No, but you could get a SmartQ 5 MID (runs an Ubuntu derivative, also compatible with Mer). Those are $150 or so. That'll fit in your pocket and do the netbook stuff. Really, SmartQ 5 + less impressive smartphone sounds pretty much equivalent to this, and way cheaper.
Well, for the ones which you can't change the password for, you should probably just write those down and then secure the piece of paper in a locked box. For the ones which you can change the password for, you should use PasswordMaker. It takes in a URL string and a master password and uses that to generate a site-specific password. Just make up an appropriate URL for the different accounts (it doesn't have to be real, just memorable). And I know you're going to say "but I can't install software". There's a javascript version, so all you have to do is to download a web page to your desktop and then open it.
Biometrics work fine for in-person authentication, but they are terrible for network authentication because they are not secrets and because they cannot be changed. In person, they might be hard to fake (depending on the technology), but over the network, it's just data like any other and, as such, trivial to fake. I have a longer comment about this further down if you want more detail.
I use PasswordMaker for website passwords (as everyone should) with a 16 character password length. I've probably run into a half dozen sites which have silently removed the last 4 or 8 characters, cutting it down to 8 or 12 characters. I've also run into several which strip out "special" characters (single or double quotes, slashes, spaces, parentheses, or whatever else they feel threatened by) in an asymmetric manner. That is, they remove them from the password before they store it in the database but not when you type it in or vice versa. It's a real pain.
I've also had other sites which simply reject my password because of excessive length or because it contains "special" characters. Any place which can't accept any password I give them is doing a terrible job of securing their users accounts.
The problem with biometrics is that they aren't secrets and they aren't changeable. As such, they're fine for low-security in-person authentication. For example, I've heard of a restaurant which had their wait staff punch in by scanning their finger prints. That's fine. But if you use it to control access to the VPN, then that's problematic due to the non-changeability.
Here's why: Let's assume that you are an employee who runs Windows at home. You keep up with the latest patches and don't do anything stupid. You probably even run Firefox. But still, someone manages to slip through an unpatched bug and infect your system. It can happen to just about anyone. They then install a back door and start logging what's going on in your system. They notice that you connect to a VPN so they start sniffing your USB traffic so that they can appear as you (recording either your password or your fingerprint). Now they can get into your company's VPN. It's compromised. Fortunately, your IT guy is on the ball. At 11am the next day, you get a call from your network admin asking you if you are signed into the VPN because he expects that you're in the office, but you also appear to be signed in remotely. You confirm that you are not signed in and the two of you realize that you've been hacked. He temporarily disables your access. You go home, clean up your home computer (assuming that you can) or bring it in to have them clean it up, and then it's time to give you access back.
Now here's where things diverge. If you've used a password, you just have to change your password to a new one, and it's secure again. Your fingerprint isn't changeable. Obviously, you can switch to a different finger, but that's a limited strategy since you've only got 10 of them (well, maybe slightly more or less if you were born with extra fingers or have lost some in accidents). I suppose once you're out of fingers, you could use toes, but I doubt most users would be willing to. This becomes especially problematic if any non-hashed versions of things are stored (as often must be done for fuzzy matching) because if the database gets compromised, every single person would need to change to a new finger. You also wouldn't want to use the same finger for your work password as you use for your bank. So, a total of 10 may seem like a lot, but over the course of a lifetime, you're almost certain to run out. Other biometrics are even more problematic since people have at most two irises, only one voice, only two sets of hand geometry, etc.
The non-secrecy can also be a pretty big issue, although that one usually only comes up with insider attacks since they generally have to know you in person. Let's say you use the fingerprints for controlling access to the company database. Now, Alice is a supervisor in payroll accounting and can change people's salaries in the database. Eve works sales and is clever and unscrupulous. Eve invites Alice over to dinner, and after she's left, lifts her fingerprints from her wine glass or the glass table top or almost any other smooth surface she's touched. Heck, she might even be able to get it from a door knob at work if she's careful. Once Eve has the fingerprint data she can then log-in over the network to the database.
The banking situation would be even tougher because you would expose your fingerprint when you use an ATM. All an attacker would have to do is wipe the buttons and/or fingerprint scanner clean before you use it and then lift your print from the machine when you're done.
Alice can keep her password in her head, or if it's too hard to keep in her head, she can write it down and keep it in a locked drawer in the office. This isn't absolute security, especially since keys can be duplicated from pictures of them, but would at least require that Eve physical break into the office. But still, her password at least starts out as a secret unknown to anyone else. Her fingerprints are not secrets. Using your fingerprint as your password is like writing you pas
I agree completely. I generally tell people that it's far, far, far better to have a strong password which you write down than a weak one which you can remember. Simply moving the post-its from the monitor to a locked desk drawer would do a lot to decrease the security risk of writing them down.
It's also not even vaguely clear to me why people feel that regular password changes are helpful or a good idea. As far as I can see, all they do is make it tougher for users to use strong passwords (due to being unable to memorize them), thus leading to weaker passwords and less security. An uncompromised password is an uncompromised password. They don't go stale.
Regular password changes don't help decrease the likelihood of a system being compromised, they just offer some mitigation in the event that it has been compromised. However, given that an attacker probably will need only a few hours or days to slurp plenty of information or do plenty of damage, rotating passwords monthly isn't even likely to mitigate the compromise much.
So the trade-off being made is that the system is now more likely to be compromised due to weaker passwords but in return, there's small chance that an attack will be stopped after the system has been compromised due to the password changing. That doesn't seem like a good trade-off to me. My best guess is that this advice is left over from a time when some systems had shared passwords. The regular password change was so that people who had been given the password to a system to do one thing wouldn't have access forever. Some places even used daily passwords so that they could give someone access for one day, but have their access reset the next day. But that advice has been carried over to individual user passwords in systems which use better access control technologies to manage access.
