The story is about DEP and ASLR effectiveness at blocking exploits. IT has nothing to do with the title or the ATI/AMD aspect.
The CERT article mentions it, and it mentions it in that you cannot use the DEP/ASLR protections (in the kernel) because ATI/AMD make an incompatible driver. And since graphics drivers are kernel things, loading them means the kernel must disable DEP/ASLR, making your machine just that much less secure because of it.
Yes, but slowing down a brute force attacker by a factor of the cardinality of the set of unique salts will almost certainly be a huge win, especially if the salts chosen are long enough where salt-collisions are rare to nonexistent. 6.5 million accounts were compromised; requiring someone to have 6.5 million times as much compute resources to compromise all passwords is nothing to sneeze at.
Of course, salts don't help you in the case where a well determined attacker isn't after 6.5 million accounts but rather just one specific account, but that's not what they are intended to help with.
I've wondered - would hashing the username and using hte hash as the salt be "good enough"? The other alternative is well, just use a unique identifier for the salt so they're all different... (e.g., a 32-bit counter should be sufficient for most cases as chances are high that you aren't targeting the entire world population with your service...).
In your industry, sure. In the company you work for? Not so much. What I earn is between myself and my clients. I wouldn't dare ask someone how much they earned unless I was very friendly with them - it's none of my business. That holds true whether they supply services to the same company I do or not.
His company may be the ones doing those "salary survey" polls which attempt to determine the going rate for employment.
Which, by th eway, requires disclosing the rough amount of salar, so that you and everyone else can compare your current salary to. It is, basically, a "discussion" on what people make.
Companies HATE companies like that because it means they can't just offer say, $40K to a junior programmer when the average market rate is say, $50K.
The salary surveys don't get the data from thin air - they require people to tell them what they make.
Another reason is, well, perhaps they hired some hotshot programmer fresh out of college and got him by paying him $100K. There have been instances in companies where employees would apply for the same job purely because the job posting had a higher salary than what they're making. Yes, it's asinine and stupid, but hey.
Trust me, companies do this because they want their current employees to think that's what everyone else is making when they're really offering more and to pretend that jumping ship isn't an option as they're paying "really well" when it's more like "you're a sucker for staying here when we're hiring inexperienced new grads at twice your salary".
Sure it's impolite to ask someone )unless you're close), but banning outright discussion is a different issue.
If you have a contract that actually makes you provide free bug fixes forever, then you signed a shitty contract. Software always has defects, this is simply a fact of life. Extremely rare defects, by definition, do not make themselves visible very often. The reason rare defects are not found during testing is precisely because of this. More comprehensive testing does not ensure zero defects -- it only ensures that whatever defects do remain happen exceedingly rarely, or under exceedingly improbable circumstances.
It is quite reasonable, as a client, to expect a software maker to provide bug fixes for software they provide. It is equally reasonable for the software maker to request ongoing payment (commonly called "maintenance") to continue providing these bug fixes indefinitely. Both parties to the contract are making a risk tradeoff when they sign.
However, if the contract doesn't state that, it probably also doesn't state any sort of response time for fixes.
Even in shitty contracts where the client expects fixes "forever", as long as there's on timeframe for fixes maintenance contracts can still be entered into.
Without - it's basically "your fix will be done when we have spare time to look into it or if your fix was done for someone else". No definite timeframe and something like changing a misspelling can take months assuming people are on other (paying) projects.
Depending on what they pay, they can easily get faster response times - either pay-per-incident or via a timed contract.
So it's possible to support the software "forever", just the "free support" queue has an indefinite wait. The only time fixes jump the queue would be if they got rolled in as part of something else (e.g., a bug fix done on a paid project also happens to fix an issue reported - so someone else paid). Of course, even then it'll be done only because someone perusing the queue noticed the issue was the same and fixed, so it's not like the fix was expedited - someone still had to notice the fix was identical and work already done so it can be closed.
Ditto other forms of support - if they want phone - they can pay - or just use email. If they insist on phone, have the receptionist take it down in an e-mail (hilarity will ensue and even more time wasted on clarifications!).
If you want to keep the client and they want support, you can give them support, just very low priority - paying projects get developer effort first, and paid support contracts are top priority.
