My feeling was always that man-portable meant that 1 person can carry each of the components alone... while luggable meant someone can carry it alone in it's entirety.
A heavy mortar being "man portable" because it easily comes apart into 3 pieces. It also means you could carry it all yourself in some number of trips...
So a typical desktop is man portable but not luggable even though most people probably can't safely carry a 21" monitor WHILE carrying a CPU, keyboard, mouse, etc. A typical fullsize rack is NOT man portable or luggable... and even a 25" laptop would be luggable. Actually, the flat panel iMacs probably qualify as luggable, too.
CPUs aren't comparable, so you need to get a % and normalize it.
The easiest way to get a % is from something like top - but you can definitely do better, especially by successfully taking into account priority. You definitely want to find a way to _access_ information the scheduler already has, not make little minibenchmarks.
But you still have the problem of 100% of a PII vs 100% of a G5. This is a principally insoluble problem that varies based on your application's use of int, flop, registers, L1, L2, memory bandwidth and offloading chips (such as better NICs)
An ok solution would be to read the CPU class and do a lookup in a table that you keep upgrading as you get better info. My shorthand table is at the bottom of this post.
A better solution would be to do a relevant CPU-intensive benchmark on each machine and store that result. If what you care about is OpenSSL speed, that's the best benchmark FOR YOU.
The best solution is to run a series of full-setup benchmarks. Run it at high, middle and low memory usage, since you're measuring that separately, etc... then do all combination with high/low disk bandwidth. Run it at high/med/low CPU based on whatever % measure you settled on. You'll get not just a number but a "map" of performance based on other factors. If this matrix is very detailed it might automatically perform hundreds of combinations and take a long time once, but you'd get very accurate results.
I'm interested to see your results, but until you take them, this is my ruthlessly shorthand table which disregards huge amounts of things and wildly approximates all sorts of things and some stuff I've made up: P4 CPU speed x1 P3 CPU speed x1.2 P2 CPU speed x.8 Athlon XP xxxx+ rated speed. G3 CPU speed x1.8 G4 CPU speed x1.5 G5 CPU speed x2 Dual CPU x1.7 (probably dual core also) Quad CPU x3 (probably dual/dual cpu/core also)
(please note: PIIIs definitely were often clock-for clock faster than early PIVs, at least. But they couldn't scale up. Same with G3 vs G4. Note that chess is highly integer and nothing is better than an Intel, apparently.)
The old minis were TERRIBLE in crashes. Not just "not a canyonero" terrible, but terrible against solid objects using only their own inertia.
On the other hand, I've had more modern small cars, none costing more than $2k. All have gotten around 30 mph city and seated 4. The current is a '91 Mazda 323.
Getting more than that with modern crash-safety is apparently somewhat of a challenge. Give us higher gas taxes, and I'm sure we'll find solutions (like using more public transit)
I posted above about the SPEED sweet spot usually being just into the highest gear for most cars.
On a hybrid, though, that matters substantially less because excess torque of the engine is potentially always being consumed to recharge the batteries, and the engine is off when unnecessary.
So the single biggest factor to fuel economy on a hybrid IS to drive smoothly - so you're always regeneratively braking and you're never using the excess power to accelerate.
Essentially a hybrid is a car that always takes advantage of any inherent "smoothness" that happens to be in your driving.
I can't speak to driving smoothly, but I CAN speak to the speed of driving.
The engine consumes some constant gas whenever it is running. Go 0mph and you will have infinitely bad gas mileage. (Hybrids don't count; they shut off the engine) This is amount is proportional to how big the engine is * the rpms it has idling. The engine has some torque that is being just wasted here.
On the other hand, the faster you go the more wind resistance your engine has to work against. This is less important the more aerodynamic your car is and the more oversided your engine is (because you're already spending that gas at idle)
Possibly most important is that if you're actually in gear, the speed of the engine is coupled to the speed of the car by a ratio that varies depending upon the gear you are in. The best gas mileage is almost always in the highest gear. You're going fairly fast (regarding wind) at that point, so unless you have a fairly oversided engine the best gas mileage is usually pretty close to the lowest speed that keeps you soundly in the highest gear.
On a particular 1.6L 1986 Nissan Sentra in 2000 (square car, small engine), that speed was about 38 mph. On a particular 1996 4.6L Ford Mustang GT in 1997 (very aerodynamic, oversided engine) that speed was about 65-80mph.
[ For purposes of this discussion, "oversided" relates only to the idle gas consumption of the engine and the ratio of power against wind it produces automatically at low rpms in high gear. A turbo Porshe engine that can be driven at 8000 rpms potentially might not be "oversided" at all if the highest gear is set very high.
Also, this is clearly not as important as WHAT car/engine you have. And how you keep it in tune. Etc. Having a lower displacement engine is probably more important than how you drive it.]
This is not software that necessarily makes the world a better place to be a person; you don't deserve philanthropic sponsorship because there are many worthier causes that actually improve the state of life for many people. Even if you did deserve it, that sponsorship is rare unless you get to personally know someone at an organization that does such funding.