These sort of reports don't stop and analyze what constitutes good password management. They just say "Passwords should be changed regularly. It must be true because everyone is saying it. This company doesn't change their passwords regularly, so they have poor password management." As such, they aren't really a good assessment of the problem.
Actually the research shows that it's a very good way to teach programming. The studies done have show that students who are involved in intro classes which give two-person projects generally have better final test scores, create better programs, are more likely to complete the class, and are more likely to take additional computer science courses.
Dr. Laurie Williams provides a good round-up of the research here. Her papers are provided there, but unfortunately, many of the other paper links are to papers at ACM Portal or IEEE Xplore, which cost money. If you're in a university setting, you can probably access them through your school library. If not, Google can sometimes help find the paper on an author's web site.
Unfortunately, this isn't really correct. The way the copyright law is written, you're not buying a license, you're buying a copy. This has several implications. The first is that you don't necessarily have the right to duplicate it onto your portable player, you car mp3 player, etc. Although most people suspect that the courts would rule this to be fair use, this has never been established. If the music were licensed, it would say specifically whether or not this were allowed and would most likely have to allow it to get consumers to buy it. The second is that you don't have to destroy copies upon transfer of ownership. So when you sell your mp3 player, you don't have to erase it. Or if you make a copy of something to discuss it in class (education and critical fair use) you aren't required to destroy it once you're done discussing it.
Now, what's been happening is that the media companies (RIAA, MPAA, BSA) don't like the second implication of this. So they tell people that they aren't buying a copy, but only a license. This is nonsense. You don't need a license to read a book you've bought and you don't need a license to play an mp3 you bought. If you went to the grocer and he told you he was selling you a license to eat an apple and then handed you an apple, you'd correctly assume that he was being silly and just consider yourself the owner of the apple. This is the same thing which is happening with digital music files. They may say "I'm selling you a license", but what they've actually given you is a copy. You own that copy. It's fixed on your hard-drive, which you own. They may in some cases argue that they can attach a license to that purchase to restrict what you can do with your copy, but they're selling you a copy, not a license.
The odd bit of this story that no one really seems to be reporting is that this medicine, although sold under the "homeopathic" provisions of FDA regulations (and thereby bypassing the normal approval process), is not a homeopathic medicine as the term is usually used.
If you go read the wikipedia entry on Homeopathy, you can see that the way homeopathic medicines are made involves taking a substance and then repeatedly diluting it with water, alcohol or sugar. Most homeopathic medicines are diluted repeatedly until the level of dilution is such that statistically, there is unlikely to even be a single molecule of the original substance remaining. Homeopaths consider higher levels of dilution to be more powerful. They generally believe that the water "remembers" the shape of the original substance.
The Zicam nasal spray is only diluted 100:1 (2X or 1C on homeopathic scales), meaning that it is within the range of normal dilutions used in preparing drugs for delivery, not diluted to a level used in homeopathic remedies. It's being governed by rules meant to only cover placebos, but at that concentration, it's not a placebo. It's a real drug which can have real side effects. If the rules have allowed this drug to come to market legally then those rules have a huge loophole and need to be fixed ASAP. But no one seems to be noting that.
These would not generally be mobile computers. Mostly they would be fixed in place in people's apartments or locations like that. But more to the point, you don't need optimality in your network routing. Optimality would be a nice feature, but unless the network is very heavily loaded, it is not necessary for the network to function.
Honestly, your argument applies just as well to any network which has cycles in its topology. As such, you might as well say "internet backbones are just a pipe dream" or "the highway system is just a pipe dream". Sure, finding the optimal path is NP hard, but you don't need the optimal path. You just need a good enough one.
The bigger problem in mesh networks is actually simply knowing what the topology is and who is connected so that you have any idea which path to take. In the network I've described, what would generally happen is that any packet sent would get broadcast almost everywhere. This is not efficient, but it will solve the problems.
Umm, generally, you shouldn't assume that any network is secure anyway. End-to-end security should generally be used. The security problems in this case stem more from a lack of software designed for this sort of circumstance.
As for whether or not it's worth it, I'm going to provide them with information about how to do it. They can decide for themselves whether or not it's worth it.
I realized though that my "easier to deploy without organization" network does have a flaw. The topology winds up being a strict tree, which then means that there will be no redundancy in case some of the links fail. Ideally, what should be done with this is to add some Client-Client nodes in places where there are overlapping network areas, but the two networks are not directly connected to each other.
That is to say that if you have two AP-Client nodes: freenet1 and freenet2 and freenet1's client talks to freenet2's AP, then there's little point adding a Client-Client node which talks to freenet1's AP and freenet2's AP because they're already pretty well connected and if either node went down, having them connected wouldn't help. But if there are three AP-Client nodes, freenet1, freenet2, and freenet3, and freenet2's client talks to freenet1's AP and freenet3's client also talks to freenet1's AP, then adding a Client-Client node which connects to freenet2's AP and freeenet3's AP would allow freenet2 and freenet3 to stay in communication even if freenet1 went down. If they are even more distant in terms of the network, then it's even more helpful.
I also didn't mention the 802.11s draft specification, which is an official 802.11 mesh networking proposal. Currently, though, few devices support it. The most well known is the OLPC. But there is apparently support for it in the Linux kernel, as well. In the future, 802.11s devices might be more widespread, but you probably don't have many of them currently. If you did have a bunch of them, it would be pretty trivial to use them to set up a network.
Having the will doesn't remove the need for organization. If 100 people each show up at one of 1,000 different places to protest, it's a lot easier to put them down than if 100,000 people show up at one place.