This is after the mandatory support period (warranty after acceptance - usually 30 to 90 days).
It's how other people do "free" support - very limited. As it's bespoke software, you can't do the "community forum" thing, but you can always say it's email support only, and phone calls will be transcribed into email by the receptionist (which means there'll be errors and request for clarifications, wasting time).
As it's also low priority, it's up to whoever has free time to do it. If they're on paid work, the support gets deferred for later. And if clients are paying for support via support contracts, they get priority support.
So a simple fix may take a few weeks to even be attended to or even just a followup - if they want priority support, they can pay for it. If they want indefinite support, well, they also have to be prepared to wait indefinitely.
And be honest - if they ask the status of their request, say it's in the support queue - they can pay to have it resolved quicker if they want, or wait.
Addressable and reachable are two different things. I'd love to lose all the NATs around here.
One globally unique identifier will be handy even though I would never dream of letting most machines ingress or egress traffic to the internet without passing through some hardened application layer proxy.
In other words, you're swapping out one box (the NAT) for another (the ALG - application layer gateway, which existed far longer than NAT).
It's still something to admin, and something that'll be a PITA to configure for gaming and what not, at which point people will just say "what does it get me?"
Hell, assuming most people will have their IPv6 machines firewalled off (they'd go to Best Buy and pick off a Linksys "firewall router" for IPv6 to prevent their PCs from getting hacked) and they'd still be poking holes in it to run some game or other, the normal user would definitely start wondering why they bothered spending another $50 on a new router when their old one worked just fine.
And marketers would love the trackability down to the PC level - sure there's the privacy IP thing, but it's defeated if there's a long-running IP connection still established (unless IPv6 has the ability to inform remote hosts that your IP was changing... which has some very interesting implications). Even so, it's usually a day's worth of tracking and a cookie can be used to bridge between days.
Sure malware has a more difficult time scanning a larger range, but htat just means scanning won't be an option. Not that it ever will be purely because firewalls or other things will prevent it from being useful in the first place. Instead they'll just adapt and figure out how to detect new IPs on a local LAN segment and proceed that way (or given the Windows majority, they'll use standard Windows browser techniques to discover).
Between UPnP, ZeroConf (Bonjour) and other methods of discovery, malware will cope just fine.
So that's how Greece and Spain and France are going to be bailed out - just reject ACTA and hope the MPAA throws more money that way to encourage them to reconsider.
Free money too - no pesky austerity measures or anything.
Perhaps the summary is poigniantly stating the reason.
I.e., the lack of communication skills means while the test scores go up, the ability to communicate goes down so they all look like a bunch of illiterates because no one can understand them? Science can't happen if you cannot communicate your work to others...
I can't wait to hear stories about how people have abandoned physics when they discovered the model of the atom they learned in middle school was wildly simplified and only nominally correct. "What do you mean "it's a field of probabilities." Fuck that!"
You mean one Albert Einstein? Who proclaimed "God does not play with dice!" and basically refused to accept quantum theory (accepted by most scientists at the time)?
He did, however, end up making significant contributions to it, despite not believing in it.
And that's the best part of science - whenever there are disagreements, advances are often made to further our understanding of the world. Of course, there aren't really any other plausible scientific (and testable!) theories that are alternatives to evolution. Creationism is not scientific because it ends up boiling down to "Someone else did it", where "Someone else" is an entity that we have to believe exists, and we cannot test belief or disprove it - we have to trust it.
Also why you get so many research papers on the obvious - because no one's actually subjected what we believe (there's that word again) to scrutiny to see if it's actually true. (And there are many sound scientific reasons as well to sayings like "red sky at night, sailor's delight, red sky at morning, sailors take warning').
Before creationism can be considered credible it needs to prove its beliefs.
Quite funny how Steve Jobs decided not to support Flash on iOS because it was such a resource hog, consuming way too much processor power, and now people are going to try and get around that restriction by... making a flash interpreter in html5:-)
Except it's a lot easier for a browser to control resource usage by controlling its renderer and interpreter than blindly giving cycles to a black box plugin (which is how plugins worked - by sending periodic events to embedded plugins to let them process).