Your customers would seem to be people running theatres. You need to find owners/managers that don't like what they're using/paying, build a relationship with them, and authentically give them value that exceeds the amount of money they might give you. This can include support, it can also include feature requests - especially if there is something good you can make your software do that no competitor does. This might require advertising to them or approaching a lot of them.
This is a high barrier to entry market you're trying to enter. If you can't find anyone in that industry who wants to put any money towards it, either fund it yourself or stop and do something somebody wants. I suspect you can find someone if you try hard enough, but I'm not sure how long that might take.
It's often cheaper for you to get anything more common, because the likelyhood of someone having overstock or similar is higher.
Second, if a manufacturer is going to make an onboard LAN model, they then have to decide if it's worth the cost to _remove_ it for their cheaper models. Usually it's not; the cost of keeping track of making 2 products, stocking 2 products and reengineering stuff is substantial. This is true in many industries.
This is tremendously more true of motherboards now that a single chip often provides most of these onboard functionalities and is unified with other necessary motherboard functions. Having to design without that controller is prohibitive, so they don't. Not soldering on the connector only saves a few pennies, and makes your motherboard less featureful.
The only time it's usually a good idea is when they need some reason to charge less for some product. In many of these cases they just disable features - often even though they're produced exactly the same and contain all the same chips.
Incidentally, at least your good videocard is still plenty useful - even if identical to the onboard one - because it doesn't use your system RAM and probably system RAM bandwidth.
As long as google is honoring pragma, this is the webmaster's faults. Proxy cache has been around a long time, in use by some major ISPs and especially big corps.
What google did is create a juxtaposition of sites that were originally put up as hobbies and a bunch of their users using the same proxy at the same time. But that isn't google's fault. The prefetching, I believe, accelerates finding these problems but doesn't really cause them.
I expect google will end up adding in an automated tool that checks for commonly used password fields and cookies and automatically nocache's those sites... but that will really only hide the problem.
No. I don't think I can answer you more succinctly than that.
1) While I think M$ security practice has been quite significantly inferior, I agree that it's hard to find concrete data on the detailed "technical" security, port attackability, etc. Luckily, once you have a firewall it's not as important as the user design issues.
I also agree that neither Apple nor any flavor of Linux is perfect. Personally I'd guess FreeBSD is better and OpenBSD better than that. But I'm confident that Windows is worse.
2) Windows comes with IE as the default browser, and IE thinks it's a good idea to have the user expect to sometimes run arbitrary code without sandboxing AS PART OF THE WEB BROWSER. They think this is ok because it's called ActiveX. If at least some websites you go to are supposed to have MORE control over your computer than you do (true in some corporate sites) this is a great idea. Personally I think it has no business being part of any web browser ever. (They could make an "update browser" if they really wanted...) I'm not talking about a bug or exploit here, this is BY DESIGN.
I certainly realize that users can download/run any piece of stupid software, which is always untrusted. I also realize that Flash/Java/JavaScript/shell:// potentially might all have security holes, but at least they are trying to sandbox it.
Furthermore, without ActiveX nobody would ever agree to installing arbitrary software just to, say, use a menu on a website. Integrating arbitrary code ("trusted" or not) with the browser means that people have a good reason to think they should run that code - which means it should be sandboxed.
3) You're also wrong about easily running Windows as a non Administrator user - it just doesn't work well. "All you've ever done to achieve that" is not run the right variety of software to run into problems.
I agree that these are problems with the installation of 3rd party software, but the problem definitely stems from M$ APIs and standards, because I've seen it with a bunch of stuff. M$ does not encourage good multiuser behavior from applications.
I nonetheless completely agree that there are plenty of software packages that do workaround the M$ design - OpenOffice for one.
3a) Windows does not plan for applications installed by nonadmin users. This is huge. It's tremendously easy as a "normal user" in OSX to install the Firefox application into my home directory and use Firefox without needing to be root. OSX strongly encourages applications to be installable this way, M$ does not.
3b) Most applications expect to be installed as the user they are going to run as. So "single user" software can't be installed by Administrator and run by User. Because of 3a, surprisingly often the only solution is to uppriv your user to the Admin group, install the software as your user (and sometimes run it once) and then downpriv your user. I've had dozens of pieces of major commercial software behave like this, not to mention many games.
3c) Common Windows software doesn't run unless you're an Administrator (Quickbooks being the one that annoys me the most, although I haven't tested hte newest version) I'm aware that sometimes you can change specific security restrictions to get around this, but sometimes you can't.
That's easy - just replace the middle of the car, from the dash through the trunk, with a big rocket. Then make sure you're driving by remote control in case it blows up.
Seriously, though, I had a friend with a Ford Fiesta (or something like that...) that I'm confident would've made 200. Of course, it wasn't really a stock engine anymore. He might've just replaced it outright with something from a bigger car - then he had some kind of custom turbocharger and enhanced timing. I think he said it got to develop like 300 hp or some madness like that. And it was a tiny car...
