast. That combined with JIT, they say, makes it nearly as fast as code compiled in C++.
Is it true? Who knows. I've never bothered to go find out because I simply don't code that much anymore. But it does get repeated quite a bit.
I've never used multiple inheritance, myself, since all of my experience in OOP has been in languages which don't support it. Nonetheless, with interfaces, you almost always have to implement some methods to get any functionality out of them. I can certainly imagine that not having to do this would be a useful. Furthermore, there are some Java classes which have interface equivalents which you must use if you want to inherit from a different class. Certainly, then, if multiple inheritance were allowed, creating two separate bits of code (the class and the interface) wouldn't be necessary, right?
This post is tongue-in-cheek, so take it with the humor that's intended.
Which is worse? The person who decided to make the computer reboot automatically, or the person who decided to continue using the operating system which does that after multiple instances of losing work because of it?
If people wouldn't put up with this garbage, Microsoft wouldn't bet he dominant OS.
Your wife is obviously not stupid. Lots of people are.
Or if I'm being realistic, it's not stupidity, it's fear. Computers are strange things to some people. Lots of people freeze up when confronted with something new.
You're absolutely right, but there's a big but that you're missing.
BUT, this is already using old technology. For heaven's sake, it doesn't even have EDGE! And iPhone non-adopters were whining about the iPhone not having 3G.
Nothing about the Neo is new-fangled or particularly innovative except for the software. I'd say that it's expensive primarily because they aren't going to sell like hotcakes, and thus the profit margins have to be higher.
It's not just an e-mail address on the domain--it's a specific e-mail address on the domain. All of the CAs I've dealt with sent authorization information to the technical contact for the domain. Could it have been compromised? Sure. Is it likely? It's less likely than you make it out to be.
There are lots of trust problems on the Internet, and I'm sure that there's room for improvement, but let's be realistic here. Self-signed certs are more spoofable than CA-issued certs if even minimal information is checked when issuing the latter. If the user doesn't want to trust the CA-issued cert, they can disable the root cert in the browser.
Encryption is nice, but the more important value in ssl certs is that they verify who it is that you're talking to. Only the root post pointed out that this is something you don't get with SSL as it is currently implemented.
Has anyone seen this work on Tiger? If so what's the configuration where it actually works. My wife's notebook runs Tiger, and the exploit worked there. The same set of configurations for which it works on Leopard seem to work on Tiger, too:
User must be logged into the desktop environment (not just logged in through SSH). You must not have used Fast User Switching to log in. ARDAgent must not be running.
All computers are vulnerable to trojans. The poker game would run on linux too. Yup. Of course, the main reason that Mac-using Slashdotters point to for why OS X is more secure than Windows is that you aren't running as administrator. Seriously, go look at any OS X/Apple/Mac story, and it always comes up (and frequently) within the comments. Everyone ignores the fact that 99% of what a trojan would want to do can be accomplished without the password, and exploits like this get it that remaining 1%.
However this kind of problem is well understood in the Unix world. Be very careful of your setuid binaries. I'm extremely disappointed that Apple developers let a setuid binary run arbitrary scripts. Can you imagine if Microsoft Word with its scripting abilities were run as root? (oh, wait.....)
Ruby itself is only 13 years old. I was referring to the 25 year old BSD bug that Slashdot reported on not to long ago. There were people who honestly said that this was Open Source at work.
I get the feeling you are an embittered Microsoftie...am I right? Not at all. At work I use OS X. For servers, I use FreeBSD. At home, I use Linux.
What I am is sick and tired of zealotry. There are times when open source is great, but every time a major bug is found and fixed, that's not "a victory for open source". And OS X isn't inherently more secure than other major operating systems. But time and again, people spout off these factoids, due either to anecdotal evidence or just plain parroting.
Really the easiest way to do that these days is to but a VM, install it, configure it appropriately for the program you want to run, create a new image, install an OS, install the program within the OS, and finally run it. That takes money and significant skill and time and is simply too onerous for the normal user. Only you shouldn't have to do this. The OS should protect programs from each other, and unless the program needs it, it should not ever be able to see outside of its own memory space. Ideally, it shouldn't be able to see outside its own area for storing files and temporary data. This alone would go a long way towards preventing data leaks from malware.
