There is a crap-ton of evidence placing quasars at cosmological distances. Arp's idea is one of the DISCARDED ideas about what quasars are for really good reasons.
Starting with - why are there no BLUE shifted quasars? If they are ejected from galaxies, we should should see ones coming at us as well as receding from us.
We have images of gravitationally lensed quasars while necessarily places them FURTHER AWAY than the galaxies acting as lenses. We've even witnessed time delayed changes in the multiple images from those lenses.
We have pictures of some of the galaxies quasars are embedded in - which have the SAME redshift as the associated quasar! Quite the coincidence that, eh?
We can measure adsorption lines in their spectrums from intervening clouds of gas. Again, allowing us to place minimum distances on the quasars since they MUST be further away than the clouds of gas.
We can measure all kinds of properties - and they all agree: Quasars are at cosmological distances.
Technical Q&A QA1779 Reducing Download Size for iOS App Updates
Q: How can I reduce the downloaded size of my app update for users that already have the previous version installed?
A: This document is specific to app updates. See Technical Q&A QA1795: Reducing the size of my App for a collection of techniques to reduce the size of an app when it is downloaded and installed for the first time.
Starting with iOS 6, the app store will automatically produce an update package for all new versions of apps submitted to the store. When generating the update package, the app store compares one or more prior versions of your app to the new version and creates an optimized package for each that contains only the content that has changed between versions of your app, excluding any content that did not change. This comparison looks at everything in the application bundle, including the application executable, nibs, localizations, image files, video files, audio files, text files, and files containing data in a custom format.
Note: The ability to create update packages is not currently available to developers who do not distribute their apps through the app store, such as those distributing enterprise apps. When used optimally, an update package is significantly smaller to download than the full package of the app and the update will install more quickly. Also, in many cases, this mechanism allows updates to large apps to be downloadable over cellular networks where app downloads are subject to a size limit.
In addition to new content, the update package contains instructions on how to transform the prior version of the app into the new version of the app. New files will be added, modified files will be replaced with their updated counterpart, and deleted files will be removed as part of this transformation. As far as the developer and user are concerned, this process is entirely transparent and the resulting updated app will be indistinguishable from a full download of the corresponding updated version of their app.
To optimize the size of your app updates, you should consider two tips:
Do not make unnecessary modifications to files. Compare the contents of the prior and new versions of your app with diff or another directory comparison tool and verify that you've only changed what you expect within your app bundle. Content that you expect to change in an update should be stored in separate files from content that you don't expect to change. This reduces the size of the update package and increases its install speed. For devices running iOS 6.x and iOS 7.0, the update package will include any file, in its entirety, that has changed in the new version of the app. For example, if you have a 10 MB file in your app and only change 1 KB of content within that file in the new version of the app, the update package for that new version will contain the full 10 MB file.
For devices running iOS 7.1 and later, the update package may include only the differences between the old and new versions of a changed file instead of the full file. This may significantly reduce the size of the update package in the case where only a small part of a large file changes, but will increase the update's installation time on the device. For this reason, the two tips above are still important even for updates on iOS 7.1 and later. Minimizing changed content and localizing it to many smaller files instead of one larger monolithic file will reduce the download size in all cases and will speed up installation on devices running iOS 7.1 and later.
Being transgender is not considered a mental illness. Nor is does being diagnosed as transgender result in a 'nearly automatic' diagnosis of schizophrenia. There is an _increased rate_ of schizophrenia among transgender people. But it still remains uncommon - less than 1 to 5% of transgender people are _also_ diagnosed as schizophrenic.
Answers to Your Questions About Transgender People, Gender Identity and Gender Expression from the American Psychological Association
A psychological state is considered a mental disorder only if it causes significant distress or disability. Many transgender people do not experience their gender as distressing or disabling, which implies that identifying as transgender does not constitute a mental disorder. For these individuals, the significant problem is finding affordable resources, such as counseling, hormone therapy, medical procedures and the social support necessary to freely express their gender identity and minimize discrimination. Many other obstacles may lead to distress, including a lack of acceptance within society, direct or indirect experiences with discrimination, or assault. These experiences may lead many transgender people to suffer with anxiety, depression or related disorders at higher rates than nontransgender persons. According to the Diagnostic and Statistical Manual of Mental Disorders (DSM-5), people who experience intense, persistent gender incongruence can be given the diagnosis of "gender dysphoria." Some contend that the diagnosis inappropriately pathologizes gender noncongruence and should be eliminated. Others argue that it is essential to retain the diagnosis to ensure access to care. The International Classification of Diseases (ICD) is under revision and there may be changes to its current classification of intense persistent gender incongruence as "gender identity disorder."
