Take an album. Have two different featured soloists. The album is now split into two separate "albums" in album based view, one with the pieces with one soloist, the other with those with the other soloist. If you listen to concertos, this is a problem since they so often have a featured soloist.
The view you're referring to is more about some of the basic views I ended up using. I wanted to use the other views in older iTunes. I did. But it insisted on emphasizing artist rather than composer, even though that was deselected.
Odd, completely grayed out for me. Might be the difference that I'm using smart playlists, not regular ones. I create playlists based on combinations of genres or comments put in the comments field (Moody is a nice tool for me).
I know many people have suggested songbird in the past. I was able to pretty well ignore the functions I didn't want, so it didn't bother me. "Mac alternatives to iTunes" turns up lots of sites that suggest a few other options.
Too many of the same old flaws are still there. For example, it insists on sorting artist rather than composer in many views. If I have an album where two different pieces have different featured soloist artists, it insists in some views as treating it as two separate albums, while other views may not. For larger works, this can be a problem, like the complete symphonies of Haydn.
Groupings remain the red-headed stepchild, poorly used, despite being the only way to logically group together movements of a larger work within an album.
It introduced a few new flaws. In playlist view, it appears trivial to turn on shuffle and start playing a random piece. In library/songs view, that no longer appears possible. Multiple testing shows it always plays the first piece of the playlist, then shuffles.
The column browser is gone, just gone inside a playlist. I have some very large playlists. I want to be able to use the column browser within that playlist. I now have to go outside the playlist to the library view and use that, hoping I remember correctly the criteria that form the smart playlists.
I never had much of a performance issue, so I can't speak to that, but the first thing I turned off was album art based views. If I wanted an album, I'd pick it from the column browser.
They are also correlated (according to the state transportation official I talked to who was pushing one in my area) with higher car on pedestrian injuries, and are more likely for new drivers to have loss of control accidents compared to more traditional intersections. These loss of control accidents often end up with the vehicle striking the very areas pedestrians are expected to stand, waiting for minutes for a break in traffic to safely cross.
I've done SOX compliance more than once or twice. For IT workers, SOX is fundamentally, have logging, separation of duties, and a strong security policy that you follow.
Much of the SOX rules boil down to "do you have a security policy that covers topics A, B and C? Now, do you follow it for systems that have significant financial impact?"
There is so much misinformation about the IT requirements alone of the SOX audit that I used to spend hours on end explaining what our real rules were. Then I let a coworker deal with SOX while I worked PCI.
Comfort is king. Most road bikes I've seen look like they are clumsily constructed torture devices. Put a real comfort seat on the thing and people who aren't dedicated bikers might be more willing to ride them. Even the *mart places don't tend to put actual comfortable seats on, they put on these halfway seats that look like they are only intended to be comfortable as long as you don't actually ride on them.
We got our bikes at a dedicated bike shop with shock absorbers, an extra comfortable seat, and a recommendation based on how we intended to use them. The result? A bike that is ridden regularly, all over. It has wider tires, but it's comfortable. It is easy to go halfway across town and run minor errands.
Yes, because a check fraud conviction with a judicially applied condition of not using the Internet except under approval of the court appointed authority is such an uncommon offense against free speech that I've seen and heard it described as "a routine condition". When one is convicted of a crime, one loses certain rights. That's completely consistent with the 14th amendment, deprivation of liberty with due process.
I've come face to face with the "pre-union" results of education. Students who didn't perform were socially promoted, stuck in the back of the class because they knew they couldn't flunk the student out and didn't want to deal with them for another year. Better to just hand them off to the next teacher.
The result is adults who cannot read even now in their 60s or older. Any math beyond making change? Impossible.
Their education level was so rudimentary that a modern fifth grader is expected to know more reading, more math, more history (except for the parts these older adults lived through).
Yes, I've met also many highly educated people in their sixties, seventies and eighties, but I also have known personally enough who were socially promoted or encouraged to stop learning and then drop out without even being able to read to know that the problems you describe in education are hardly knew.
The problems you describe aren't new, aren't unique to the era of union teachers, unless you're saying they existed back before WWII through today.
When I was a child, that would be considered 30 minutes longer than traditional. I agree it isn't much longer and some schools have gone to such day lengths.