Whereas I just got rid of my first car and it had a top speed of 92mph on a level road with a tailwind.
Code signing is a mechanism for proving "who" is endorsing that code as something you can trust. Your problem is defining "who" and that's not really a technical problem.
If somebody forks you, you shouldn't sign their code. Not because it's bad, but because you can't vouch for it. THEY should sign their code.
Letting somebody else have the key to sign code is endorsing that your good name should go on ANYTHING that they decide to put out. Certainly, a project above a certain size with a community of maintainers should distribute this responsibility.
If I had a small project, I would make sure the key was left to somebody in my will (and I'd probably leave it with some close friends) - hopefully it'd get to somebody who'd be nominated to takeover the probject - because if I die presumeably I'm less worried about someone pretending to be me. This is a form of key escrow, but it's not a very arbitrary one.
For a larger project, it must be almost the highest level of trust, and it doubtless has to be learned. Those levels of trust would go something like: bank accounts & corp documents CVS log modification (auditability erasing) code signing CVS commit (but at least you can track it after the fact) fast-track patch submission anyone (normal patch submission)
These levels are a pyramid; fewer people should be trusted at each level - and fewer people are needed.
You should certainly punish the virus writers, if you can catch them. And you should possibly punish M$ for how big of a hole IE still is, even if Windows itself is better than it used to be. But none of that matters.
To use society's resources, you have to follow society's rules. I can go buy any car I want and drive it at 200 mph - on my own track. But if I want to drive on streets I have to follow the rules, as they apply to my actions (hitting things) even when they may not necessarily have a direct negative impact (speeding, driving on the sidewalks) have only a paper impact (licensing, insurance, registration) or only a preventative impact (headlights, brake lights...)
I can also go buy a used car and have the brakes suddenly fail, running over someone's garden. Note that even if I didn't know, I'm still responsible for the cost of that garden, (unless I JUST bought it and can pass the blame to the previous owner) If the brakes were recalled, it's still my fault for not getting them fixed. If they WEREN'T recalled, but should've been, then that's not my fault.
If you're already providing appropriate, simple, free, publicized resources _that they didn't use_ they are being negligent at best. Kicking them off until sometime after they fix it is a MINIMUM penalty for such negligence.
Argueably they should have to pay for the cost of your time to fix their computer (mandatory since they didn't do it the first time) and to repair any problems caused by their problem - and STILL be penalized in terms of being online.
(Personally I believe that a kick-until-fixed first warning is probably a necessary threshold of publicity - but even the second time they aren't listening I think it'd be very reasonable to escalate it.)
To be clear, I don't think it's reasonable in today's world to hold them accountable for anything their computer does. I think it's NECESSARY to hold them accountable for not following your security procedures to defend against it. Which means you're still going to be snuffed by the virus that exploits the OS hole noone has put out a patch for yet - and I wouldn't blame that on the first kid to get it.
I agree with the other posts - you have to get kick/ban/unplug authority, you have to quit, and/or you have to get paid. 1 of those might do...
I don't have a copy of 2010 handy, and I'll admit to not remembering the passage you're referring to. I'm also aware of the not-necessarily linear size-mass relationship.
If some other posts in this article are correct it may be closer to 1/4 than to 2 orders of magnitude. I'm not at all convinced that AC may not have had reason to believe it wasn't even less (or perhaps would be discovered to be less)
I'm a fan of old-school science fiction, and I hugely appreciate the work that goes into making a good story while making the reality as consistent ours as possible. I enjoy exploring the ramifications of relatively few assumed changes about our reality. In fact, I usually call this "extrapolative fiction" to separate it from what I consider the chaff of space operas.
Nonetheless, while 2 OM may be a lot in scientific astronomy it is not a lot in "armchair" astronomy. A novel - even extrapolative fiction - shouldn't be a science textbook. If every phrase had only the precision of a good textbook it would be a terrible novel. In particular, the narration in a good novel should be humanized, and the characters should almost always be mistaken at some point.
The underlying physical "model" of the universe in an ef book should be accurate as much as possible. Unlike a textbook, however, the narrator of a novel's primary obligation not to always be perfectly accurate. This is doubly true if the book or chapter is being narrated from the point of view centered around a particular character.
So while I'd be equally disappointed if the "facts" of the novel depended on it being 'just a little bit' bigger, I think you're confusing the narrator with the model. Perhaps I recall wrong, but as I recall the piece of text was descriptive and illustrative, not factual and numeric.
I don't think I agree with you about what "a little bit is"
In something you normally talk about in linear measurement, I might agree with you about 10%. But for a topic (like planets) where the range is variable enough that it makes sense to talk about the magnitude of the number, not the number (10^28 m etc) and where those exponents are high, 10% isn't even part of the number you're talking about. That's from a language point of view.
From a physical point of view, it's very reasonable to assume that AC might've meant diameter while those thresholds are all about mass. So your x70 mass is only x4 diameter.
