Re:No more car tinkering...
on
42-Volt Autos
·
· Score: 1
I'm not gonna argue with the dictionary, but I don't think it is all that out of line to think of using your hands to bridge some potential as a short circuit...
It's not a short circuit, it's simply a completed circuit. I don't even like Webster's definition...
Really a short circuit is when the current flow is taken on an alternate path, bypassing the path it was intended to go -- shorting (making shorter) the circuit (path of flow of electrons).
Grabbing two battery terminals with your hands -- even if it kills you -- isn't shorting any circuit, rather, simply adding another one in parallel.
Here's my spin on bloat: If the size or maintenance/learning requirements of an application makes its use inconvenient, relative to the features it provides, then it's bloated.
I agree for the most part. Most of the time I don't consider abundance of features to be bloat, unless those features interfere with the purpose of the application.
This is especially irritating when it's a program that has a very simple task. Winamp 3.x does video playback and contains a "mini-browser", for reasons I'll likely never understand. It used to be a good, fast MP3 player. Most instant messaging programs are the same way: they provide some simple task, but instead hog tens of megabytes of memory, and feature tons of unnecessary bloat. I agree about Real Player as well.
Windows XP "themes", as much as I hate that everything these days needs to be skinnable, is not bloat in my opinion. Since the theming is pretty much bolted-on (it's really not all that integrated), you can turn it off, and it will never interfere or slow you down. Thus, it's not bloat IMO. Likewise, I don't care how much is added to the Linux kernel, it's not bloat as long as I have the option of not enabling it (the download size is, to me personally, negligable).
I think you said it best here:
This definition obviously changes over time, context and individual user...
I used to consider Gnome and KDE both to be quite bloated -- and if I were installing on an older machine, I'd definitely look elsewhere. But today, my slowest machine runs Gnome with no problems, and I have come to appreciate some of the features now that I can take them for granted (as far as system resources goes).
I did fine in Opera 7.10, but my real question is, hwo can a server know what browser you are if you fake the string? I mean, I've been to sites and had "Identify as MSIE 6.0" on but it still gave me the "not compatible" issue. Is it some feature they check just to weed out browsers? And to what end?
I was baffled by this with Capital One's banking site. I finally realized they were using JavaScript to detect the browser, which is totally independant of the UA string. No browser I am aware of allows changing what JavaScript reports.
JS browser detection is used frequently, but mostly to determine what JS code needs to be used. In some cases, though, the JS then redirects to the appropriate URL (the real site, or the "Upgrade Now" page).
This is often the worse one to fix. Because they will not beleave any independent party telling them that their security is flawed or just Crap. Then they will get openly hostile to that party because they are a threat of thier "I am Administrator so I am God" persona.
I personally think that this falls into one or both of these:
# Admins who don't know better (or aren't really "admins") # Admins that don't give a crap
The cocky admin who can't accept constructive criticism or advice makes for a VERY bad admin.
MS may well not treat the information the same way, but tracking bugs has become increasingly important as applications get increasingly larger and more complex.
Yes, except that it does this for ANY software that crashes. Meaning, if my program crashes, Windows asks the user to report the problem to Microsoft. Granted there is an exclusion list in the registry that you can set upon install (I now do this), but I don't understand why Microsoft wants bug reports on my (or anyone else's) software.
Quality probably isn't exciting, but radio is the source so it's not going to be great no matter what you do.
With any "hi-fi" VCR (which has a digital audio track) that has a decent AGC unit, you can get pretty decent audio out of it. Some radio shows actually use a VCR to archive their shows, since (as you mentioned) you can fit 6 hours on a tape. Even a long morning show can be completely archived on a single VHS tape.
Note that cheaper VCRs will tend to have crappy AGC, so even though it's digital it's been compressed pretty badly. A good JVC unit (from experience) serves well for archiving long radio shows, however.
Of course, unless you have a VCR in your car, this doesn't help in that case unless you then copy to another medium. Personally I'd use a PC to capture (shell script/cron job) and encode on-the-fly to MP3, then burn to an RW disc (I recently picked up a nice Pioneer MP3/CD player for my car:) As long as you remember to put the RW disc in the burner, you can automate the whole process (listen in the car, come home, put disc in PC, lather, rince, repeat...)
You're a few years out of date here... Tape - 120 minutes.
I don't know if it's still true today, but I recall most car cassette players recommending against using 120-minute tapes due to their easy edibility...
256 MB=256 minutes? Thus, 1 MB/minute, or 1024 KB/60seconds, or ~16.4KB/second or 128kb/s, which is a reasonable MP3, but not great.
But around the same quality as most consumer cassette decks. Realistically if you're talking about talk radio, you can get away with a much lower bitrate easily.
Again, Apple iPod, where the entire player is about the size of the tape cassette.
Which would be neat. I don't know if the iPod actually records, but if it does you could easily record from your home unit, and use the AUX-input on your car unit (if applicable) to make this work. Not quite as automated, but doable...
However, there are two MAJOR benefits to tape over flash/HD, though - first is that signal is recorded immediately. In HD/Flash systems, a table of contents has to be written after the recording is over... if batteries fail or something happens during the recording, the machine could fail to write the TOC, and the entire session is gone (unless you are able to reproduce or spoof a TOC... Have to do that all the time on Minidiscs, for the same reason).
I would assume that a system like this would be pretty versatile. If using a normal or (better still) journaled filesystem, without too much meta-data requirements, it would be easily doable. TiVo can survive a power failure without losing but maybe a couple seconds of data.
Other major benefit - tape can have confidence heads... while recording on the record head, you can listen off the playback head, and KNOW that your signal is going on to tape cleanly. Can't do that on flash or HD systems.
Two points: a) how many consumer (not pro- or semi-pro) decks have this feature?
And b) sure you can. TiVo does just that when you pause/rewind "live" TV: it reads what it just finished writing. I'd assume that this functionality would be incorporated into an audio Tivo-like device...
With all that out of the way, I don't personally see much use out of it. Sure, it'd be nice to be able to "instant replay" radio at times, but I generally use radio as background noise while I work. I don't care much for talk radio anymore, and when I need music I have CD/MP3/etc...
You've got a little experience and windows breaks and you do a reinstall, possiblly reformatting. Linux breaks well-- you still have about the same options available, except the reinstall isn't nearly as streamined or easy.
I agree that the installation procedure isn't quite as easy, but it's gotten very nice and painless in recent years.
The biggest issue is that you very rarely have to reinstall Linux. No matter what breaks, there is a way to fix it. Unless you trashed the disk, or did enough dammage to require a full reinstall, most of the time you can fix whatever is broken without resorting to that.
Consider the case where you replaced a DLL with a bad version. Maybe it can be fixed (the "recovery console" may help you if you know how to use it). In Linux, you trashed glibc, you boot with a boot disk and a statically-linked shell, and fix the problem (this is from experience).