Of course, the user needs to know not to allow the program to elevate privileges. That's where the onerous tasks you mention come in. Make the user type, "I understand the risk. Let this program have full and complete access to my computer." for each program which wants higher privileges. Preface that with a very short explanation that unless the software is from a trusted (and most likely a reputable business) source, that it should not be given these elevated privileges.
Of course, you run into the same problems we always run into. Programs are written poorly, so lots of them will require this interaction. If a user is hit with this enough, s/he will just disable those prompts, and we're back to square one.
VMs themselves are onerous enough that the users who need them the most will never, ever bother to use them.
No, but I still have a copier in my basement that can copy any book I feel like, yet publishers aren't making me verify my books. I even have a scanner and therefore could put an entire book on Limewire. Seriously? That's only because there's no technological mechanism for them to do it. Remember, there have been efforts to add "do not copy" watermarks to analog media and legally require digitizers to read, understand, and respect the marks.
It's not good enough, though. Authorization the first time you log in? Maybe good enough. Authorization every time? What if I'm travelling and my hotel doesn't have Internet access. I guess I don't get to play your game. The game that I paid for.
Of course, if I just pirate a cracked copy, I don't have to worry about activation. Once again, companies fail to see the forest for the trees. Cracked versions of their games will get on the market. Once they do, not only are people downloading and installing them despite the intrusive copy protection, they're also driving otherwise legitimate customers to do the same.
Erm, did you mean to reply to me? I don't get how this is relevant to what I said.
My point was that the 38 years described in the article is for 69 offenses, compared to 21 years for a single offense of murder in whatever country the person to whom I replied resides.
Well, frankly, because of economics. If the ebooks sell at full dead-tree price, why shouldn't O'Reilly sell them at that price?
Also, don't underestimate the cost of keeping a server running and capable of serving out the eBooks 24/7. The actual cost of sending the bits through the tubes might not be high, but the cost of keeping those servers running and cool isn't negligible.
Then there's the issue of value. Lots of people consider ebooks to be more valuable than dead-tree versions because they're searchable and smaller. If they're perceived as more valuable, they'll sell for more. We saw this trend with cassette tapes vs. CDs and VHS tapes vs. DVDs. In both cases, the disc-based media cost less to produce than the tape-based media, but tapes sold for less because they were considered inferior and were in less demand.
Or maybe some sanity in the charging? Because that 38 years is maximum sentencing on 69 total charges. That's a little over 6 months on average for each charge, but they add up when they count each record altered as a separate offense.
This kid is facing multiple counts. He's not facing 38 years for hacking his grades, he's facing a combined 38 years for over 69 individual offenses. Almost certainly, no single one of them carries a 21 year sentence.
I tend to think that a DHCPOFFER is not enough to provide authorization, but even I can see the difference between open wifi and guessing SSH passwords. With open wifi, you tend to have beacons inviting clients to join up. There is no authentication phase, so there's no opportunity to reject in the first place. There's no technical differentiation between authorized and unauthorized connections. This makes declaring your intentions pretty difficult, actually, if you do want to run free, open wifi, and that's a good enough reason to want all open wifi to be legal authorization.
And what about all of those routers that were bought before whatever cutoff point you arbitrarily choose was reached? The first three wireless routers I owned did not push encryption from the CD.
All of this just shows why analogies aren't good to talk about with pedantic people. No analogy is going to be perfect. The ultimate question is whether or not receiving a DHCPOFFER is considered authorization. That's all that needs to be determined, and no "real-world" analogies are going to be good enough to convince anyone with knowledge of computers and networking.
Analogies in the computer world? Well, if I forget to set a password on my shell account, does the computer's willingness to grant you a shell count as authorization? Generally, no. People have authorization to use specific resources, but misconfiguration may cause access to be granted erroneously. Almost every wifi router on the market comes misconfigured.
Slashdot Mirror
Yup. I'm not trolling here (look, I'm even posting from my real account!) but Microsoft does something like this and everyone screams about how they really don't do any innovation. Google does it, and they excel at things other than search.
