One of my pet peeves with SSL is the ominous warnings that are presented when the certificate is not signed by a "trusted party".
First of all, I think it is useful to have encryption, even if you don't verify the identities of the endpoints.
Secondly, there are often more ominous warnings for SSL-without-verification than for cleartext communication. This seems backwards to me.
Thirdly, if you look at the trusted parties, there is often a list which includes many organizations most users have never heard of, let alone really have a basis to trust. Some trusted parties actually have rather troubled histories.
I think it is good to think about how to make our communications more secure. Particularly, users often expect their communications to be private; only known to themselves and the intended recipient. I think we should work to make protocols actually behave that way, and SSL could be a part of this. Which means we need to critically evaluate SSL, too.
I rather think everybody, or at least most people, should profit from the government. Otherwise, what would be the point? But I think we are trying to say the same thing in different ways: when government money is stuffed in pockets and no service of at least equivalent value is performed, almost everybody loses, and that's a Bad Thing.
I remember how, in the 1990s, the Unisys LZW patent was such a big deal that an alternative to GIF (PNG) was created, promoted, and support for it added to web browsers.
Now, when we're talking about video in the 2010s, software patents are apparently such a non-issue that many people advocate going with H.264, despite patent restrictions. This while court battles are being fought over patents by some of the same companies who hold H.264 patents. Personally, I say we should have at least one standardized, supported video format that is not patent-encumbered. That way, we have somewhere to run if need be, and perhaps that will actually prevent the patent holders from going after us. It seems to have worked so far.
I read TFA, and to me, it seems like a bunch of samples that aren't necessarily comparable nor do they necessarily agree with each other.
This is interesting as a starting point, and I applaud Tom's Hardware for the effort they have put into this article, but I think we will need a lot more data before we can get meaningful conclusions.
What did surprise me, though, are the return rates on hard disks. Multiple percent in a single year seems high to me! I'm glad I'm not in the hardware business.
It is a pity that the data was stolen before adequate protection was put into place, but it seems to me TN BCBS took the right steps afterwards:
1. They sent out alerts to those affected, both current and former members
2. They now encrypt all their stored data
Of course, this will not prevent all possible leaks, but at least it shows they are taking protection of their customers' data seriously, and have put in serious work to protect that data. I wish more organizations did that. Way to go, BCBS of Tennessee!
If your Bank decided to put a list of all bank accounts that have recently been accessed on its home page, would you blame the identity thieves for stealing all your money, or would you blame the bank for broadcasting your information?
I would do both. The thieves for stealing my money, and the bank for not taking sensible precautions to prevent this from happening.
Good points, and I would really like to know which VCS is superior, after all.
The problem is, it's not easy to find out. There are a lot of people saying "hg is better than git", without backing that up with any arguments. That doesn't tell me a whole lot. Then there are people saying "hg is better than git" with some arguments I don't understand. And the same is true for other claims (that git is best, or that Bazaar is best, and what have you).
All I know is that git works for me, works for some really large and complex projects, interoperates with various other VCSes, is fast, and that I like it better than other systems I've used (Subversion, CVS and RCS). The only thing that I don't like about it is its treatment of empty directories.
Should I try some of the other DVCSes? I'm sure I should. That would probably be the best way to see for myself which one works best for me. However, git is good enough that, so far, I haven't bothered to spend the time to really dig into any other system.
That's a big leap, from "more Americans than Dutch die per billion km traveled" to "texting while driving is so dangerous that statements like 'I hope you hit a tree' are appropriate".
So you would like to prioritize this over other reasons to have an accident, like speeding, driving without corrective lenses, driving with an injury, driving while drunk, and driving while sleepy?
Not necessarily, no. Apologies if I gave that impression. I think the prevailing principle should be that if you are in control, you are responsible for the safety of your passengers, yourself, and everyone else. Given that, you should not be driving if you can't see well enough, are too sleepy, etc.