Worse in Windows is when you get a blue-screen error that comes up on boot, and since the default in 2000/XP is to "reboot automatically", you never get to see the error message. I fought with that for about 6 hours. Microsoft's support recommendation? Install a parallel copy of 2000, edit the old registry, telling it not to auto-reboot, then continue troubleshooting. Not having time for all that, I just reinstalled Windows.
I can think of many times where the only solution in Windows is to reinstall. On the contrary, I have a RedHat 6.1 box that was my first Linux box, and has survived many hardware upgrades and continues to serve me well. Kernel and libc/glibc updates, upgrade to ext3, security patches, etc -- never a need to "upgrade" the OS or reinstall.
Finally, even if it were absolutely necessary, if your system is properly configured it's very easy to retain all of your important data files. If your/home/ is a separate partition, and you store all your stuff there (as it should be), reinstalling the OS doesn't mean wiping out your data. In Windows this can be done, but it's not as simple...
Patches: Windows has daily updates now, but SPs still are rather far apart. Linux doesn't have a central patch repository unless your distro has one. New distro version releases are mor common than windows SPs (in some distros.)
Try fixing the MSIE issue that allows deleting arbitrary files without installing XP SP1. You can do it, but not with an official patch -- SP1 is required for that. If you just want to fix that serious problem, without installing a whole service pack, you have to resort to a third-party solution.
Granted, RedHat releases eratta constantly (enough that I had to unsubscribe from that announcement list), but the vast majority are addressing very minor issues that affect a small percentage of users. Things Microsoft would never even bother letting anyone know about -- because we don't have the source to find it ourselves. It's only when some rogue hacker runs across a vulnerability that MS takes action -- and in many cases it's in the form of a many-megabyte service pack, rather than just replacing the one file that is affected (in many cases).
Sorry, no - compression makes everything louder (compresses the dynamic range).
Well, technically compression doesn't make anything louder. It simply reduces the gain on material that is above a certain threshold. When you increase (or "make up") the gain, you then make the quieter parts louder, but essentially you're just reducing the dynamic range overall. Quiet parts aren't nearly as quiet in comparison to the louder parts as they were before.
Also, uncompressed audio doesn't tend to sound flat and static - it might sound less punchy, but think of a classical symphony that goes between pianissimo and fortissimo... is that flat and static? Nope. However, compress it so that it only goes between forte and fortissimo. Now, it's flat. Punchy, but flat.
Well, maybe it's subjective, but I consider "punchy" to be compressed by nature. Compressed, but with a slow attack. Quite frequently used on drums and bass, it gives you a hard attack and a mellow fade-out, which to me is "punchy".
Flat is when you compress to the point that everything is the same level -- no dynamic range. Just listen to any pop radio station for an example; quiet parts are loud, loud parts are loud, everything maxes out the potential range of the FM broadcast as much as possible. That's flat.
Classical music is often considered the ultimate test of a system. The dynamic range is so intense that any amount of compression is easily noticable. So is even the slightest S/N ratio, because you can easily have 36-40 db of range between quiet and loud passages. You either want to not compress classical music at all (best), or have someone who *really* knows what they're doing tweak the compression. Listen to a typical classical radio station, and you'll likely hear the best use of compression you've ever heard.
Listen, software plugins have the same potential for abuse as any hardware device.
I agree. Remember when the Sampler became popular in (around) 1986? There were a few "revolutionary" songs (Nu Shooz, Stacy Q) who hit big primarily due to use of this new technology, but then *every* pop song was using sampling. It became old fast. Now you can't listen to a Rap/Hip-Hop song without hearing samples (or entire choruses) from other songs.
I agree that it's not the tools themselves that are the problem. Abuse any tool -- an analog compressor, EQ, reverb, distortion, etc -- and you'll sound like crap. The fact that one can point-and-click new effects, and over-process the hell out of stuff, is nothing new. A little easier, perhaps, but that doesn't place the blame on the tool itself.
I think you'd be surprised if you knew just how many of your favorite recordings were recorded, arranged, and produced digitally.
Exactly, most recordings these days (and as far back as the late 80's) are done mostly digitally. Much music lately is nearly all electronic (Linkin Park, Evanescense, even NIN) and, like any tool, some nice, new, truly revolutionary effects can be done with them. But just like the Sampler years ago, they can be abused and over-used.
So its Windows' FAULT that there a people that there are bad systems administrators?
Well, when you look at it that way, yes. Windows makes it easy for Joe Schmoe to call himself a 'systems administrator' even though he has no talent, skills, experience, ability, and is using disks he picked up at a yard sale for $10. Sorry, it's a crappy piece of software, and it encourages people to use it in crappy ways.
Far end of the extreme, but consider - if the only server tools out there were million-dollar Sun and IBM machines, all of the recording engineers would be really good - not just because of the tool, but because if they're willing to invest that much in it, they've probably also invested in training and have the knowledge to use those tools well.
I know that was bad, but seriously, the tools make it easier to do bad, yes, but that doesn't place the blame on the tools themselves.
Ever hear a bad engineer using good hardware? It's pretty easy to over-compress the hell out of something using one of my Behringer MX1400's, just as easily as it would be in NGWave or Pro-Tools or any other audio editor. Same with EQs, reverb, "effects", etc.
Don't blame the tools just because they reduce the barrier of entry -- one still should learn to use the tool properly. If they don't, it's not the tools' fault.
I've never personally used Pro-Tools (couldn't afford it), but the wave display (by your description) is pretty much standard. If you display the wave-form logarithmically, it wouldn't be natural (the metaphor is usually an oscilloscope). VU metering of course should be log3...
However, I would have though something that expensive would snap to zero-crossings more easily, or do an auto-cross-fade for any editing functions (NGWave -- shameless plug -- is the only editor I know to do this so smoothly;)
Now I'm considering giving the option to display the wave-form in a logarithmic manner if desired, I'm curious what that might look like...
People over compress/limit analog recordings all the time now too. Also, Anteres, the company that makes the oft-hated auto tuner, has a rack-mount version that people use with analog gear.
I agree, but the digital counter-parts make it easier for someone to pretend like they know what they're doing, and ulimately screw up what could have been a great recording.
Consider your average radio station. Most of your Clear Channel stations, instead of employing an audio geek to tune the EQ and compression, use a multi-band compressor with presets -- and thus they all sound the same. Which is to say, like crap, but very loud, all the time, even during quiet passages. And with a steep decline at about 200Hz to avoid resonation in cars, since drive-time is their main ratings target.
Older stations -- typically classic-rock or classical stations that have been on the air a while -- usually sound much better. Quieter (more dynamic) and better, because someone sat down and tweaked the settings possibly for hours, instead of loading up a preset from a 3.5" diskette.
