For me, college coursework -- especially computer science coursework -- was mostly a breeze, an overview and introduction to the material. What made it worthwhile was the time spent digging deeper than the classes -- independent study in the truest sense of the word. College creates the environment where that kind of self-directed, self-motivated learning is possible. The Internet facilitates the flowering of a new Invisible College beyond the conventional campus.
Anti-intellectual sentiment is so prevalent in the zeitgeist of much of America, the Middle East and central Asia, it's no surprise some geeks are picking it up. Anti-college sentiment specifically, on the other hand, likely arises from the large number of graduates -- even those with master-level degrees -- that are unable to "hit the ground running" in a work environment, or even require refresher courses on basic algorithms and data structures such as breadth-first search with associated queues.
I really do wish they'd get around to implementing the Retargetable bit on assembly references though. In my opinion, it's the best way to support end-user replacement of LGPL components -- all dependencies of a signed assembly have to be signed as well, but if a dependency is Retargetable it permits any signature, not just the original one -- they can swap in their own component without a problem and you still don't have to give them your signing key.
It's also the best way to indicate that code is agnostic to the underlying CLR implementation -- make the mscorlib, System, etc. references Retargetable and it will bind to alternate implementations that don't use the same BCL signing keys, such as Compact Framework.
No, the worst of it is vertical-market software vendors that start from the assumption that competent IT help will not be available and therefore build software that won't run without write privileges to the entire drive (including the root of the system drive, because it poos temp files there), includes a kernel-mode printer driver that breaks on anything newer than XP just to render TIFFs for faxing, requires a separate login dialog in spite of also requiring a domain, and in spite of being MSI-based, lacks any working silent-install capabilities so the only way to automate rolling it out is sending mouse events to the setup, and count on the utter lack of data portability to keep you locked in to their miserable product.
1. How does he know there's no bug in his copy protection code that does not inadvertently trigger for legitimate users under ANY circumstance
According to the article, the error message includes the user's Steam account number, which can be used to distinguish any cases in which the user actually paid for a license but is still getting rejected by the copy-protection check.
2. How does he know the people "pirating" haven't paid for a legit copy and decided to get around all the BS restrictions by using a crack anyway.
If all the serial numbers have been metaphorically filed off, then the Steam account number referenced is probably nonexistent anyway, so who are they really accusing of piracy? If someone's using a crack to work around restrictions, then this is just one more restriction to work around.
Wait, what? At its core, ASP.Net is a CGI-like interface as well -- it's just that there are so many boatloads of extra library code and UI-designer toys piled on top that a lot of programmers never realize what they're dealing with. In some sense, this is a variation of what played out in the Java world: the Java Servlets spec provided a simple CGI-like interface, then boatloads of extra libraries got piled on top, except on the Java side most of those libraries were third-party. Either way, though, you end up pretty far away from the CGI.
The CRC class of hash functions actually makes certain statistical guarantees for the longest run of possible errant bytes in source data and are extremely faster, making them far more suitable for file integrity checks.
CRC is great for packet-sized input, but not so great over larger chunks of data; also, the way its design targets burst errors means that widely separated point errors aren't as effectively caught. There's a reason Ethernet jumbo frames haven't gone much over 9000 bytes -- Ethernet's CRC-32 is much less effective at message sizes over 12000 bytes or so. Cryptographically strong hashes tend to be less sensitive to input length.
Does this include cussing at a machine that's physically obnoxious to work on, such as one with a case full of razor-sharp edges or one that you have to pull all the cables off the motherboard to change out a card because it's so cramped inside, or with screws in fiddly places that you inevitably end up dropping in such a way that they roll into a tight corner and are nearly impossible to get out? No, I'm not bitter.:-)
"Slashdot Overload" mode was the bane of v1. It was possible for some comments to become unreachable unless you read in linear mode.
That said, I'd prefer to just be given the entire thread^H^H^H^H^H^Hmountain of comments as one page by default, with no paging, clicking, or load-as-you-scroll shenanigans!
Maybe so, but dopamine is a very behaviorally significant neurotransmitter, and the gene in question codes for a dopamine receptor, and that specific receptor has well-studied effects on behavior (especially addictive behavior). The link to politics is a new one on me, though.
A broken dopamine receptor D4 (the same gene TFA is about) also has a tendency to make one less vulnerable to addiction, and especially stress addiction. For an example of how painful a runaway stress-driven dopamine feedback loop can be, look no further than Dilbert.