The smallest sensible unit if you're talking about the magnitude (from a power of 10 POV) is x10... x5 is a fractional magnitude lost in the rounding error. (10^(.5) )^3 = a 32x mass increase. Some other posts here have said the threshold may be as low as 7x mass = 2x diameter =.28 change in diameter magnatude.
Furthermore, it's a description in a book. The sense of "a little bit" should be taken in context. I don't remember the context of that book being "we should park a bunch of spaceships on it and make it implode" (or keep that from happening) Sometimes numerically big changes are "a little bit" because there's a lot of range in whatever you're talking about. On the other hand good electric motors are (taken alone) very efficient - so "a little bit" better is a tiny number. The context in the book, I believe, was "boy it's big"
web records are being looked up by an http client running on an arbitrary user machine. So they'll normally hit the popular and overloaded ISP DNS servers.
MX records are being looked up by a mail SERVER. Such server is much more likely to do it's own root lookups or otherwise use a superior system, because it doesn't have to accept DNS lookups from 3 million possibly hacked DSL machines.
The mail servers are run by the ISPs. Who would screw with the TTL for THEIR OWN lookups? That'd be kindof silly.
No, it's exactly as secure as I think - and I even said that it wasn't a perfect implementation in my post - I just think it's a brilliant model.
The "right" answer to your complaint is to make the default admin account that is admin but isn't wheel - it'll just make you sudo more things. I agree with you about this detail, but it's an implementation detail, not a flaw in the model.
Also, of course, the OSX firewall is a packet filter (pf, I believe) and a GUI. The GUI might not set the filter to block UDP but the underlying filter definitely does. So you definitely could fix this without installing any software. Still an Apple failure? Definitely. Better than the Windows equivalent structure? Also definitely.
I SAID that sudo can do that. But Linux by default doesn't ship with that as "how you make yourself an admin user"
Except Ubuntu apparently does, which rocks and I just didn't know. Hopefully this is the start of a trend - a trend I'm trying to push along a little bit.
It's not "square one" "square one" is when everyone logs in as Administrator or root all the time so their installs work. Requiring OS controlled user intervention is at least square two.
Having uneducated users administering (in any system) their own machines will never be truly safe.
I thought I'd pick on myself before somebody else did.
I know in linux you can, for instance, open a terminal, su, and execute a GUI app as root while in an X session not as root. However, there's no general linux way for doing this for a nonCLI user.
I also know that in Windows you can "run as" by providing that alternate password, and you could set your Administrator and user passwords the same. But you get all sorts of problems doing this - for instance with an app that needs admin privs to install but not to run.
Finally, I certainly know that not every single security thing Apple has done has been right. This thread is particularly about their admin-user design, which I think is an ideal DESIGN. If they left open a hole somewhere, they should fix it. But the design is brilliant.
I have to say I love the OSX solution. For those of you that aren't familiar:
The method: By default you don't use root (although it does exist)
By default a user may or may not be an "admin" user. An admin user may perform root-like operations by authenticating again, but they give their own same password to the OS to do things.
It still knows you're you, you're just super-you. So default files are created with you as owner, for instance. This is safer because it reduces slightly the number of escalations necessary.
The effects: The actual user password being compromised is not the reason you need a separate root account, so they removed your need for two passwords.
Bad apps still need separate priv escalation to do any harm, even if you're running as admin.
BUT you don't have to logout of your GUI session to have one app - or even ONE PART of one app - run with escalated privledges, if you authorize it to.
This means you have NO REASON to ever run unnecessary apps as an admin. No downloading just that one file as root because you're in the middle of doing a rooty thing and forgot one.
The similar linux hack: I know you can setup similar things with sudo and a little tweaking. But this is how every OSX box ships, and it ought to be how every GUI consumer linux box ships too.
Flash shouldn't be used where HTML/CSS will suffice. Images shouldn't be used where an HTML table will suffice. (I'm all for a chart, but not a picture of a table) Webpages should convey all their content in lynx unless there's a really good reason not to. Also, people who suck at creating interactive content shouldn't create interactive content.
Where HTML/CSS won't suffice, though, Flash now fufills all the promises that Java applets couldn't keep from the 90s. You can easily make multiplatform applications that don't require individual installation. They can do things that are totally impossible in HTML. And they Just Work.
(As far as I can tell - Java is a great platform but applets are largely broken mostly due to Sun not being able to enforce proprietary controls over M$. )
If 99% of the Flash content you see is ads, you need to browse better sites, not ones that are all ads.
Flash shouldn't be used where HTML/CSS will suffice. Where it won't, though, Flash now fufills all the promises that Java applets couldn't keep from the 90s.
(As far as I can tell - Java is a great platform but applets are largely broken mostly due to Sun not being able to enforce proprietary controls over M$. )
Slashdot Mirror
My feeling was always that man-portable meant that 1 person can carry each of the components alone... while luggable meant someone can carry it alone in it's entirety.
A heavy mortar being "man portable" because it easily comes apart into 3 pieces. It also means you could carry it all yourself in some number of trips...
