What are the consequences if somebody malicious does manage to register a misleading.bank domain name? What happens if a.bank or.safe site is hacked? Will they reimburse fraud victims and provide credit monitoring services, or just say, "oops"?
At 95% accuracy, people aren't jumping on the bandwagon. Wood's typing speed is about 60 wpm with 93% accuracy, so he found that using speech recognition was about twice as fast as typing.
That isn't really meaningful. When I make a typographical error, it's usually a single letter oission/dupplication/trasnposition, which 1) is easy to address with a spell-checker (or even auto-correct for teh more common typos) and 2) is unlikely to interfere with understanding of the result. When speech recognition software makes an error, it tends to replace one or more words with one or more different words. If you correct those errors as you go, you're going to be starting and stopping, and if you go back to fix them later, you can't just catch them with a spell checker.
A meaningful comparison would require looking at teh typeso f errors made whiel typing, and the types of let's set so double the killer delete select all.
In the past, chips were limited to a maximum voltage because of the risk of long-term damage at higher voltages. As a results, the voltage could be cranked up close to the maximum, providing high-frequency performance. Around 2004, however, OEMs started becoming concerned about cooling extremely high-power chips like Tejas, and the chip manufacturers had to start pushing the power consumption back down. Now, we have chips that could operate at higher frequencies if the power budget were higher. When you have multiple cores and some aren't running, that busy cores can be run at a higher frequency (and potentially voltage) without exceeding the overall power budget (which is what TFA says Intel is doing).
I was playing around with DEBUG.COM and ran "OUT 20, AX"...and now it's apparently dead. A lot of things don't seem to work - e.g. "mode 80,20". Even "dir c:" when the current drive is "a:" seems to hang. I wonder how complete the hardware emulation is. Can you run Windows 3.1 on this? How about programs that probe for a joystick?
I like JS. Taken together with canvas, you can do some pretty interesting things: some toys (including a 3d graphics engine) and some games (see if you can beat the Robots high score). I think this game is probably the most interesting (unfortunately I never got around to implementing the transportation logic, but it's still an amusing demonstration of what's possible).
I got into this originally because I spend a lot of time working on SeaMonkey (and sometimes Firefox / Thunderbird), which has huge amounts of JS. It's always fun to do things in languages which are clearly the wrong choice - like the JS raytracer.
I wrote this years ago (requires trunk Gecko, e.g. Firefox 3 or SeaMonkey 1.5)... somebody else also did a much better looking one years ago here. Granted, neither have very useful APIs...
Your explanation sounds like it could be reasonable for an asynchronous circuit but not for standard CMOS. Assuming that the processor is using a balanced clock tree, the clock signal should arrive at the two flops at the same instant, no matter what the propagation delay through the clock tree is.
I was talking about CMOS. As the other reply to your message points out, in the real world, the clock tree is never perfectly balanced.
Throughout this entire process, the clocks can be assumed to hit both of those flops simultaneously which is valid for a balanced clock tree.
Not necessarily. Even if we assume that the clock was perfect under normal operating conditions, you'll have temperature variations across the die and other effects (e.g. device variations) that add clock skew.
As the chip gets colder, the propagation delay through the datapath decreases until finally a hold time violation occurs. [snip] However, the hold time will eventually be violated as the propagation delay between registers shrinks with decreasing temperature no matter what the clock frequency is.
No. The hold time drops as the transistors that make up flops gets faster. If you assume a sense-amp style flip-flop, your hold time is probably determined by how long it takes after the clock pulse that the sensing nodes are isolated from the data input pins. The circuitry that does this isolation speeds up when the chip cools, reducing the hold time. You won't introduce a hold violation unless the datapath logic speeds up significantly relative to the devices making up the flip-flops.
Keep in mind that a hold time violation occurs when after a clock pulse, flip-flop A has launched its data while flip-flop B is still trying to record the data that was present on its input at the end of the previous cycle, but the new data from A arrives at B and corrupts the data. It's the same clock edge that is triggering A's launch and B's capture. The problem is worst when the clock arrives later at B than it arrives at A due to non-idealities. In order to exacerbate hold issues, the cooling would have to speed up the clock to A but not also speed up the clock to B. If both A and B get their clocks early, or they both get the clock late, everything is still OK.
In fact, if they were to run a supercooled chip at the nominal clock frequency, they would have hold time violations and the chip would not work. In other words, the data would propagate so quickly that it would corrupt the previous piece of data.