(although digital compression and retuning are out of the question, for instance)
The only thing digital compression has over analog compression is that you can achieve a zero- (or even pre-) attack. Aside from that, most digital comrpession algos attempt to mimic analog compression techniques, and some go as far as attempting to mimic tube compressors.
In fact, most of your better digital processing is trying to mimic, as closely and mathematically as possible, their analog counterparts. EQ, reverb, etc...
Now of course the digital realm brings you new things like the re-tuning (more like, pitch "correction"), time-shifting, sampling, etc. But none of these specific digital tools are really the problem.
Give a bad producer a few Behringer compressors, a Mackie mixer, and some serious pro effects, and he can fuck up any good master recording. Good equipment (and good software) doesn't make for good mix-downs, only a good producer can do that.
That's the problem here, and it's not a problem with PT. It's a problem with humans. It's just too easy with PT to wring the soul out of music, and people are doing it all the time.
I agree, it's not the tools but the people using the tools. The difference is mostly in what the general public will accept. If they'll buy garbage at high prices, then why spend the time making it sound better? We'll save that for bands who are true artists, who unfortunately appeal to the minority (those who actually care about audio quality, not just a CD that sounds "loud").
Re:Indeed - but we can hope for a pendulum effect.
on
Cheap Audio Production
·
· Score: 1
I'm personally hoping for an "anti-pro tools movement" that may bring genuinely *good* music back into the mainstream.
There's nothing inherently bad about digital processing, really. It's about not knowing what you're doing.
Look at Windows vs Unix. Unix admins have a barrier of entry, and thus typically learn about security and what-not. With Windows, anyone can point-and-click a web server, without having to consider security issues. Thus, it's easy to screw up.
Same with audio. With things like Pro-Tools (crazily over-priced, but very powerful software and in many cases worth every penny) it's easy for someone to become a "producer". The thing is, a producer who really knows what they are doing -- who can set a (hardware) compressor and EQ correctly, who can max out an FM broadcast without sounding like crap -- can do wonderful things with Pro-Tools and the like. But any joe-average can point and click a horrible recording.
I would say that some of the best (and worst) recordings come from Pro-Tools.
Pop music is unlistenable because:
1) They have this idea that "louder" == "better". So they compress the hell out of the program.
Sevendust's first CD is pretty good, done in a smaller studio (I don't recall where). Their second disc sounds like utter crap -- it's compressed way too hard. Every time the bass drum kicks, the entire program drops out.
2) Most recordings are targetting car stereos. In a typical car, you have odd frequency characteristics (notice most radio stations drastically reduce the 200-300 Hz band) and lots of noise (road, engine, etc). Compress the hell out of it, and your quiet passages can be heard over road noise.
3) People simply do not care about audio quality. They *think* they do, but they really don't. The same person who buys the overly-compressed Britney Spears CD will go re-purchase it in SACD format because it's "higher quality". Even though you could zero-out the lower 8-bits on the 16-bit CD and the person wouldn't notice the difference.
Look at the popularity of the 8-track. Possibly the worst quality medium ever sold to the general public, but for a long time it was what the average person was happy with.
So, these studios are giving the people what they want (eg, what they will purchase), not what the people *think* they want (high quality -- they simply get the illusion of high quality), and not what the more intelligent want, because we're in the minority.
There are some bands for whom the interaction is vital to their sound. I know a smaller band who did a demo CD in a small-ish studio (which lacks the equipment to do a proper "live" set), and while the audio quality was great, the music lacked quite a bit compared to their live shows.
Then there are bands like Evanescense, where it's mostly electronic and over-dubbed, and to do a live show it takes some 8 people to pull it off (for a normally 3-person band). I've yet to see them live (they're here in Atlanta right now) but I do enjoy their music...
Then you have NIN, which is almost a one-man band, who does amazing things both in the studio and in live shows.
In all, it totally depends on the band, and how "in tune" they are with the producers. Metallica does mostly over-dubbing, yes, but they have their own studio, and Bob Rock kicks ass (their producer). As much as I hate Metallica as of late (mostly due to the Napster issue), they do a great live show, and they do great in the studio.
As for your typical "pop" music, that's all over-dubbing, multi-tracking, tweaking, processing, and of course heavy compression (because we all know, the "louder" the CD is, the better it must be... remember when CDs first came out and studios took advantage of the massive resolution? Now it may as well be magnetic tape... I don't know how they expect to sell DVD-Audio or SACD, given that they crunch the current 16-bits so hard it may as well be 8-bit... but I digress)
As a poweruser of all software platforms I often have multiple programs that do similar things. One I might fire up if I just need to do something quick, another if I need something more powerful, and still another that might offer a unique feature that I need every now and then.
Right, but they don't all have to be preinstalled as part of the distro. Windows XP integrated a lot of functionality (like drag 'n' drop CD burning) that, for many users, obsoletes the need to download/purchase a third party application. Windows Media Player and MSIE have both become very popular applications not because they are the best or most powerful, but because they are there already.
And of course, power users download Mozilla, Opera, WinAmp, etc and have no problems. That's where the install/uninstall support is important. But by default, the best/most popular/most suitable choice should be installed, and the rest are optional, or require a download.
I have also considered putting together my own distro, and trying to make it very easy to use, nice graphical installer, nice bootup sequence, etc. But, of course, time is the issue...
One day I had the speakers cranked, and unplugged, (I had just worked on a sound card) and out shot a trucker's voice from his CB.
CB's aren't representative of typical wireless electronics though. I used to be into the CB, and people tend to run linear RF amps on the things, boosting them from the 4 watts allowed to hundreds, with like 90% modulation (sometimes more). These amps are very dirty, unfiltered class AB RF amps, and will interfere with anything.
Back in the day, we used to get free vaccuums at the car wash -- just key up next to it, it kicked on. I also witnessed a drive-thru clerk quickly throw his headphones off when a horrible squeal emitted from them. Keying up at 250 watts, with the antenna literally 3 feet from his headphones, was not a good idea...
Anyway, I've heard cell phones interfere with various things. Specifically a Motorola (Nextel) phone a friend had would interfere with the PC speakers, and even the car stereo if the antenna was close (a foot or so) to the dash.
It's that whole spread-spectrum burst thing. Rather than transmitting a continuous, steady frequency, they do big bursts of RF power; this lets them get out further (more power) without killing the battery (low duty cycle). It also causes a distinct interference.
I'm honestly not completely sure how Mozilla implements Bayesian classification, but I was under the assumption that it did do both. Paul Graham's method involves a corpus of good and bad, and provides for a method to move a message from one corpus to the other (eg, when marking a message as spam, it's removed from the "good" corpus and added to the "bad").
So I assumed Mozilla's implementation was following Paul's specification, but I could be wrong. I do know that, prior to the newer types of spam messages, it worked very well (and still does on the "obvious" stuff). But my false-positive rate has gone up significantly, which I suspect is partly due to my marking the sneaky ones as spam. It throws the whole system off when the difference between good and not-good email is so slight (in the realm of classification).
