"Complex" and "simple" are at two ends of a spectrum. Call 1 simple and 10 complex.
"Not Simple" does not resolve to "10". It resolves to the range 2-10.
Nobody's advocating gratuitous complexity. This needs to be understand as pushback against people claiming that radical simplicity is what is desirable, even necessary, even if that means costing features. The pushback is pointing out that 3 or 4 can be a fine place for software to live, especially if you use the empirical evidence of what people actually buy and get excited about, as Joel does. That may not seem a theoretically clean basis for arguing, but it certain is empirical.
People understanding this as "advocating complexity" are falling prey to a black-and-white view of the world, where "not simple" == "complex". It's not that, ahem, simple.
If your education truly focused on theory, you ought to know more about writing an emulator than you think. An emulator is basically just an interpreter/compiler. Emulators often then use a whole bunch of tricks to speed things up, but at their core, all they are doing is taking in the memory image of a program and interpreting it in the context of a software implementation of the hardware. In theory, writing a console emulator starts out the same as writing any other interpreter, and while there may be special graphics or audio tricks you have to use, much of the rest of the optimization issues looks just like an optimizing compiler. Emulators have been doing Just-In-Time compilation for a long time now, for instance.
There are many details in a real emulator, but then, there are many details in GCC, too. The fundamental structure is still there.
If you missed compilers in your "theory heavy" education, that could be a problem. (I think compilers ought to still be a required course; the requisite skills form the basis of far, far more programs than just your C compiler. Almost every text to text converter is better written as a compiler than a series of regexes or some other such hack, and with proper tools and the understanding to use them it's usually easier, too.)
While you may not quite know enough to correlate them, many other programs use fundamental constructs from computer science too.
What you probably lack is experience, and there's only one way to get that. Fortunately, there's a large body of open source to study. As others have said, grab and interesting program and read it. As I haven't seen others say, after you've poked around for a bit, take the program and make a change to it. Emulators are probably not the best target here because at best you'll probably just degrade the performance, but who knows? Maybe SNES will let you plug in to their resolution upsampling framework easily and you can add your own interpolator or something. You'll find the first change is harder than you think, but this too is a valuable skill you'll use over and over again in real life; you will frequently be called on to make a change to a codebase you don't really understand. (One could argue that that is actually the general case....)
I'll accept your analogy when the company that owns all the source to KDE goes under and takes the source with it.
I'm going to go out on a limb and guess that's somewhat unlikely.
(Don't debate with analogies. A single relevant difference is enough to invalidate your argument. And this single relevant difference was a doozie. Also, it was obvious.)
You are aware that "Debian Sarge", for instance, contains pretty much every bit of functionality a person could want? Whereas "Windows NT" contains... an operating system and a few crappy, useless apps?
Your attempted comparison goes the wrong way; your own shows the OS in Windows is as large as entire Linux distributions, albeit old ones. And who installs and uses every program in a Linux distribution, anyhow?
Your better comparision is something like "Linux Kernel + X11 + some simple window manager" vs "Windows NT".
You pretty much can't compare a fully-loaded Windows system to a full Linux distribution because I don't think you can install all those programs onto one box anymore without the DRM and copy protection and virus checker and explorer extensions and programs that preload huge chunks of themselves at startup and all kinds of other anti-social behaviors basically destroying the Windows system.
What's with this weird idea that the Virtual Console has every Nintendo, Super Nintendo, et al game ever made already available for (paid!) download? Have you missed the people complaining about the selection at launch?
I wasn't going to say anything but you're not the only person claiming the Wii can fill in for all the old systems; you're just the highest rated at the time I hit "reply".
Part of what led me down this road was the recognition that many of my favorite science fiction novels were intrinsically unfilmable, including Dune. Well, they filmed it anyway. (I speak of the Sci-Fi miniseries, not the movie.) If you take that miniseries as theater, it actually works pretty well. If you take it as a documentary of real events, it's shit. This probably explains much of the difference in opinions it evoked, depending on how literally people took it.
From there it's a short leap to basically taking everything as theater. I regret not thinking of this angle before I clicked "submit" on my post.:) It makes so many things more enjoyable and all it takes is a slight perspective change.
I find I'm generally happier when I consider what we see on the screen to still be a little symbolic, more like a book than a true "what a guy on the scene would see" documentary style.