Unfortunately, setting up large-scale adhoc networks with 802.11b/g hardware is kind of difficult. What you'll want to look at is what's called "wireless mesh networking". Mesh networking is basically the peer-to-peer of networks. The difficulty with using 802.11b/g for mesh networking is that 802.11 standard doesn't really include any concept of a mesh. There are two types of devices: access points and clients. Access points cannot communicate with other access points. It is however, possible for clients to communicate with other clients by switching to ad hoc networking mode. So your options are thus:
1) get a lot of people with 802.11g-capable computers to switch into ad hoc networking mode. This will allow them to connect to each other if the density is high enough (that is if there are enough people close enough). Unfortunately, the range is on the small side, so, unfortunately, this may not work that well. Part of the problem is that clients often have a lower broadcast strength than access points.
2) set up a specifically designed mesh network. To do mesh networking in infrastructure mode, there are going to be four different types of nodes which can be used. 1) AP nodes 2) Client-Client nodes 3) AP-Client nodes 4) Client nodes
AP nodes: An ordinary wireless access point can act as a hub node.
Client-Client nodes: There have to be two radios for each client-client node. Both will act as clients to other networks. You'll either need one computer with two wireless cards or two computers which are connected together using some other means (or, if you happen to have an access point which can be switched to client mode (which very few can) then you could use that as a client). You can connect the two computers using an ethernet hub, ethernet cross-over cable, null modem cable, or possibly firewire (although I've never done that). The computers should each by set to bridging mode. Basically, each client will connect to a different access point and they'll then serve to connect the two access points to each-other, bridging the networks. Generally these should be on different frequencies. Although there may be some circumstances where the same frequency can be used.
AP-Client nodes: There have to be two radios for each AP-client node. One will work as a client to another access point and one will act as an access point for other nodes. Generally, this will mean one computer and one access point connected together by ethernet, but there are a few other ways to do it. The computer should be set into some form of bridging mode which differs some based on operating system. The two radios will always use different frequencies unless there's a long cable-run between them (opposite sides of a building or some such).
Now, you need to figure out how to put this together. You need at least an initial group of people to help build the network. And then you'll lay out a basic topology. You'll plot out the nodes you have available on a graph and then try to connect them together. Client-Client nodes can connect to two nodes, either AP nodes or AP-Client nodes using infrastructure mode or to other Client-Client nodes in ad hoc mode. AP nodes can have multiple Client-Client or AP-Client nodes connected to them. AP nodes cannot connect to other AP nodes unless both AP nodes have wireless bridging modes (very rare) and you can get them to work (even rarer). AP-Client nodes can connect to one AP node (infrastructure) or one Client-Client node (ad hoc) and can have multiple AP-Client or Client-Client nodes connected to them The Client nodes can be used only as stepping stones in an ad hoc connection. I.e. if two client-client nodes want to connect, but are two far from each other, you can put a Client node in between in ad hoc mode and it'll help them connect. This can be done with a string of client nodes.
You'll want to draw all this out on a map, and possibly rearrange equipment as needed to fill in the gaps. You'll also need to decide frequencies so
As someone who has read the report (instead of just read articles which summarized it) I can definitively say that that report was, is, and always will be a load of crap.
First off, that report came from a marketing firm, not a serious research organization. Since when are marketing firms experts on lifetime costs.
Secondly, their estimates were that the bulk of the energy costs for each of these cars was in the cost of recycling and/or disposing of the cars. Specifically, for the Prius, a $20,000 car, they estimated that it would take over $100,000 worth of energy to recycle or dispose of it.
Right off, that doesn't pass the simple common-sense test. If it costs $100,000 to recycle or dispose of a Prius, then who is going to be paying that? For all of the cars on the road, they estimated that disposal and/or recycling would cost at least tens of thousands of dollars. Which is to say, if the report is to be believed, scrap yards are all operating at gargantuan loses, since, generally most of them will pay you for your car rather than charge you to haul it away.
My best guess as to the justification of their lunacy is that they're assuming that all of the plastics in a vehicle will be somehow incinerated at some huge temperature or something (rather than simply put in a landfill, which costs way less energy) and they've slipped a digit or two somewhere. But in the end, it's impossible to judge because although they claim to have some very specific break-downs which justify their numbers for each category of the life-cycle, those break-downs are only available if you spend several thousand dollars to purchase the complete version of the report from them.
You're the one who brought up C, not me. I'm not sure why you thought I said "all languages as old as or older than C lack garbage collection" because I didn't say that. I was making general statements about languages based on age, and I think that should be obvious. Any time one talks about "older languages" or "newer languages" one is generalizing. It was intentional that I didn't use words like "all" and "every".
If you look at languages over 40 years old, you'll find that the clear majority of them do not have garbage collection. The majority of the oldest languages were special purpose languages written for particular machines which were one step above coding in assembly. Even later when we got more standardized languages most of those didn't have garbage collection either. COBOL, Fortran, Algol, SNOBOL, Pascal, BASIC, and a huge myriad of low-level machine specific languages have no garbage collection.
Only about 40 years ago did garbage collection start appearing with any non-trivial frequency as languages like Smalltalk and Prolog popped up. Most languages created in the last 20 years have garbage collection. As such, I stand by my generalization.
When computer programs need to keep track of information, they store it in the computer's memory. The information they store is generally arranged into structures. In object-oriented languages like Java, these structures are called objects. Every object has to have its own place in memory, called an address. Two different objects cannot use the same space in memory at the same time. When a program has a new object that it needs to create, it has to know where to put it. To do this, it uses a system which allocates some memory for it. When the program is done with the object, it should be deallocated so that the same memory can later be used for a different object. If objects are not deallocated when they are done being used, then the program will grow to take up more and more memory over time until the computer runs out of memory. This is called a memory leak.