That's not necessarily true - it's only the case if the logic paths speed up more than the clock paths. You get a hold time violation if one flip flop launches its data, the data gets through the logic, and arrives at the capturing flip flop before (or too soon after) the clock signal has arrived at that flip flop. As long as everything speeds up by about the same amount, the clock will arrive at the receiving flop quickly, and the "hold time" of the receiving flop (how long after the clock arrives you have to keep data stable) will go down too. Chip manufacturers use HUGE safety margins when it comes to hold violations (partly to handle process improvements by the fab, and partly because if there is a hold failure you can't fix it just by changing the clock speed--you just built a paper weight or keychain).
If you actually look at the boarding pass generator, what it does really isn't complicated - you could do the same thing with one legitimate boarding pass, a typewriter, and a photocopier. That this is worthy of calling for someone's arrest is disturbing.
From TFA: Sanger (and others) believe this atmosphere alienates many academics and experts who find their contributions mangled, reverted, or trivialized by a clueless, faceless mob...
It's definitely frustrating to have technical edits reverted or messed up by someone who doesn't understand the subject matter as well as you do. There are many cases where there are just too many people who believe something with no evidence to keep it out of the article for long. Wikipedia is great for finding out what most people interested in a field think, but it's not always a good way to get facts or for more in-depth explanations and finding less well-known facts, especially when they're contradictory to "general knowledge".
In a CPU, when a node's value goes from 0->1 charge goes from the Vdd supply to various capacitances (gate capacitance, wire cap, a few other smaller sources) and then sits there. When the value goes 1->0, the capacitors discharge to ground. Flipping bits goes straight to heat (imagine taking water from the high side of a dam, putting it in a bucket, then later dumping it over the dam... you end up with heat).
I think the tools vs. edit is part of the official Firefox code. On Windows, they're assuming they're getting former IE users, whereas on Linux, former Netscape users.
Currently, we don't have our own trademark policy for SeaMonkey, so we're sticking to the Mozilla Trademark Policy as a general rule, and then granting exceptions upon request (to seamonkey-council at mozilla dot org). We may have to ask the Mozilla Foundation to go after Debian or other distros for us; I'm not yet sure what will happen there. As far as I know, SeaMonkey isn't even in Debian yet anyway.
We certainly don't want to make it harder to get SeaMonkey to wider audiences, but if we want to have the name mean something, we may legally have to. I don't think we can make Debian happy - even if we allow them use of the trademark, we can't just give blanket approval to all Debian derivatives, which makes it not free enough for Debian's ideals.
(The above is *NOT* an official statement from the SeaMonkey council in any way - I'm just saying what I think)
I am a SeaMonkey developer, and sometimes work on Gecko and occasionally Firefox. I spend a lot of time on IRC, and I've seen others complain. I personally haven't looked in detail at the distro patches, because when I tried to, I was overwhelmed by the number of changes they made.
No, as I understand it, the problem is really trademark-related. Debian has HUGE patches that are of questionable quality, and the Mozilla Corporation is worried people will assume the flaky browser shipped by Debian represents the quality of Firefox. If you've never looked at a distro's patch sets, you really should - it's frightening - MUCH more than just a few lines of code or build config changes to put libraries in specific places. That the logo is under a different copyright licenses is more of a side effect of the trademark issues: to make it clear that the trademark can't just be used willy-nilly, they put the logos containing the trademark under a different copyright license.
The reasons stem from Mozilla's recent insistence on trademark fidelity and its preferences regarding Firefox patches. Debian doesn't want to accept the original trademarked fox & globe logo; they don't see it as really 'free' to use. On the other hand, Mozilla doesn't want Firefox distributed under that name if it lacks the logo.
The problem with allowing the name and logo to be separated is that it damages the brand identity - people might wonder whether this "Firefox" with one logo is really the same as a "Firefox" with a different logo, or people might think the unofficial logo is the official one (which would clearly harm the brand - consider Firefox t-shirts and the logo).
Mozilla also wants Debian patches to be submitted to them before distribution, and claims that's what others (Red Hat and Novell) are already doing. But some believe development and releases will slow down if distribution-specific patches have to be checked and accepted first.
Both sides have a point. Often, problems that users encounter with "Firefox" in distributions turn out to be a result of the questionable downstream modifications the distro maintainers added. Do you really think Mozilla would be worried and spending their time on these kinds of issues if there wasn't a good chance that people would associate Mozilla Firefox with low quality due to distro modifications? If there was no risk of damaging the brand, it would certainly be better for everyone to use the same logo and name.