And a browser has a lot finer grained security and privacy controls - if you say a site may NOT store a cookie (like Google DoubleClick), they can always use Flash as a workaround to that because Flash doesn't have easy support for it (it's all cookies, no cookies, or "annoy the hell out of me"). In the browser, you say no and the browser ensures it. Flash fixed that but it's still ages behind modern browsers.
Heck, a browser can also let you "do not run any javascript or other crap from doubleclick" but Flash will just happily load it up if the SWF references it.
I am really just getting sick of this fucking tablet/smartphone obsession UI designers have these days. We get it, the smartphone market is huge. That's wonderful, I love mine, by all means let's have good UIs for them. But stop trying to fucking force that shit on the desktop. It is a different paradigm.
Exactly.
it's why even Android tablets are outselling "tablet PCs" nevermind the iPad. Going the opposite way is equally painful.
Touch devices must have a different UI out of necessity - a desktop interface can be forced to work, but desktop apps will quickly break the illusion (hint: Windows 7 itself is pretty nice touch-only, but once you run an app it all falls to pieces and you'll be scrambling for a mouse).
It's just the nature of the beast - touch-primary devices have different operations because of the touch interaction. Desktop interactions ditto because they don't have touch, but have a keyboard and multi-button mouse (it's extremely difficult to "right click" on a touch screen).
Hell, even Apple's taking it a bit slow on the iOS-ification of MacOS - they have inherited a few things (App Store, Launcher, (lack of) scroll bars, "natural" scrolling). Even then, you can ignore Launcher (it grabs icons from the Applications folder anyhow, so it's just a gloriified start menu), and natural scrolling can be disabled (to be honest, on a touchpad it works surprisingly well. Not sure about a mouse+wheel though). Not sure about the scroll bars if you can bring them back, though I suppose the disappearance won't be missed to much since people probably use scroll wheels far more often. And Apple's a company that loves to challenge conventional thinking (e.g., thinking "save" and "quit" are leaky abstractions and instead doing a save-with-history and automatic app shutdown/restore. Some are contentious rightfully (auto-app management), but interesting).
American interference in world affairs has -always- ended up bad for America and even worse for the rest of the world. Look at the Iran Iraq war where the US and UK allied themselves with Saddam's Iraq and supplied arms to them! The US (and other Western nations) prop up dictators and then later have to take them down in a perpetual war.
Or got a bit earlier, where Saddam was installed by the US government becaues the Russians were invading...
Saddam's problem was he refused to be a puppet government of the US, thus he must be taken down.
This is so obvious I'm surprised it has to be stated. It is no different from the situation in iOS either. Everyone always knew there were dozens of methods one can use to bypass these gatekeepers.
The problem is one of accountability. Apple, through iOS maintains a very interesting relationship with developers - should someone manage to sneak an app through, they can "out" that developer very easily because they have full billing details of that developer. If you know you're not anonymous in the App Store, you're a lot less likely to write malware when it can be traced back to you.
It's the foundation for Gatekeeper in Mountain Lion - here Apple will not vet the app, but they will request a small fee for a signing certificate. If you write malware and distribute it that way (because it's default on OS X), again it's easy to know who did it (or who didn't protect their keys).
Sure OS X will have the "full open" option as not default for open-source (though some non-GPLv3 projects are getting certs as well, e.g., Firefox) or developers (who would hopefully not try to break their own machines...).
Google's a $25 one-time fee. Buy a gift card, use a fake address, done. Account closed down? Reopen another one..
That's the big difference - Apple takes care of a social problem via social means (do you really want to be credited with creation of malware?), Google's using technology to do it (via scanners and such).
It's also why SVN's "blame" tool is quite handy at keeping dud checkins from happening - build breaks are much less frequent and usually due to inadvertently missing a file or three rathe rthan checking in without compiling or testing (and yes, I've seen it happen. Someone checks in a quick fix without seeing a syntax error...).
It's the other way around; Occupy is trying to be the seed that starts the social cascade. Their problem is twofold though 1) They represent far, far less than the necessary seed size, and 2) Their attempts to initiate tipping incidents don't result in any cascade because the 99% they claim as sympathizers aren't.
That's because they use the wrong targets that end up making them look like unemployed hippies.