Many things make more sense that way, hacker displays are just one thing. All space combat at all ranges happens in a way to frame the combat precisely in the screen, even when there are multiple ships. Real space combat would presumably take place at even greater ranges than modern naval combat; I'll be conservative and call the zone of influence of a carrier group many tens of miles. (Depends on how you measure it, I suppose.) Yet the two space ships always approach within a few hundred meters... well, they have to or there's nothing to show. Sure, I'd pay to see a realistic movie, but it'd make Serenity look like a spectacular financial success in the general market.
This presumably also explains why the good crew of the Enterprise misses so many point-blank visual-range shots; it's symbolic of the fact that at a few tens of kilometers it's a lot easier to miss.
In Serenity, the scenes with the Reavers between them and the planet Miranda has to be a little symbolic, because space junk at that density would be unstable. But the real situation would be completely unfilmable, and most of the same effect can be had with a re-arrangement of the situation.
Space combat is just one of the easier ones; a lot of things are better taken as symbolic.
This leaves you more worried about good characters, internal consistency (even with silly rules), and other more story-related issues. Taking this viewpoint has mostly satisfied my inner geek, although he still sometimes notices things that still can't really be explained this way.
(It probably helps that I still read and enjoy science fiction from the 1950s and back; the rules are very silly by modern physics standards, but as long as they are consistent, I still can find the stories interesting and entertaining; in fact in our zest for realism we've lost some interesting story worlds.)
Go look up what the engineers have done to solve that problem. It transfers to this new technology just fine. (It's somewhat more complicated that I care to type into a Slashdot post when other web sites cover it with images and diagrams and stuff, not just text.) Google for cd error correction red book. (The "red book" is the CD standard and ensures that you'll get discussions about the actual standard; without I found some other irrelevant stuff in the higher results.)
I keep politics and religion online to the best of my ability. After a long period when I didn't know what my weblog was for, I've concluded it is for all the other things that I want to talk about or say, but don't have anyone physically around me that I want to talk about them with. Slashdot and other such postings also fill in for that.
I've been around the Internet a lot. I've heard, say, the arguments for and against abortion that you can fit into two minutes (already a very long monologue in a real-world conversation) a million times. You can't even begin to interest me in the topic unless you dig a lot more deeply than that.
Similarly, in politics, I've heard that the Dempublicans are evil and are going to kill your children a billion times. I need something deeper to be interested. Soundbites from CNN don't cut it.
Note I'm not even saying people are so stupid as to think in soundbites. The problem is the communication medium; you just can't say much in a conversation. Soundbites work because a five minute impromptu speech debate on a topic can do nothing more than toss such soundbites at each other.
If I'm going to debate politics and religion, I insist on being able to finish my thoughts without immediate, inline interruption. (For instance, it would require an extremely tolerant audience in a real-word conversation for me to have gotten this far into this point.) I insist on being able to link things. I like having conversations with multiple people in an organized fashion. For all the faults of online debating, and there are many, it's better than real-world debates by a lot.
Plus I like being able to read such things, because I read much, much faster than you can talk. I'm willing to pay the price that I type much slower than I can speak. (Besides, my typed sentences are much more valuable than my spoken sentences, and I can edit them.)
There's two basic possibilities: First, they got whitelisted by posting good comments. In which case, thanks for the good comments, but you're blacklisted now.
Or they hacked the OpenID server, which is the same as hacking anything else. Hell, maybe they hacked my weblog. Hacking's sort of a constant; we already live in a world where hackers can do many things, complaining that OpenID doesn't solve that problem is just pissing into the wind.
In both cases, that's an awfully tall bar for a spammer if I'm not a mega-site like Slashdot.
But I think it's more likely that you think a spammer could just claim an OpenID, which goes to show that you're still not really following what OpenID is. They'd have to be able to authenticate with that ID too.
This is a generalized reply to a number of comments that are either reflexively nay-saying the entire idea or are not understanding what this really means.
The intent of OpenID (as I read it) is simply to provide an identity. An identity is just a name that at least one person has permission to use, and no more. Multiple people may be able to use the identity. Perhaps some aren't "authorized" (a vague, undefined term in this case), and obtained the credentials by hacking. Maybe one person has a thousand OpenIDs. It really doesn't nail you down, break your anonymity any more than posting with a Slashdot account that has no URL, email, or distinguishing username characteristic, or give the One World Government an ID to tattoo into your arm.
The reason this is useful is that it gives further layering something to talk about. I can't tell my blog system "John Milquetoast Xavier is allowed to post on the front page", because the blog system can't understand "people". It needs "identities". But I can say "this OpenID is allowed to post".