From the distro's point of view, of course it's annoying to have to get approval on all patch sets. However, there is generally a long time between releases anyway (especially Debian's releases;)), and so long as the distro's patch set doesn't change between security releases, no additional review is required (as I understand it) for the security updates, so this really shouldn't be a problem there.
We will surely see more clashes between copyright claims and 'really free' distros such as Debian. Ubuntu is also asking similar questions.
One irony of the situation is that Debian itself has the same problem with their branding: if you modify the distribution, you can't call it Debian any more. It's an unfortunate issue that if you want to have a useful (i.e. recognizable and trusted) brand, you can't allow people to ship their own derivatives of your product while using your branding.
Allowing users of your product complete freedom is a nice ideal, but it's not possible to do under the current laws unless you place no value on branding.
It's all about opportunity cost (the link is an interesting read even if you know what opportunity cost is)... as the article points out, if we're not giving money to rich middlemen, we might be instead spending it on MP3 players or video games. The money doesn't disappear from the economy just because it's not spent on movies.
XP provides methods to mark a file as coming from an untrusted source. Ever tried to run an executable downloaded through IE? You get a warning dialog. It's the AIM client's fault for not noting the source of the file in the alternate stream used for security info.
For those of you who aren't going to RTFA, basically you send a JS file with a unique ID and tell the browser to cache it... then any page that includes that JS script gets your unique ID... even if you disallow all cookies.
Slashdot Mirror
What are the consequences if somebody malicious does manage to register a misleading .bank domain name? What happens if a .bank or .safe site is hacked? Will they reimburse fraud victims and provide credit monitoring services, or just say, "oops"?
At 95% accuracy, people aren't jumping on the bandwagon. Wood's typing speed is about 60 wpm with 93% accuracy, so he found that using speech recognition was about twice as fast as typing.
That isn't really meaningful. When I make a typographical error, it's usually a single letter oission/dupplication/trasnposition, which 1) is easy to address with a spell-checker (or even auto-correct for teh more common typos) and 2) is unlikely to interfere with understanding of the result. When speech recognition software makes an error, it tends to replace one or more words with one or more different words. If you correct those errors as you go, you're going to be starting and stopping, and if you go back to fix them later, you can't just catch them with a spell checker.
A meaningful comparison would require looking at teh typeso f errors made whiel typing, and the types of let's set so double the killer delete select all.
In the past, chips were limited to a maximum voltage because of the risk of long-term damage at higher voltages. As a results, the voltage could be cranked up close to the maximum, providing high-frequency performance. Around 2004, however, OEMs started becoming concerned about cooling extremely high-power chips like Tejas, and the chip manufacturers had to start pushing the power consumption back down. Now, we have chips that could operate at higher frequencies if the power budget were higher. When you have multiple cores and some aren't running, that busy cores can be run at a higher frequency (and potentially voltage) without exceeding the overall power budget (which is what TFA says Intel is doing).
I was playing around with DEBUG.COM and ran "OUT 20, AX"...and now it's apparently dead. A lot of things don't seem to work - e.g. "mode 80,20". Even "dir c:" when the current drive is "a:" seems to hang. I wonder how complete the hardware emulation is. Can you run Windows 3.1 on this? How about programs that probe for a joystick?
...here (apps sometimes fail to launch the first time)
I like JS. Taken together with canvas, you can do some pretty interesting things: some toys (including a 3d graphics engine) and some games (see if you can beat the Robots high score). I think this game is probably the most interesting (unfortunately I never got around to implementing the transportation logic, but it's still an amusing demonstration of what's possible).
I got into this originally because I spend a lot of time working on SeaMonkey (and sometimes Firefox / Thunderbird), which has huge amounts of JS. It's always fun to do things in languages which are clearly the wrong choice - like the JS raytracer.
I wrote this years ago (requires trunk Gecko, e.g. Firefox 3 or SeaMonkey 1.5)... somebody else also did a much better looking one years ago here. Granted, neither have very useful APIs...
The manufacturer of the camera should be sued for not including warning labels telling teenagers not to photograph themselves!
Your explanation sounds like it could be reasonable for an asynchronous circuit but not for standard CMOS. Assuming that the processor is using a balanced clock tree, the clock signal should arrive at the two flops at the same instant, no matter what the propagation delay through the clock tree is.