As far as enforcement goes, it gets a little trickier, because what exactly is "too sleepy", how do you establish that, and how do you deal with the fact that it is basically a judgment call, and there are various things that affect that judgment (for example, feeling less sleepy because you've had coffee)? However, some things are rather clear cut, such as, for example, having inoperative brakes or lights on the car, breaking rules such as which side of the road to drive on, red lights, etc.
I think that if someone does something clearly wrong, that they knew to be wrong, and got into an accident because of it, they have demonstrated that they cannot be trusted to drive safely, and revocation of their license would be appropriate.
Also, it is worth noting that accidents don't only happen because _you_ are doing something wrong. You could get into an accident because someone else does something stupid. Personally, I think that traffic safety is a game we play together, and you have to have a bit of margin for when other people mess up. I have never been in an accident while I was driving, but I have been in a couple of near accidents because people did stupid things, like changing lanes or crossing without looking.
I also think that traffic laws should be made so that the vast majority can get along safely. Maybe you are an above average driver and can handle higher speed and a higher level of distraction safely. But if that were the case, I bet you wouldn't want to have the rules relaxed so that everybody could do that, if the result would be massive traffic jams because of people who, in your words, can't control their cars.
Despite all that has been written about driver distraction, there is still a lot that we do not know, Much of the research is incomplete or contradictory. Clearly, more studies need to be done addressing both the scope of the problem and how to effectively address it
This is somewhat surprising, given that governments around the world have taken steps to ban gadget use (especially talking on the phone) while driving. You would think they would do this based on evidence that it actually posed a significant safety risk, but if that were the case, you would also expect that research would clearly show this. Clearly, something is fishy here.
Personally, I like to focus on driving when I'm at the wheel, because I can't bear the thought of getting into (not necessarily even causing) an accident because I wasn't paying attention. Clearly, other people are not so worried. And, apparently, it's difficult to clearly established if they should be.
That may work, but you saying it on Slashdot probably isn't going to help implement that solution.
I'm actually curious: what is the penalty you get for causing an accident by being involved in activities other than driving while you're in control of the vehicle? This is a case where I suspect that steep penalties may actually help, e.g. "Don't use your phone while driving, or your driver's license will be revoked if you get into an accident."
I have hands free bluetooth built into my car with voice command. It's soo much easier than using a headset.
My guess is that people are too cheap to buy the equipment that lets them use their phones hands-free.
Also, a lot of people think that they _can_ safely use their phones while driving. They know that accidents happen when people do that, but they always happen to _other_ people, you know.
Some people are too stupid to realize the danger. Others are too intelligent. Others know it's dangerous, but it won't matter if you do it just this once. Taken together, I fear people who will text or talk on their phones while driving are a rather large percentage of all drivers.
Although I'm all for natural selection....
So am I. Now, if only there were a way to make it only apply to people doing stupid things... The problem is, in traffic, it's common for innocent people to get harmed because others were being stupid.
I've never liked HDMI, because the first time I heard about it, it was immediately mentioned that HDMI would include a digital restrictions management system, which would be used by various vendors to plug the analog hole.
And now this.
Words just cannot describe. "Oh my lord! They're making something that interoperates with our standard! We can't allow that to happen!"
For some strange reason, though, it seems that devices the supposedly royalty-free DisplayPort are actually more expensive than HDMI with all these shenanigans. Does anybody know how that works? Because, you know, there may come a time when I will have to abandon the good old VGA port, and I would like to move to something with as little silliness as I can find.
Yes, you are right. Pandora has been plagued by manufacturing problems. The nice thing is that they are throwing a lot of that out in the open. I think it's a nice illustration of how challenging it can be to get hardware manufactured. I hope we can learn a lot from this experience and do better in future. This, and the fact that I still think Pandora is very cool, is why I hope the project succeeds - at least well enough to make it to the next device. In the meantime, my heart goes out to the team, and to all those who ordered Pandoras but haven't received them yet.
It might be retro, but what does it say about open sources ability to compete against closed source? It seems it's currently over 20 years behind.
*shrug*
Yeah, maybe it's not your cup of tea.