And all the OpenID system will tell me is that some person has authenticated with that ID. I can further restrict their activities; I can still require a CAPTCHA, I can require a paid account, I can do all kinds of things. There's no law that says I have to let everyone with an OpenID have full permissions on my site. (When I say that, it's obvious, but based on the comments clearly some people have this idea in the back of their head.)
I can also go the other way; if your OpenID is from a site that I trust to verify you are a real human for some reason, I might allow OpenIDs from that site more permissions than one from the random internet. If my company sets up an OpenID server that we control and allow only our employees on, I might be able to trust OpenIDs from that server more than random strangers. (Assuming good security for the sake of argument.)
You could set up your own OpenID server to do whatever. I'm sure that if this takes off, there will be OpenID servers that people choose to leave wide open to allow anonymous OpenIDs to be created by anybody. Maybe it'll simply say "Yes, that person exists" to any query with any password, if the API allows it. Using one of those won't tie you to anything.
What you are worried about shouldn't be "identities", you are worried about "identities that can be tied to you". The generic OpenID specification can not provide that, since in the general case the OpenID server could be anything, including a compromised box, and you therefore can not trust it a priori. All it can do is provide a label. Excessive trust in an identity system is the real problem, not an identity system.
I've been creating a weblog for myself lately that includes comment posting, and while I don't think I'm quite ready to jump to OpenID, it's actually exactly what I'm looking for. My spam-control solution will be to moderate every comment posted, but once an identity proves its bona fides, I'll whitelist it. All I want is an identity. I don't really care if I can map it back to a person, I don't care if 10 people are using it, I just want an entity that I can deal with in my database and grant it permissions to above and beyond what an anonymous user gets. OpenID would solve that problem nicely, because I have no intention of farming out to OpenID the question of how much I trust the identity, merely the existence of an identity.
Re:Spam IS a problem for site owners! What to do?
on
The Case for OpenID
·
· Score: 1
I know the OpenID folk say "this is not a trust system" and that is not the problem they are trying to solve. But it needs to be solved for it to be widely useful!
How do you propose that we solve the trust problem, without an identity solution to hang it off of?
You know, it's acceptable to solve one problem at a time. It's how real engineering is done. Try to solve this entire thorny problem in one fell swoop and you get Microsoft Passport.
100 miles west of Detroit is about halfway between Jackson, MI (birthplace of the Republican party, not many other claims to fame) and Battle Creek, MI (headquarters of Kellogs and a nice airshow). Albion MI would be the closest (travelling on I-94), and you've probably never heard of that little town unless you live around here, and maybe not even then.
(I post this not to argue with you but because I have found many people who don't live in America have a hard time comprehending how large this country is, especially Europeans. One of my uncles recently told me about a guy who flew into Boston from Europe, and asked for directions to St. Louis for a lunch meeting. Ouch. You can do that in Europe, especially with a fast rail connection; not so much here.)
I've been doing some limited experimenting with Pavlovian conditioning.
Basically, you tune your speed to the amount of space between you and the tailgater. You slow down until they back off (usually they do), then you speed up. You stay fast until they start tailgating you again, at which point you let off your gas.
One key is probably not to use your brakes, which makes this too obvious. I don't really want them consciously thinking about the fact that I am actively braking. That'll just piss them off.
I'd say this works about half the time, and probably won't trigger any road rage. But the flip side is that it does fail about 50% of the time.
I also don't know if I'm really "conditioning" that 50% or not, but as an engineering-type I say who cares if the logic is right if it works? 50% is still an improvement over 0%.
It's not really a nationality thing, IMHO, it's a rural/urban thing.
Detroit drivers are (by my standards) assholes. By Boston standards, they are polite.
Go 100 miles west of Detroit and I have no complaints about the drivers at all.
I've heard hair-raising tales about a number of European cities, but I'd bet that in the rural areas the people are just as polite as the nicest US drivers. (Can't guarantee it, but I don't feel like I'm going out on a limb.)
The media companies don't really approve of TiVos, even, they just haven't figured out to stop them legally. They don't approve of, well, anything. It's not a hard guess that once something has been locked up, they wouldn't approve of you unlocking it.
Call me crazy, but if you can circumvent it, then it doesn't seem like it effectively controls access.
You'll have to take that up with Congress and the Supreme Court.
cfulmer's sibling to my post is a much more interesting counterpoint.