So a typical desktop is man portable but not luggable even though most people probably can't safely carry a 21" monitor WHILE carrying a CPU, keyboard, mouse, etc. A typical fullsize rack is NOT man portable or luggable... and even a 25" laptop would be luggable. Actually, the flat panel iMacs probably qualify as luggable, too.
CPUs aren't comparable, so you need to get a % and normalize it.
The easiest way to get a % is from something like top - but you can definitely do better, especially by successfully taking into account priority. You definitely want to find a way to _access_ information the scheduler already has, not make little minibenchmarks.
But you still have the problem of 100% of a PII vs 100% of a G5. This is a principally insoluble problem that varies based on your application's use of int, flop, registers, L1, L2, memory bandwidth and offloading chips (such as better NICs)
An ok solution would be to read the CPU class and do a lookup in a table that you keep upgrading as you get better info. My shorthand table is at the bottom of this post.
A better solution would be to do a relevant CPU-intensive benchmark on each machine and store that result. If what you care about is OpenSSL speed, that's the best benchmark FOR YOU.
The best solution is to run a series of full-setup benchmarks. Run it at high, middle and low memory usage, since you're measuring that separately, etc... then do all combination with high/low disk bandwidth. Run it at high/med/low CPU based on whatever % measure you settled on. You'll get not just a number but a "map" of performance based on other factors. If this matrix is very detailed it might automatically perform hundreds of combinations and take a long time once, but you'd get very accurate results.
I'm interested to see your results, but until you take them, this is my ruthlessly shorthand table which disregards huge amounts of things and wildly approximates all sorts of things and some stuff I've made up:
P4 CPU speed x1
P3 CPU speed x1.2
P2 CPU speed x.8
Athlon XP xxxx+ rated speed.
G3 CPU speed x1.8
G4 CPU speed x1.5
G5 CPU speed x2
Dual CPU x1.7 (probably dual core also)
Quad CPU x3 (probably dual/dual cpu/core also)
(please note: PIIIs definitely were often clock-for clock faster than early PIVs, at least. But they couldn't scale up. Same with G3 vs G4. Note that chess is highly integer and nothing is better than an Intel, apparently.)
Bigger Lesson: A RAID Array should contain different types of drives.
The old minis were TERRIBLE in crashes. Not just "not a canyonero" terrible, but terrible against solid objects using only their own inertia.
On the other hand, I've had more modern small cars, none costing more than $2k. All have gotten around 30 mph city and seated 4. The current is a '91 Mazda 323.
Getting more than that with modern crash-safety is apparently somewhat of a challenge. Give us higher gas taxes, and I'm sure we'll find solutions (like using more public transit)
I posted above about the SPEED sweet spot usually being just into the highest gear for most cars.
On a hybrid, though, that matters substantially less because excess torque of the engine is potentially always being consumed to recharge the batteries, and the engine is off when unnecessary.
So the single biggest factor to fuel economy on a hybrid IS to drive smoothly - so you're always regeneratively braking and you're never using the excess power to accelerate.
Essentially a hybrid is a car that always takes advantage of any inherent "smoothness" that happens to be in your driving.
I can't speak to driving smoothly, but I CAN speak to the speed of driving.
The engine consumes some constant gas whenever it is running. Go 0mph and you will have infinitely bad gas mileage. (Hybrids don't count; they shut off the engine) This is amount is proportional to how big the engine is * the rpms it has idling. The engine has some torque that is being just wasted here.
On the other hand, the faster you go the more wind resistance your engine has to work against. This is less important the more aerodynamic your car is and the more oversided your engine is (because you're already spending that gas at idle)
Possibly most important is that if you're actually in gear, the speed of the engine is coupled to the speed of the car by a ratio that varies depending upon the gear you are in. The best gas mileage is almost always in the highest gear. You're going fairly fast (regarding wind) at that point, so unless you have a fairly oversided engine the best gas mileage is usually pretty close to the lowest speed that keeps you soundly in the highest gear.
On a particular 1.6L 1986 Nissan Sentra in 2000 (square car, small engine), that speed was about 38 mph. On a particular 1996 4.6L Ford Mustang GT in 1997 (very aerodynamic, oversided engine) that speed was about 65-80mph.
[ For purposes of this discussion, "oversided" relates only to the idle gas consumption of the engine and the ratio of power against wind it produces automatically at low rpms in high gear. A turbo Porshe engine that can be driven at 8000 rpms potentially might not be "oversided" at all if the highest gear is set very high.
Also, this is clearly not as important as WHAT car/engine you have. And how you keep it in tune. Etc. Having a lower displacement engine is probably more important than how you drive it.]
This is not software that necessarily makes the world a better place to be a person; you don't deserve philanthropic sponsorship because there are many worthier causes that actually improve the state of life for many people. Even if you did deserve it, that sponsorship is rare unless you get to personally know someone at an organization that does such funding.