Domain Registry of America has made a business out of sending deceptive letters to domain owners using other registrars asking them to "renew" their domain registration with DRA. The letters are cleverly written to make it unobvious so that people who think they are just renewing their domain actually have their domain registry transfered from their current registrar to DRA.
Those papers have been out all of four days. I would would wait a few days before proclaiming them rock solid disproof of firewalls. Even Motls admits that they are making a few assumptions that are themselves subject to debate.;)
1) Climate change has always been more used than global warming in the actual literature. A fact easily confirmed by checking the Google Ngram Viewer
2) You can thank Republican Party strategist Frank Luntz for popularizing climate change over global warming in the mass media. The Republicans got behind climate change vs global warming specifically to convince the public that it wasn't a serious issue. So your 'honesty' argument backfires: It was the Republican Party that wanted 'climate change' to be the popular term so people wouldn't take it seriously.
Really - did anyone in Washington bother to think about the fact that by repeatedly demonstrating to terrorists how easy it was to use 'remote-controlled model planes packed with explosives' to cheaply kill people that you otherwise couldn't easily reach ("Drone Strikes") that the terrorists wouldn't eventually try variations on the same idea themselves?
I think MS may have revised the tech note after ZDNet wrote their story. It was offline for a little while after the story came out, and then came back again.
Yep. This is Google explaining to Apple that they aren't the only one with patents. The monster patent portfolios of all the big players have exist in part to deter other large players from launching patent wars. It is a form of 'Mutually Assured Destruction'. Apple went nuclear starting a couple of years ago. Google (and other large players) are now launching their counter-strikes to demonstrate to Apple why it is a bad idea.
If Apple has any sense (more likely now that Steve Jobs is gone) they will begin quietly trying to wind down the patent wars.
A "small" DDOS attack is more than enough to down an unprotected machine. I experimented with less intensive approaches *first*. If I limitted the number of Apache connections they would run up the number of open connections until the server quit responding. If I let the number processes grow, they would keep adding connections until the machine ran out of memory to support additional connections. With a pool of more than 30K potentially attacking machines it takes an *incredible* amount of resources to just 'ride it out'.
You run into multiple limits: How many simultaneous TCP connections can your system handle? How much memory does it take per connection? How much CPU does it take to context switch between thousands of connections?
It was a simple yet very effective attack. If you didn't have a good sysadmin who *could* erect an intensive defense your choices would be
This assumes they are just trying to flood the httpd with requests, because doing so requires less resources on their part, and generally only harms the target box and not the isp hosting it. If you block an attack like this, you run the risk that the attacker will switch tactics and start simply flooding your line.
True, they *could* have escalated it to a packet flood (and oddly enough naively dropping the TCP packets actually initially converted the HTTP Flood into a SYN flood - which didn't pose much of a problem for me at the rates they were running).
But it is much more resource intensive for the attacker and they are optimising return on investment. They can waste time dedicating their botnet to packet flooding a minor site with no financial payoff even if they succeed in bringing it down, or they can move on to easier targets where they can continue to 'time share' the botnet traffic among multiple targets.
It really is the 'why have locks on your doors and windows when the thief could kick them in' argument. Sure - he *could*. Or he could move down the street to the house that left their bathroom window open when they went to work.
Rate limiting IP addresses doesn't work when they are only hitting from any specific source IP address a few dozen times per hour. They bury you by having tens of thousands of different machines all hitting you independantly. You can be getting hundreds of requests per second and never trigger the rate limitting.
The essence comes down to two things. Neither is particularly complicated in principle, although getting it right can be a bit fiddly.
1) Detect attacking IPs.