An article I read a while back -- and disagreed with at the time -- puts some of this into perspective, and can be found here. I'm starting to see first-hand some of his points, and he may be correct. Basically, he says that once spammers defeat Bayesian classification, there's not much more we can do (as far as automated filtering that is).
Bayesian is the answer to spam. Once you try it you won't go back.:)
I agree to an extent. I started using Bayesian classification since Mozilla 1.3a (I think) implemented it.
After a couple weeks of "training", it was dead-on accurate. Very little slipped through.
It's been a few months now, and it's gotten worse. Much of my spam seems to be one-liners like "Here's that URL we were looking for:..." Others contain mis-spellings in common spam-related words, and slip by the filters.
Marking the ones that slip through as Junk causes more problems with false-positives. It's also too easy for a notification from a company that you *did* request, to get marked as spam.
In all, Bayesian is great, and far better than anything else I've ever seen -- but it isn't the holy grail unfortunately. Plus, it's fairly easy for a spammer to tweak his message against a relatively common corpus. I believe that most people would come to the same conclusions as to whether or not something was spam -- and thus an "average" corpus is trivial to create, and tweak your spam against.
I think it'll only get worse if Bayesian classification finds its way into more people's mailboxes. I'd almost prefer that it remain a "geek only" thing (though one could say the same about the Internet itself, and we wouldn't have this problem;)
Every time you use a closed source app for something critical you _are_ taking the vendors word that it is fit for purpose.
Even if the vendor never gave that word?
If it is not, they should be liable.
Because you assumed that their product would be fit for your specific purpose?
Really now, you get what you pay for. The market doesn't want reliable software. More accurately, the market doesn't want to pay for reliable software.
If there were regulations requiring that software be up to some arbitrary standards, on some arbitrary combination of hardware -- I wouldn't be in the business. It wouldn't be worth the risk of being sued because someone used my software, in some mission-critical manner, that I couldn't have foreseen.
Realistically, I think things should remain as they are. Look at the electronics components industry. Many (most) components specify that they are not intended for use in life-critical systems. Parts that *are* certified for this cost many times more, due to the serious testing *and* the serious liability that goes with making that claim.
The same thing happens with software: you want mission critical, you buy/contract software from someone willing to assume that risk. NASA's programmers are paid to do just that. Microsoft is catering to average users. If I run a life-critical system under Windows XP, that's my fault -- just like if I used cheap replacement components in a life-support system's electronics.
I see nothing wrong with stating in an EULA that a product is not fit for any purpose. If that is not acceptable to you -- and in any critical situation, it shouldn't be -- then find something else that makes the guarantees you (or your particular task) requires.
SMTP being replace, that's a possibility. But with "trusted authorities" such as Verisign? Never. Those of us already having to deal with Verisign (or Microsoft or whoever) do NOT want something as important as email to be completely in someone else's hands.
SMTP should be replaced by a protocol that requires authentication. That's the biggest probley (open relays) really. Going any further than that will be more of a pain than its worth.
As for everything else (including IPv4), there are too many old clients out there (old meaning unsupported by the vendor). There are enough Windows 95 clients out there, not to mention other systems where upgrades are simply unnecessary otherwise, to where changing the underlying protocol simply won't happen.
Incremental upgrates, sure. We'll probably end up replacing SMTP -- or updating it -- to support, or even require, authentication. In a few years. We may even supplant FTP with SFTP or some other more secure variant.
But to try and simply replace a major, established protocol -- with no backward compatibility -- simply will not happen. There will be enough resistance and reluctance to make it infeasible; then the upgraders will have to begin supporting both "legacy" and new protocols, and we'll be in a bigger mess than before.
So, my opinion is this: we'll slowly, with full backward compatibility, supplant older protocols with updated ones -- perhaps via adding extensions to them (like SMTP Authentication), allowing slow upgraders to catch up as needed. No revolutionary changes will happen, no forced upgrades...
Right now, tape drives are the right cost/benefit compromise. Could they be better? Yes. Would it cost a lot more? Yes. Why are you using hard drives over tape, when tape holds so much more for the cost?
That's not the right cost/benefit compromise. You said it yourself:
Speed matters.
So, you don't want to compromise that much speed for such little cost savings.
Solid state storage offers much more speed, but an even greater price jump. In most cases, this isn't the right compromise either.
So we have magnetic hard disk storage. Fast enough for most tasks, and inexpensive. The best compromise for most uses.
Just because one is more expensive than the other doesn't rule it out, if they're both relatively affordable for the performance.
And nobody is ruling out any options. Magnetic tape drives are well suited for backups. In that case, tape drives tend to offer the best cost/benefit compromise.
Solid state storage has plenty of uses as well; the article describes a couple of situations where it can be extremely beneficial.
But for most desktop and even server applications, the magnetic hard disk really is the best option.
Smart cards? You mean like the ones for DSS, that are so easily hacked?
Totally different technology. DSS cards sacrificed security for convenience and cost. They weren't intended to be truly secure. Also note that (for the most part) DSS is a strictly one-way transmission, thus a public/private key pair wouldn't work, unless it dialed up every time you changed channels.
True "Smart Cards" keep a private key internally, that cannot be read or accessed in any way from the outside. The better ones will, for all practical purposes, self-destruct if physically tampered with.
If the Smart Card simply decrypts data with the private key, then authentication becomes:
Server encrypts some random data using Public key Card decrypts data, gives it back to the server Server compares decrypted data with original
Unless you can somehow pull the private key from the card itself, which is *extremely* difficult (if not impossible), you won't comprimise it.
Combine it with a PIN, and now you have two obstacles. Once the user notices the card missing, in most cases they'll report it, and that card will be denied any access, PIN or no PIN.
Let's be a little more creative here rather than just labelling users as retarded or stupid. If a majority of people find passwords hard to remember or deal with, maybe we just aren't doing it right.
I wouldn't say retarded or stupid, but I would say Lazy. People *can* remember long passwords. People don't care. The average person doesn't think it's a big deal -- or doesn't believe that someone would want to hack into the company system with their login.
Plus, even if it does happen, the evil hackers would be blamed, not the user who had a weak password.
Think about this: how many telephone numbers does the average person remember? And the associated names? And the other members of the families accessible via that number? And the stories of how they all interconnect? What kind of car they drive, how much they make, etc?
People *can* remember things. But if it's not important to that person -- or the importance/risk is not immediately obvious -- they'll get out of having to remember it.
Geeks are people too; we choose to remember multitudes of passwords for security's sake. We don't have some special ability over other people -- we just know why it is important to have good passwords. If everyone had the same feeling, they'd guard their passwords better, and choose better ones to begin with.