Your customers would seem to be people running theatres. You need to find owners/managers that don't like what they're using/paying, build a relationship with them, and authentically give them value that exceeds the amount of money they might give you. This can include support, it can also include feature requests - especially if there is something good you can make your software do that no competitor does. This might require advertising to them or approaching a lot of them.
This is a high barrier to entry market you're trying to enter. If you can't find anyone in that industry who wants to put any money towards it, either fund it yourself or stop and do something somebody wants. I suspect you can find someone if you try hard enough, but I'm not sure how long that might take.
I think you don't understand mass production.
It's often cheaper for you to get anything more common, because the likelyhood of someone having overstock or similar is higher.
Second, if a manufacturer is going to make an onboard LAN model, they then have to decide if it's worth the cost to _remove_ it for their cheaper models. Usually it's not; the cost of keeping track of making 2 products, stocking 2 products and reengineering stuff is substantial.
This is true in many industries.
This is tremendously more true of motherboards now that a single chip often provides most of these onboard functionalities and is unified with other necessary motherboard functions. Having to design without that controller is prohibitive, so they don't. Not soldering on the connector only saves a few pennies, and makes your motherboard less featureful.
The only time it's usually a good idea is when they need some reason to charge less for some product. In many of these cases they just disable features - often even though they're produced exactly the same and contain all the same chips.
Incidentally, at least your good videocard is still plenty useful - even if identical to the onboard one - because it doesn't use your system RAM and probably system RAM bandwidth.
As long as google is honoring pragma, this is the webmaster's faults. Proxy cache has been around a long time, in use by some major ISPs and especially big corps.
What google did is create a juxtaposition of sites that were originally put up as hobbies and a bunch of their users using the same proxy at the same time. But that isn't google's fault. The prefetching, I believe, accelerates finding these problems but doesn't really cause them.
I expect google will end up adding in an automated tool that checks for commonly used password fields and cookies and automatically nocache's those sites... but that will really only hide the problem.
No. I don't think I can answer you more succinctly than that.
2 75502 for an explanation of the Apple system.
1) While I think M$ security practice has been quite significantly inferior, I agree that it's hard to find concrete data on the detailed "technical" security, port attackability, etc. Luckily, once you have a firewall it's not as important as the user design issues.
I also agree that neither Apple nor any flavor of Linux is perfect. Personally I'd guess FreeBSD is better and OpenBSD better than that. But I'm confident that Windows is worse.
2) Windows comes with IE as the default browser, and IE thinks it's a good idea to have the user expect to sometimes run arbitrary code without sandboxing AS PART OF THE WEB BROWSER. They think this is ok because it's called ActiveX. If at least some websites you go to are supposed to have MORE control over your computer than you do (true in some corporate sites) this is a great idea. Personally I think it has no business being part of any web browser ever. (They could make an "update browser" if they really wanted...) I'm not talking about a bug or exploit here, this is BY DESIGN.
I certainly realize that users can download/run any piece of stupid software, which is always untrusted. I also realize that Flash/Java/JavaScript/shell:// potentially might all have security holes, but at least they are trying to sandbox it.
Furthermore, without ActiveX nobody would ever agree to installing arbitrary software just to, say, use a menu on a website. Integrating arbitrary code ("trusted" or not) with the browser means that people have a good reason to think they should run that code - which means it should be sandboxed.
3) You're also wrong about easily running Windows as a non Administrator user - it just doesn't work well. "All you've ever done to achieve that" is not run the right variety of software to run into problems.
http://slashdot.org/comments.pl?sid=146550&cid=12
I agree that these are problems with the installation of 3rd party software, but the problem definitely stems from M$ APIs and standards, because I've seen it with a bunch of stuff. M$ does not encourage good multiuser behavior from applications.
I nonetheless completely agree that there are plenty of software packages that do workaround the M$ design - OpenOffice for one.
3a) Windows does not plan for applications installed by nonadmin users. This is huge. It's tremendously easy as a "normal user" in OSX to install the Firefox application into my home directory and use Firefox without needing to be root. OSX strongly encourages applications to be installable this way, M$ does not.
3b) Most applications expect to be installed as the user they are going to run as. So "single user" software can't be installed by Administrator and run by User. Because of 3a, surprisingly often the only solution is to uppriv your user to the Admin group, install the software as your user (and sometimes run it once) and then downpriv your user. I've had dozens of pieces of major commercial software behave like this, not to mention many games.
3c) Common Windows software doesn't run unless you're an Administrator (Quickbooks being the one that annoys me the most, although I haven't tested hte newest version) I'm aware that sometimes you can change specific security restrictions to get around this, but sometimes you can't.
That's easy - just replace the middle of the car, from the dash through the trunk, with a big rocket. Then make sure you're driving by remote control in case it blows up.
Seriously, though, I had a friend with a Ford Fiesta (or something like that...) that I'm confident would've made 200. Of course, it wasn't really a stock engine anymore. He might've just replaced it outright with something from a bigger car - then he had some kind of custom turbocharger and enhanced timing. I think he said it got to develop like 300 hp or some madness like that. And it was a tiny car...