A further interesting point is that while TiVo may not have directly contracted with the media companies (and maybe they did, I just don't remember and if they do have a formal contract none of my internet searches could find it), they clearly added this protection to placate them, and it's pretty clear the media companies wouldn't approve of this.
Sec. 1201. Circumvention of copyright protection systems
`(a) VIOLATIONS REGARDING CIRCUMVENTION OF TECHNOLOGICAL MEASURES- (1)(A) No person shall circumvent a technological measure that effectively controls access to a work protected under this title. The prohibition contained in the preceding sentence shall take effect at the end of the 2-year period beginning on the date of the enactment of this chapter.
I don't see any reference to who is adding the "protection". This is probably a DMCA violation.
'Course, unless you run Linux but have never watched a DVD, you've pretty much already opened that door.
IANAL, but while I'm sure you could argue either way, I'm pretty sure that the better argument is that the DMCA is intended to allow non-owners to add protection, as TiVo is here, for exactly the sort of things TiVo is doing.
The general idea is that the problem you describe will be solved on a higher level than the tags themselves, on the simple grounds that tags effectively can not self-label their own reliability. (That's a bit of a simplification, but in practice that's what it boils down to.)
Google's PageRank is nothing if not such a higher-level reputation system.
Multiple systems should compete and the "best" should win. Theoretically.
We're getting there, but even relatively modest MP3 collections by modern standards still can consume entire laptop hard drives, let alone some of the dinky MP3 players.
Until everybody can put their entire collection onto at least a laptop hard drive, and still have room to put other things on there, we'll still want compressed music.
I say "laptop hard drive" because CPUs are pretty much at the point where we could read in FLAC and spew out a customized MP3 for a smaller portable player, so I don't think that's as important, but it is also a factor. (We don't do that because we still assume the hard-drive MP3 will already be compressed; as we move away from that we'll develop live-encoding infrastructure. If you can still hear the artifacts from a portable player from a 320Kbps mp3, you must be listening with $200 headphones in some sort of silence chamber.) It'd be even easier to deal with uncompressed music if I could dump my entire FLAC collection out to a flash-based player.
(We'll also eventually want multi-channel music, but even in the worst case scenario that only roughly doubles music size, and as I understand it that's not how multi-channel music is encoded anyhow, certainly not if you're going to FLAC or FLAC-alike it..)
Along with any number of other good answers, I'd also point out that Microsoft has a very poor security track record and is hardly in a position to be making ominous threats about other people's security.
Here's a search for "Microsoft" on the Open Source Vulnerability Database. ("Open Source" here refers to the nature of the database, not covering only open source products.) Pop in any other large closed-source vendor you can think of and you'll find something. ("Oracle" is another personal favorite. It may have "Enterprise-class" performance, which I can't vouch for either way having never used it, but it sure doesn't have "Enterprise-class" security.)
I think the main problem with the implied argument is that you don't need source code to find security vulnerabilities (in fact it might not even be helpful given the other cracking techniques you can use), but you do need it to fix them, with rare exceptions.
You're right. I'll have to add that to any future desensitization posts I make.
You've got to ease people in to it though; jump them straight to "you eat radioactive foods every day" and they'll probably just flat-out disbelieve you. First you need to show that a low level is perfectly normal.
I did enjoy your panicking over a billion! year half-life. It's a big number, that must be worse, right?:)
Too many people think of radiation as this magical, unstoppable death ray; I call this the OMG RADIATION!!1! attitude.
Fact is, there's a whole whackload of far more dangerous things you can get your hands on legally and easily, not least of which is any number of guns, which are also very dangerous when handled carelessly or by an unskilled/untrained operator.
Cigarettes and alcohol are pretty dangerous too, and I couldn't even begin to list the deadly poisons we can stroll into any store and buy completely legally. You can start with the pest control isle, then add the majority of the cleaning isle, and then maybe a lot of the automotive liquids (antifreeze in particular is a dangerous thing if you've got pets or children around), then tack on much of the agricultural isle. Note that I'm not listing products, I'm listing store sections, because that's how readily available these things are.
Honestly, the only reason to prefer radioactive substances to poison someone is because it plays right into the OMG RADIATION!!1! attitude, which even here on "enlightened" slashdot is in ample supply. It's just another deadly poison; no less, but no more.
(To break yourself of the OMG RADIATION!!1! attitude, I recommend the following: Learn about background radiation levels. (If you think that "normal radiation" levels are "zero", you are firmly in the grip of OMG RADIATION!!1!.) Learn how X-Rays work and how they compare to background. Learn about how smoke detectors work; odds are very good that you are within a few tens of meters of an OMG RADIOACTIVE! substance. This will either break you of panicking, or give you a heart attack; either way you'll be free of OMG RADIATION!!1!.)