So you are upset that KDE is not a copy of basically Windows XP/MacOS/Solaris/every other GUI?
How far we have come. When I started using linux, the complaint was that KDE was "just" a badly implemented copy of windows.
Is there something wrong with the Common User Access interaction design lineage? The very reason the document was put forth was to reduce user ramp-up time learning a new product.
WordPerfect 5, on the other hand, was a shining example of how to confuse the hell out of a new user by not working remotely like anything else out there. I used it for quite some time, even wrote applications with its macro language, and still couldn't get by without a key binding cheat sheet.
On the other hand, you could actually see begin and end tags in its Reveal Codes mode, and if you were willing to sink enough time and brain cells into it, it was wickedly powerful, so in some sense they were optimizing for the dedicated power user at the expense of the casual user.
On the gripping hand, for ~500 USD in the early nineties, perhaps they were right to expect a highly dedicated power user.
1. A write-once serial number doesn't prevent an attacker obtaining a brand-new, unimprinted device and cloning the original device's serial number. Which cells in a block of flash memory fail early is entirely a physical process issue, and falls in the general category of intrinsic physical unclonable functions. The entire point of a PUF is that it can't be duplicated; by definition, this means it can't be backed up, customized, or otherwise controlled, only observed.
2. Using flash memory's bad bits as an IPUF is indeed tied to the technology, but there's no reason an explicit PUF can't be integrated into device design. Yes, these will vary as hardware technology changes, but the principle remains. A hard disk analogue might be reading the remapped-blocks table in a drive's integrated controller -- bad sectors are not generally in the same place on multiple units of the same model.
3. Elimination of process variation can limit the number of bits of uniqueness obtainable from an IPUF but doesn't invalidate the basic technique. More blocks may have to be tested to destruction to uncover enough bits of physical variation, but part density is also increasing so perhaps this is a push. Disk manufacturing leading to correlated failures in disk arrays is indeed an unfortunate side effect of elimination of process variation, though; I guess we're well past the point of needing to configure arrays to tolerate double failure AND include a hot spare if they have to stay up 24/7.
... bouts of hysteria that Col. So-and-so forwarded to everyone's e-mail ("it must be true, the Colonel said it!")...
Oh my. So what you're saying is you actually had to cope with colonel panics?
*rimshot*
Hilarity aside, such messy environments are entirely unsurprising for a medical environment. Commercial medical-records software is even worse -- in my experience, much of it dies horribly unless every user has admin rights on every PC they use, typically because the software likes to poo random files everywhere, including such places as the root of the system drive.
Putting the taskbar on the left, as wide as the buttons normally are on the bottom, means you can actually see what the heck you've got going on when you have 20+ things open at a time. In that environment, though, what drives me bonkers are modal dialogs and message boxes that exclude themselves from the taskbar while leaving their owning window disabled, so you have to dig through the whole stupid Z-stack on every monitor to find what you did with it. Even worse, sometimes it winds up underneath a disabled window from the same app. (This isn't supposed to happen if the owner window is set correctly, but it still happens.)
Disclaimer: Three 4:3 monitors are required to make sense of that much going on!
I think the OP is talking about total cost of ownership here, not purchase price. TCO is all-inclusive, covering network bandwidth to make use of the space, backup and redundancy, paying someone to keep it running, electricity to keep it spinning, a share of a fileserver box to put it in, etc, etc.
I have no problem with PvP-oriented games, but don't try to portray it as also a PvE game, suitable for PvE people. That's simply fraud.
Bartle's paper calls it a Type 3 equilibrium. To be sustainable, though, there needs to be just enough PKer presence to get your pulse racing now and then, not so much that you can't go two steps out of town without getting demolished.
Ultimately, I believe a lack of gameplay depth drove the out-of-control level of griefing. UO experimented seemingly endlessly with new (and invariably shallow) mechanics to try to defuse the explosion of griefers, but never managed to come up with something that worked. The only real depth seemed to be -- ironically enough -- the clever loopholes in rules intended to impede griefing!
As a result, the early-stage equilibrium shifted solidly into PvP-centric Type 1 territory, since the only effective way to deal with griefers was to play equally hard, grind like mad, use mules to fund your combat characters, and stay in large, well-coordinated squads when outside of law zones.