Personally, I don't think it is a matter of behind, or even any kind of competition. I just think Uzebox is really cool, and has a lot of fun games. Also, I like the challenge of programming for systems with limited hardware.
If you want something more powerful, check out this post pointing out, among other things, some ARM-based hardware.
While on the subject, I'd also like to point out some other projects I've found interesting:
OpenPandora, a community-designed, Linux-running handheld. The specs are pretty impressive, by today's standards, but were even more impressive when it was first introduced. Best thing is, they're now manufacturing and shipping!
For those who like to tinker themselves, there is the BeagleBoard, a cheap (as they come) single board computer with impressive specs, designed for open source software. The Wikipedia article lists a number of alternatives, some of which may be more powerful and/or cheaper.
One interesting alternative to the BeagleBoard is the Hawkboard, which is backed by its own community. It's slightly less powerful than the BeagleBoard, but, at 89 USD, also costs quite a bit less.
And then there's the ever-popular Arduino, which comes in several varieties. You can buy them assembled starting at about 20 USD, or build your own for under 10 USD. They can be extended with "shields", e.g. to get extra I/O capabilities. Pretty cool stuff!
Personally, I am still tinkering around with resistors and transistors and the like, designing and simulating circuits with Qucs (which I feel is a lot more production-ready than that website suggests) and my Nokia N900, but any of the above hardware looks like it might be a nice next step up.
If you want more cost-per-kWh numbers, and numbers that aren't from a renewable energy group, you can take a look at Wikipedia:Cost of electricity by source.
But at least in my opinion we are on the right path.
We disagree, then, and that's fine. You make some good points in your post. Many plug-ins are subobtimal. Many technologies that are used through plug-ins aren't universally implementable, due to not being open standards. Distracting update mechanisms are annoying.
On the other hand, I regard all these things as accidental, or as results of choices you are free to make differently. Content could be offered through technology based on open standards. Implementations could be better. Updates could be managed quietly through a central update mechanism. In fact, these things are true for almost everything I use.
You may be right that putting a lot of functionality in the web browser will reduce the amount of plug-ins you have, and thus the amount of distractions and compatibility issues you get from updates. I don't have any of those issues now, so it probably wouldn't make a difference for me. What will happen is that browsers will become larger and more complex. I am afraid this will lead to more bugs, more vulnerabilities, and more frequent need to update. On balance, things may still get better for you, but they may get worse for me. That could explain why you think it's the right path, and I think it's the wrong path.:-)
Regarding images, this is rather a funny story. The img element was included in the first standardized version of HTML, HTML 2.0 in 1995. Images were already supported before that, but support varied by browser (as is the case nowadays, by the way): the original WorldWideWeb actually allowed for images, videos, and sound, though, as you say, not inline. Mosaic was the first web browser to display images inline, in 1993. Lynx, I think, still does not display images inline, being a text-based web browser. I believe that this is fully compliant with HTML, as HTML doesn't actually have much to say over how things are displayed (other than a few elements like b, and i).
Because of the good extension-system, Firefox could be a rock-solid browser while all the experimental stuff and new functionality is done in extensions.
Exactly. It's like they finally managed to trim out a lot of bloat, and then immediately started adding new bloat again.
This is also the objection I have against HTML 5. With XHTML, we were moving towards a small, extensible core of HTML, which would have allowed us to mix and match and have proposed extensions compete against one another. Meanwhile, we had browser plugins working just fine to get non-HTML things like video and interactive applications on the web. But now they want to move all that into HTML 5. Do we really want that in the core of our web browsers, and carry it around for years to come? I know I don't.
Slashdot Mirror
One of my pet peeves with SSL is the ominous warnings that are presented when the certificate is not signed by a "trusted party".
First of all, I think it is useful to have encryption, even if you don't verify the identities of the endpoints.
Secondly, there are often more ominous warnings for SSL-without-verification than for cleartext communication. This seems backwards to me.
Thirdly, if you look at the trusted parties, there is often a list which includes many organizations most users have never heard of, let alone really have a basis to trust. Some trusted parties actually have rather troubled histories.