There are two main scheme for deallocating an object's memory once the program is done with it. Older programming languages use explicit memory deallocation, meaning that when the program is done with an object, it says so. This can unfortunately be somewhat problematic. If a program forgets to say that it's done with an object, then that object never gets deallocated and the program leaks memory. If the program says that it's done with an object when some other part of the program is still using the object, then a new object of a different type might be written over the old object but because the other part of the program doesn't know this has happened, all sorts of odd problems can occur.
To solve this many newer languages including Java use a technique called garbage collection. In a garbage collecting language, the program does not explicitly say when it is done with an object. Instead the garbage collection system examines the cross-references between different objects to determine whether or not it is still possible for the program to use a particular object. If using it is impossible, then the system will deallocate it. In most systems, the garbage collection doesn't run continually swooping up every new bit of space the moment it becomes available, but instead just runs periodically clearing out anything which has become unusable since the last time it ran.
Well, maybe there's someone with a shotgun standing behind his chair requiring him to put the ads there. This way, he'll still put the ad in, but people won't have to see it if they've downloaded a Firefox plugin. Unless, of course, the guy with the shotgun knows about the tag too. Then we'll need another newer tag.
The parent post is precisely on target. The grandparent post is mostly accurate (I'm not sure I'd use the word porn for this case, but otherwise on target), but irrelevant. Also, saying that "It's not Muppets" is silly because clearly the Muppets have performed the song. Generally speaking, the Muppet players mostly performed songs written by others (including "Rainbow Connection"). Only a few of the songs they did were written by Muppet writers.
In this video, Lessig included an Anime Music Video which used the version of Mah Na Mah Na (or Mahna Mahna, if you prefer) which was recorded by the Muppets for The Muppet Show. It did not use any other version of Mah Na Mah Na. The rights to the recording are quite certainly owned by Disney. Copyright in a recording is entirely separate from copyright in a musical composition. If someone else owns the music rights (which they likely do), that's irrelevant to this question. They would C&D The Muppet Show (or Disney in this case), not Lessig.
1) The Muppet Show is owned by Disney at this point, not Warner Music (see note later)
2) As other commenters have pointed out, there is no bright line test for what constitutes fair use (like 10% or 30 seconds)
3) You're an idiot to lecture Larry Lessig on the boundaries of fair use. He helped write the copyright law and knows as much about it as pretty well anyone in the country.
Beyond that, I'm still trying to figure out what Warner Music objected to. I've gotten through the portion of the video with all the remix examples, and I haven't seen anything which Warner has its hands in. Here's content I've seen:
Danger Mouse - The Grey Album (Jay-Z's The Black Album (Universal) + The Beatles' The White Album (EMI)) DJ Mystik - Inspector Gadget Techno remix (no idea what record label. Maybe it was one of Warner's imprints, but I can't find any information about the release at all) The Muppets - Mah Na Mah Na (Disney) Endless Love (Universal) DJ Unk - 2 Step (Universal) Soldja Boy (Universal) Girl Talk (IllegalArt) will.i.am's Yes We Can (not released by a label)
And that's all I have heard. So, the DJ Mystik one is the one which is even possible, and frankly that seems a little unlikely. Especially since of the listed songs, it was one of the shorter clips.
Now, if it was Time Warner in general, they own CNN and could be laying claim to some of the video clips which are used in the mash-ups. But for Warner records in particular (which is what Lessig says), then unless they released that Inspector Gadget remix (which I doubt), then I don't see how they have a dog in the fight.
All that said, my going theory is that the song they are laying claim to is Mah Na Mah Na. This song has been released by Warner at least once: specifically by Rhino on "The Muppet Show: Music, Mayhem and More (2002)". I am certain that Disney only licensed that release and didn't sell Warner the copyright. I suspect that they stuck that song into their database because they have released it on CD without checking whether or not they actually own the rights to the original audio recording.
Being that they aren't even the actual holder of the copyright and they have claimed to be under penalty of perjury, they're going to lose this one really badly.
The poster was asking about the "white-space" which is the space between television channels. The FCC has recently approved its use without a license. This is not the same thing as the 700Mhz band.
Your confusion is probably because the original poster described the space as "soon to be vacated" which is not an accurate way to describe the white-space. 700Mhz will be vacated soon, but must be licensed. White-space is already vacant and won't need to be licensed.
Umm, it's not an infrastructure problem. Generally, they're connecting a direct line to the customer's house (cable or telephone) into a local hub. The local hubs are then connected back to the main office using fiberoptic cables. The fiber has more than enough bandwidth to handle all the users in a neighborhood. The bottleneck comes at the next level where they have to pay for an internet connection. It's at that point that they're oversubscribed because they're buying something like a 100Mb/s connection to service 300 3 Mb/s connections. In most cases, an upgrade to their total bandwidth would just require calling their ISP and telling them that they want to buy more. So, it's not an infrastructure problem, it's just a matter of keeping their bandwidth costs down. We're talking about monthly operating costs here, not build-out.
I like TigerDirect, but I only shop with them in-person, not on-line. In person I can see precisely what I'm getting and know that I can return it without much hassle if it has a problem. I wouldn't recommend it for casual computer users, but for people who know what they need, their stores are good places to buy computer components without spending a fortune because they charge the same price in person as they do on-line.
From the picture, it's not clear that they made the towers high enough to be clear of the tree-line. As a result, they're probably not even capturing the strongest wind available in that area.
The article is actually talking about why, in some circumstances, people don't act selfishly when the models would predict that they would. So your explanation really is completely irrelevant to the actual article.
The DLC in Burnout Paradise has all been new additions. They've also added some substantial new content in free updates over the year and a half or so since the game was first released. EA definitely gets props from me for doing it right on that one.