Finally, in order to attempt to stem the bleeding, they created separate PvP and PvE worlds, essentially giving up on regaining Type 3 in exchange for being able to hold onto separate Type 1 and Type 2 playerbases.
Unfortunately, this is somewhat inferior because the PvP-centric Type 1 has high churn and the PvE-based but ultimately socialization-centric Type 2 is an unstable equilibrium, prone to sudden dramatic swings in player count.
Dunno about him, but aspirin is most certainly dangerous - go much past recommended dosage and you can kill your liver. If you do, it takes about a week to die.
You're probably thinking of paracetamol. Aspirin poisoning is more likely to fill your lungs with fluid than trash your liver.
I don't know about you but I was pondering for a while why would South Carolina care so much about Eclipse's SVN plugin (http://www.eclipse.org/subversive/)...
Possible answers to your inquiry, based on this being Slashdot:
It's the result of proprietary software interests lobbying against open source.
They don't want you to know the revision history behind some of these bills.
[U]ntil browsers change their behaviour when confronted by a self-signed cert they will never gain widespread acceptance and use with a non-technical crowd.
Agreed. I'd rather see more relaxed behavior: if the browser is presented a cert that does not connect to a known trust root but is otherwise valid, and either has never done https with the site before or has accepted the same cert in the past, accept it, retain it for future reference and continue with no warning -- but also don't show the "secure site" chrome such as padlock, colored address bar, etc. If the key changes, then go ahead and pop up a warning -- the key change is better evidence of a possible MitM attack than mere absence of a shared trust root.
Also, since there's already a precedent for variable chrome established by EV certificates, it might also make sense to have distinguishing chrome for the apparently-valid-but-no-trust-root case. Conveying the sense of "secured against passive snooping, but doesn't prove identity" with the chrome is left as an exercise to the usability specialists -- failing such a case, using the unsecured chrome is acceptable.
Slashdot Mirror
For me, college coursework -- especially computer science coursework -- was mostly a breeze, an overview and introduction to the material. What made it worthwhile was the time spent digging deeper than the classes -- independent study in the truest sense of the word. College creates the environment where that kind of self-directed, self-motivated learning is possible. The Internet facilitates the flowering of a new Invisible College beyond the conventional campus.
Anti-intellectual sentiment is so prevalent in the zeitgeist of much of America, the Middle East and central Asia, it's no surprise some geeks are picking it up. Anti-college sentiment specifically, on the other hand, likely arises from the large number of graduates -- even those with master-level degrees -- that are unable to "hit the ground running" in a work environment, or even require refresher courses on basic algorithms and data structures such as breadth-first search with associated queues.
I really do wish they'd get around to implementing the Retargetable bit on assembly references though. In my opinion, it's the best way to support end-user replacement of LGPL components -- all dependencies of a signed assembly have to be signed as well, but if a dependency is Retargetable it permits any signature, not just the original one -- they can swap in their own component without a problem and you still don't have to give them your signing key.
It's also the best way to indicate that code is agnostic to the underlying CLR implementation -- make the mscorlib, System, etc. references Retargetable and it will bind to alternate implementations that don't use the same BCL signing keys, such as Compact Framework.
No, the worst of it is vertical-market software vendors that start from the assumption that competent IT help will not be available and therefore build software that won't run without write privileges to the entire drive (including the root of the system drive, because it poos temp files there), includes a kernel-mode printer driver that breaks on anything newer than XP just to render TIFFs for faxing, requires a separate login dialog in spite of also requiring a domain, and in spite of being MSI-based, lacks any working silent-install capabilities so the only way to automate rolling it out is sending mouse events to the setup, and count on the utter lack of data portability to keep you locked in to their miserable product.
Sorry, just had to vent a little. :-)
1. How does he know there's no bug in his copy protection code that does not inadvertently trigger for legitimate users under ANY circumstance
According to the article, the error message includes the user's Steam account number, which can be used to distinguish any cases in which the user actually paid for a license but is still getting rejected by the copy-protection check.
2. How does he know the people "pirating" haven't paid for a legit copy and decided to get around all the BS restrictions by using a crack anyway.
If all the serial numbers have been metaphorically filed off, then the Steam account number referenced is probably nonexistent anyway, so who are they really accusing of piracy? If someone's using a crack to work around restrictions, then this is just one more restriction to work around.
