About the "sticky issue". I'd like to add another datapoint, the Global Track Chart of Last.fm. Acording to Alexa they reach 1 on every 500 people, so Last.fm's data is pretty good. From these charts, only "Justin Timberlake - SexyBack" from the top-10 "pirated tracks" is in this week's top-200 of Last.fm.
So, maybe.. what the current top tracks are, isn't that important. How they compare to the long tail (everything else), might. If the current top-10/50/200 really points to big chunk of exploitable market, then of course the music studios should go for it. But quite possibly there's much more to be had from a longer vision than just "what's cool now".
A Last.fm like site that would mail me hardcopy's to keep of stuff I like and might like, on a subscription basis. I think that could work really well. Last.fm already links to Amazon.com, they might as well take the next step.
but how does this do anything that Firefox doesn't do already? Preferences/Options, Privacy, Clear Private Data tool settings button. [..] You can have it blow away history, forms, passwords, download history, cookies, cache data, and authenticated HTTP sessions automatically when you quit
Probably nothing. But it might do better and actually *not store* this information to disk at all, and mark the memory non-swappable. Anything else and the (parts of the) data in those caches and stores will end up stored on your disk in empty clusters and file-tails or your swapfile/partition.
And no, overwriting a file will just use new clusters to store the now-empty file to disk. And yes, you could 'scrub' all the supposedly-empty space, but that take ages (40-50MB/s, on a 200-or-so GB disk).
That's called 'coil noise'. There are a couple of coils (circular wound wires) on the motherboard. Normaly they shouldn't have any room to move a bit, but if they have they will vibrate in their magnetic field. You can use a tube to find the offending coil. Put the tube to your ear and move with the other end over the motherboard until you find the spot that emits the noise. Applying hotglue seems to be the most effective way to cancel the noise.
I think you should have examined the full changelog output from their source repository, before you can go to that conclusion. Those are only the HEAD revision tags of those files. But then again, I guess you are a lot more involved in this project than I am.
Bluefrog was never about DDoSing servers. It was about "DDoS"ing spammers. Give them so much crap replies that it is difficult for them to find the people that really reply to their spam (not necessairily 'replies' as in 'email replies').
Sourceforge doesn't delete the files on it's mirroring network immediately. Go find a google cache with the project files. Use the links and you will see they still work.
NB: This message is more or less a scratchpad of my thoughts about this subject. I don't think I have attacked your problem properly, but it does propose some countermeasures against rampant DDoSing.
With bluefrog:
You send all your spam to a central authority (bluesecurity). They do some stuff to group spammails into clusters. Those clusters are then analysed by hand. The spammer is warned. The cluster gets a URL of the spammers server attached to submit complaints to. When the spammer doesn't comply within X days, everybody who sent a mail for that spammail-cluster is told the URL and how many mails they sent. These people then send as many complaints to that URL as they received spams (1 spam -> 1 complaint).
The latter part is handled by the personal(!) bluefrog client on behalf of the people that use bluefrog. The first part of the chain is either initiated by the user or an automated spamfilter, so this is also on the user side.
With a P2P approach:
The middle part was centralised, and therefor attack-prone. I have been thinking about ways of decentralising the spammail clustering. There ought to be a way for a client to learn what other clients have recieved the same spam-message. For example by doing DHT lookups on hashes of chunks of spam messages (doh!).
Attaching a URL to send complaints to could then be handled by requesting several users in the cluster to find an appropriate form on the spammers website. Clients that have concluded that they are talking about the same spam mails could then use this URL too (that's somewhat the dangerous part, indeed..). If the verification of mail similarity is done right, a spammer that wants to use the the network to DDoS can only generate as much complaints as that he is sending spams. Which means that spoofed complaint URLs have less of a bad effect on innocent bystanders, though it does cripple the effectiveness of the network.
But how do you handle malicious clients that try to overload the lookup network, try to spoof wrong complaint URLs into the network, etc. etc. I know there has been done lots of research in this area. It's not an easy thing to tackle. Basicly (*cough*) you need to code the clients so it tries to maintain goodness in the social network.