To "tip" a population properly requires people to reaosnably agree with you - if I headed occupy (metaphoically), you can start with something so simple, so basic, yet everyone is powerless to fix.
An example would be gas - why is it costing just the same as it did before the crash? Oil's down these days (and yes, even though there's about as much relation between gas prices and oil prices as there is between a head of lettuce and oil prices, most people equate oil prices with gas). Tap into that rage and it's much easier to tip.
Trying to convince people that the rich are ruining our lives and enslaving us is a concept that's much too foreign to most people to comprehend. Use more concrete examples and you'll be more successful. Especially if that example has a deep-rooted emotion attached with it.
It also applies to everything - take ACTA for example. Talking about copyright law in general gets you blank stares. So talk about its effects - it can make your iPod illegal (think "they're gonna take your iPod away!").
A concrete example is worth way more to tip someone over in your favor than some wishy-washy concept that no one can relate to. Heck, it can even be seasonal - support for global warming ebbs and flows - it ebbs in the winter and reaches a low in the spring, and flows in the summer. The hotter the summer, the more support grows. The colder the winter, the more support is lost.
Passing the handling of hardware related bugs to developers is stupid. In that case videogames would support only specific system configurations and refuse to run on a different hardware. Do you want that?
We had that. It was called DOS. Dealing with addresses, BLASTER (remember that?), IRQs, DMAs and all sorts of stuff. And owning a few sound cards, video cards, etc. because "compatible" wasn't...
Since the Canadian supreme court ruled in April that even in exigent circumstances that the government must obtain a warrant the bill is unconstitutional on its face. This is just like the US Congress passing CDA, COPA et al, it's pandering to the conservative right even though anyone with a brain has to know it won't stand up to judicial review.
Yes, but until it's RULED unconstitutional, it's the law of the land. One needs to have a lawsuit filed against them and hope to pass the argument that the law is unlawful up before it'll be considered, which takes time and money.
Someone will have to go with the defense that there's no evidence obtained as it was obtained unlawfully and convince the judge that the law really should be reviewed against the judgement.
And that can be a long time - probably at least 5 years or so before the arguments are heard, while everyone else either rots in jail or settles.
If the local schools are going to implement this idiocy then it is going to be exceedingly hard on the students when they get to university and find out that not only do they get a zero if they fail to and in an assignment but they'll get zero if they hand it in late too.
Not really.
The big change in college/university is that the final is what really matters. It's unusual for a final exam to be weighted as low as 50%, as 80% or more of your final mark is more common. Either way, fail the final, fail the course, even if after calculating you would've got a passing mark. Of course, the reverse isn't true, so if you pass the final but the final mark isn't high enough, you fail.
Assignments count for very little - so getting a zero is not a big deal at all. In fact, many courses assign homework that will never be marked.
Of course, a conscientious student does it all, even if the assignment isn't marked, but the general rule was an A student in high school will have to get used to getting Cs and Ds. B students had to get used to getting low Ds or just above passing. (With grade inflation, it's rare for students below a B average to be admitted).
Those existing AT&T iPad plans aren't really "data only" plans, even those 4G AT&T iPad plans aren't data plans at all. If they were just about data and quotas, they'd allow you to use applications like FaceTime at the very least.
Those AT&T iPad plans are more like Amazon Kindle 3G plans, or some of those cable SmartTV plans. In other words, they're "data that we're getting money for providing to you plans" and sometimes they're "internet browsing plans", but they're certainly not "data only plans". If they were just about data, there would be no artificial distinction between the type of data you'd be allowed to move around as long as you remained within your own quota.
Well, if you want unfiltered internet plans, AT&T will sell it to you. Just don't look at the "smartphone" data plans, look at the "laptop" data plans. If you want full IP access, ask for the VPN addon. But don't be surprised when you're paying something like $100/month for 2GB because of it.
Data plans on wireless are differentiated. It's what allows the carrier to offer "$5/month unlimited social networking" type plans, "blackberry" plans all the way through to expensive laptop "internet stick with VPN" plans. Even though the air interface is basically the same (it's sending packetized data).
And if you're shopping for the best price, the retailers with the lowest margins are not necessarily going to be paying to be on Google shopping because that'll eat into they're margins.