There's a difference in whether or not such diversification is good. With Microsoft, it's typically an effort to extinguish the existing technology. The term most often used was "embrace and extend." So far, we haven't seen this type of behavior from Google.
Nonetheless, from an innovation standpoint, there's little difference in the methodologies. Both companies took something they don't excel at, threw money at the problem, and rebranded.
Cable Internet providers tend to also provide cable TV. They'd rather you watch TV on their systems than to have you download the shows you want to watch from other locations. While piracy is part of the concern, Apple selling TV shows as soon as they air is more of one, because everyone basically assumes that piracy will one day be squashed.
So if a lot of people download TV instead of watching it from the cable TV provider, ad revenues in general suffer. Worse, people might start canceling their cable TV and just sticking with cable Internet. By introducing bandwidth caps, the cable Internet providers are ensuring that they'll get your money one way or another (either by your TV subscription or by bandwidth overages.)
AppleTV, iTunes, streaming TV from the websites of the networks, hulu.com, Netflix video on demand, Amazon Unbox.... There's a lot of downloadable content out there now. The bandwidth caps that cable Internet providers are using are pretty much preemptive measures to keep the advertising revenue in their world. It's a blatant conflict of Interest, but them's the breaks.
Really? I see it in almost every story on Java (which, admittedly, are fairly few and far between) and on many stories about other programming languages (when someone will inevitably make a Java comparison, sparking off a long thread on its pros and cons.)
The threads almost always start with someone talking about how slow Java is, and then people will reply to explain that the newer versions of Java have really been tuned to be fast. That combined with JIT, they say, makes it nearly as fast as code compiled in C++.
Is it true? Who knows. I've never bothered to go find out because I simply don't code that much anymore. But it does get repeated quite a bit.
I've never used multiple inheritance, myself, since all of my experience in OOP has been in languages which don't support it. Nonetheless, with interfaces, you almost always have to implement some methods to get any functionality out of them. I can certainly imagine that not having to do this would be a useful. Furthermore, there are some Java classes which have interface equivalents which you must use if you want to inherit from a different class. Certainly, then, if multiple inheritance were allowed, creating two separate bits of code (the class and the interface) wouldn't be necessary, right?
I don't understand your point. "Gosh, they really tried hard, so I'll drop $400 on their ancient technology! A for effort!"
If they could have made it half the price, I'd pick one up as a toy. At $400, it's a horrible deal.
This post is tongue-in-cheek, so take it with the humor that's intended.
Which is worse? The person who decided to make the computer reboot automatically, or the person who decided to continue using the operating system which does that after multiple instances of losing work because of it?
If people wouldn't put up with this garbage, Microsoft wouldn't bet he dominant OS.
Your wife is obviously not stupid. Lots of people are.
Or if I'm being realistic, it's not stupidity, it's fear. Computers are strange things to some people. Lots of people freeze up when confronted with something new.
You're absolutely right, but there's a big but that you're missing.
BUT, this is already using old technology. For heaven's sake, it doesn't even have EDGE! And iPhone non-adopters were whining about the iPhone not having 3G.
Nothing about the Neo is new-fangled or particularly innovative except for the software. I'd say that it's expensive primarily because they aren't going to sell like hotcakes, and thus the profit margins have to be higher.
It's not just an e-mail address on the domain--it's a specific e-mail address on the domain. All of the CAs I've dealt with sent authorization information to the technical contact for the domain. Could it have been compromised? Sure. Is it likely? It's less likely than you make it out to be.
There are lots of trust problems on the Internet, and I'm sure that there's room for improvement, but let's be realistic here. Self-signed certs are more spoofable than CA-issued certs if even minimal information is checked when issuing the latter. If the user doesn't want to trust the CA-issued cert, they can disable the root cert in the browser.
User must be logged into the desktop environment (not just logged in through SSH). You must not have used Fast User Switching to log in. ARDAgent must not be running.
All computers are vulnerable to trojans. The poker game would run on linux too. Yup. Of course, the main reason that Mac-using Slashdotters point to for why OS X is more secure than Windows is that you aren't running as administrator. Seriously, go look at any OS X/Apple/Mac story, and it always comes up (and frequently) within the comments. Everyone ignores the fact that 99% of what a trojan would want to do can be accomplished without the password, and exploits like this get it that remaining 1%.However this kind of problem is well understood in the Unix world. Be very careful of your setuid binaries. I'm extremely disappointed that Apple developers let a setuid binary run arbitrary scripts. Can you imagine if Microsoft Word with its scripting abilities were run as root? (oh, wait.....)