There are already several companies that track the spammyness of websites. You could use that to weed out bad complaint URLs (measure of badness). And good complaint URLs are probably URLs in the same domain as URLs mentioned in the spam. Or the complaint webpage should contain (the same) spammy words as the ones in the mail (measure of goodness).
Hmm, I think I forgot the central authority needed for the do-no-intrude registry. Are there algorithms to build a large list whereby nobody understands other parts until everything is brought together? Which comes to the point that if everyone in your cluster is an attacker, they will know it was you anyways. Which isn't even that bad, because they already knew you were the only non-attacker.
Or you just trust on the fact that a centralised do-no-intrude registry is so loosely coupled with the succes of the anti-spam network that it won't be attacked..
Conclusion: Blah.. whatever.. probably imposible to fully decentralise.. (or ask the freenet developers;-))
nVidia Corporation NV17 [GeForce4 MX 420] (rev a3) on an Asus A7N8X-X motherboard (nForce2 chipset). Versions around 6xxx began crashing on the KDE splashscreen. Current versions (just tried 8178) crash on Kopete's textballoons.
Besides that, they still don't work well together with the 2.6 kernel's slightly changed ACPI model. Which makes them crash the system at resume time when using Software Suspend 2 (the driver doesn't POST and reinitialise the card like it should do).
The system is otherwise rock solid, and I can supend and resume the system fine when using the nv driver.
When running IE7B2P-WindowsXP-x86-enu.exe under Wine 0.9.5 it gives an error message: "Unable to find a volume for file extraction. Please verify that you have proper permissions."
Ah, then I've got the picture upside down in my head. I was thinking the dongle was for the devices and the big 'switch' needed power for the transmission.
Anyways, this is normal beviour for modern desktop systems. The filename is just a name (a label, a hint) and nothing more than that. For most people, especially those who who where used to DOS based operating systems, this might be a surprise. But it's kind of common nowadays.
How much does it interfere with normal webserving behaviour? I mean, it may stop lots of malicious stuff, but what if it blocks the things that are not malicious too?
I have pretty much exactly the same problem on my Tablet PC (antivirus, sound and power management icons most often do not appear after login). A halfbaked workaround is to disable the systray collapse button. Though even then some systray icons are invisible sometimes. This is kind of crap on a Tablet PC in portrait mode (768x1024).
I've seen it on other systems. But I'm unsure how widespread this problem is, most people appear to not even know that these icons are somehow useful. So they basicly never notice that something isn't there.
Btw, the anti-virus might as well be activated but not visible. Most often when it isn't visible the Windows XP "Security Center" will popup to say that the virus scanner is not running (but I could still see it the process list).
Uhm, I have a mobile phone too. So? All I can say is that it is clearly not targeted at me nor most of the people I know.
Stuff like: simple interface (good clear buttons, navigatable menu, fast reaction time), works when I want it to work, doesn't work when I don't want it to work, etc.
Where did I say that only a few have a mobile phone? I am just saying that the development is targeted at the wishes of a small group that likes 'cool'. Lots of other people also use them, but so what?
Slashdot Mirror
Why does the machine even work (as in, give out money) with the default password still in place?
About the "sticky issue". I'd like to add another datapoint, the Global Track Chart of Last.fm. Acording to Alexa they reach 1 on every 500 people, so Last.fm's data is pretty good. From these charts, only "Justin Timberlake - SexyBack" from the top-10 "pirated tracks" is in this week's top-200 of Last.fm.
So, maybe.. what the current top tracks are, isn't that important. How they compare to the long tail (everything else), might. If the current top-10/50/200 really points to big chunk of exploitable market, then of course the music studios should go for it. But quite possibly there's much more to be had from a longer vision than just "what's cool now".
A Last.fm like site that would mail me hardcopy's to keep of stuff I like and might like, on a subscription basis. I think that could work really well. Last.fm already links to Amazon.com, they might as well take the next step.