Slashdot Mirror
No, but you could get a SmartQ 5 MID (runs an Ubuntu derivative, also compatible with Mer). Those are $150 or so. That'll fit in your pocket and do the netbook stuff. Really, SmartQ 5 + less impressive smartphone sounds pretty much equivalent to this, and way cheaper.
Well, for the ones which you can't change the password for, you should probably just write those down and then secure the piece of paper in a locked box. For the ones which you can change the password for, you should use PasswordMaker. It takes in a URL string and a master password and uses that to generate a site-specific password. Just make up an appropriate URL for the different accounts (it doesn't have to be real, just memorable). And I know you're going to say "but I can't install software". There's a javascript version, so all you have to do is to download a web page to your desktop and then open it.
Biometrics work fine for in-person authentication, but they are terrible for network authentication because they are not secrets and because they cannot be changed. In person, they might be hard to fake (depending on the technology), but over the network, it's just data like any other and, as such, trivial to fake. I have a longer comment about this further down if you want more detail.
I use PasswordMaker for website passwords (as everyone should) with a 16 character password length. I've probably run into a half dozen sites which have silently removed the last 4 or 8 characters, cutting it down to 8 or 12 characters. I've also run into several which strip out "special" characters (single or double quotes, slashes, spaces, parentheses, or whatever else they feel threatened by) in an asymmetric manner. That is, they remove them from the password before they store it in the database but not when you type it in or vice versa. It's a real pain.
I've also had other sites which simply reject my password because of excessive length or because it contains "special" characters. Any place which can't accept any password I give them is doing a terrible job of securing their users accounts.
The problem with biometrics is that they aren't secrets and they aren't changeable. As such, they're fine for low-security in-person authentication. For example, I've heard of a restaurant which had their wait staff punch in by scanning their finger prints. That's fine. But if you use it to control access to the VPN, then that's problematic due to the non-changeability.
Here's why:
Let's assume that you are an employee who runs Windows at home. You keep up with the latest patches and don't do anything stupid. You probably even run Firefox. But still, someone manages to slip through an unpatched bug and infect your system. It can happen to just about anyone. They then install a back door and start logging what's going on in your system. They notice that you connect to a VPN so they start sniffing your USB traffic so that they can appear as you (recording either your password or your fingerprint). Now they can get into your company's VPN. It's compromised. Fortunately, your IT guy is on the ball. At 11am the next day, you get a call from your network admin asking you if you are signed into the VPN because he expects that you're in the office, but you also appear to be signed in remotely. You confirm that you are not signed in and the two of you realize that you've been hacked. He temporarily disables your access. You go home, clean up your home computer (assuming that you can) or bring it in to have them clean it up, and then it's time to give you access back.
Now here's where things diverge. If you've used a password, you just have to change your password to a new one, and it's secure again. Your fingerprint isn't changeable. Obviously, you can switch to a different finger, but that's a limited strategy since you've only got 10 of them (well, maybe slightly more or less if you were born with extra fingers or have lost some in accidents). I suppose once you're out of fingers, you could use toes, but I doubt most users would be willing to. This becomes especially problematic if any non-hashed versions of things are stored (as often must be done for fuzzy matching) because if the database gets compromised, every single person would need to change to a new finger. You also wouldn't want to use the same finger for your work password as you use for your bank. So, a total of 10 may seem like a lot, but over the course of a lifetime, you're almost certain to run out. Other biometrics are even more problematic since people have at most two irises, only one voice, only two sets of hand geometry, etc.
The non-secrecy can also be a pretty big issue, although that one usually only comes up with insider attacks since they generally have to know you in person. Let's say you use the fingerprints for controlling access to the company database. Now, Alice is a supervisor in payroll accounting and can change people's salaries in the database. Eve works sales and is clever and unscrupulous. Eve invites Alice over to dinner, and after she's left, lifts her fingerprints from her wine glass or the glass table top or almost any other smooth surface she's touched. Heck, she might even be able to get it from a door knob at work if she's careful. Once Eve has the fingerprint data she can then log-in over the network to the database.
The banking situation would be even tougher because you would expose your fingerprint when you use an ATM. All an attacker would have to do is wipe the buttons and/or fingerprint scanner clean before you use it and then lift your print from the machine when you're done.
Alice can keep her password in her head, or if it's too hard to keep in her head, she can write it down and keep it in a locked drawer in the office. This isn't absolute security, especially since keys can be duplicated from pictures of them, but would at least require that Eve physical break into the office. But still, her password at least starts out as a secret unknown to anyone else. Her fingerprints are not secrets. Using your fingerprint as your password is like writing you pas
I agree completely. I generally tell people that it's far, far, far better to have a strong password which you write down than a weak one which you can remember. Simply moving the post-its from the monitor to a locked desk drawer would do a lot to decrease the security risk of writing them down.
It's also not even vaguely clear to me why people feel that regular password changes are helpful or a good idea. As far as I can see, all they do is make it tougher for users to use strong passwords (due to being unable to memorize them), thus leading to weaker passwords and less security. An uncompromised password is an uncompromised password. They don't go stale.
Regular password changes don't help decrease the likelihood of a system being compromised, they just offer some mitigation in the event that it has been compromised. However, given that an attacker probably will need only a few hours or days to slurp plenty of information or do plenty of damage, rotating passwords monthly isn't even likely to mitigate the compromise much.
So the trade-off being made is that the system is now more likely to be compromised due to weaker passwords but in return, there's small chance that an attack will be stopped after the system has been compromised due to the password changing. That doesn't seem like a good trade-off to me. My best guess is that this advice is left over from a time when some systems had shared passwords. The regular password change was so that people who had been given the password to a system to do one thing wouldn't have access forever. Some places even used daily passwords so that they could give someone access for one day, but have their access reset the next day. But that advice has been carried over to individual user passwords in systems which use better access control technologies to manage access.