I was talking about CMOS. As the other reply to your message points out, in the real world, the clock tree is never perfectly balanced.
Throughout this entire process, the clocks can be assumed to hit both of those flops simultaneously which is valid for a balanced clock tree.
Not necessarily. Even if we assume that the clock was perfect under normal operating conditions, you'll have temperature variations across the die and other effects (e.g. device variations) that add clock skew.
As the chip gets colder, the propagation delay through the datapath decreases until finally a hold time violation occurs. [snip] However, the hold time will eventually be violated as the propagation delay between registers shrinks with decreasing temperature no matter what the clock frequency is.
No. The hold time drops as the transistors that make up flops gets faster. If you assume a sense-amp style flip-flop, your hold time is probably determined by how long it takes after the clock pulse that the sensing nodes are isolated from the data input pins. The circuitry that does this isolation speeds up when the chip cools, reducing the hold time. You won't introduce a hold violation unless the datapath logic speeds up significantly relative to the devices making up the flip-flops.
Keep in mind that a hold time violation occurs when after a clock pulse, flip-flop A has launched its data while flip-flop B is still trying to record the data that was present on its input at the end of the previous cycle, but the new data from A arrives at B and corrupts the data. It's the same clock edge that is triggering A's launch and B's capture. The problem is worst when the clock arrives later at B than it arrives at A due to non-idealities. In order to exacerbate hold issues, the cooling would have to speed up the clock to A but not also speed up the clock to B. If both A and B get their clocks early, or they both get the clock late, everything is still OK.
In fact, if they were to run a supercooled chip at the nominal clock frequency, they would have hold time violations and the chip would not work. In other words, the data would propagate so quickly that it would corrupt the previous piece of data.
That's not necessarily true - it's only the case if the logic paths speed up more than the clock paths. You get a hold time violation if one flip flop launches its data, the data gets through the logic, and arrives at the capturing flip flop before (or too soon after) the clock signal has arrived at that flip flop. As long as everything speeds up by about the same amount, the clock will arrive at the receiving flop quickly, and the "hold time" of the receiving flop (how long after the clock arrives you have to keep data stable) will go down too. Chip manufacturers use HUGE safety margins when it comes to hold violations (partly to handle process improvements by the fab, and partly because if there is a hold failure you can't fix it just by changing the clock speed--you just built a paper weight or keychain).
You can be clever and read local files of unwitting users...
RTFA:
I've tried the hack on IE7, Opera, and Firefox; it appears to be working on all three.
Does the submitter have some agenda against Firefox?
You can do some pretty fun things with it, such as a true 3d engine, a raytracer, games (careful, robots is addicting!), out-of-order CPU simulators, and other stupid things without any plugins - all the user needs is a halfway decent browser.
https://bugzilla.mozilla.org/buglist.cgi?query_for mat=advanced&short_desc_type=allwordssubstr&short_ desc=&long_desc_type=substring&long_desc=&bug_file _loc_type=allwordssubstr&bug_file_loc=&status_whit eboard_type=allwordssubstr&status_whiteboard=&keyw ords_type=allwords&keywords=crash+testcase&resolut ion=---&emailassigned_to1=1&emailtype1=exact&email 1=&emailassigned_to2=1&emailreporter2=1&emailqa_co ntact2=1&emailtype2=exact&email2=&bugidtype=includ e&bug_id=&votes=&chfieldfrom=&chfieldto=Now&chfiel dvalue=&cmdtype=doit&order=Reuse+same+sort+as+last +time&field0-0-0=noop&type0-0-0=noop&value0-0-0=
If you actually look at the boarding pass generator, what it does really isn't complicated - you could do the same thing with one legitimate boarding pass, a typewriter, and a photocopier. That this is worthy of calling for someone's arrest is disturbing.
So they need an about:shark?
From TFA:
Sanger (and others) believe this atmosphere alienates many academics and experts who find their contributions mangled, reverted, or trivialized by a clueless, faceless mob...
It's definitely frustrating to have technical edits reverted or messed up by someone who doesn't understand the subject matter as well as you do. There are many cases where there are just too many people who believe something with no evidence to keep it out of the article for long. Wikipedia is great for finding out what most people interested in a field think, but it's not always a good way to get facts or for more in-depth explanations and finding less well-known facts, especially when they're contradictory to "general knowledge".