You remember the good stuff and forget the crap
y =d_gilbert
How true, see this excellent TED talk (the other talks are great too!):
http://www.ted.com/tedtalks/tedtalksplayer.cfm?ke
It also talks about how bad we are at predicting what will make use happier, and that it doesn't seem to matter anyways.
but how does this do anything that Firefox doesn't do already? Preferences/Options, Privacy, Clear Private Data tool settings button. [..] You can have it blow away history, forms, passwords, download history, cookies, cache data, and authenticated HTTP sessions automatically when you quit
Probably nothing. But it might do better and actually *not store* this information to disk at all, and mark the memory non-swappable. Anything else and the (parts of the) data in those caches and stores will end up stored on your disk in empty clusters and file-tails or your swapfile/partition.
And no, overwriting a file will just use new clusters to store the now-empty file to disk. And yes, you could 'scrub' all the supposedly-empty space, but that take ages (40-50MB/s, on a 200-or-so GB disk).
That's called 'coil noise'. There are a couple of coils (circular wound wires) on the motherboard. Normaly they shouldn't have any room to move a bit, but if they have they will vibrate in their magnetic field. You can use a tube to find the offending coil. Put the tube to your ear and move with the other end over the motherboard until you find the spot that emits the noise. Applying hotglue seems to be the most effective way to cancel the noise.
I think you should have examined the full changelog output from their source repository, before you can go to that conclusion. Those are only the HEAD revision tags of those files. But then again, I guess you are a lot more involved in this project than I am.
Apple remote desktop:
http://www.apple.com/remotedesktop/
Firewire transfer during setup (also available after setup):
http://www.apple.com/macosx/features/setup/
Bluefrog was never about DDoSing servers. It was about "DDoS"ing spammers. Give them so much crap replies that it is difficult for them to find the people that really reply to their spam (not necessairily 'replies' as in 'email replies').
Sourceforge doesn't delete the files on it's mirroring network immediately. Go find a google cache with the project files. Use the links and you will see they still work.
Don't know for how long, but they still work ATM.
NB: This message is more or less a scratchpad of my thoughts about this subject. I don't think I have attacked your problem properly, but it does propose some countermeasures against rampant DDoSing.
;-))
With bluefrog:
You send all your spam to a central authority (bluesecurity). They do some stuff to group spammails into clusters. Those clusters are then analysed by hand. The spammer is warned. The cluster gets a URL of the spammers server attached to submit complaints to. When the spammer doesn't comply within X days, everybody who sent a mail for that spammail-cluster is told the URL and how many mails they sent. These people then send as many complaints to that URL as they received spams (1 spam -> 1 complaint).
The latter part is handled by the personal(!) bluefrog client on behalf of the people that use bluefrog. The first part of the chain is either initiated by the user or an automated spamfilter, so this is also on the user side.
With a P2P approach:
The middle part was centralised, and therefor attack-prone. I have been thinking about ways of decentralising the spammail clustering. There ought to be a way for a client to learn what other clients have recieved the same spam-message. For example by doing DHT lookups on hashes of chunks of spam messages (doh!).
Attaching a URL to send complaints to could then be handled by requesting several users in the cluster to find an appropriate form on the spammers website. Clients that have concluded that they are talking about the same spam mails could then use this URL too (that's somewhat the dangerous part, indeed..). If the verification of mail similarity is done right, a spammer that wants to use the the network to DDoS can only generate as much complaints as that he is sending spams. Which means that spoofed complaint URLs have less of a bad effect on innocent bystanders, though it does cripple the effectiveness of the network.
But how do you handle malicious clients that try to overload the lookup network, try to spoof wrong complaint URLs into the network, etc. etc. I know there has been done lots of research in this area. It's not an easy thing to tackle. Basicly (*cough*) you need to code the clients so it tries to maintain goodness in the social network.
There are already several companies that track the spammyness of websites. You could use that to weed out bad complaint URLs (measure of badness). And good complaint URLs are probably URLs in the same domain as URLs mentioned in the spam. Or the complaint webpage should contain (the same) spammy words as the ones in the mail (measure of goodness).