Actually, doing lots of problems is the right way to study math, no matter how much or little aptitude the student has. It doesn't matter if it is elementary school arithmetic, or high school calculus. I've heard so many stories of math students even in the college level come in not understanding even the basics of not only the math they should know, but how to study the material. The real galling thing? Is when the student who does not turn in their homework begs the instructor to let them pass, despite doing very poorly on their tests.
And no, it's not in any way bad for a student to study for a couple hours a day over the summer. I might suggest a bit of variety in the week, say twice a week math, leaving other subjects for the other weekdays. Maybe a little history that isn't the pilgrims and civil war, or music (theory or performance).
I hear music teachers bemoan every summer how every student immediately puts down their instrument for three months and refuses to touch it. When they come back, they've lost a lot of their ability and their practice ability. The teachers know about taking a break, and often offer fun pieces in different areas, or suggest a lighter practice schedule. There's a difference between taking a bit of a break and turning off the brain.
That culture predates extensive standardized testing. Even when such tests were introduced, a lot of students knew that it had no impact on their individual grades.
The four day week has interesting implications. Currently, our culture says that students should spend no more than 180 days in school per year. Accounting for 104 weekend days, 14 break days (using the federal holidays for a number, as that is one of the most generous in the US), you have 67 days off. That's incredibly generous.
If one took your four day week, that means 210 days, leaving 30 days for breaks scattered through the year. Quite generous, and if distributed evenly, would result in no longer a school year (still averaging 180 days), but avoiding the extra long break which is the real problem I've heard many a teacher complain about.
So teachers are now to blame for students coming in with an attitude of "I am supposed to forget everything I learned last year over the summer" and do not come at all prepared to learn?
Even RSA admits no one should use a 4 digit PIN. The reason the PIN is acceptable in length is the only way to test a PIN is valid or not is to use it with the code to enter a passcode on an authentication site. If you are allowing over a thousand bad guesses, you're doing something else wrong. The PIN is used to modify the 8 digit token displayed on the screen and then that result is what is entered. Hardware tokens still have you enter PIN and token manually in some cases (not all hardware tokens work this way), but the packet is in theory encrypted. You do make them authenticate over an encrypted channel, right?
Yes, someone might compromise the device with the software token, but that in theory should be hard. That's why people tell you to keep that bit better protected than most. Is it perfect? Of course not. We're breaking all six (5+1) rules of computer security (first being, don't have a computer). The point of this stronger authentication is never perfect security. Of course, no matter what authentication you use, if you actively compromise their source device completely, you'll get through it. It is to complicate the attack significantly.
In my job, whenever people say security must be cumbersome, I'm asked to go in and teach them that for the level of security appropriate to where I work, we can almost always find a clean solution. Good security, properly done, is done by professionals in a manner to hide most of it from the user so the user thinks it invisible.
Always keep your threat model in mind. Are you trying to protect against selected 3-6 letter government agencies with datacenters full of true supercomputers? Or are you trying to protect against a lesser threat?
The point of such software is the software alone is worthless. You still need that second factor of the "something you know" to make any use of it. For example, you must compromise both the device and the PIN in the SecurID case. As I understand, the software somehow binds itself to some kind of machine identifier on installation, and that is used in device setup, making migration difficult if not impossible. Maybe it is using a hostID to modify the generated number. Not necessarily impossible to fake, but raising the difficulty level.
We as security geeks are a bit two faced about authentication. We want good authentication services, we don't want a central authentication repository that can invade our privacy by knowing everywhere we authenticate. We want google to authenticate us with more than a simple password, we don't want to give google too much data about ourselves. We don't want to give a dedicated authentication service information about who we are authenticating to.
The solution that most comes to mind is a kerberos style approach where you create a ticket that anyone can validate readily, but they don't need to talk to the central repository to do so. You do need to talk to the central repository to create said ticket though, which would make availability crucial. Of course there are problems with this approach, but one has to start somewhere with tossing ideas out.
The old "security must be cumbersome" theory is one I'm constantly fighting in my job. My standard counterexamples are centralized security logs vs managing per system local logs, SSH keys vs local passwords. Even how we do SecurID is a lot simpler than local passwords for me.
Every factor could theoretically be reduced to something you "know", except it isn't something you know, because you can't key it in manually. Even a hardware token is really "something you know" in the strictest sense, the seed. But that's not what is generally meant by security folks when they speak of multi-factor.