HTTP Flood DDOS bots aren't (at least not yet) smart enough to look and behave EXACTLY like people using web browsers. They do wierd things like load web pages repeatedly while never loading images/running javascript/loading CSS stylesheets. They make sequential requests from the same IP address - but with different user agents. They might load a web page that uses cookies - but never return the cookies that are set. Or they might return a cookie - but from a different source address or with a different user agent. They might send user agents that haven't been in widespread use in half a decade. They might not set the 'referer' header, or some other header that a browser DOES set correctly. They probably don't follow HTTP redirects. What you are looking for is any behavior that distinguishes the good traffic and the bad traffic.
So I 'tailed' the web server log and analyzed it in one to ten minute chunks to detect abnormal accesses. All detected addresses were added to a persistent database of blacklisted addresses.
2) Add the detected attacking addresses to an efficient firewall.
A naive firewall blacklist might try to just put each addresses in one big long list. This doesn't scale well beyond a couple of hundred attacking addresses. On the older machine I had, I used a 'divide and conquer' approach: I created a few hundred filter chains based on a/n subnet division of the attacking ip addresses. I then wrote a set of rules that divided incoming traffic into those chains based on the/n they were a member of. That made the number of rules required to filter n attacking IP addresses scale as about O(log n). If I had had a more recent kernel I could have used a hashed map of addresses to take that down to O(1).
After that it became a slow game of cat and mouse. The attacker would alter his attack to try and slip by the detection, I would update the detection software to detect something else he wasn't getting perfect if he managed to by-pass the filters. After about two weeks they quit attacking the web server.
The largest issue I had really was that I was starting my defense from a 'standing start': I had to write all the needed scripts from scratch while the attack was still on going.
Having been the target of an HTTP-DDOS attack, I can tell you that manually blacklisting IP ranges is really ineffective. A DDOS botnet is comprised of thousands of machines that have been randomly infected by whatever vector the botnet operator used: Emails, web drive-by, etc. The result is that the source addresses are scattered widely with little relation between most participating addresses.
To defend against the attack, I wrote up an automatic firewall blacklisting program that detected and blocked each participating IP address individually in near-realtime. I was blocking more than 31,000 separate addresses before the DDOSers finally gave up trying to down the attacked website. Wierdly, there appears to have been no motive at all for the attack, yet they spent weeks attacking the target machine and actively trying to tune their attack to get past my filtering.
I use a system of rsync over ssh to do both onsite and offsite backups daily with a rotating system of hardlinked trees that give me seven days of daily backups, 5 weeks of weekly backups, 3 months of monthly backups, 6 months of quarterly backups and 1 year of semi-annual backups with each location doing both local backups and remote backups for the other site (which are 40 miles apart).
1) That report is a year old (July 2010). The current numbers are revealing.
2) Installed base is not the same as trend. There are more installed Windows XP systems in the world than Windows 7 systems. That doesn't mean XP is 'winning' the desktop OS.
1. That quote is just under a year old, was a random comment with no evidence that the poster was who they said they were, that they knew what they were talking about, and was talking about the winter in 2009 to boot.
2. It doesn't matter globally if it froze people's balls off in England: Local Weather STILL isn't Global Climate.
1. Even if the Sun were to enter a Grand Minimum it would only offset warming for a few decades. And when the minimum ended, all that warming would come rushing right back.
2. 2010 is on track to be the warmest year ever in modern history. Think about that. The Sun is in the deepest minimum in around a century, scarcely a sunspot to be seen and we are still breaking the all time record for warmth globally.
3. It may be cold in England. But it is way above normal in Greenland. What part of Global don't you understand? Local weather has little to nothing to do with global climate.
I had to Google her to find out what she has done. The only song I recognized was the Eminem song she was mixed into. That said, she is a decent singer who's 'Thank You' reminds me of BoA's Duvet.
Slashdot Mirror
There is a crap-ton of evidence placing quasars at cosmological distances. Arp's idea is one of the DISCARDED ideas about what quasars are for really good reasons.
Starting with - why are there no BLUE shifted quasars? If they are ejected from galaxies, we should should see ones coming at us as well as receding from us.
We have images of gravitationally lensed quasars while necessarily places them FURTHER AWAY than the galaxies acting as lenses. We've even witnessed time delayed changes in the multiple images from those lenses.