These sort of reports don't stop and analyze what constitutes good password management. They just say "Passwords should be changed regularly. It must be true because everyone is saying it. This company doesn't change their passwords regularly, so they have poor password management." As such, they aren't really a good assessment of the problem.
Actually the research shows that it's a very good way to teach programming. The studies done have show that students who are involved in intro classes which give two-person projects generally have better final test scores, create better programs, are more likely to complete the class, and are more likely to take additional computer science courses.
Dr. Laurie Williams provides a good round-up of the research here. Her papers are provided there, but unfortunately, many of the other paper links are to papers at ACM Portal or IEEE Xplore, which cost money. If you're in a university setting, you can probably access them through your school library. If not, Google can sometimes help find the paper on an author's web site.
Unfortunately, this isn't really correct. The way the copyright law is written, you're not buying a license, you're buying a copy. This has several implications. The first is that you don't necessarily have the right to duplicate it onto your portable player, you car mp3 player, etc. Although most people suspect that the courts would rule this to be fair use, this has never been established. If the music were licensed, it would say specifically whether or not this were allowed and would most likely have to allow it to get consumers to buy it. The second is that you don't have to destroy copies upon transfer of ownership. So when you sell your mp3 player, you don't have to erase it. Or if you make a copy of something to discuss it in class (education and critical fair use) you aren't required to destroy it once you're done discussing it.
Now, what's been happening is that the media companies (RIAA, MPAA, BSA) don't like the second implication of this. So they tell people that they aren't buying a copy, but only a license. This is nonsense. You don't need a license to read a book you've bought and you don't need a license to play an mp3 you bought. If you went to the grocer and he told you he was selling you a license to eat an apple and then handed you an apple, you'd correctly assume that he was being silly and just consider yourself the owner of the apple. This is the same thing which is happening with digital music files. They may say "I'm selling you a license", but what they've actually given you is a copy. You own that copy. It's fixed on your hard-drive, which you own. They may in some cases argue that they can attach a license to that purchase to restrict what you can do with your copy, but they're selling you a copy, not a license.
The odd bit of this story that no one really seems to be reporting is that this medicine, although sold under the "homeopathic" provisions of FDA regulations (and thereby bypassing the normal approval process), is not a homeopathic medicine as the term is usually used.
If you go read the wikipedia entry on Homeopathy, you can see that the way homeopathic medicines are made involves taking a substance and then repeatedly diluting it with water, alcohol or sugar. Most homeopathic medicines are diluted repeatedly until the level of dilution is such that statistically, there is unlikely to even be a single molecule of the original substance remaining. Homeopaths consider higher levels of dilution to be more powerful. They generally believe that the water "remembers" the shape of the original substance.
The Zicam nasal spray is only diluted 100:1 (2X or 1C on homeopathic scales), meaning that it is within the range of normal dilutions used in preparing drugs for delivery, not diluted to a level used in homeopathic remedies. It's being governed by rules meant to only cover placebos, but at that concentration, it's not a placebo. It's a real drug which can have real side effects. If the rules have allowed this drug to come to market legally then those rules have a huge loophole and need to be fixed ASAP. But no one seems to be noting that.
These would not generally be mobile computers. Mostly they would be fixed in place in people's apartments or locations like that. But more to the point, you don't need optimality in your network routing. Optimality would be a nice feature, but unless the network is very heavily loaded, it is not necessary for the network to function.
Honestly, your argument applies just as well to any network which has cycles in its topology. As such, you might as well say "internet backbones are just a pipe dream" or "the highway system is just a pipe dream". Sure, finding the optimal path is NP hard, but you don't need the optimal path. You just need a good enough one.
The bigger problem in mesh networks is actually simply knowing what the topology is and who is connected so that you have any idea which path to take. In the network I've described, what would generally happen is that any packet sent would get broadcast almost everywhere. This is not efficient, but it will solve the problems.
Umm, generally, you shouldn't assume that any network is secure anyway. End-to-end security should generally be used. The security problems in this case stem more from a lack of software designed for this sort of circumstance.
As for whether or not it's worth it, I'm going to provide them with information about how to do it. They can decide for themselves whether or not it's worth it.
I realized though that my "easier to deploy without organization" network does have a flaw. The topology winds up being a strict tree, which then means that there will be no redundancy in case some of the links fail. Ideally, what should be done with this is to add some Client-Client nodes in places where there are overlapping network areas, but the two networks are not directly connected to each other.
That is to say that if you have two AP-Client nodes: freenet1 and freenet2 and freenet1's client talks to freenet2's AP, then there's little point adding a Client-Client node which talks to freenet1's AP and freenet2's AP because they're already pretty well connected and if either node went down, having them connected wouldn't help. But if there are three AP-Client nodes, freenet1, freenet2, and freenet3, and freenet2's client talks to freenet1's AP and freenet3's client also talks to freenet1's AP, then adding a Client-Client node which connects to freenet2's AP and freeenet3's AP would allow freenet2 and freenet3 to stay in communication even if freenet1 went down. If they are even more distant in terms of the network, then it's even more helpful.
I also didn't mention the 802.11s draft specification, which is an official 802.11 mesh networking proposal. Currently, though, few devices support it. The most well known is the OLPC. But there is apparently support for it in the Linux kernel, as well. In the future, 802.11s devices might be more widespread, but you probably don't have many of them currently. If you did have a bunch of them, it would be pretty trivial to use them to set up a network.
Having the will doesn't remove the need for organization. If 100 people each show up at one of 1,000 different places to protest, it's a lot easier to put them down than if 100,000 people show up at one place.