Wait, what? At its core, ASP.Net is a CGI-like interface as well -- it's just that there are so many boatloads of extra library code and UI-designer toys piled on top that a lot of programmers never realize what they're dealing with. In some sense, this is a variation of what played out in the Java world: the Java Servlets spec provided a simple CGI-like interface, then boatloads of extra libraries got piled on top, except on the Java side most of those libraries were third-party. Either way, though, you end up pretty far away from the CGI.
Different hashes are for different purposes.
No argument there.
The CRC class of hash functions actually makes certain statistical guarantees for the longest run of possible errant bytes in source data and are extremely faster, making them far more suitable for file integrity checks.
CRC is great for packet-sized input, but not so great over larger chunks of data; also, the way its design targets burst errors means that widely separated point errors aren't as effectively caught. There's a reason Ethernet jumbo frames haven't gone much over 9000 bytes -- Ethernet's CRC-32 is much less effective at message sizes over 12000 bytes or so. Cryptographically strong hashes tend to be less sensitive to input length.
Does this include cussing at a machine that's physically obnoxious to work on, such as one with a case full of razor-sharp edges or one that you have to pull all the cables off the motherboard to change out a card because it's so cramped inside, or with screws in fiddly places that you inevitably end up dropping in such a way that they roll into a tight corner and are nearly impossible to get out? No, I'm not bitter. :-)
"Slashdot Overload" mode was the bane of v1. It was possible for some comments to become unreachable unless you read in linear mode.
That said, I'd prefer to just be given the entire thread^H^H^H^H^H^Hmountain of comments as one page by default, with no paging, clicking, or load-as-you-scroll shenanigans!
Come on people, give it a REST.
... and zero good taste, apparently.
No, it's a forensics bundle from Microsoft. No wonder it tastes awful. ;-)
Maybe so, but dopamine is a very behaviorally significant neurotransmitter, and the gene in question codes for a dopamine receptor, and that specific receptor has well-studied effects on behavior (especially addictive behavior). The link to politics is a new one on me, though.
A broken dopamine receptor D4 (the same gene TFA is about) also has a tendency to make one less vulnerable to addiction, and especially stress addiction. For an example of how painful a runaway stress-driven dopamine feedback loop can be, look no further than Dilbert.
So you are upset that KDE is not a copy of basically Windows XP/MacOS/Solaris/every other GUI?
How far we have come. When I started using linux, the complaint was that KDE was "just" a badly implemented copy of windows.
Is there something wrong with the Common User Access interaction design lineage? The very reason the document was put forth was to reduce user ramp-up time learning a new product.
WordPerfect 5, on the other hand, was a shining example of how to confuse the hell out of a new user by not working remotely like anything else out there. I used it for quite some time, even wrote applications with its macro language, and still couldn't get by without a key binding cheat sheet.
On the other hand, you could actually see begin and end tags in its Reveal Codes mode, and if you were willing to sink enough time and brain cells into it, it was wickedly powerful, so in some sense they were optimizing for the dedicated power user at the expense of the casual user.
On the gripping hand, for ~500 USD in the early nineties, perhaps they were right to expect a highly dedicated power user.
1. A write-once serial number doesn't prevent an attacker obtaining a brand-new, unimprinted device and cloning the original device's serial number. Which cells in a block of flash memory fail early is entirely a physical process issue, and falls in the general category of intrinsic physical unclonable functions. The entire point of a PUF is that it can't be duplicated; by definition, this means it can't be backed up, customized, or otherwise controlled, only observed.
2. Using flash memory's bad bits as an IPUF is indeed tied to the technology, but there's no reason an explicit PUF can't be integrated into device design. Yes, these will vary as hardware technology changes, but the principle remains. A hard disk analogue might be reading the remapped-blocks table in a drive's integrated controller -- bad sectors are not generally in the same place on multiple units of the same model.
3. Elimination of process variation can limit the number of bits of uniqueness obtainable from an IPUF but doesn't invalidate the basic technique. More blocks may have to be tested to destruction to uncover enough bits of physical variation, but part density is also increasing so perhaps this is a push. Disk manufacturing leading to correlated failures in disk arrays is indeed an unfortunate side effect of elimination of process variation, though; I guess we're well past the point of needing to configure arrays to tolerate double failure AND include a hot spare if they have to stay up 24/7.
Oh my. So what you're saying is you actually had to cope with colonel panics?