We have pictures of some of the galaxies quasars are embedded in - which have the SAME redshift as the associated quasar! Quite the coincidence that, eh?
We can measure adsorption lines in their spectrums from intervening clouds of gas. Again, allowing us to place minimum distances on the quasars since they MUST be further away than the clouds of gas.
We can measure all kinds of properties - and they all agree: Quasars are at cosmological distances.
It just proves that you can't simulate it the way they modeled it. One (of many) possible interpretation is that the _model_ is bad.
https://developer.apple.com/li...
Technical Q&A QA1779
Reducing Download Size for iOS App Updates
Q: How can I reduce the downloaded size of my app update for users that already have the previous version installed?
A: This document is specific to app updates. See Technical Q&A QA1795: Reducing the size of my App for a collection of techniques to reduce the size of an app when it is downloaded and installed for the first time.
Starting with iOS 6, the app store will automatically produce an update package for all new versions of apps submitted to the store. When generating the update package, the app store compares one or more prior versions of your app to the new version and creates an optimized package for each that contains only the content that has changed between versions of your app, excluding any content that did not change. This comparison looks at everything in the application bundle, including the application executable, nibs, localizations, image files, video files, audio files, text files, and files containing data in a custom format.
Note: The ability to create update packages is not currently available to developers who do not distribute their apps through the app store, such as those distributing enterprise apps.
When used optimally, an update package is significantly smaller to download than the full package of the app and the update will install more quickly. Also, in many cases, this mechanism allows updates to large apps to be downloadable over cellular networks where app downloads are subject to a size limit.
In addition to new content, the update package contains instructions on how to transform the prior version of the app into the new version of the app. New files will be added, modified files will be replaced with their updated counterpart, and deleted files will be removed as part of this transformation. As far as the developer and user are concerned, this process is entirely transparent and the resulting updated app will be indistinguishable from a full download of the corresponding updated version of their app.
To optimize the size of your app updates, you should consider two tips:
Do not make unnecessary modifications to files. Compare the contents of the prior and new versions of your app with diff or another directory comparison tool and verify that you've only changed what you expect within your app bundle.
Content that you expect to change in an update should be stored in separate files from content that you don't expect to change. This reduces the size of the update package and increases its install speed.
For devices running iOS 6.x and iOS 7.0, the update package will include any file, in its entirety, that has changed in the new version of the app. For example, if you have a 10 MB file in your app and only change 1 KB of content within that file in the new version of the app, the update package for that new version will contain the full 10 MB file.
For devices running iOS 7.1 and later, the update package may include only the differences between the old and new versions of a changed file instead of the full file. This may significantly reduce the size of the update package in the case where only a small part of a large file changes, but will increase the update's installation time on the device. For this reason, the two tips above are still important even for updates on iOS 7.1 and later. Minimizing changed content and localizing it to many smaller files instead of one larger monolithic file will reduce the download size in all cases and will speed up installation on devices running iOS 7.1 and later.
Being transgender is not considered a mental illness. Nor is does being diagnosed as transgender result in a 'nearly automatic' diagnosis of schizophrenia. There is an _increased rate_ of schizophrenia among transgender people. But it still remains uncommon - less than 1 to 5% of transgender people are _also_ diagnosed as schizophrenic.
Answers to Your Questions About Transgender People, Gender Identity and Gender Expression from the American Psychological Association
http://www.apa.org/topics/lgbt...
Is being transgender a mental disorder?
A psychological state is considered a mental disorder only if it causes significant distress or disability. Many transgender people do not experience their gender as distressing or disabling, which implies that identifying as transgender does not constitute a mental disorder. For these individuals, the significant problem is finding affordable resources, such as counseling, hormone therapy, medical procedures and the social support necessary to freely express their gender identity and minimize discrimination. Many other obstacles may lead to distress, including a lack of acceptance within society, direct or indirect experiences with discrimination, or assault. These experiences may lead many transgender people to suffer with anxiety, depression or related disorders at higher rates than nontransgender persons.
According to the Diagnostic and Statistical Manual of Mental Disorders (DSM-5), people who experience intense, persistent gender incongruence can be given the diagnosis of "gender dysphoria." Some contend that the diagnosis inappropriately pathologizes gender noncongruence and should be eliminated. Others argue that it is essential to retain the diagnosis to ensure access to care. The International Classification of Diseases (ICD) is under revision and there may be changes to its current classification of intense persistent gender incongruence as "gender identity disorder."