Whereas I just got rid of my first car and it had a top speed of 92mph on a level road with a tailwind.
Code signing is a mechanism for proving "who" is endorsing that code as something you can trust. Your problem is defining "who" and that's not really a technical problem.
If somebody forks you, you shouldn't sign their code. Not because it's bad, but because you can't vouch for it. THEY should sign their code.
Letting somebody else have the key to sign code is endorsing that your good name should go on ANYTHING that they decide to put out. Certainly, a project above a certain size with a community of maintainers should distribute this responsibility.
If I had a small project, I would make sure the key was left to somebody in my will (and I'd probably leave it with some close friends) - hopefully it'd get to somebody who'd be nominated to takeover the probject - because if I die presumeably I'm less worried about someone pretending to be me. This is a form of key escrow, but it's not a very arbitrary one.
For a larger project, it must be almost the highest level of trust, and it doubtless has to be learned. Those levels of trust would go something like:
bank accounts & corp documents
CVS log modification (auditability erasing)
code signing
CVS commit (but at least you can track it after the fact)
fast-track patch submission
anyone (normal patch submission)
These levels are a pyramid; fewer people should be trusted at each level - and fewer people are needed.
You should certainly punish the virus writers, if you can catch them. And you should possibly punish M$ for how big of a hole IE still is, even if Windows itself is better than it used to be. But none of that matters.
To use society's resources, you have to follow society's rules. I can go buy any car I want and drive it at 200 mph - on my own track. But if I want to drive on streets I have to follow the rules, as they apply to my actions (hitting things) even when they may not necessarily have a direct negative impact (speeding, driving on the sidewalks) have only a paper impact (licensing, insurance, registration) or only a preventative impact (headlights, brake lights...)
I can also go buy a used car and have the brakes suddenly fail, running over someone's garden. Note that even if I didn't know, I'm still responsible for the cost of that garden, (unless I JUST bought it and can pass the blame to the previous owner) If the brakes were recalled, it's still my fault for not getting them fixed. If they WEREN'T recalled, but should've been, then that's not my fault.
If you're already providing appropriate, simple, free, publicized resources _that they didn't use_ they are being negligent at best. Kicking them off until sometime after they fix it is a MINIMUM penalty for such negligence.
Argueably they should have to pay for the cost of your time to fix their computer (mandatory since they didn't do it the first time) and to repair any problems caused by their problem - and STILL be penalized in terms of being online.
(Personally I believe that a kick-until-fixed first warning is probably a necessary threshold of publicity - but even the second time they aren't listening I think it'd be very reasonable to escalate it.)
To be clear, I don't think it's reasonable in today's world to hold them accountable for anything their computer does. I think it's NECESSARY to hold them accountable for not following your security procedures to defend against it. Which means you're still going to be snuffed by the virus that exploits the OS hole noone has put out a patch for yet - and I wouldn't blame that on the first kid to get it.
I agree with the other posts - you have to get kick/ban/unplug authority, you have to quit, and/or you have to get paid. 1 of those might do...
I don't have a copy of 2010 handy, and I'll admit to not remembering the passage you're referring to. I'm also aware of the not-necessarily linear size-mass relationship.
If some other posts in this article are correct it may be closer to 1/4 than to 2 orders of magnitude. I'm not at all convinced that AC may not have had reason to believe it wasn't even less (or perhaps would be discovered to be less)
I'm a fan of old-school science fiction, and I hugely appreciate the work that goes into making a good story while making the reality as consistent ours as possible. I enjoy exploring the ramifications of relatively few assumed changes about our reality. In fact, I usually call this "extrapolative fiction" to separate it from what I consider the chaff of space operas.
Nonetheless, while 2 OM may be a lot in scientific astronomy it is not a lot in "armchair" astronomy. A novel - even extrapolative fiction - shouldn't be a science textbook. If every phrase had only the precision of a good textbook it would be a terrible novel. In particular, the narration in a good novel should be humanized, and the characters should almost always be mistaken at some point.
The underlying physical "model" of the universe in an ef book should be accurate as much as possible. Unlike a textbook, however, the narrator of a novel's primary obligation not to always be perfectly accurate. This is doubly true if the book or chapter is being narrated from the point of view centered around a particular character.
So while I'd be equally disappointed if the "facts" of the novel depended on it being 'just a little bit' bigger, I think you're confusing the narrator with the model. Perhaps I recall wrong, but as I recall the piece of text was descriptive and illustrative, not factual and numeric.
You haven't seen everything on the internet if you haven't seen this scientific report on mallard drakes.
http://www.nmr.nl/deins815.htm
I don't think I agree with you about what "a little bit is"
.28 change in diameter magnatude.
In something you normally talk about in linear measurement, I might agree with you about 10%. But for a topic (like planets) where the range is variable enough that it makes sense to talk about the magnitude of the number, not the number (10^28 m etc) and where those exponents are high, 10% isn't even part of the number you're talking about. That's from a language point of view.