*rimshot*
Hilarity aside, such messy environments are entirely unsurprising for a medical environment. Commercial medical-records software is even worse -- in my experience, much of it dies horribly unless every user has admin rights on every PC they use, typically because the software likes to poo random files everywhere, including such places as the root of the system drive.
Fun with aspect ratios, in'nit?
Putting the taskbar on the left, as wide as the buttons normally are on the bottom, means you can actually see what the heck you've got going on when you have 20+ things open at a time. In that environment, though, what drives me bonkers are modal dialogs and message boxes that exclude themselves from the taskbar while leaving their owning window disabled, so you have to dig through the whole stupid Z-stack on every monitor to find what you did with it. Even worse, sometimes it winds up underneath a disabled window from the same app. (This isn't supposed to happen if the owner window is set correctly, but it still happens.)
Disclaimer: Three 4:3 monitors are required to make sense of that much going on!
I think the OP is talking about total cost of ownership here, not purchase price. TCO is all-inclusive, covering network bandwidth to make use of the space, backup and redundancy, paying someone to keep it running, electricity to keep it spinning, a share of a fileserver box to put it in, etc, etc.
Don't panic everyone, I speak jive..
|3\_/T d() j00 sp34k l33t?
It's not clear in what compounds the arsenic appears; if it's locked into a compound that doesn't metabolize, it's probably not a problem.
I think it largely ends up in the form of arsenic-substituted pyrrole compounds, which seem to undergo biomagnification as one proceeds up the food^H^H^H^Hmanagement chain -- there's no other way to explain some of the rather toxic mismanagement messes generated by large companies.
I have no problem with PvP-oriented games, but don't try to portray it as also a PvE game, suitable for PvE people. That's simply fraud.
Bartle's paper calls it a Type 3 equilibrium. To be sustainable, though, there needs to be just enough PKer presence to get your pulse racing now and then, not so much that you can't go two steps out of town without getting demolished.
Ultimately, I believe a lack of gameplay depth drove the out-of-control level of griefing. UO experimented seemingly endlessly with new (and invariably shallow) mechanics to try to defuse the explosion of griefers, but never managed to come up with something that worked. The only real depth seemed to be -- ironically enough -- the clever loopholes in rules intended to impede griefing!
As a result, the early-stage equilibrium shifted solidly into PvP-centric Type 1 territory, since the only effective way to deal with griefers was to play equally hard, grind like mad, use mules to fund your combat characters, and stay in large, well-coordinated squads when outside of law zones.
Finally, in order to attempt to stem the bleeding, they created separate PvP and PvE worlds, essentially giving up on regaining Type 3 in exchange for being able to hold onto separate Type 1 and Type 2 playerbases. Unfortunately, this is somewhat inferior because the PvP-centric Type 1 has high churn and the PvE-based but ultimately socialization-centric Type 2 is an unstable equilibrium, prone to sudden dramatic swings in player count.
Dunno about him, but aspirin is most certainly dangerous - go much past recommended dosage and you can kill your liver. If you do, it takes about a week to die.
You're probably thinking of paracetamol. Aspirin poisoning is more likely to fill your lungs with fluid than trash your liver.
Have a look at Perspectives: an approach to detecting MITM attacks by comparing the keys visible from other vantage points on the net.
I don't know about you but I was pondering for a while why would South Carolina care so much about Eclipse's SVN plugin (http://www.eclipse.org/subversive/)...
Possible answers to your inquiry, based on this being Slashdot:
[U]ntil browsers change their behaviour when confronted by a self-signed cert they will never gain widespread acceptance and use with a non-technical crowd.
Agreed. I'd rather see more relaxed behavior: if the browser is presented a cert that does not connect to a known trust root but is otherwise valid, and either has never done https with the site before or has accepted the same cert in the past, accept it, retain it for future reference and continue with no warning -- but also don't show the "secure site" chrome such as padlock, colored address bar, etc. If the key changes, then go ahead and pop up a warning -- the key change is better evidence of a possible MitM attack than mere absence of a shared trust root.
Also, since there's already a precedent for variable chrome established by EV certificates, it might also make sense to have distinguishing chrome for the apparently-valid-but-no-trust-root case. Conveying the sense of "secured against passive snooping, but doesn't prove identity" with the chrome is left as an exercise to the usability specialists -- failing such a case, using the unsecured chrome is acceptable.