Slashdot Mirror
"Complex" and "simple" are at two ends of a spectrum. Call 1 simple and 10 complex.
"Not Simple" does not resolve to "10". It resolves to the range 2-10.
Nobody's advocating gratuitous complexity. This needs to be understand as pushback against people claiming that radical simplicity is what is desirable, even necessary, even if that means costing features. The pushback is pointing out that 3 or 4 can be a fine place for software to live, especially if you use the empirical evidence of what people actually buy and get excited about, as Joel does. That may not seem a theoretically clean basis for arguing, but it certain is empirical.
People understanding this as "advocating complexity" are falling prey to a black-and-white view of the world, where "not simple" == "complex". It's not that, ahem, simple.
"If it bleeds, it leads."
If you think you or your preferred social group are immune to that... you're wrong.
If your education truly focused on theory, you ought to know more about writing an emulator than you think. An emulator is basically just an interpreter/compiler. Emulators often then use a whole bunch of tricks to speed things up, but at their core, all they are doing is taking in the memory image of a program and interpreting it in the context of a software implementation of the hardware. In theory, writing a console emulator starts out the same as writing any other interpreter, and while there may be special graphics or audio tricks you have to use, much of the rest of the optimization issues looks just like an optimizing compiler. Emulators have been doing Just-In-Time compilation for a long time now, for instance.
There are many details in a real emulator, but then, there are many details in GCC, too. The fundamental structure is still there.
If you missed compilers in your "theory heavy" education, that could be a problem. (I think compilers ought to still be a required course; the requisite skills form the basis of far, far more programs than just your C compiler. Almost every text to text converter is better written as a compiler than a series of regexes or some other such hack, and with proper tools and the understanding to use them it's usually easier, too.)
While you may not quite know enough to correlate them, many other programs use fundamental constructs from computer science too.
What you probably lack is experience, and there's only one way to get that. Fortunately, there's a large body of open source to study. As others have said, grab and interesting program and read it. As I haven't seen others say, after you've poked around for a bit, take the program and make a change to it. Emulators are probably not the best target here because at best you'll probably just degrade the performance, but who knows? Maybe SNES will let you plug in to their resolution upsampling framework easily and you can add your own interpolator or something. You'll find the first change is harder than you think, but this too is a valuable skill you'll use over and over again in real life; you will frequently be called on to make a change to a codebase you don't really understand. (One could argue that that is actually the general case....)
I'll accept your analogy when the company that owns all the source to KDE goes under and takes the source with it.
I'm going to go out on a limb and guess that's somewhat unlikely.
(Don't debate with analogies. A single relevant difference is enough to invalidate your argument. And this single relevant difference was a doozie. Also, it was obvious.)
You are aware that "Debian Sarge", for instance, contains pretty much every bit of functionality a person could want? Whereas "Windows NT" contains... an operating system and a few crappy, useless apps?
Your attempted comparison goes the wrong way; your own shows the OS in Windows is as large as entire Linux distributions, albeit old ones. And who installs and uses every program in a Linux distribution, anyhow?
Your better comparision is something like "Linux Kernel + X11 + some simple window manager" vs "Windows NT".
You pretty much can't compare a fully-loaded Windows system to a full Linux distribution because I don't think you can install all those programs onto one box anymore without the DRM and copy protection and virus checker and explorer extensions and programs that preload huge chunks of themselves at startup and all kinds of other anti-social behaviors basically destroying the Windows system.
What's with this weird idea that the Virtual Console has every Nintendo, Super Nintendo, et al game ever made already available for (paid!) download? Have you missed the people complaining about the selection at launch?
I wasn't going to say anything but you're not the only person claiming the Wii can fill in for all the old systems; you're just the highest rated at the time I hit "reply".
Part of what led me down this road was the recognition that many of my favorite science fiction novels were intrinsically unfilmable, including Dune. Well, they filmed it anyway. (I speak of the Sci-Fi miniseries, not the movie.) If you take that miniseries as theater, it actually works pretty well. If you take it as a documentary of real events, it's shit. This probably explains much of the difference in opinions it evoked, depending on how literally people took it.
:) It makes so many things more enjoyable and all it takes is a slight perspective change.