I actually see Amazon not paying google.
Nothing wrong with that. I'd probably buy from Amazon even if Amazon's prices are higher - given a choice between Amazon and some shady site, I'd go Amazon every time.
That's the problem with price comparison sites - either you go lowest price and hope the site is legit, or you go with a trusted, but more expensive site.
Anyone who's bought a camera from non-reputable dealers probably knows this - having some cheaper deal go south because the seller asks if you want to pay for a battery, cables, lenses ether because they are "optional" in their version (i.e., they say they sell the complete kit, but it's just the bare minimum body they'll repack).
Again, Nokia would be the ones licensing out the patents either way. They truly only cared about their design being chosen because they thought it was better. Them needing money or not does not enter in as a factor.
Not really.
The big gorilla is Apple. The company gobbling up the majority of profits in the entire sector.
Right now, Apple's got NO patents in the ring, so to make an iPhone, they have to license it all. Their nano SIM standard is covered by an Apple patent that Apple has vowed to license for free. However, it means Apple has patents now, and in the whole FRAND business, it means Apple will pay Nokia/RIM/Motorola less money because of it.
That's why everyone is upset - Apple's making tons of money, and now they'll be paid LESS money for their patents.
It takes an unreasonably large amount of technical prowess to actually eradicate all of Google's tendrils.
DuckDuckGo, NoScript, and OpenPGP?
What am I missing? A robots.txt file?
There's also avoiding use of Google's CDN, DNS, various Google-owned companies including DoubleClick and AdMob (try avoiding the latter if you have an Android - it's pretty hard unless you basically don't run any apps at all), YouTube, Picasa, various javascript include files, ReCaptcha, etc..
At this point in time, I don't think avoiding Google at all is even possible. Heck, they're close enough to Too Big To Fail(tm). It's all fixable yes, but should Google disappear overnight, the Internet would be quite broken the next day.
The CERT article mentions it, and it mentions it in that you cannot use the DEP/ASLR protections (in the kernel) because ATI/AMD make an incompatible driver. And since graphics drivers are kernel things, loading them means the kernel must disable DEP/ASLR, making your machine just that much less secure because of it.
I've wondered - would hashing the username and using hte hash as the salt be "good enough"? The other alternative is well, just use a unique identifier for the salt so they're all different... (e.g., a 32-bit counter should be sufficient for most cases as chances are high that you aren't targeting the entire world population with your service...).
His company may be the ones doing those "salary survey" polls which attempt to determine the going rate for employment.
Which, by th eway, requires disclosing the rough amount of salar, so that you and everyone else can compare your current salary to. It is, basically, a "discussion" on what people make.
Companies HATE companies like that because it means they can't just offer say, $40K to a junior programmer when the average market rate is say, $50K.
The salary surveys don't get the data from thin air - they require people to tell them what they make.
Another reason is, well, perhaps they hired some hotshot programmer fresh out of college and got him by paying him $100K. There have been instances in companies where employees would apply for the same job purely because the job posting had a higher salary than what they're making. Yes, it's asinine and stupid, but hey.
Trust me, companies do this because they want their current employees to think that's what everyone else is making when they're really offering more and to pretend that jumping ship isn't an option as they're paying "really well" when it's more like "you're a sucker for staying here when we're hiring inexperienced new grads at twice your salary".
Sure it's impolite to ask someone )unless you're close), but banning outright discussion is a different issue.
However, if the contract doesn't state that, it probably also doesn't state any sort of response time for fixes.
Even in shitty contracts where the client expects fixes "forever", as long as there's on timeframe for fixes maintenance contracts can still be entered into.
Without - it's basically "your fix will be done when we have spare time to look into it or if your fix was done for someone else". No definite timeframe and something like changing a misspelling can take months assuming people are on other (paying) projects.
Depending on what they pay, they can easily get faster response times - either pay-per-incident or via a timed contract.
So it's possible to support the software "forever", just the "free support" queue has an indefinite wait. The only time fixes jump the queue would be if they got rolled in as part of something else (e.g., a bug fix done on a paid project also happens to fix an issue reported - so someone else paid). Of course, even then it'll be done only because someone perusing the queue noticed the issue was the same and fixed, so it's not like the fix was expedited - someone still had to notice the fix was identical and work already done so it can be closed.