I think it is good to think about how to make our communications more secure. Particularly, users often expect their communications to be private; only known to themselves and the intended recipient. I think we should work to make protocols actually behave that way, and SSL could be a part of this. Which means we need to critically evaluate SSL, too.
no one should profit of the government.
I rather think everybody, or at least most people, should profit from the government. Otherwise, what would be the point? But I think we are trying to say the same thing in different ways: when government money is stuffed in pockets and no service of at least equivalent value is performed, almost everybody loses, and that's a Bad Thing.
It's interesting how attitudes have changed.
I remember how, in the 1990s, the Unisys LZW patent was such a big deal that an alternative to GIF (PNG) was created, promoted, and support for it added to web browsers.
Now, when we're talking about video in the 2010s, software patents are apparently such a non-issue that many people advocate going with H.264, despite patent restrictions. This while court battles are being fought over patents by some of the same companies who hold H.264 patents. Personally, I say we should have at least one standardized, supported video format that is not patent-encumbered. That way, we have somewhere to run if need be, and perhaps that will actually prevent the patent holders from going after us. It seems to have worked so far.
I just did a new install on a previously Chrome-less Windows box, and it handled an h.264-only <video> element just fine.
And you're complaining about this?
I read TFA, and to me, it seems like a bunch of samples that aren't necessarily comparable nor do they necessarily agree with each other.
This is interesting as a starting point, and I applaud Tom's Hardware for the effort they have put into this article, but I think we will need a lot more data before we can get meaningful conclusions.
What did surprise me, though, are the return rates on hard disks. Multiple percent in a single year seems high to me! I'm glad I'm not in the hardware business.
It is a pity that the data was stolen before adequate protection was put into place, but it seems to me TN BCBS took the right steps afterwards:
1. They sent out alerts to those affected, both current and former members
2. They now encrypt all their stored data
Of course, this will not prevent all possible leaks, but at least it shows they are taking protection of their customers' data seriously, and have put in serious work to protect that data. I wish more organizations did that. Way to go, BCBS of Tennessee!
If your Bank decided to put a list of all bank accounts that have recently been accessed on its home page, would you blame the identity thieves for stealing all your money, or would you blame the bank for broadcasting your information?
I would do both. The thieves for stealing my money, and the bank for not taking sensible precautions to prevent this from happening.
How does this map to what actually happened?
Good points, and I would really like to know which VCS is superior, after all.
The problem is, it's not easy to find out. There are a lot of people saying "hg is better than git", without backing that up with any arguments. That doesn't tell me a whole lot. Then there are people saying "hg is better than git" with some arguments I don't understand. And the same is true for other claims (that git is best, or that Bazaar is best, and what have you).
All I know is that git works for me, works for some really large and complex projects, interoperates with various other VCSes, is fast, and that I like it better than other systems I've used (Subversion, CVS and RCS). The only thing that I don't like about it is its treatment of empty directories.
Should I try some of the other DVCSes? I'm sure I should. That would probably be the best way to see for myself which one works best for me. However, git is good enough that, so far, I haven't bothered to spend the time to really dig into any other system.
For those not in the know, which included me a few minutes ago, Lighthouse was apparently a research project aimed to make Qt easier to port to different graphics systems. Was, because it has now been integrated with Qt 4.8, according to the page at that link.
That's a big leap, from "more Americans than Dutch die per billion km traveled" to "texting while driving is so dangerous that statements like 'I hope you hit a tree' are appropriate".
So you would like to prioritize this over other reasons to have an accident, like speeding, driving without corrective lenses, driving with an injury, driving while drunk, and driving while sleepy?
Not necessarily, no. Apologies if I gave that impression. I think the prevailing principle should be that if you are in control, you are responsible for the safety of your passengers, yourself, and everyone else. Given that, you should not be driving if you can't see well enough, are too sleepy, etc.