I see nothing wrong with writing passwords down. I think users need to be educated on the importance of security and privacy. That having good passwords is important. That giving passwords out is simply not acceptable under any circumstance (and if it happens that this is necessary under your OS of choice, then that OS should not be used for anything serious).
I see passwords as a means of authentication being obsolete in the future.
I agree, but it will happen only because users don't know (or care to learn) how to handle security, or why it is important. Plus, there *are* truly stupid people mixed in with the rest of the lazy ones, and even if that number is small, it's not worth the risk. So we have to tackle it on a technical level.
Slashdot Mirror
I'm not gonna argue with the dictionary, but I don't think it is all that out of line to think of using your hands to bridge some potential as a short circuit...
It's not a short circuit, it's simply a completed circuit. I don't even like Webster's definition...
Really a short circuit is when the current flow is taken on an alternate path, bypassing the path it was intended to go -- shorting (making shorter) the circuit (path of flow of electrons).
Grabbing two battery terminals with your hands -- even if it kills you -- isn't shorting any circuit, rather, simply adding another one in parallel.
Here's my spin on bloat: If the size or maintenance/learning requirements of an application makes its use inconvenient, relative to the features it provides, then it's bloated.
I agree for the most part. Most of the time I don't consider abundance of features to be bloat, unless those features interfere with the purpose of the application.
This is especially irritating when it's a program that has a very simple task. Winamp 3.x does video playback and contains a "mini-browser", for reasons I'll likely never understand. It used to be a good, fast MP3 player. Most instant messaging programs are the same way: they provide some simple task, but instead hog tens of megabytes of memory, and feature tons of unnecessary bloat. I agree about Real Player as well.
Windows XP "themes", as much as I hate that everything these days needs to be skinnable, is not bloat in my opinion. Since the theming is pretty much bolted-on (it's really not all that integrated), you can turn it off, and it will never interfere or slow you down. Thus, it's not bloat IMO. Likewise, I don't care how much is added to the Linux kernel, it's not bloat as long as I have the option of not enabling it (the download size is, to me personally, negligable).
I think you said it best here:
This definition obviously changes over time, context and individual user...
I used to consider Gnome and KDE both to be quite bloated -- and if I were installing on an older machine, I'd definitely look elsewhere. But today, my slowest machine runs Gnome with no problems, and I have come to appreciate some of the features now that I can take them for granted (as far as system resources goes).
I did fine in Opera 7.10, but my real question is, hwo can a server know what browser you are if you fake the string? I mean, I've been to sites and had "Identify as MSIE 6.0" on but it still gave me the "not compatible" issue. Is it some feature they check just to weed out browsers? And to what end?
I was baffled by this with Capital One's banking site. I finally realized they were using JavaScript to detect the browser, which is totally independant of the UA string. No browser I am aware of allows changing what JavaScript reports.
JS browser detection is used frequently, but mostly to determine what JS code needs to be used. In some cases, though, the JS then redirects to the appropriate URL (the real site, or the "Upgrade Now" page).
I personally think that this falls into one or both of these:
# Admins who don't know better (or aren't really "admins")
# Admins that don't give a crap
The cocky admin who can't accept constructive criticism or advice makes for a VERY bad admin.
MS may well not treat the information the same way, but tracking bugs has become increasingly important as applications get increasingly larger and more complex.
Yes, except that it does this for ANY software that crashes. Meaning, if my program crashes, Windows asks the user to report the problem to Microsoft. Granted there is an exclusion list in the registry that you can set upon install (I now do this), but I don't understand why Microsoft wants bug reports on my (or anyone else's) software.
Quality probably isn't exciting, but radio is the source so it's not going to be great no matter what you do.
:) As long as you remember to put the RW disc in the burner, you can automate the whole process (listen in the car, come home, put disc in PC, lather, rince, repeat...)
With any "hi-fi" VCR (which has a digital audio track) that has a decent AGC unit, you can get pretty decent audio out of it. Some radio shows actually use a VCR to archive their shows, since (as you mentioned) you can fit 6 hours on a tape. Even a long morning show can be completely archived on a single VHS tape.
Note that cheaper VCRs will tend to have crappy AGC, so even though it's digital it's been compressed pretty badly. A good JVC unit (from experience) serves well for archiving long radio shows, however.
Of course, unless you have a VCR in your car, this doesn't help in that case unless you then copy to another medium. Personally I'd use a PC to capture (shell script/cron job) and encode on-the-fly to MP3, then burn to an RW disc (I recently picked up a nice Pioneer MP3/CD player for my car
You're a few years out of date here... Tape - 120 minutes.
I don't know if it's still true today, but I recall most car cassette players recommending against using 120-minute tapes due to their easy edibility...
256 MB=256 minutes? Thus, 1 MB/minute, or 1024 KB/60seconds, or ~16.4KB/second or 128kb/s, which is a reasonable MP3, but not great.
But around the same quality as most consumer cassette decks. Realistically if you're talking about talk radio, you can get away with a much lower bitrate easily.
Again, Apple iPod, where the entire player is about the size of the tape cassette.
Which would be neat. I don't know if the iPod actually records, but if it does you could easily record from your home unit, and use the AUX-input on your car unit (if applicable) to make this work. Not quite as automated, but doable...
However, there are two MAJOR benefits to tape over flash/HD, though - first is that signal is recorded immediately. In HD/Flash systems, a table of contents has to be written after the recording is over... if batteries fail or something happens during the recording, the machine could fail to write the TOC, and the entire session is gone (unless you are able to reproduce or spoof a TOC... Have to do that all the time on Minidiscs, for the same reason).
I would assume that a system like this would be pretty versatile. If using a normal or (better still) journaled filesystem, without too much meta-data requirements, it would be easily doable. TiVo can survive a power failure without losing but maybe a couple seconds of data.
Other major benefit - tape can have confidence heads... while recording on the record head, you can listen off the playback head, and KNOW that your signal is going on to tape cleanly. Can't do that on flash or HD systems.
Two points: a) how many consumer (not pro- or semi-pro) decks have this feature?
And b) sure you can. TiVo does just that when you pause/rewind "live" TV: it reads what it just finished writing. I'd assume that this functionality would be incorporated into an audio Tivo-like device...
With all that out of the way, I don't personally see much use out of it. Sure, it'd be nice to be able to "instant replay" radio at times, but I generally use radio as background noise while I work. I don't care much for talk radio anymore, and when I need music I have CD/MP3/etc...
You've got a little experience and windows breaks and you do a reinstall, possiblly reformatting. Linux breaks well-- you still have about the same options available, except the reinstall isn't nearly as streamined or easy.
/home/ is a separate partition, and you store all your stuff there (as it should be), reinstalling the OS doesn't mean wiping out your data. In Windows this can be done, but it's not as simple...
I agree that the installation procedure isn't quite as easy, but it's gotten very nice and painless in recent years.