From there it's a short leap to basically taking everything as theater. I regret not thinking of this angle before I clicked "submit" on my post.
I find I'm generally happier when I consider what we see on the screen to still be a little symbolic, more like a book than a true "what a guy on the scene would see" documentary style.
Many things make more sense that way, hacker displays are just one thing. All space combat at all ranges happens in a way to frame the combat precisely in the screen, even when there are multiple ships. Real space combat would presumably take place at even greater ranges than modern naval combat; I'll be conservative and call the zone of influence of a carrier group many tens of miles. (Depends on how you measure it, I suppose.) Yet the two space ships always approach within a few hundred meters... well, they have to or there's nothing to show. Sure, I'd pay to see a realistic movie, but it'd make Serenity look like a spectacular financial success in the general market.
This presumably also explains why the good crew of the Enterprise misses so many point-blank visual-range shots; it's symbolic of the fact that at a few tens of kilometers it's a lot easier to miss.
In Serenity, the scenes with the Reavers between them and the planet Miranda has to be a little symbolic, because space junk at that density would be unstable. But the real situation would be completely unfilmable, and most of the same effect can be had with a re-arrangement of the situation.
Space combat is just one of the easier ones; a lot of things are better taken as symbolic.
This leaves you more worried about good characters, internal consistency (even with silly rules), and other more story-related issues. Taking this viewpoint has mostly satisfied my inner geek, although he still sometimes notices things that still can't really be explained this way.
(It probably helps that I still read and enjoy science fiction from the 1950s and back; the rules are very silly by modern physics standards, but as long as they are consistent, I still can find the stories interesting and entertaining; in fact in our zest for realism we've lost some interesting story worlds.)
DVDs already have that problem.
In fact, CDs already have that problem.
Go look up what the engineers have done to solve that problem. It transfers to this new technology just fine. (It's somewhat more complicated that I care to type into a Slashdot post when other web sites cover it with images and diagrams and stuff, not just text.) Google for cd error correction red book. (The "red book" is the CD standard and ensures that you'll get discussions about the actual standard; without I found some other irrelevant stuff in the higher results.)
I keep politics and religion online to the best of my ability. After a long period when I didn't know what my weblog was for, I've concluded it is for all the other things that I want to talk about or say, but don't have anyone physically around me that I want to talk about them with. Slashdot and other such postings also fill in for that.
I've been around the Internet a lot. I've heard, say, the arguments for and against abortion that you can fit into two minutes (already a very long monologue in a real-world conversation) a million times. You can't even begin to interest me in the topic unless you dig a lot more deeply than that.
Similarly, in politics, I've heard that the Dempublicans are evil and are going to kill your children a billion times. I need something deeper to be interested. Soundbites from CNN don't cut it.
Note I'm not even saying people are so stupid as to think in soundbites. The problem is the communication medium; you just can't say much in a conversation. Soundbites work because a five minute impromptu speech debate on a topic can do nothing more than toss such soundbites at each other.
If I'm going to debate politics and religion, I insist on being able to finish my thoughts without immediate, inline interruption. (For instance, it would require an extremely tolerant audience in a real-word conversation for me to have gotten this far into this point.) I insist on being able to link things. I like having conversations with multiple people in an organized fashion. For all the faults of online debating, and there are many, it's better than real-world debates by a lot.
Plus I like being able to read such things, because I read much, much faster than you can talk. I'm willing to pay the price that I type much slower than I can speak. (Besides, my typed sentences are much more valuable than my spoken sentences, and I can edit them.)
I suppose this is off-topic.
How?
There's two basic possibilities: First, they got whitelisted by posting good comments. In which case, thanks for the good comments, but you're blacklisted now.
Or they hacked the OpenID server, which is the same as hacking anything else. Hell, maybe they hacked my weblog. Hacking's sort of a constant; we already live in a world where hackers can do many things, complaining that OpenID doesn't solve that problem is just pissing into the wind.
In both cases, that's an awfully tall bar for a spammer if I'm not a mega-site like Slashdot.
But I think it's more likely that you think a spammer could just claim an OpenID, which goes to show that you're still not really following what OpenID is. They'd have to be able to authenticate with that ID too.
This is a generalized reply to a number of comments that are either reflexively nay-saying the entire idea or are not understanding what this really means.