Unfortunately, setting up large-scale adhoc networks with 802.11b/g hardware is kind of difficult. What you'll want to look at is what's called "wireless mesh networking". Mesh networking is basically the peer-to-peer of networks. The difficulty with using 802.11b/g for mesh networking is that 802.11 standard doesn't really include any concept of a mesh. There are two types of devices: access points and clients. Access points cannot communicate with other access points. It is however, possible for clients to communicate with other clients by switching to ad hoc networking mode. So your options are thus:
1) get a lot of people with 802.11g-capable computers to switch into ad hoc networking mode. This will allow them to connect to each other if the density is high enough (that is if there are enough people close enough). Unfortunately, the range is on the small side, so, unfortunately, this may not work that well. Part of the problem is that clients often have a lower broadcast strength than access points.
2) set up a specifically designed mesh network. To do mesh networking in infrastructure mode, there are going to be four different types of nodes which can be used. 1) AP nodes 2) Client-Client nodes 3) AP-Client nodes 4) Client nodes
AP nodes:
An ordinary wireless access point can act as a hub node.
Client-Client nodes:
There have to be two radios for each client-client node. Both will act as clients to other networks. You'll either need one computer with two wireless cards or two computers which are connected together using some other means (or, if you happen to have an access point which can be switched to client mode (which very few can) then you could use that as a client). You can connect the two computers using an ethernet hub, ethernet cross-over cable, null modem cable, or possibly firewire (although I've never done that). The computers should each by set to bridging mode. Basically, each client will connect to a different access point and they'll then serve to connect the two access points to each-other, bridging the networks. Generally these should be on different frequencies. Although there may be some circumstances where the same frequency can be used.
AP-Client nodes:
There have to be two radios for each AP-client node. One will work as a client to another access point and one will act as an access point for other nodes. Generally, this will mean one computer and one access point connected together by ethernet, but there are a few other ways to do it. The computer should be set into some form of bridging mode which differs some based on operating system. The two radios will always use different frequencies unless there's a long cable-run between them (opposite sides of a building or some such).
Now, you need to figure out how to put this together. You need at least an initial group of people to help build the network. And then you'll lay out a basic topology. You'll plot out the nodes you have available on a graph and then try to connect them together. Client-Client nodes can connect to two nodes, either AP nodes or AP-Client nodes using infrastructure mode or to other Client-Client nodes in ad hoc mode. AP nodes can have multiple Client-Client or AP-Client nodes connected to them. AP nodes cannot connect to other AP nodes unless both AP nodes have wireless bridging modes (very rare) and you can get them to work (even rarer). AP-Client nodes can connect to one AP node (infrastructure) or one Client-Client node (ad hoc) and can have multiple AP-Client or Client-Client nodes connected to them The Client nodes can be used only as stepping stones in an ad hoc connection. I.e. if two client-client nodes want to connect, but are two far from each other, you can put a Client node in between in ad hoc mode and it'll help them connect. This can be done with a string of client nodes.
You'll want to draw all this out on a map, and possibly rearrange equipment as needed to fill in the gaps. You'll also need to decide frequencies so
As someone who has read the report (instead of just read articles which summarized it) I can definitively say that that report was, is, and always will be a load of crap.
First off, that report came from a marketing firm, not a serious research organization. Since when are marketing firms experts on lifetime costs.
Secondly, their estimates were that the bulk of the energy costs for each of these cars was in the cost of recycling and/or disposing of the cars. Specifically, for the Prius, a $20,000 car, they estimated that it would take over $100,000 worth of energy to recycle or dispose of it.
Right off, that doesn't pass the simple common-sense test. If it costs $100,000 to recycle or dispose of a Prius, then who is going to be paying that? For all of the cars on the road, they estimated that disposal and/or recycling would cost at least tens of thousands of dollars. Which is to say, if the report is to be believed, scrap yards are all operating at gargantuan loses, since, generally most of them will pay you for your car rather than charge you to haul it away.
My best guess as to the justification of their lunacy is that they're assuming that all of the plastics in a vehicle will be somehow incinerated at some huge temperature or something (rather than simply put in a landfill, which costs way less energy) and they've slipped a digit or two somewhere. But in the end, it's impossible to judge because although they claim to have some very specific break-downs which justify their numbers for each category of the life-cycle, those break-downs are only available if you spend several thousand dollars to purchase the complete version of the report from them.
You're the one who brought up C, not me. I'm not sure why you thought I said "all languages as old as or older than C lack garbage collection" because I didn't say that. I was making general statements about languages based on age, and I think that should be obvious. Any time one talks about "older languages" or "newer languages" one is generalizing. It was intentional that I didn't use words like "all" and "every".
If you look at languages over 40 years old, you'll find that the clear majority of them do not have garbage collection. The majority of the oldest languages were special purpose languages written for particular machines which were one step above coding in assembly. Even later when we got more standardized languages most of those didn't have garbage collection either. COBOL, Fortran, Algol, SNOBOL, Pascal, BASIC, and a huge myriad of low-level machine specific languages have no garbage collection.
Only about 40 years ago did garbage collection start appearing with any non-trivial frequency as languages like Smalltalk and Prolog popped up. Most languages created in the last 20 years have garbage collection. As such, I stand by my generalization.
When computer programs need to keep track of information, they store it in the computer's memory. The information they store is generally arranged into structures. In object-oriented languages like Java, these structures are called objects. Every object has to have its own place in memory, called an address. Two different objects cannot use the same space in memory at the same time. When a program has a new object that it needs to create, it has to know where to put it. To do this, it uses a system which allocates some memory for it. When the program is done with the object, it should be deallocated so that the same memory can later be used for a different object. If objects are not deallocated when they are done being used, then the program will grow to take up more and more memory over time until the computer runs out of memory. This is called a memory leak.