Ditto other forms of support - if they want phone - they can pay - or just use email. If they insist on phone, have the receptionist take it down in an e-mail (hilarity will ensue and even more time wasted on clarifications!).
If you want to keep the client and they want support, you can give them support, just very low priority - paying projects get developer effort first, and paid support contracts are top priority.
This is after the mandatory support period (warranty after acceptance - usually 30 to 90 days).
It's how other people do "free" support - very limited. As it's bespoke software, you can't do the "community forum" thing, but you can always say it's email support only, and phone calls will be transcribed into email by the receptionist (which means there'll be errors and request for clarifications, wasting time).
As it's also low priority, it's up to whoever has free time to do it. If they're on paid work, the support gets deferred for later. And if clients are paying for support via support contracts, they get priority support.
So a simple fix may take a few weeks to even be attended to or even just a followup - if they want priority support, they can pay for it. If they want indefinite support, well, they also have to be prepared to wait indefinitely.
And be honest - if they ask the status of their request, say it's in the support queue - they can pay to have it resolved quicker if they want, or wait.
Looking at the list, I noticed the last 8 characeters didn't appear to be as random as they appear...
E.g., take your password hash and look above and below it...
you'll notice the last 8 characetrs seem to be lacking in entropy - 7ee6xxxx
This is true throughout the file - it looks to be a 32-bit counter of something, increasing in some fashion.
In other words, you're swapping out one box (the NAT) for another (the ALG - application layer gateway, which existed far longer than NAT).
It's still something to admin, and something that'll be a PITA to configure for gaming and what not, at which point people will just say "what does it get me?"
Hell, assuming most people will have their IPv6 machines firewalled off (they'd go to Best Buy and pick off a Linksys "firewall router" for IPv6 to prevent their PCs from getting hacked) and they'd still be poking holes in it to run some game or other, the normal user would definitely start wondering why they bothered spending another $50 on a new router when their old one worked just fine.
And marketers would love the trackability down to the PC level - sure there's the privacy IP thing, but it's defeated if there's a long-running IP connection still established (unless IPv6 has the ability to inform remote hosts that your IP was changing... which has some very interesting implications). Even so, it's usually a day's worth of tracking and a cookie can be used to bridge between days.
Sure malware has a more difficult time scanning a larger range, but htat just means scanning won't be an option. Not that it ever will be purely because firewalls or other things will prevent it from being useful in the first place. Instead they'll just adapt and figure out how to detect new IPs on a local LAN segment and proceed that way (or given the Windows majority, they'll use standard Windows browser techniques to discover).
Between UPnP, ZeroConf (Bonjour) and other methods of discovery, malware will cope just fine.
Actually, SMB was created by DEC for their Pathworks software suite to connect VAXen to other computers.
Windows' involvment came later, partly because Microsoft hired a lot of VAX people over to do NT and a lot of Windows' heritage tends to reflect that.
http://www.samba.org/samba/docs/using_samba/ch01.html
So that's how Greece and Spain and France are going to be bailed out - just reject ACTA and hope the MPAA throws more money that way to encourage them to reconsider.
Free money too - no pesky austerity measures or anything.
Perhaps the summary is poigniantly stating the reason.
I.e., the lack of communication skills means while the test scores go up, the ability to communicate goes down so they all look like a bunch of illiterates because no one can understand them? Science can't happen if you cannot communicate your work to others...
Was Kirk flying it?
All I can say is, we're certain they didn't forget to disengage the parking brake this time!
You mean one Albert Einstein? Who proclaimed "God does not play with dice!" and basically refused to accept quantum theory (accepted by most scientists at the time)?
http://en.wikipedia.org/wiki/Einstein#Modern_quantum_theory
He did, however, end up making significant contributions to it, despite not believing in it.
And that's the best part of science - whenever there are disagreements, advances are often made to further our understanding of the world. Of course, there aren't really any other plausible scientific (and testable!) theories that are alternatives to evolution. Creationism is not scientific because it ends up boiling down to "Someone else did it", where "Someone else" is an entity that we have to believe exists, and we cannot test belief or disprove it - we have to trust it.