The biggest issue is that you very rarely have to reinstall Linux. No matter what breaks, there is a way to fix it. Unless you trashed the disk, or did enough dammage to require a full reinstall, most of the time you can fix whatever is broken without resorting to that.
Consider the case where you replaced a DLL with a bad version. Maybe it can be fixed (the "recovery console" may help you if you know how to use it). In Linux, you trashed glibc, you boot with a boot disk and a statically-linked shell, and fix the problem (this is from experience).
Worse in Windows is when you get a blue-screen error that comes up on boot, and since the default in 2000/XP is to "reboot automatically", you never get to see the error message. I fought with that for about 6 hours. Microsoft's support recommendation? Install a parallel copy of 2000, edit the old registry, telling it not to auto-reboot, then continue troubleshooting. Not having time for all that, I just reinstalled Windows.
I can think of many times where the only solution in Windows is to reinstall. On the contrary, I have a RedHat 6.1 box that was my first Linux box, and has survived many hardware upgrades and continues to serve me well. Kernel and libc/glibc updates, upgrade to ext3, security patches, etc -- never a need to "upgrade" the OS or reinstall.
Finally, even if it were absolutely necessary, if your system is properly configured it's very easy to retain all of your important data files. If your
Patches: Windows has daily updates now, but SPs still are rather far apart. Linux doesn't have a central patch repository unless your distro has one. New distro version releases are mor common
than windows SPs (in some distros.)
Try fixing the MSIE issue that allows deleting arbitrary files without installing XP SP1. You can do it, but not with an official patch -- SP1 is required for that. If you just want to fix that serious problem, without installing a whole service pack, you have to resort to a third-party solution.
Granted, RedHat releases eratta constantly (enough that I had to unsubscribe from that announcement list), but the vast majority are addressing very minor issues that affect a small percentage of users. Things Microsoft would never even bother letting anyone know about -- because we don't have the source to find it ourselves. It's only when some rogue hacker runs across a vulnerability that MS takes action -- and in many cases it's in the form of a many-megabyte service pack, rather than just replacing the one file that is affected (in many cases).
Sorry, no - compression makes everything louder (compresses the dynamic range).
Well, technically compression doesn't make anything louder. It simply reduces the gain on material that is above a certain threshold. When you increase (or "make up") the gain, you then make the quieter parts louder, but essentially you're just reducing the dynamic range overall. Quiet parts aren't nearly as quiet in comparison to the louder parts as they were before.
Also, uncompressed audio doesn't tend to sound flat and static - it might sound less punchy, but think of a classical symphony that goes between pianissimo and fortissimo... is that flat and static? Nope. However, compress it so that it only goes between forte and fortissimo. Now, it's flat. Punchy, but flat.
Well, maybe it's subjective, but I consider "punchy" to be compressed by nature. Compressed, but with a slow attack. Quite frequently used on drums and bass, it gives you a hard attack and a mellow fade-out, which to me is "punchy".
Flat is when you compress to the point that everything is the same level -- no dynamic range. Just listen to any pop radio station for an example; quiet parts are loud, loud parts are loud, everything maxes out the potential range of the FM broadcast as much as possible. That's flat.
Classical music is often considered the ultimate test of a system. The dynamic range is so intense that any amount of compression is easily noticable. So is even the slightest S/N ratio, because you can easily have 36-40 db of range between quiet and loud passages. You either want to not compress classical music at all (best), or have someone who *really* knows what they're doing tweak the compression. Listen to a typical classical radio station, and you'll likely hear the best use of compression you've ever heard.
Listen, software plugins have the same potential for abuse as any hardware device.
I agree. Remember when the Sampler became popular in (around) 1986? There were a few "revolutionary" songs (Nu Shooz, Stacy Q) who hit big primarily due to use of this new technology, but then *every* pop song was using sampling. It became old fast. Now you can't listen to a Rap/Hip-Hop song without hearing samples (or entire choruses) from other songs.
I agree that it's not the tools themselves that are the problem. Abuse any tool -- an analog compressor, EQ, reverb, distortion, etc -- and you'll sound like crap. The fact that one can point-and-click new effects, and over-process the hell out of stuff, is nothing new. A little easier, perhaps, but that doesn't place the blame on the tool itself.
I think you'd be surprised if you knew just how many of your favorite recordings were recorded, arranged, and produced digitally.
Exactly, most recordings these days (and as far back as the late 80's) are done mostly digitally. Much music lately is nearly all electronic (Linkin Park, Evanescense, even NIN) and, like any tool, some nice, new, truly revolutionary effects can be done with them. But just like the Sampler years ago, they can be abused and over-used.
I know that was bad, but seriously, the tools make it easier to do bad, yes, but that doesn't place the blame on the tools themselves.
Ever hear a bad engineer using good hardware? It's pretty easy to over-compress the hell out of something using one of my Behringer MX1400's, just as easily as it would be in NGWave or Pro-Tools or any other audio editor. Same with EQs, reverb, "effects", etc.
Don't blame the tools just because they reduce the barrier of entry -- one still should learn to use the tool properly. If they don't, it's not the tools' fault.
I've never personally used Pro-Tools (couldn't afford it), but the wave display (by your description) is pretty much standard. If you display the wave-form logarithmically, it wouldn't be natural (the metaphor is usually an oscilloscope). VU metering of course should be log3...
;)
However, I would have though something that expensive would snap to zero-crossings more easily, or do an auto-cross-fade for any editing functions (NGWave -- shameless plug -- is the only editor I know to do this so smoothly
Now I'm considering giving the option to display the wave-form in a logarithmic manner if desired, I'm curious what that might look like...
People over compress/limit analog recordings all the time now too. Also, Anteres, the company that makes the oft-hated auto tuner, has a rack-mount version that people use with analog gear.
I agree, but the digital counter-parts make it easier for someone to pretend like they know what they're doing, and ulimately screw up what could have been a great recording.
Consider your average radio station. Most of your Clear Channel stations, instead of employing an audio geek to tune the EQ and compression, use a multi-band compressor with presets -- and thus they all sound the same. Which is to say, like crap, but very loud, all the time, even during quiet passages. And with a steep decline at about 200Hz to avoid resonation in cars, since drive-time is their main ratings target.
Older stations -- typically classic-rock or classical stations that have been on the air a while -- usually sound much better. Quieter (more dynamic) and better, because someone sat down and tweaked the settings possibly for hours, instead of loading up a preset from a 3.5" diskette.
(although digital compression and retuning are out of the question, for instance)
The only thing digital compression has over analog compression is that you can achieve a zero- (or even pre-) attack. Aside from that, most digital comrpession algos attempt to mimic analog compression techniques, and some go as far as attempting to mimic tube compressors.
In fact, most of your better digital processing is trying to mimic, as closely and mathematically as possible, their analog counterparts. EQ, reverb, etc...