Hmm, I think I forgot the central authority needed for the do-no-intrude registry. Are there algorithms to build a large list whereby nobody understands other parts until everything is brought together? Which comes to the point that if everyone in your cluster is an attacker, they will know it was you anyways. Which isn't even that bad, because they already knew you were the only non-attacker.
Or you just trust on the fact that a centralised do-no-intrude registry is so loosely coupled with the succes of the anti-spam network that it won't be attacked..
Conclusion: Blah.. whatever.. probably imposible to fully decentralise.. (or ask the freenet developers
nVidia Corporation NV17 [GeForce4 MX 420] (rev a3) on an Asus A7N8X-X motherboard (nForce2 chipset). Versions around 6xxx began crashing on the KDE splashscreen. Current versions (just tried 8178) crash on Kopete's textballoons.
Besides that, they still don't work well together with the 2.6 kernel's slightly changed ACPI model. Which makes them crash the system at resume time when using Software Suspend 2 (the driver doesn't POST and reinitialise the card like it should do).
The system is otherwise rock solid, and I can supend and resume the system fine when using the nv driver.
I'd like to know what kind of hardware they used to create the demo's. From my experience the nvidia drivers aren't very stable.
When running IE7B2P-WindowsXP-x86-enu.exe under Wine 0.9.5 it gives an error message:
"Unable to find a volume for file extraction.
Please verify that you have proper permissions."
I don't know for sure, but the fact that coffee helps in the morning is mostly something that works because you think it helps.
From a quick Google search I see multiple researches that actually say people perform (slightly) worse due to coffee.
Ah, then I've got the picture upside down in my head. I was thinking the dongle was for the devices and the big 'switch' needed power for the transmission.
Thanks for clearing that up.
You think this is powered USB? My bet is that the dongles should recieve power from the apparatus you plug them into.
This means you won't be able to charge your Treo and iPod Shuffle using wireless USB.
Anyways, this is normal beviour for modern desktop systems. The filename is just a name (a label, a hint) and nothing more than that. For most people, especially those who who where used to DOS based operating systems, this might be a surprise. But it's kind of common nowadays.
How much does it interfere with normal webserving behaviour? I mean, it may stop lots of malicious stuff, but what if it blocks the things that are not malicious too?
Acording to the SANS Internet Storm Center: "Even if you un-register the DLL, some programs may re-register it by invoking it (shimgvw.dll) directly."
None of the successful collaborative OSS projects have let anyone and everyone submit code to them
;-)
Indeed! None of them do that
I have pretty much exactly the same problem on my Tablet PC (antivirus, sound and power management icons most often do not appear after login). A halfbaked workaround is to disable the systray collapse button. Though even then some systray icons are invisible sometimes. This is kind of crap on a Tablet PC in portrait mode (768x1024).
I've seen it on other systems. But I'm unsure how widespread this problem is, most people appear to not even know that these icons are somehow useful. So they basicly never notice that something isn't there.
Btw, the anti-virus might as well be activated but not visible. Most often when it isn't visible the Windows XP "Security Center" will popup to say that the virus scanner is not running (but I could still see it the process list).
Uhm, I have a mobile phone too. So? All I can say is that it is clearly not targeted at me nor most of the people I know.
Stuff like: simple interface (good clear buttons, navigatable menu, fast reaction time), works when I want it to work, doesn't work when I don't want it to work, etc.
Just a quick search told me that these kind of machines have been around for some time already (just as I thought it would).
http://www.cornesag.com/eng/milking/astro.html
(Note: you should disable CSS for this site, the 'text-decoration : blink;' is horrible..)
Where did I say that only a few have a mobile phone? I am just saying that the development is targeted at the wishes of a small group that likes 'cool'. Lots of other people also use them, but so what?
:-)
Try to deny that.
Mobilephones are targeted at a minority group with a strong voice. This group loves "cool"; cool means: change/difference, which implies featuritis.
;-)
It is that simple