Also why you get so many research papers on the obvious - because no one's actually subjected what we believe (there's that word again) to scrutiny to see if it's actually true. (And there are many sound scientific reasons as well to sayings like "red sky at night, sailor's delight, red sky at morning, sailors take warning').
Before creationism can be considered credible it needs to prove its beliefs.
Except it's a lot easier for a browser to control resource usage by controlling its renderer and interpreter than blindly giving cycles to a black box plugin (which is how plugins worked - by sending periodic events to embedded plugins to let them process).
And a browser has a lot finer grained security and privacy controls - if you say a site may NOT store a cookie (like Google DoubleClick), they can always use Flash as a workaround to that because Flash doesn't have easy support for it (it's all cookies, no cookies, or "annoy the hell out of me"). In the browser, you say no and the browser ensures it. Flash fixed that but it's still ages behind modern browsers.
Heck, a browser can also let you "do not run any javascript or other crap from doubleclick" but Flash will just happily load it up if the SWF references it.
Exactly.
it's why even Android tablets are outselling "tablet PCs" nevermind the iPad. Going the opposite way is equally painful.
Touch devices must have a different UI out of necessity - a desktop interface can be forced to work, but desktop apps will quickly break the illusion (hint: Windows 7 itself is pretty nice touch-only, but once you run an app it all falls to pieces and you'll be scrambling for a mouse).
It's just the nature of the beast - touch-primary devices have different operations because of the touch interaction. Desktop interactions ditto because they don't have touch, but have a keyboard and multi-button mouse (it's extremely difficult to "right click" on a touch screen).
Hell, even Apple's taking it a bit slow on the iOS-ification of MacOS - they have inherited a few things (App Store, Launcher, (lack of) scroll bars, "natural" scrolling). Even then, you can ignore Launcher (it grabs icons from the Applications folder anyhow, so it's just a gloriified start menu), and natural scrolling can be disabled (to be honest, on a touchpad it works surprisingly well. Not sure about a mouse+wheel though). Not sure about the scroll bars if you can bring them back, though I suppose the disappearance won't be missed to much since people probably use scroll wheels far more often. And Apple's a company that loves to challenge conventional thinking (e.g., thinking "save" and "quit" are leaky abstractions and instead doing a save-with-history and automatic app shutdown/restore. Some are contentious rightfully (auto-app management), but interesting).
Or got a bit earlier, where Saddam was installed by the US government becaues the Russians were invading...
Saddam's problem was he refused to be a puppet government of the US, thus he must be taken down.
The problem is one of accountability. Apple, through iOS maintains a very interesting relationship with developers - should someone manage to sneak an app through, they can "out" that developer very easily because they have full billing details of that developer. If you know you're not anonymous in the App Store, you're a lot less likely to write malware when it can be traced back to you.
It's the foundation for Gatekeeper in Mountain Lion - here Apple will not vet the app, but they will request a small fee for a signing certificate. If you write malware and distribute it that way (because it's default on OS X), again it's easy to know who did it (or who didn't protect their keys).
Sure OS X will have the "full open" option as not default for open-source (though some non-GPLv3 projects are getting certs as well, e.g., Firefox) or developers (who would hopefully not try to break their own machines...).
Google's a $25 one-time fee. Buy a gift card, use a fake address, done. Account closed down? Reopen another one..
That's the big difference - Apple takes care of a social problem via social means (do you really want to be credited with creation of malware?), Google's using technology to do it (via scanners and such).
It's also why SVN's "blame" tool is quite handy at keeping dud checkins from happening - build breaks are much less frequent and usually due to inadvertently missing a file or three rathe rthan checking in without compiling or testing (and yes, I've seen it happen. Someone checks in a quick fix without seeing a syntax error...).
That's because they use the wrong targets that end up making them look like unemployed hippies.
To "tip" a population properly requires people to reaosnably agree with you - if I headed occupy (metaphoically), you can start with something so simple, so basic, yet everyone is powerless to fix.
An example would be gas - why is it costing just the same as it did before the crash? Oil's down these days (and yes, even though there's about as much relation between gas prices and oil prices as there is between a head of lettuce and oil prices, most people equate oil prices with gas). Tap into that rage and it's much easier to tip.