Now of course the digital realm brings you new things like the re-tuning (more like, pitch "correction"), time-shifting, sampling, etc. But none of these specific digital tools are really the problem.
Give a bad producer a few Behringer compressors, a Mackie mixer, and some serious pro effects, and he can fuck up any good master recording. Good equipment (and good software) doesn't make for good mix-downs, only a good producer can do that.
That's the problem here, and it's not a problem with PT. It's a problem with humans. It's just too easy with PT to wring the soul out of music, and people are doing it all the time.
I agree, it's not the tools but the people using the tools. The difference is mostly in what the general public will accept. If they'll buy garbage at high prices, then why spend the time making it sound better? We'll save that for bands who are true artists, who unfortunately appeal to the minority (those who actually care about audio quality, not just a CD that sounds "loud").
I'm personally hoping for an "anti-pro tools movement" that may bring genuinely *good* music back into the mainstream.
There's nothing inherently bad about digital processing, really. It's about not knowing what you're doing.
Look at Windows vs Unix. Unix admins have a barrier of entry, and thus typically learn about security and what-not. With Windows, anyone can point-and-click a web server, without having to consider security issues. Thus, it's easy to screw up.
Same with audio. With things like Pro-Tools (crazily over-priced, but very powerful software and in many cases worth every penny) it's easy for someone to become a "producer". The thing is, a producer who really knows what they are doing -- who can set a (hardware) compressor and EQ correctly, who can max out an FM broadcast without sounding like crap -- can do wonderful things with Pro-Tools and the like. But any joe-average can point and click a horrible recording.
I would say that some of the best (and worst) recordings come from Pro-Tools.
Pop music is unlistenable because:
1) They have this idea that "louder" == "better". So they compress the hell out of the program.
Sevendust's first CD is pretty good, done in a smaller studio (I don't recall where). Their second disc sounds like utter crap -- it's compressed way too hard. Every time the bass drum kicks, the entire program drops out.
2) Most recordings are targetting car stereos. In a typical car, you have odd frequency characteristics (notice most radio stations drastically reduce the 200-300 Hz band) and lots of noise (road, engine, etc). Compress the hell out of it, and your quiet passages can be heard over road noise.
3) People simply do not care about audio quality. They *think* they do, but they really don't. The same person who buys the overly-compressed Britney Spears CD will go re-purchase it in SACD format because it's "higher quality". Even though you could zero-out the lower 8-bits on the 16-bit CD and the person wouldn't notice the difference.
Look at the popularity of the 8-track. Possibly the worst quality medium ever sold to the general public, but for a long time it was what the average person was happy with.
So, these studios are giving the people what they want (eg, what they will purchase), not what the people *think* they want (high quality -- they simply get the illusion of high quality), and not what the more intelligent want, because we're in the minority.
There are some bands for whom the interaction is vital to their sound. I know a smaller band who did a demo CD in a small-ish studio (which lacks the equipment to do a proper "live" set), and while the audio quality was great, the music lacked quite a bit compared to their live shows.
Then there are bands like Evanescense, where it's mostly electronic and over-dubbed, and to do a live show it takes some 8 people to pull it off (for a normally 3-person band). I've yet to see them live (they're here in Atlanta right now) but I do enjoy their music...
Then you have NIN, which is almost a one-man band, who does amazing things both in the studio and in live shows.
In all, it totally depends on the band, and how "in tune" they are with the producers. Metallica does mostly over-dubbing, yes, but they have their own studio, and Bob Rock kicks ass (their producer). As much as I hate Metallica as of late (mostly due to the Napster issue), they do a great live show, and they do great in the studio.
As for your typical "pop" music, that's all over-dubbing, multi-tracking, tweaking, processing, and of course heavy compression (because we all know, the "louder" the CD is, the better it must be... remember when CDs first came out and studios took advantage of the massive resolution? Now it may as well be magnetic tape... I don't know how they expect to sell DVD-Audio or SACD, given that they crunch the current 16-bits so hard it may as well be 8-bit... but I digress)
As a poweruser of all software platforms I often have multiple programs that do similar things. One I might fire up if I just need to do something quick, another if I need something more powerful, and still another that might offer a unique feature that I need every now and then.
Right, but they don't all have to be preinstalled as part of the distro. Windows XP integrated a lot of functionality (like drag 'n' drop CD burning) that, for many users, obsoletes the need to download/purchase a third party application. Windows Media Player and MSIE have both become very popular applications not because they are the best or most powerful, but because they are there already.
And of course, power users download Mozilla, Opera, WinAmp, etc and have no problems. That's where the install/uninstall support is important. But by default, the best/most popular/most suitable choice should be installed, and the rest are optional, or require a download.
I have also considered putting together my own distro, and trying to make it very easy to use, nice graphical installer, nice bootup sequence, etc. But, of course, time is the issue...
One day I had the speakers cranked, and unplugged, (I had just worked on a sound card) and out shot a trucker's voice from his CB.
CB's aren't representative of typical wireless electronics though. I used to be into the CB, and people tend to run linear RF amps on the things, boosting them from the 4 watts allowed to hundreds, with like 90% modulation (sometimes more). These amps are very dirty, unfiltered class AB RF amps, and will interfere with anything.
Back in the day, we used to get free vaccuums at the car wash -- just key up next to it, it kicked on. I also witnessed a drive-thru clerk quickly throw his headphones off when a horrible squeal emitted from them. Keying up at 250 watts, with the antenna literally 3 feet from his headphones, was not a good idea...
Anyway, I've heard cell phones interfere with various things. Specifically a Motorola (Nextel) phone a friend had would interfere with the PC speakers, and even the car stereo if the antenna was close (a foot or so) to the dash.
It's that whole spread-spectrum burst thing. Rather than transmitting a continuous, steady frequency, they do big bursts of RF power; this lets them get out further (more power) without killing the battery (low duty cycle). It also causes a distinct interference.
I'm honestly not completely sure how Mozilla implements Bayesian classification, but I was under the assumption that it did do both. Paul Graham's method involves a corpus of good and bad, and provides for a method to move a message from one corpus to the other (eg, when marking a message as spam, it's removed from the "good" corpus and added to the "bad").
So I assumed Mozilla's implementation was following Paul's specification, but I could be wrong. I do know that, prior to the newer types of spam messages, it worked very well (and still does on the "obvious" stuff). But my false-positive rate has gone up significantly, which I suspect is partly due to my marking the sneaky ones as spam. It throws the whole system off when the difference between good and not-good email is so slight (in the realm of classification).
An article I read a while back -- and disagreed with at the time -- puts some of this into perspective, and can be found here. I'm starting to see first-hand some of his points, and he may be correct. Basically, he says that once spammers defeat Bayesian classification, there's not much more we can do (as far as automated filtering that is).
Bayesian is the answer to spam. Once you try it you won't go back. :)
..." Others contain mis-spellings in common spam-related words, and slip by the filters.