The Google authenticator app last I saw only worked on android devices. Not everyone has a fancy cell phone. Some of us make do with a regular computer or laptop.
I think Google is trying to do mostly the right thing, but is falling down in implementation. Personally, I'm a fan of public key authentication of the client rather than just the server. Sometimes, older ideas really are good. We don't need brand new ones, just realizing how to reapply the old ones.
I've used real multi-factor auth in the form of SecurID. It isn't cumbersome. Doing it right doesn't have to be a PITA. If Google wanted to make it easy, they'd distribute a SecurID like local app to disgorge one time passwords when poked with your local passphrase.
Currently, I use the mobile SecurID app because my work phone I can treat like my physical factor. The fact that I can't copy that to another phone and have it "just work" suggests that it was done right here. (I'm not on the SecurID support team).
We aren't trying to protect national secrets here. Always keep in mind your threat model when designing your security. The real failure of Google's design is it presumes everyone has a mobile phone supporting SMS that they are willing to use regularly.
The TSA always gets nervous when they see me about to enter the scanner holding a permitted object in my hand? They have told me I should not feel safe in the security area.
The object in question is an emergency asthma inhaler. The TSA panics completely when someone has an asthma attack in the security area.
The first exit interview I did was used by HR to write the requirements to hire my replacement. I was hired as a very junior SA, but did intermediate SA work, and the shop could no longer survive on a brand new SA. (I was the most senior SA technical skills wise in the division).
In my case, the manager blew it and forgot to tell HR I was leaving until I went down to turn in my badge. This was typical for him. HR was rather upset I was leaving because I gave them support on their computers and printers, so they knew who I was.
Two weeks later, I saw two job requests at my old job, both for people of at least intermediate skills, to replace me. A month after that, I was told by former coworkers that my boss (who was a major reason I was leaving) had been forcibly transferred out of the department.
My answer to why I was leaving was not a lie, but it was not the whole truth either. I emphasized a positive about why I was leaving rather than a negative. "I'm moving to a position with more opportunity for growth and a significant salary increase" (both true.) I raised concerns over the level of employee the company was hiring not as a statement of incompetence of $boss (though true) but as a statement of the complexity of the job when I left.
When I checked them out a few months ago, I didn't see more than one movie in three that had any captioning. It was simply awful. Things I read around that time said that Netflix had added some content, but chose not to continue aggressively adding closed captioning. I then dropped the service entirely. That was one of my selection criteria to decide if I'd go for more than the free trial.
Incorrect, though I suppose I should not feed the trolls. Closed captioning for wordless music is usually either "music playing" or similar. I have seen "upbeat jazz playing" before. That is sufficient.
For music with lyrics, the lyrics themselves are often shown with music symbols on both sides, when the voice fades to intelligibility, the closed captioning will say that.
No, I'm not deaf, but I leave the closed captioning all all the time, it helps deal with incompetent sound engineers that think that dialog should be much quieter than every other sound in the movie.
Reasonable is not the same as no additional cost. For example, at work, a reasonable accommodation for me was to move me from one building to another. The cost to the company was not zero. But it was still considered an ADA mandate.
Many people do not understand that the ADA requires reasonable (not every) accommodation. Damages are limited to accommodation only, unless my memory has completely failed me.
I've had to use the ADA for work more than once. Most of the time, it works well with minimal hassle. I notify the appropriate office, they take the claim and my request, and then ask management if they concur. In one case, the manager literally jumped at my suggested solution. (It gave him a political out to get something done he wanted done before, but couldn't find an excuse to justify it to his management.) I've heard of cases where it wasn't as effective. What we hear about are those troublesome cases.
Providing closed captioning as an optional track is far from an unreasonable effort to accommodate others. It isn't even for the legally deaf. I know people with hearing loss who can hear, but have a hard time with conversations. It makes it more enjoyable for them. We used closed captioning as a subtle way to help a child learn to read, them constantly seeing the words associated with the speech.
The hatred against the ADA here is disgusting. Netflix has been criticized for years for choosing not to obtain closed captioning in any form for even movies where it is available. It's why I dropped them after their free trial. They can do it, they just have chosen not to. Doing it won't end the world for them or others.