As far as enforcement goes, it gets a little trickier, because what exactly is "too sleepy", how do you establish that, and how do you deal with the fact that it is basically a judgment call, and there are various things that affect that judgment (for example, feeling less sleepy because you've had coffee)? However, some things are rather clear cut, such as, for example, having inoperative brakes or lights on the car, breaking rules such as which side of the road to drive on, red lights, etc.
I think that if someone does something clearly wrong, that they knew to be wrong, and got into an accident because of it, they have demonstrated that they cannot be trusted to drive safely, and revocation of their license would be appropriate.
Or maybe you have just been lucky so far.
Also, it is worth noting that accidents don't only happen because _you_ are doing something wrong. You could get into an accident because someone else does something stupid. Personally, I think that traffic safety is a game we play together, and you have to have a bit of margin for when other people mess up. I have never been in an accident while I was driving, but I have been in a couple of near accidents because people did stupid things, like changing lanes or crossing without looking.
I also think that traffic laws should be made so that the vast majority can get along safely. Maybe you are an above average driver and can handle higher speed and a higher level of distraction safely. But if that were the case, I bet you wouldn't want to have the rules relaxed so that everybody could do that, if the result would be massive traffic jams because of people who, in your words, can't control their cars.
Despite all that has been written about driver distraction, there is still a lot that we do not know, Much of the research is incomplete or contradictory. Clearly, more studies need to be done addressing both the scope of the problem and how to effectively address it
This is somewhat surprising, given that governments around the world have taken steps to ban gadget use (especially talking on the phone) while driving. You would think they would do this based on evidence that it actually posed a significant safety risk, but if that were the case, you would also expect that research would clearly show this. Clearly, something is fishy here.
Personally, I like to focus on driving when I'm at the wheel, because I can't bear the thought of getting into (not necessarily even causing) an accident because I wasn't paying attention. Clearly, other people are not so worried. And, apparently, it's difficult to clearly established if they should be.
Uh, stop using gadgets while driving?
That may work, but you saying it on Slashdot probably isn't going to help implement that solution.
I'm actually curious: what is the penalty you get for causing an accident by being involved in activities other than driving while you're in control of the vehicle? This is a case where I suspect that steep penalties may actually help, e.g. "Don't use your phone while driving, or your driver's license will be revoked if you get into an accident."
I have hands free bluetooth built into my car with voice command. It's soo much easier than using a headset.
My guess is that people are too cheap to buy the equipment that lets them use their phones hands-free.
Also, a lot of people think that they _can_ safely use their phones while driving. They know that accidents happen when people do that, but they always happen to _other_ people, you know.
Some people are too stupid to realize the danger. Others are too intelligent. Others know it's dangerous, but it won't matter if you do it just this once. Taken together, I fear people who will text or talk on their phones while driving are a rather large percentage of all drivers.
Although I'm all for natural selection....
So am I. Now, if only there were a way to make it only apply to people doing stupid things ... The problem is, in traffic, it's common for innocent people to get harmed because others were being stupid.
I've never liked HDMI, because the first time I heard about it, it was immediately mentioned that HDMI would include a digital restrictions management system, which would be used by various vendors to plug the analog hole.
And now this.
Words just cannot describe. "Oh my lord! They're making something that interoperates with our standard! We can't allow that to happen!"
For some strange reason, though, it seems that devices the supposedly royalty-free DisplayPort are actually more expensive than HDMI with all these shenanigans. Does anybody know how that works? Because, you know, there may come a time when I will have to abandon the good old VGA port, and I would like to move to something with as little silliness as I can find.
I don't think the government of the GDR was actually overthrown; I've always been told that they resigned.
Yes, you are right. Pandora has been plagued by manufacturing problems. The nice thing is that they are throwing a lot of that out in the open. I think it's a nice illustration of how challenging it can be to get hardware manufactured. I hope we can learn a lot from this experience and do better in future. This, and the fact that I still think Pandora is very cool, is why I hope the project succeeds - at least well enough to make it to the next device. In the meantime, my heart goes out to the team, and to all those who ordered Pandoras but haven't received them yet.