From a physical point of view, it's very reasonable to assume that AC might've meant diameter while those thresholds are all about mass. So your x70 mass is only x4 diameter.
The smallest sensible unit if you're talking about the magnitude (from a power of 10 POV) is x10... x5 is a fractional magnitude lost in the rounding error. (10^(.5) )^3 = a 32x mass increase. Some other posts here have said the threshold may be as low as 7x mass = 2x diameter =
Furthermore, it's a description in a book. The sense of "a little bit" should be taken in context. I don't remember the context of that book being "we should park a bunch of spaceships on it and make it implode" (or keep that from happening) Sometimes numerically big changes are "a little bit" because there's a lot of range in whatever you're talking about. On the other hand good electric motors are (taken alone) very efficient - so "a little bit" better is a tiny number. The context in the book, I believe, was "boy it's big"
web records are being looked up by an http client running on an arbitrary user machine. So they'll normally hit the popular and overloaded ISP DNS servers.
MX records are being looked up by a mail SERVER. Such server is much more likely to do it's own root lookups or otherwise use a superior system, because it doesn't have to accept DNS lookups from 3 million possibly hacked DSL machines.
The mail servers are run by the ISPs. Who would screw with the TTL for THEIR OWN lookups? That'd be kindof silly.
/., once again proving the hypothesis that the best way to get a lot of information is to say something wrong on the internet.
Thanks, all : )
No, it's exactly as secure as I think - and I even said that it wasn't a perfect implementation in my post - I just think it's a brilliant model.
The "right" answer to your complaint is to make the default admin account that is admin but isn't wheel - it'll just make you sudo more things. I agree with you about this detail, but it's an implementation detail, not a flaw in the model.
Also, of course, the OSX firewall is a packet filter (pf, I believe) and a GUI. The GUI might not set the filter to block UDP but the underlying filter definitely does. So you definitely could fix this without installing any software. Still an Apple failure? Definitely. Better than the Windows equivalent structure? Also definitely.
I SAID that sudo can do that. But Linux by default doesn't ship with that as "how you make yourself an admin user"
Except Ubuntu apparently does, which rocks and I just didn't know. Hopefully this is the start of a trend - a trend I'm trying to push along a little bit.
It's not "square one" "square one" is when everyone logs in as Administrator or root all the time so their installs work. Requiring OS controlled user intervention is at least square two.
Having uneducated users administering (in any system) their own machines will never be truly safe.
I thought I'd pick on myself before somebody else did.
I know in linux you can, for instance, open a terminal, su, and execute a GUI app as root while in an X session not as root. However, there's no general linux way for doing this for a nonCLI user.
I also know that in Windows you can "run as" by providing that alternate password, and you could set your Administrator and user passwords the same. But you get all sorts of problems doing this - for instance with an app that needs admin privs to install but not to run.
Finally, I certainly know that not every single security thing Apple has done has been right. This thread is particularly about their admin-user design, which I think is an ideal DESIGN. If they left open a hole somewhere, they should fix it. But the design is brilliant.
I have to say I love the OSX solution. For those of you that aren't familiar:
The method:
By default you don't use root (although it does exist)
By default a user may or may not be an "admin" user. An admin user may perform root-like operations by authenticating again, but they give their own same password to the OS to do things.
It still knows you're you, you're just super-you. So default files are created with you as owner, for instance. This is safer because it reduces slightly the number of escalations necessary.
The effects:
The actual user password being compromised is not the reason you need a separate root account, so they removed your need for two passwords.
Bad apps still need separate priv escalation to do any harm, even if you're running as admin.
BUT you don't have to logout of your GUI session to have one app - or even ONE PART of one app - run with escalated privledges, if you authorize it to.
This means you have NO REASON to ever run unnecessary apps as an admin. No downloading just that one file as root because you're in the middle of doing a rooty thing and forgot one.
The similar linux hack:
I know you can setup similar things with sudo and a little tweaking. But this is how every OSX box ships, and it ought to be how every GUI consumer linux box ships too.
I just posted something very similar above, but -
Flash shouldn't be used where HTML/CSS will suffice. Images shouldn't be used where an HTML table will suffice. (I'm all for a chart, but not a picture of a table) Webpages should convey all their content in lynx unless there's a really good reason not to. Also, people who suck at creating interactive content shouldn't create interactive content.
Where HTML/CSS won't suffice, though, Flash now fufills all the promises that Java applets couldn't keep from the 90s. You can easily make multiplatform applications that don't require individual installation. They can do things that are totally impossible in HTML. And they Just Work.
(As far as I can tell - Java is a great platform but applets are largely broken mostly due to Sun not being able to enforce proprietary controls over M$. )
If 99% of the Flash content you see is ads, you need to browse better sites, not ones that are all ads.
Flash shouldn't be used where HTML/CSS will suffice. Where it won't, though, Flash now fufills all the promises that Java applets couldn't keep from the 90s.
(As far as I can tell - Java is a great platform but applets are largely broken mostly due to Sun not being able to enforce proprietary controls over M$. )