The intent of OpenID (as I read it) is simply to provide an identity. An identity is just a name that at least one person has permission to use, and no more. Multiple people may be able to use the identity. Perhaps some aren't "authorized" (a vague, undefined term in this case), and obtained the credentials by hacking. Maybe one person has a thousand OpenIDs. It really doesn't nail you down, break your anonymity any more than posting with a Slashdot account that has no URL, email, or distinguishing username characteristic, or give the One World Government an ID to tattoo into your arm.
The reason this is useful is that it gives further layering something to talk about. I can't tell my blog system "John Milquetoast Xavier is allowed to post on the front page", because the blog system can't understand "people". It needs "identities". But I can say "this OpenID is allowed to post".
And all the OpenID system will tell me is that some person has authenticated with that ID. I can further restrict their activities; I can still require a CAPTCHA, I can require a paid account, I can do all kinds of things. There's no law that says I have to let everyone with an OpenID have full permissions on my site. (When I say that, it's obvious, but based on the comments clearly some people have this idea in the back of their head.)
I can also go the other way; if your OpenID is from a site that I trust to verify you are a real human for some reason, I might allow OpenIDs from that site more permissions than one from the random internet. If my company sets up an OpenID server that we control and allow only our employees on, I might be able to trust OpenIDs from that server more than random strangers. (Assuming good security for the sake of argument.)
You could set up your own OpenID server to do whatever. I'm sure that if this takes off, there will be OpenID servers that people choose to leave wide open to allow anonymous OpenIDs to be created by anybody. Maybe it'll simply say "Yes, that person exists" to any query with any password, if the API allows it. Using one of those won't tie you to anything.
What you are worried about shouldn't be "identities", you are worried about "identities that can be tied to you". The generic OpenID specification can not provide that, since in the general case the OpenID server could be anything, including a compromised box, and you therefore can not trust it a priori. All it can do is provide a label. Excessive trust in an identity system is the real problem, not an identity system.
I've been creating a weblog for myself lately that includes comment posting, and while I don't think I'm quite ready to jump to OpenID, it's actually exactly what I'm looking for. My spam-control solution will be to moderate every comment posted, but once an identity proves its bona fides, I'll whitelist it. All I want is an identity. I don't really care if I can map it back to a person, I don't care if 10 people are using it, I just want an entity that I can deal with in my database and grant it permissions to above and beyond what an anonymous user gets. OpenID would solve that problem nicely, because I have no intention of farming out to OpenID the question of how much I trust the identity, merely the existence of an identity.
You know, it's acceptable to solve one problem at a time. It's how real engineering is done. Try to solve this entire thorny problem in one fell swoop and you get Microsoft Passport.
Then you're back in the city, of course. :)
Detroit to Chicago is 280 miles.
100 miles west of Detroit is about halfway between Jackson, MI (birthplace of the Republican party, not many other claims to fame) and Battle Creek, MI (headquarters of Kellogs and a nice airshow). Albion MI would be the closest (travelling on I-94), and you've probably never heard of that little town unless you live around here, and maybe not even then.
(I post this not to argue with you but because I have found many people who don't live in America have a hard time comprehending how large this country is, especially Europeans. One of my uncles recently told me about a guy who flew into Boston from Europe, and asked for directions to St. Louis for a lunch meeting. Ouch. You can do that in Europe, especially with a fast rail connection; not so much here.)
I've been doing some limited experimenting with Pavlovian conditioning.
Basically, you tune your speed to the amount of space between you and the tailgater. You slow down until they back off (usually they do), then you speed up. You stay fast until they start tailgating you again, at which point you let off your gas.
One key is probably not to use your brakes, which makes this too obvious. I don't really want them consciously thinking about the fact that I am actively braking. That'll just piss them off.
I'd say this works about half the time, and probably won't trigger any road rage. But the flip side is that it does fail about 50% of the time.
I also don't know if I'm really "conditioning" that 50% or not, but as an engineering-type I say who cares if the logic is right if it works? 50% is still an improvement over 0%.
It's not really a nationality thing, IMHO, it's a rural/urban thing.
Detroit drivers are (by my standards) assholes. By Boston standards, they are polite.
Go 100 miles west of Detroit and I have no complaints about the drivers at all.
I've heard hair-raising tales about a number of European cities, but I'd bet that in the rural areas the people are just as polite as the nicest US drivers. (Can't guarantee it, but I don't feel like I'm going out on a limb.)
The media companies don't really approve of TiVos, even, they just haven't figured out to stop them legally. They don't approve of, well, anything. It's not a hard guess that once something has been locked up, they wouldn't approve of you unlocking it.
cfulmer's sibling to my post is a much more interesting counterpoint.