You wouldn't believe how slow it is to get even tiny patches to the source code deployed.
Domain Registry of America has made a business out of sending deceptive letters to domain owners using other registrars asking them to "renew" their domain registration with DRA. The letters are cleverly written to make it unobvious so that people who think they are just renewing their domain actually have their domain registry transfered from their current registrar to DRA.
Those papers have been out all of four days. I would would wait a few days before proclaiming them rock solid disproof of firewalls. Even Motls admits that they are making a few assumptions that are themselves subject to debate. ;)
Why would I trust them with anything else?
1) Climate change has always been more used than global warming in the actual literature. A fact easily confirmed by checking the Google Ngram Viewer
2) You can thank Republican Party strategist Frank Luntz for popularizing climate change over global warming in the mass media. The Republicans got behind climate change vs global warming specifically to convince the public that it wasn't a serious issue. So your 'honesty' argument backfires: It was the Republican Party that wanted 'climate change' to be the popular term so people wouldn't take it seriously.
Really - did anyone in Washington bother to think about the fact that by repeatedly demonstrating to terrorists how easy it was to use 'remote-controlled model planes packed with explosives' to cheaply kill people that you otherwise couldn't easily reach ("Drone Strikes") that the terrorists wouldn't eventually try variations on the same idea themselves?
Remember: Don't Blink
I think MS may have revised the tech note after ZDNet wrote their story. It was offline for a little while after the story came out, and then came back again.
Yep. This is Google explaining to Apple that they aren't the only one with patents. The monster patent portfolios of all the big players have exist in part to deter other large players from launching patent wars. It is a form of 'Mutually Assured Destruction'. Apple went nuclear starting a couple of years ago. Google (and other large players) are now launching their counter-strikes to demonstrate to Apple why it is a bad idea.
If Apple has any sense (more likely now that Steve Jobs is gone) they will begin quietly trying to wind down the patent wars.
A "small" DDOS attack is more than enough to down an unprotected machine. I experimented with less intensive approaches *first*. If I limitted the number of Apache connections they would run up the number of open connections until the server quit responding. If I let the number processes grow, they would keep adding connections until the machine ran out of memory to support additional connections. With a pool of more than 30K potentially attacking machines it takes an *incredible* amount of resources to just 'ride it out'.
You run into multiple limits: How many simultaneous TCP connections can your system handle? How much memory does it take per connection? How much CPU does it take to context switch between thousands of connections?
It was a simple yet very effective attack. If you didn't have a good sysadmin who *could* erect an intensive defense your choices would be
1) Let your site go down.
2) Pay a DDOS defense service to defend you.
This assumes they are just trying to flood the httpd with requests, because doing so requires less resources on their part, and generally only harms the target box and not the isp hosting it.
If you block an attack like this, you run the risk that the attacker will switch tactics and start simply flooding your line.
True, they *could* have escalated it to a packet flood (and oddly enough naively dropping the TCP packets actually initially converted the HTTP Flood into a SYN flood - which didn't pose much of a problem for me at the rates they were running).
But it is much more resource intensive for the attacker and they are optimising return on investment. They can waste time dedicating their botnet to packet flooding a minor site with no financial payoff even if they succeed in bringing it down, or they can move on to easier targets where they can continue to 'time share' the botnet traffic among multiple targets.
It really is the 'why have locks on your doors and windows when the thief could kick them in' argument. Sure - he *could*. Or he could move down the street to the house that left their bathroom window open when they went to work.
Yes - but they don't change web browsers with every sequential request. ;)
Rate limiting IP addresses doesn't work when they are only hitting from any specific source IP address a few dozen times per hour. They bury you by having tens of thousands of different machines all hitting you independantly. You can be getting hundreds of requests per second and never trigger the rate limitting.
The essence comes down to two things. Neither is particularly complicated in principle, although getting it right can be a bit fiddly.
1) Detect attacking IPs.