Trying to convince people that the rich are ruining our lives and enslaving us is a concept that's much too foreign to most people to comprehend. Use more concrete examples and you'll be more successful. Especially if that example has a deep-rooted emotion attached with it.
It also applies to everything - take ACTA for example. Talking about copyright law in general gets you blank stares. So talk about its effects - it can make your iPod illegal (think "they're gonna take your iPod away!").
A concrete example is worth way more to tip someone over in your favor than some wishy-washy concept that no one can relate to. Heck, it can even be seasonal - support for global warming ebbs and flows - it ebbs in the winter and reaches a low in the spring, and flows in the summer. The hotter the summer, the more support grows. The colder the winter, the more support is lost.
We had that. It was called DOS. Dealing with addresses, BLASTER (remember that?), IRQs, DMAs and all sorts of stuff. And owning a few sound cards, video cards, etc. because "compatible" wasn't...
Yes, but until it's RULED unconstitutional, it's the law of the land. One needs to have a lawsuit filed against them and hope to pass the argument that the law is unlawful up before it'll be considered, which takes time and money.
Someone will have to go with the defense that there's no evidence obtained as it was obtained unlawfully and convince the judge that the law really should be reviewed against the judgement.
And that can be a long time - probably at least 5 years or so before the arguments are heard, while everyone else either rots in jail or settles.
Not really.
The big change in college/university is that the final is what really matters. It's unusual for a final exam to be weighted as low as 50%, as 80% or more of your final mark is more common. Either way, fail the final, fail the course, even if after calculating you would've got a passing mark. Of course, the reverse isn't true, so if you pass the final but the final mark isn't high enough, you fail.
Assignments count for very little - so getting a zero is not a big deal at all. In fact, many courses assign homework that will never be marked.
Of course, a conscientious student does it all, even if the assignment isn't marked, but the general rule was an A student in high school will have to get used to getting Cs and Ds. B students had to get used to getting low Ds or just above passing. (With grade inflation, it's rare for students below a B average to be admitted).
Well, if you want unfiltered internet plans, AT&T will sell it to you. Just don't look at the "smartphone" data plans, look at the "laptop" data plans. If you want full IP access, ask for the VPN addon. But don't be surprised when you're paying something like $100/month for 2GB because of it.
Data plans on wireless are differentiated. It's what allows the carrier to offer "$5/month unlimited social networking" type plans, "blackberry" plans all the way through to expensive laptop "internet stick with VPN" plans. Even though the air interface is basically the same (it's sending packetized data).
Nothing wrong with that. I'd probably buy from Amazon even if Amazon's prices are higher - given a choice between Amazon and some shady site, I'd go Amazon every time.
That's the problem with price comparison sites - either you go lowest price and hope the site is legit, or you go with a trusted, but more expensive site.
Anyone who's bought a camera from non-reputable dealers probably knows this - having some cheaper deal go south because the seller asks if you want to pay for a battery, cables, lenses ether because they are "optional" in their version (i.e., they say they sell the complete kit, but it's just the bare minimum body they'll repack).
Not really.
The big gorilla is Apple. The company gobbling up the majority of profits in the entire sector.
Right now, Apple's got NO patents in the ring, so to make an iPhone, they have to license it all. Their nano SIM standard is covered by an Apple patent that Apple has vowed to license for free. However, it means Apple has patents now, and in the whole FRAND business, it means Apple will pay Nokia/RIM/Motorola less money because of it.
That's why everyone is upset - Apple's making tons of money, and now they'll be paid LESS money for their patents.
Standards committees are all about politics.
Just more of the same clbuttic errors.
(Hint: "ass" was one of the 13 words.)
There's also avoiding use of Google's CDN, DNS, various Google-owned companies including DoubleClick and AdMob (try avoiding the latter if you have an Android - it's pretty hard unless you basically don't run any apps at all), YouTube, Picasa, various javascript include files, ReCaptcha, etc..
At this point in time, I don't think avoiding Google at all is even possible. Heck, they're close enough to Too Big To Fail(tm). It's all fixable yes, but should Google disappear overnight, the Internet would be quite broken the next day.