A further interesting point is that while TiVo may not have directly contracted with the media companies (and maybe they did, I just don't remember and if they do have a formal contract none of my internet searches could find it), they clearly added this protection to placate them, and it's pretty clear the media companies wouldn't approve of this.
'Course, unless you run Linux but have never watched a DVD, you've pretty much already opened that door.
IANAL, but while I'm sure you could argue either way, I'm pretty sure that the better argument is that the DMCA is intended to allow non-owners to add protection, as TiVo is here, for exactly the sort of things TiVo is doing.
The general idea is that the problem you describe will be solved on a higher level than the tags themselves, on the simple grounds that tags effectively can not self-label their own reliability. (That's a bit of a simplification, but in practice that's what it boils down to.)
Google's PageRank is nothing if not such a higher-level reputation system.
Multiple systems should compete and the "best" should win. Theoretically.
We're getting there, but even relatively modest MP3 collections by modern standards still can consume entire laptop hard drives, let alone some of the dinky MP3 players.
Until everybody can put their entire collection onto at least a laptop hard drive, and still have room to put other things on there, we'll still want compressed music.
I say "laptop hard drive" because CPUs are pretty much at the point where we could read in FLAC and spew out a customized MP3 for a smaller portable player, so I don't think that's as important, but it is also a factor. (We don't do that because we still assume the hard-drive MP3 will already be compressed; as we move away from that we'll develop live-encoding infrastructure. If you can still hear the artifacts from a portable player from a 320Kbps mp3, you must be listening with $200 headphones in some sort of silence chamber.) It'd be even easier to deal with uncompressed music if I could dump my entire FLAC collection out to a flash-based player.
(We'll also eventually want multi-channel music, but even in the worst case scenario that only roughly doubles music size, and as I understand it that's not how multi-channel music is encoded anyhow, certainly not if you're going to FLAC or FLAC-alike it..)
Along with any number of other good answers, I'd also point out that Microsoft has a very poor security track record and is hardly in a position to be making ominous threats about other people's security.
Here's a search for "Microsoft" on the Open Source Vulnerability Database. ("Open Source" here refers to the nature of the database, not covering only open source products.) Pop in any other large closed-source vendor you can think of and you'll find something. ("Oracle" is another personal favorite. It may have "Enterprise-class" performance, which I can't vouch for either way having never used it, but it sure doesn't have "Enterprise-class" security.)
I think the main problem with the implied argument is that you don't need source code to find security vulnerabilities (in fact it might not even be helpful given the other cracking techniques you can use), but you do need it to fix them, with rare exceptions.
If you didn't insist on holding your Polonium 210 in your hands, they might not be (thermally) cold and dead.
You're right. I'll have to add that to any future desensitization posts I make.
:)
You've got to ease people in to it though; jump them straight to "you eat radioactive foods every day" and they'll probably just flat-out disbelieve you. First you need to show that a low level is perfectly normal.
I did enjoy your panicking over a billion! year half-life. It's a big number, that must be worse, right?
Because there is nothing special about radiation.
Too many people think of radiation as this magical, unstoppable death ray; I call this the OMG RADIATION!!1! attitude.
Fact is, there's a whole whackload of far more dangerous things you can get your hands on legally and easily, not least of which is any number of guns, which are also very dangerous when handled carelessly or by an unskilled/untrained operator.
Cigarettes and alcohol are pretty dangerous too, and I couldn't even begin to list the deadly poisons we can stroll into any store and buy completely legally. You can start with the pest control isle, then add the majority of the cleaning isle, and then maybe a lot of the automotive liquids (antifreeze in particular is a dangerous thing if you've got pets or children around), then tack on much of the agricultural isle. Note that I'm not listing products, I'm listing store sections, because that's how readily available these things are.
Honestly, the only reason to prefer radioactive substances to poison someone is because it plays right into the OMG RADIATION!!1! attitude, which even here on "enlightened" slashdot is in ample supply. It's just another deadly poison; no less, but no more.
(To break yourself of the OMG RADIATION!!1! attitude, I recommend the following: Learn about background radiation levels. (If you think that "normal radiation" levels are "zero", you are firmly in the grip of OMG RADIATION!!1!.) Learn how X-Rays work and how they compare to background. Learn about how smoke detectors work; odds are very good that you are within a few tens of meters of an OMG RADIOACTIVE! substance. This will either break you of panicking, or give you a heart attack; either way you'll be free of OMG RADIATION!!1!.)