Slashdot Mirror
Take an album. Have two different featured soloists. The album is now split into two separate "albums" in album based view, one with the pieces with one soloist, the other with those with the other soloist. If you listen to concertos, this is a problem since they so often have a featured soloist.
The view you're referring to is more about some of the basic views I ended up using. I wanted to use the other views in older iTunes. I did. But it insisted on emphasizing artist rather than composer, even though that was deselected.
Odd, completely grayed out for me. Might be the difference that I'm using smart playlists, not regular ones. I create playlists based on combinations of genres or comments put in the comments field (Moody is a nice tool for me).
I know many people have suggested songbird in the past. I was able to pretty well ignore the functions I didn't want, so it didn't bother me. "Mac alternatives to iTunes" turns up lots of sites that suggest a few other options.
Too many of the same old flaws are still there. For example, it insists on sorting artist rather than composer in many views. If I have an album where two different pieces have different featured soloist artists, it insists in some views as treating it as two separate albums, while other views may not. For larger works, this can be a problem, like the complete symphonies of Haydn.
Groupings remain the red-headed stepchild, poorly used, despite being the only way to logically group together movements of a larger work within an album.
It introduced a few new flaws. In playlist view, it appears trivial to turn on shuffle and start playing a random piece. In library/songs view, that no longer appears possible. Multiple testing shows it always plays the first piece of the playlist, then shuffles.
The column browser is gone, just gone inside a playlist. I have some very large playlists. I want to be able to use the column browser within that playlist. I now have to go outside the playlist to the library view and use that, hoping I remember correctly the criteria that form the smart playlists.
I never had much of a performance issue, so I can't speak to that, but the first thing I turned off was album art based views. If I wanted an album, I'd pick it from the column browser.
They are also correlated (according to the state transportation official I talked to who was pushing one in my area) with higher car on pedestrian injuries, and are more likely for new drivers to have loss of control accidents compared to more traditional intersections. These loss of control accidents often end up with the vehicle striking the very areas pedestrians are expected to stand, waiting for minutes for a break in traffic to safely cross.
I've done SOX compliance more than once or twice. For IT workers, SOX is fundamentally, have logging, separation of duties, and a strong security policy that you follow.
Much of the SOX rules boil down to "do you have a security policy that covers topics A, B and C? Now, do you follow it for systems that have significant financial impact?"
There is so much misinformation about the IT requirements alone of the SOX audit that I used to spend hours on end explaining what our real rules were. Then I let a coworker deal with SOX while I worked PCI.
Comfort is king. Most road bikes I've seen look like they are clumsily constructed torture devices. Put a real comfort seat on the thing and people who aren't dedicated bikers might be more willing to ride them. Even the *mart places don't tend to put actual comfortable seats on, they put on these halfway seats that look like they are only intended to be comfortable as long as you don't actually ride on them.
We got our bikes at a dedicated bike shop with shock absorbers, an extra comfortable seat, and a recommendation based on how we intended to use them. The result? A bike that is ridden regularly, all over. It has wider tires, but it's comfortable. It is easy to go halfway across town and run minor errands.
Yes, because a check fraud conviction with a judicially applied condition of not using the Internet except under approval of the court appointed authority is such an uncommon offense against free speech that I've seen and heard it described as "a routine condition". When one is convicted of a crime, one loses certain rights. That's completely consistent with the 14th amendment, deprivation of liberty with due process.
Nightshade is very organic. So is e. coli, and most of the nastier parasites around.
And that is why I won't eat organic.
I've come face to face with the "pre-union" results of education. Students who didn't perform were socially promoted, stuck in the back of the class because they knew they couldn't flunk the student out and didn't want to deal with them for another year. Better to just hand them off to the next teacher.
The result is adults who cannot read even now in their 60s or older. Any math beyond making change? Impossible.
Their education level was so rudimentary that a modern fifth grader is expected to know more reading, more math, more history (except for the parts these older adults lived through).
Yes, I've met also many highly educated people in their sixties, seventies and eighties, but I also have known personally enough who were socially promoted or encouraged to stop learning and then drop out without even being able to read to know that the problems you describe in education are hardly knew.
The problems you describe aren't new, aren't unique to the era of union teachers, unless you're saying they existed back before WWII through today.
When I was a child, that would be considered 30 minutes longer than traditional. I agree it isn't much longer and some schools have gone to such day lengths.