;)
I agree to an extent. I started using Bayesian classification since Mozilla 1.3a (I think) implemented it.
After a couple weeks of "training", it was dead-on accurate. Very little slipped through.
It's been a few months now, and it's gotten worse. Much of my spam seems to be one-liners like "Here's that URL we were looking for:
Marking the ones that slip through as Junk causes more problems with false-positives. It's also too easy for a notification from a company that you *did* request, to get marked as spam.
In all, Bayesian is great, and far better than anything else I've ever seen -- but it isn't the holy grail unfortunately. Plus, it's fairly easy for a spammer to tweak his message against a relatively common corpus. I believe that most people would come to the same conclusions as to whether or not something was spam -- and thus an "average" corpus is trivial to create, and tweak your spam against.
I think it'll only get worse if Bayesian classification finds its way into more people's mailboxes. I'd almost prefer that it remain a "geek only" thing (though one could say the same about the Internet itself, and we wouldn't have this problem
Every time you use a closed source app for something critical you _are_ taking the vendors word that it is fit for purpose.
Even if the vendor never gave that word?
If it is not, they should be liable.
Because you assumed that their product would be fit for your specific purpose?
Really now, you get what you pay for. The market doesn't want reliable software. More accurately, the market doesn't want to pay for reliable software.
If there were regulations requiring that software be up to some arbitrary standards, on some arbitrary combination of hardware -- I wouldn't be in the business. It wouldn't be worth the risk of being sued because someone used my software, in some mission-critical manner, that I couldn't have foreseen.
Realistically, I think things should remain as they are. Look at the electronics components industry. Many (most) components specify that they are not intended for use in life-critical systems. Parts that *are* certified for this cost many times more, due to the serious testing *and* the serious liability that goes with making that claim.
The same thing happens with software: you want mission critical, you buy/contract software from someone willing to assume that risk. NASA's programmers are paid to do just that. Microsoft is catering to average users. If I run a life-critical system under Windows XP, that's my fault -- just like if I used cheap replacement components in a life-support system's electronics.
I see nothing wrong with stating in an EULA that a product is not fit for any purpose. If that is not acceptable to you -- and in any critical situation, it shouldn't be -- then find something else that makes the guarantees you (or your particular task) requires.
SMTP being replace, that's a possibility. But with "trusted authorities" such as Verisign? Never. Those of us already having to deal with Verisign (or Microsoft or whoever) do NOT want something as important as email to be completely in someone else's hands.
SMTP should be replaced by a protocol that requires authentication. That's the biggest probley (open relays) really. Going any further than that will be more of a pain than its worth.
As for everything else (including IPv4), there are too many old clients out there (old meaning unsupported by the vendor). There are enough Windows 95 clients out there, not to mention other systems where upgrades are simply unnecessary otherwise, to where changing the underlying protocol simply won't happen.
Incremental upgrates, sure. We'll probably end up replacing SMTP -- or updating it -- to support, or even require, authentication. In a few years. We may even supplant FTP with SFTP or some other more secure variant.
But to try and simply replace a major, established protocol -- with no backward compatibility -- simply will not happen. There will be enough resistance and reluctance to make it infeasible; then the upgraders will have to begin supporting both "legacy" and new protocols, and we'll be in a bigger mess than before.
So, my opinion is this: we'll slowly, with full backward compatibility, supplant older protocols with updated ones -- perhaps via adding extensions to them (like SMTP Authentication), allowing slow upgraders to catch up as needed. No revolutionary changes will happen, no forced upgrades...
Right now, tape drives are the right cost/benefit compromise. Could they be better? Yes. Would it cost a lot more? Yes. Why are you using hard drives over tape, when tape holds so much more for the cost?
That's not the right cost/benefit compromise. You said it yourself:
Speed matters.
So, you don't want to compromise that much speed for such little cost savings.
Solid state storage offers much more speed, but an even greater price jump. In most cases, this isn't the right compromise either.
So we have magnetic hard disk storage. Fast enough for most tasks, and inexpensive. The best compromise for most uses.
Just because one is more expensive than the other doesn't rule it out, if they're both relatively affordable for the performance.
And nobody is ruling out any options. Magnetic tape drives are well suited for backups. In that case, tape drives tend to offer the best cost/benefit compromise.
Solid state storage has plenty of uses as well; the article describes a couple of situations where it can be extremely beneficial.
But for most desktop and even server applications, the magnetic hard disk really is the best option.
Smart cards? You mean like the ones for DSS, that are so easily hacked?
Totally different technology. DSS cards sacrificed security for convenience and cost. They weren't intended to be truly secure. Also note that (for the most part) DSS is a strictly one-way transmission, thus a public/private key pair wouldn't work, unless it dialed up every time you changed channels.
True "Smart Cards" keep a private key internally, that cannot be read or accessed in any way from the outside. The better ones will, for all practical purposes, self-destruct if physically tampered with.
If the Smart Card simply decrypts data with the private key, then authentication becomes:
Server encrypts some random data using Public key
Card decrypts data, gives it back to the server
Server compares decrypted data with original
Unless you can somehow pull the private key from the card itself, which is *extremely* difficult (if not impossible), you won't comprimise it.
Combine it with a PIN, and now you have two obstacles. Once the user notices the card missing, in most cases they'll report it, and that card will be denied any access, PIN or no PIN.
Much more secure than password authentication...
Let's be a little more creative here rather than just labelling users as retarded or stupid. If a majority of people find passwords hard to remember or deal with, maybe we just aren't doing it right.
I wouldn't say retarded or stupid, but I would say Lazy. People *can* remember long passwords. People don't care. The average person doesn't think it's a big deal -- or doesn't believe that someone would want to hack into the company system with their login.
Plus, even if it does happen, the evil hackers would be blamed, not the user who had a weak password.
Think about this: how many telephone numbers does the average person remember? And the associated names? And the other members of the families accessible via that number? And the stories of how they all interconnect? What kind of car they drive, how much they make, etc?
People *can* remember things. But if it's not important to that person -- or the importance/risk is not immediately obvious -- they'll get out of having to remember it.
Geeks are people too; we choose to remember multitudes of passwords for security's sake. We don't have some special ability over other people -- we just know why it is important to have good passwords. If everyone had the same feeling, they'd guard their passwords better, and choose better ones to begin with.
I see nothing wrong with writing passwords down. I think users need to be educated on the importance of security and privacy. That having good passwords is important. That giving passwords out is simply not acceptable under any circumstance (and if it happens that this is necessary under your OS of choice, then that OS should not be used for anything serious).
I see passwords as a means of authentication being obsolete in the future.
I agree, but it will happen only because users don't know (or care to learn) how to handle security, or why it is important. Plus, there *are* truly stupid people mixed in with the rest of the lazy ones, and even if that number is small, it's not worth the risk. So we have to tackle it on a technical level.