In a CPU, when a node's value goes from 0->1 charge goes from the Vdd supply to various capacitances (gate capacitance, wire cap, a few other smaller sources) and then sits there. When the value goes 1->0, the capacitors discharge to ground. Flipping bits goes straight to heat (imagine taking water from the high side of a dam, putting it in a bucket, then later dumping it over the dam... you end up with heat).
I think the tools vs. edit is part of the official Firefox code. On Windows, they're assuming they're getting former IE users, whereas on Linux, former Netscape users.
Currently, we don't have our own trademark policy for SeaMonkey, so we're sticking to the Mozilla Trademark Policy as a general rule, and then granting exceptions upon request (to seamonkey-council at mozilla dot org). We may have to ask the Mozilla Foundation to go after Debian or other distros for us; I'm not yet sure what will happen there. As far as I know, SeaMonkey isn't even in Debian yet anyway.
We certainly don't want to make it harder to get SeaMonkey to wider audiences, but if we want to have the name mean something, we may legally have to. I don't think we can make Debian happy - even if we allow them use of the trademark, we can't just give blanket approval to all Debian derivatives, which makes it not free enough for Debian's ideals.
(The above is *NOT* an official statement from the SeaMonkey council in any way - I'm just saying what I think)
I am a SeaMonkey developer, and sometimes work on Gecko and occasionally Firefox. I spend a lot of time on IRC, and I've seen others complain. I personally haven't looked in detail at the distro patches, because when I tried to, I was overwhelmed by the number of changes they made.
No, as I understand it, the problem is really trademark-related. Debian has HUGE patches that are of questionable quality, and the Mozilla Corporation is worried people will assume the flaky browser shipped by Debian represents the quality of Firefox. If you've never looked at a distro's patch sets, you really should - it's frightening - MUCH more than just a few lines of code or build config changes to put libraries in specific places. That the logo is under a different copyright licenses is more of a side effect of the trademark issues: to make it clear that the trademark can't just be used willy-nilly, they put the logos containing the trademark under a different copyright license.
The reasons stem from Mozilla's recent insistence on trademark fidelity and its preferences regarding Firefox patches. Debian doesn't want to accept the original trademarked fox & globe logo; they don't see it as really 'free' to use. On the other hand, Mozilla doesn't want Firefox distributed under that name if it lacks the logo.
;)), and so long as the distro's patch set doesn't change between security releases, no additional review is required (as I understand it) for the security updates, so this really shouldn't be a problem there.
The problem with allowing the name and logo to be separated is that it damages the brand identity - people might wonder whether this "Firefox" with one logo is really the same as a "Firefox" with a different logo, or people might think the unofficial logo is the official one (which would clearly harm the brand - consider Firefox t-shirts and the logo).
Mozilla also wants Debian patches to be submitted to them before distribution, and claims that's what others (Red Hat and Novell) are already doing. But some believe development and releases will slow down if distribution-specific patches have to be checked and accepted first.
Both sides have a point. Often, problems that users encounter with "Firefox" in distributions turn out to be a result of the questionable downstream modifications the distro maintainers added. Do you really think Mozilla would be worried and spending their time on these kinds of issues if there wasn't a good chance that people would associate Mozilla Firefox with low quality due to distro modifications? If there was no risk of damaging the brand, it would certainly be better for everyone to use the same logo and name.
From the distro's point of view, of course it's annoying to have to get approval on all patch sets. However, there is generally a long time between releases anyway (especially Debian's releases
We will surely see more clashes between copyright claims and 'really free' distros such as Debian. Ubuntu is also asking similar questions.
One irony of the situation is that Debian itself has the same problem with their branding: if you modify the distribution, you can't call it Debian any more. It's an unfortunate issue that if you want to have a useful (i.e. recognizable and trusted) brand, you can't allow people to ship their own derivatives of your product while using your branding.
Allowing users of your product complete freedom is a nice ideal, but it's not possible to do under the current laws unless you place no value on branding.
It's all about opportunity cost (the link is an interesting read even if you know what opportunity cost is)... as the article points out, if we're not giving money to rich middlemen, we might be instead spending it on MP3 players or video games. The money doesn't disappear from the economy just because it's not spent on movies.
XP provides methods to mark a file as coming from an untrusted source. Ever tried to run an executable downloaded through IE? You get a warning dialog. It's the AIM client's fault for not noting the source of the file in the alternate stream used for security info.
For those of you who aren't going to RTFA, basically you send a JS file with a unique ID and tell the browser to cache it... then any page that includes that JS script gets your unique ID... even if you disallow all cookies.