What I am is sick and tired of zealotry. There are times when open source is great, but every time a major bug is found and fixed, that's not "a victory for open source". And OS X isn't inherently more secure than other major operating systems. But time and again, people spout off these factoids, due either to anecdotal evidence or just plain parroting.
Of course, the user needs to know not to allow the program to elevate privileges. That's where the onerous tasks you mention come in. Make the user type, "I understand the risk. Let this program have full and complete access to my computer." for each program which wants higher privileges. Preface that with a very short explanation that unless the software is from a trusted (and most likely a reputable business) source, that it should not be given these elevated privileges.
Of course, you run into the same problems we always run into. Programs are written poorly, so lots of them will require this interaction. If a user is hit with this enough, s/he will just disable those prompts, and we're back to square one.
VMs themselves are onerous enough that the users who need them the most will never, ever bother to use them.
It's not good enough, though. Authorization the first time you log in? Maybe good enough. Authorization every time? What if I'm travelling and my hotel doesn't have Internet access. I guess I don't get to play your game. The game that I paid for.
Of course, if I just pirate a cracked copy, I don't have to worry about activation. Once again, companies fail to see the forest for the trees. Cracked versions of their games will get on the market. Once they do, not only are people downloading and installing them despite the intrusive copy protection, they're also driving otherwise legitimate customers to do the same.
Aaaand then you get people who claim that "Open Source worked!" when a 25 year old bug is squashed.
Erm, did you mean to reply to me? I don't get how this is relevant to what I said.
My point was that the 38 years described in the article is for 69 offenses, compared to 21 years for a single offense of murder in whatever country the person to whom I replied resides.
Well, frankly, because of economics. If the ebooks sell at full dead-tree price, why shouldn't O'Reilly sell them at that price?
Also, don't underestimate the cost of keeping a server running and capable of serving out the eBooks 24/7. The actual cost of sending the bits through the tubes might not be high, but the cost of keeping those servers running and cool isn't negligible.
Then there's the issue of value. Lots of people consider ebooks to be more valuable than dead-tree versions because they're searchable and smaller. If they're perceived as more valuable, they'll sell for more. We saw this trend with cassette tapes vs. CDs and VHS tapes vs. DVDs. In both cases, the disc-based media cost less to produce than the tape-based media, but tapes sold for less because they were considered inferior and were in less demand.
Or maybe some sanity in the charging? Because that 38 years is maximum sentencing on 69 total charges. That's a little over 6 months on average for each charge, but they add up when they count each record altered as a separate offense.
This kid is facing multiple counts. He's not facing 38 years for hacking his grades, he's facing a combined 38 years for over 69 individual offenses. Almost certainly, no single one of them carries a 21 year sentence.
I tend to think that a DHCPOFFER is not enough to provide authorization, but even I can see the difference between open wifi and guessing SSH passwords. With open wifi, you tend to have beacons inviting clients to join up. There is no authentication phase, so there's no opportunity to reject in the first place. There's no technical differentiation between authorized and unauthorized connections. This makes declaring your intentions pretty difficult, actually, if you do want to run free, open wifi, and that's a good enough reason to want all open wifi to be legal authorization.
And what about all of those routers that were bought before whatever cutoff point you arbitrarily choose was reached? The first three wireless routers I owned did not push encryption from the CD.
All of this just shows why analogies aren't good to talk about with pedantic people. No analogy is going to be perfect. The ultimate question is whether or not receiving a DHCPOFFER is considered authorization. That's all that needs to be determined, and no "real-world" analogies are going to be good enough to convince anyone with knowledge of computers and networking.
Analogies in the computer world? Well, if I forget to set a password on my shell account, does the computer's willingness to grant you a shell count as authorization? Generally, no. People have authorization to use specific resources, but misconfiguration may cause access to be granted erroneously. Almost every wifi router on the market comes misconfigured.