It might be retro, but what does it say about open sources ability to compete against closed source? It seems it's currently over 20 years behind.
*shrug*
Yeah, maybe it's not your cup of tea.
Personally, I don't think it is a matter of behind, or even any kind of competition. I just think Uzebox is really cool, and has a lot of fun games. Also, I like the challenge of programming for systems with limited hardware.
If you want something more powerful, check out this post pointing out, among other things, some ARM-based hardware.
Uzebox is cool!
While on the subject, I'd also like to point out some other projects I've found interesting:
OpenPandora, a community-designed, Linux-running handheld. The specs are pretty impressive, by today's standards, but were even more impressive when it was first introduced. Best thing is, they're now manufacturing and shipping!
For those who like to tinker themselves, there is the BeagleBoard, a cheap (as they come) single board computer with impressive specs, designed for open source software. The Wikipedia article lists a number of alternatives, some of which may be more powerful and/or cheaper.
One interesting alternative to the BeagleBoard is the Hawkboard, which is backed by its own community. It's slightly less powerful than the BeagleBoard, but, at 89 USD, also costs quite a bit less.
And then there's the ever-popular Arduino, which comes in several varieties. You can buy them assembled starting at about 20 USD, or build your own for under 10 USD. They can be extended with "shields", e.g. to get extra I/O capabilities. Pretty cool stuff!
Personally, I am still tinkering around with resistors and transistors and the like, designing and simulating circuits with Qucs (which I feel is a lot more production-ready than that website suggests) and my Nokia N900, but any of the above hardware looks like it might be a nice next step up.
If you want more cost-per-kWh numbers, and numbers that aren't from a renewable energy group, you can take a look at
Wikipedia:Cost of electricity by source.
Or, rather, like Master and Apprentice.
But at least in my opinion we are on the right path.
We disagree, then, and that's fine. You make some good points in your post. Many plug-ins are subobtimal. Many technologies that are used through plug-ins aren't universally implementable, due to not being open standards. Distracting update mechanisms are annoying.
On the other hand, I regard all these things as accidental, or as results of choices you are free to make differently. Content could be offered through technology based on open standards. Implementations could be better. Updates could be managed quietly through a central update mechanism. In fact, these things are true for almost everything I use.
You may be right that putting a lot of functionality in the web browser will reduce the amount of plug-ins you have, and thus the amount of distractions and compatibility issues you get from updates. I don't have any of those issues now, so it probably wouldn't make a difference for me. What will happen is that browsers will become larger and more complex. I am afraid this will lead to more bugs, more vulnerabilities, and more frequent need to update. On balance, things may still get better for you, but they may get worse for me. That could explain why you think it's the right path, and I think it's the wrong path. :-)
Regarding images, this is rather a funny story. The img element was included in the first standardized version of HTML, HTML 2.0 in 1995. Images were already supported before that, but support varied by browser (as is the case nowadays, by the way): the original WorldWideWeb actually allowed for images, videos, and sound, though, as you say, not inline. Mosaic was the first web browser to display images inline, in 1993. Lynx, I think, still does not display images inline, being a text-based web browser. I believe that this is fully compliant with HTML, as HTML doesn't actually have much to say over how things are displayed (other than a few elements like b, and i).
Exactly. It's like they finally managed to trim out a lot of bloat, and then immediately started adding new bloat again.
This is also the objection I have against HTML 5. With XHTML, we were moving towards a small, extensible core of HTML, which would have allowed us to mix and match and have proposed extensions compete against one another. Meanwhile, we had browser plugins working just fine to get non-HTML things like video and interactive applications on the web. But now they want to move all that into HTML 5. Do we really want that in the core of our web browsers, and carry it around for years to come? I know I don't.
That was my first thought, too, but then, the hardware to support 10Gb Ethernet currently costs quite a lot more than $50.
USB 3.0, on the other hand, has gotten quite affordable, and there are lots of USB 3.0 devices already on the market. Of course, it's 4Gb, not 10Gb.