There are two main scheme for deallocating an object's memory once the program is done with it. Older programming languages use explicit memory deallocation, meaning that when the program is done with an object, it says so. This can unfortunately be somewhat problematic. If a program forgets to say that it's done with an object, then that object never gets deallocated and the program leaks memory. If the program says that it's done with an object when some other part of the program is still using the object, then a new object of a different type might be written over the old object but because the other part of the program doesn't know this has happened, all sorts of odd problems can occur.
To solve this many newer languages including Java use a technique called garbage collection. In a garbage collecting language, the program does not explicitly say when it is done with an object. Instead the garbage collection system examines the cross-references between different objects to determine whether or not it is still possible for the program to use a particular object. If using it is impossible, then the system will deallocate it. In most systems, the garbage collection doesn't run continually swooping up every new bit of space the moment it becomes available, but instead just runs periodically clearing out anything which has become unusable since the last time it ran.
Well, maybe there's someone with a shotgun standing behind his chair requiring him to put the ads there. This way, he'll still put the ad in, but people won't have to see it if they've downloaded a Firefox plugin. Unless, of course, the guy with the shotgun knows about the tag too. Then we'll need another newer tag.
The parent post is precisely on target. The grandparent post is mostly accurate (I'm not sure I'd use the word porn for this case, but otherwise on target), but irrelevant. Also, saying that "It's not Muppets" is silly because clearly the Muppets have performed the song. Generally speaking, the Muppet players mostly performed songs written by others (including "Rainbow Connection"). Only a few of the songs they did were written by Muppet writers.
In this video, Lessig included an Anime Music Video which used the version of Mah Na Mah Na (or Mahna Mahna, if you prefer) which was recorded by the Muppets for The Muppet Show. It did not use any other version of Mah Na Mah Na. The rights to the recording are quite certainly owned by Disney. Copyright in a recording is entirely separate from copyright in a musical composition. If someone else owns the music rights (which they likely do), that's irrelevant to this question. They would C&D The Muppet Show (or Disney in this case), not Lessig.
1) The Muppet Show is owned by Disney at this point, not Warner Music (see note later)
2) As other commenters have pointed out, there is no bright line test for what constitutes fair use (like 10% or 30 seconds)
3) You're an idiot to lecture Larry Lessig on the boundaries of fair use. He helped write the copyright law and knows as much about it as pretty well anyone in the country.
Beyond that, I'm still trying to figure out what Warner Music objected to. I've gotten through the portion of the video with all the remix examples, and I haven't seen anything which Warner has its hands in. Here's content I've seen:
Danger Mouse - The Grey Album (Jay-Z's The Black Album (Universal) + The Beatles' The White Album (EMI))
DJ Mystik - Inspector Gadget Techno remix (no idea what record label. Maybe it was one of Warner's imprints, but I can't find any information about the release at all)
The Muppets - Mah Na Mah Na (Disney)
Endless Love (Universal)
DJ Unk - 2 Step (Universal)
Soldja Boy (Universal)
Girl Talk (IllegalArt)
will.i.am's Yes We Can (not released by a label)
And that's all I have heard. So, the DJ Mystik one is the one which is even possible, and frankly that seems a little unlikely. Especially since of the listed songs, it was one of the shorter clips.
Now, if it was Time Warner in general, they own CNN and could be laying claim to some of the video clips which are used in the mash-ups. But for Warner records in particular (which is what Lessig says), then unless they released that Inspector Gadget remix (which I doubt), then I don't see how they have a dog in the fight.
All that said, my going theory is that the song they are laying claim to is Mah Na Mah Na. This song has been released by Warner at least once: specifically by Rhino on "The Muppet Show: Music, Mayhem and More (2002)". I am certain that Disney only licensed that release and didn't sell Warner the copyright. I suspect that they stuck that song into their database because they have released it on CD without checking whether or not they actually own the rights to the original audio recording.
Being that they aren't even the actual holder of the copyright and they have claimed to be under penalty of perjury, they're going to lose this one really badly.
That's my best guess, anyway.
The poster was asking about the "white-space" which is the space between television channels. The FCC has recently approved its use without a license. This is not the same thing as the 700Mhz band.
Your confusion is probably because the original poster described the space as "soon to be vacated" which is not an accurate way to describe the white-space. 700Mhz will be vacated soon, but must be licensed. White-space is already vacant and won't need to be licensed.
Umm, it's not an infrastructure problem. Generally, they're connecting a direct line to the customer's house (cable or telephone) into a local hub. The local hubs are then connected back to the main office using fiberoptic cables. The fiber has more than enough bandwidth to handle all the users in a neighborhood. The bottleneck comes at the next level where they have to pay for an internet connection. It's at that point that they're oversubscribed because they're buying something like a 100Mb/s connection to service 300 3 Mb/s connections. In most cases, an upgrade to their total bandwidth would just require calling their ISP and telling them that they want to buy more. So, it's not an infrastructure problem, it's just a matter of keeping their bandwidth costs down. We're talking about monthly operating costs here, not build-out.
I like TigerDirect, but I only shop with them in-person, not on-line. In person I can see precisely what I'm getting and know that I can return it without much hassle if it has a problem. I wouldn't recommend it for casual computer users, but for people who know what they need, their stores are good places to buy computer components without spending a fortune because they charge the same price in person as they do on-line.
From the picture, it's not clear that they made the towers high enough to be clear of the tree-line. As a result, they're probably not even capturing the strongest wind available in that area.
The article is actually talking about why, in some circumstances, people don't act selfishly when the models would predict that they would. So your explanation really is completely irrelevant to the actual article.
The DLC in Burnout Paradise has all been new additions. They've also added some substantial new content in free updates over the year and a half or so since the game was first released. EA definitely gets props from me for doing it right on that one.