Actually, doing lots of problems is the right way to study math, no matter how much or little aptitude the student has. It doesn't matter if it is elementary school arithmetic, or high school calculus. I've heard so many stories of math students even in the college level come in not understanding even the basics of not only the math they should know, but how to study the material. The real galling thing? Is when the student who does not turn in their homework begs the instructor to let them pass, despite doing very poorly on their tests.
And no, it's not in any way bad for a student to study for a couple hours a day over the summer. I might suggest a bit of variety in the week, say twice a week math, leaving other subjects for the other weekdays. Maybe a little history that isn't the pilgrims and civil war, or music (theory or performance).
I hear music teachers bemoan every summer how every student immediately puts down their instrument for three months and refuses to touch it. When they come back, they've lost a lot of their ability and their practice ability. The teachers know about taking a break, and often offer fun pieces in different areas, or suggest a lighter practice schedule. There's a difference between taking a bit of a break and turning off the brain.
That culture predates extensive standardized testing. Even when such tests were introduced, a lot of students knew that it had no impact on their individual grades.
The four day week has interesting implications. Currently, our culture says that students should spend no more than 180 days in school per year. Accounting for 104 weekend days, 14 break days (using the federal holidays for a number, as that is one of the most generous in the US), you have 67 days off. That's incredibly generous.
If one took your four day week, that means 210 days, leaving 30 days for breaks scattered through the year. Quite generous, and if distributed evenly, would result in no longer a school year (still averaging 180 days), but avoiding the extra long break which is the real problem I've heard many a teacher complain about.
So teachers are now to blame for students coming in with an attitude of "I am supposed to forget everything I learned last year over the summer" and do not come at all prepared to learn?
Even RSA admits no one should use a 4 digit PIN. The reason the PIN is acceptable in length is the only way to test a PIN is valid or not is to use it with the code to enter a passcode on an authentication site. If you are allowing over a thousand bad guesses, you're doing something else wrong. The PIN is used to modify the 8 digit token displayed on the screen and then that result is what is entered. Hardware tokens still have you enter PIN and token manually in some cases (not all hardware tokens work this way), but the packet is in theory encrypted. You do make them authenticate over an encrypted channel, right?
Yes, someone might compromise the device with the software token, but that in theory should be hard. That's why people tell you to keep that bit better protected than most. Is it perfect? Of course not. We're breaking all six (5+1) rules of computer security (first being, don't have a computer). The point of this stronger authentication is never perfect security. Of course, no matter what authentication you use, if you actively compromise their source device completely, you'll get through it. It is to complicate the attack significantly.
In my job, whenever people say security must be cumbersome, I'm asked to go in and teach them that for the level of security appropriate to where I work, we can almost always find a clean solution. Good security, properly done, is done by professionals in a manner to hide most of it from the user so the user thinks it invisible.
Always keep your threat model in mind. Are you trying to protect against selected 3-6 letter government agencies with datacenters full of true supercomputers? Or are you trying to protect against a lesser threat?
The point of such software is the software alone is worthless. You still need that second factor of the "something you know" to make any use of it. For example, you must compromise both the device and the PIN in the SecurID case. As I understand, the software somehow binds itself to some kind of machine identifier on installation, and that is used in device setup, making migration difficult if not impossible. Maybe it is using a hostID to modify the generated number. Not necessarily impossible to fake, but raising the difficulty level.
We as security geeks are a bit two faced about authentication. We want good authentication services, we don't want a central authentication repository that can invade our privacy by knowing everywhere we authenticate. We want google to authenticate us with more than a simple password, we don't want to give google too much data about ourselves. We don't want to give a dedicated authentication service information about who we are authenticating to.
The solution that most comes to mind is a kerberos style approach where you create a ticket that anyone can validate readily, but they don't need to talk to the central repository to do so. You do need to talk to the central repository to create said ticket though, which would make availability crucial. Of course there are problems with this approach, but one has to start somewhere with tossing ideas out.
The old "security must be cumbersome" theory is one I'm constantly fighting in my job. My standard counterexamples are centralized security logs vs managing per system local logs, SSH keys vs local passwords. Even how we do SecurID is a lot simpler than local passwords for me.