HTTP Flood DDOS bots aren't (at least not yet) smart enough to look and behave EXACTLY like people using web browsers. They do wierd things like load web pages repeatedly while never loading images/running javascript/loading CSS stylesheets. They make sequential requests from the same IP address - but with different user agents. They might load a web page that uses cookies - but never return the cookies that are set. Or they might return a cookie - but from a different source address or with a different user agent. They might send user agents that haven't been in widespread use in half a decade. They might not set the 'referer' header, or some other header that a browser DOES set correctly. They probably don't follow HTTP redirects. What you are looking for is any behavior that distinguishes the good traffic and the bad traffic.
So I 'tailed' the web server log and analyzed it in one to ten minute chunks to detect abnormal accesses. All detected addresses were added to a persistent database of blacklisted addresses.
2) Add the detected attacking addresses to an efficient firewall.
A naive firewall blacklist might try to just put each addresses in one big long list. This doesn't scale well beyond a couple of hundred attacking addresses. On the older machine I had, I used a 'divide and conquer' approach: I created a few hundred filter chains based on a /n subnet division of the attacking ip addresses. I then wrote a set of rules that divided incoming traffic into those chains based on the /n they were a member of. That made the number of rules required to filter n attacking IP addresses scale as about O(log n). If I had had a more recent kernel I could have used a hashed map of addresses to take that down to O(1).
After that it became a slow game of cat and mouse. The attacker would alter his attack to try and slip by the detection, I would update the detection software to detect something else he wasn't getting perfect if he managed to by-pass the filters. After about two weeks they quit attacking the web server.
The largest issue I had really was that I was starting my defense from a 'standing start': I had to write all the needed scripts from scratch while the attack was still on going.
Having been the target of an HTTP-DDOS attack, I can tell you that manually blacklisting IP ranges is really ineffective. A DDOS botnet is comprised of thousands of machines that have been randomly infected by whatever vector the botnet operator used: Emails, web drive-by, etc. The result is that the source addresses are scattered widely with little relation between most participating addresses.
To defend against the attack, I wrote up an automatic firewall blacklisting program that detected and blocked each participating IP address individually in near-realtime. I was blocking more than 31,000 separate addresses before the DDOSers finally gave up trying to down the attacked website. Wierdly, there appears to have been no motive at all for the attack, yet they spent weeks attacking the target machine and actively trying to tune their attack to get past my filtering.
I use a system of rsync over ssh to do both onsite and offsite backups daily with a rotating system of hardlinked trees that give me seven days of daily backups, 5 weeks of weekly backups, 3 months of monthly backups, 6 months of quarterly backups and 1 year of semi-annual backups with each location doing both local backups and remote backups for the other site (which are 40 miles apart).
1) That report is a year old (July 2010). The current numbers are revealing.
2) Installed base is not the same as trend. There are more installed Windows XP systems in the world than Windows 7 systems. That doesn't mean XP is 'winning' the desktop OS.
3) W3Techs shows CentOS's market share hit its peak at about 10 or 11% of web sites, not 30%. The 30% number was the fraction of Linux web servers, not all web servers.
4) Since about Oct. 2010 CentOS has lost market share (dropped to circa 9%).
5) Ubuntu is growing much faster than anyone else is.
1. That quote is just under a year old, was a random comment with no evidence that the poster was who they said they were, that they knew what they were talking about, and was talking about the winter in 2009 to boot.
2. It doesn't matter globally if it froze people's balls off in England: Local Weather STILL isn't Global Climate.
1. Even if the Sun were to enter a Grand Minimum it would only offset warming for a few decades. And when the minimum ended, all that warming would come rushing right back.
2. 2010 is on track to be the warmest year ever in modern history. Think about that. The Sun is in the deepest minimum in around a century, scarcely a sunspot to be seen and we are still breaking the all time record for warmth globally.
3. It may be cold in England. But it is way above normal in Greenland. What part of Global don't you understand? Local weather has little to nothing to do with global climate.
Not everyone follows the pop charts.
I had to Google her to find out what she has done. The only song I recognized was the Eminem song she was mixed into. That said, she is a decent singer who's 'Thank You' reminds me of BoA's Duvet.
Every computer technology eventually becomes a specialty item.
Usually not too long before it passes away into the land of completely obsolete and from there into the land of 'found only in museums'.