Every factor could theoretically be reduced to something you "know", except it isn't something you know, because you can't key it in manually. Even a hardware token is really "something you know" in the strictest sense, the seed. But that's not what is generally meant by security folks when they speak of multi-factor.
The Google authenticator app last I saw only worked on android devices. Not everyone has a fancy cell phone. Some of us make do with a regular computer or laptop.
I think Google is trying to do mostly the right thing, but is falling down in implementation. Personally, I'm a fan of public key authentication of the client rather than just the server. Sometimes, older ideas really are good. We don't need brand new ones, just realizing how to reapply the old ones.
I've used real multi-factor auth in the form of SecurID. It isn't cumbersome. Doing it right doesn't have to be a PITA. If Google wanted to make it easy, they'd distribute a SecurID like local app to disgorge one time passwords when poked with your local passphrase.
Currently, I use the mobile SecurID app because my work phone I can treat like my physical factor. The fact that I can't copy that to another phone and have it "just work" suggests that it was done right here. (I'm not on the SecurID support team).
We aren't trying to protect national secrets here. Always keep in mind your threat model when designing your security. The real failure of Google's design is it presumes everyone has a mobile phone supporting SMS that they are willing to use regularly.
The TSA always gets nervous when they see me about to enter the scanner holding a permitted object in my hand? They have told me I should not feel safe in the security area.
The object in question is an emergency asthma inhaler. The TSA panics completely when someone has an asthma attack in the security area.
The first exit interview I did was used by HR to write the requirements to hire my replacement. I was hired as a very junior SA, but did intermediate SA work, and the shop could no longer survive on a brand new SA. (I was the most senior SA technical skills wise in the division).
In my case, the manager blew it and forgot to tell HR I was leaving until I went down to turn in my badge. This was typical for him. HR was rather upset I was leaving because I gave them support on their computers and printers, so they knew who I was.
Two weeks later, I saw two job requests at my old job, both for people of at least intermediate skills, to replace me. A month after that, I was told by former coworkers that my boss (who was a major reason I was leaving) had been forcibly transferred out of the department.
My answer to why I was leaving was not a lie, but it was not the whole truth either. I emphasized a positive about why I was leaving rather than a negative. "I'm moving to a position with more opportunity for growth and a significant salary increase" (both true.) I raised concerns over the level of employee the company was hiring not as a statement of incompetence of $boss (though true) but as a statement of the complexity of the job when I left.
When I checked them out a few months ago, I didn't see more than one movie in three that had any captioning. It was simply awful. Things I read around that time said that Netflix had added some content, but chose not to continue aggressively adding closed captioning. I then dropped the service entirely. That was one of my selection criteria to decide if I'd go for more than the free trial.
Incorrect, though I suppose I should not feed the trolls. Closed captioning for wordless music is usually either "music playing" or similar. I have seen "upbeat jazz playing" before. That is sufficient.
For music with lyrics, the lyrics themselves are often shown with music symbols on both sides, when the voice fades to intelligibility, the closed captioning will say that.
No, I'm not deaf, but I leave the closed captioning all all the time, it helps deal with incompetent sound engineers that think that dialog should be much quieter than every other sound in the movie.
Reasonable is not the same as no additional cost. For example, at work, a reasonable accommodation for me was to move me from one building to another. The cost to the company was not zero. But it was still considered an ADA mandate.
Many people do not understand that the ADA requires reasonable (not every) accommodation. Damages are limited to accommodation only, unless my memory has completely failed me.
I've had to use the ADA for work more than once. Most of the time, it works well with minimal hassle. I notify the appropriate office, they take the claim and my request, and then ask management if they concur. In one case, the manager literally jumped at my suggested solution. (It gave him a political out to get something done he wanted done before, but couldn't find an excuse to justify it to his management.) I've heard of cases where it wasn't as effective. What we hear about are those troublesome cases.
Providing closed captioning as an optional track is far from an unreasonable effort to accommodate others. It isn't even for the legally deaf. I know people with hearing loss who can hear, but have a hard time with conversations. It makes it more enjoyable for them. We used closed captioning as a subtle way to help a child learn to read, them constantly seeing the words associated with the speech.
The hatred against the ADA here is disgusting. Netflix has been criticized for years for choosing not to obtain closed captioning in any form for even movies where it is available. It's why I dropped them after their free trial. They can do it, they just have chosen not to. Doing it won't end the world for them or others.