> You could probably start with a VW lupo (78 miles per US gallon)
Exactly my thought, see wikipedia on http://en.wikipedia.org/wiki/Volkswagen_Lupo . Only the Lupo 3L is out of production, and pretty much everybody agreed that it was a really bad car. Don't get me wrong: I would love to have a really efficient car, but you have to look at the problem from all sides. A car with low fuel consumption may not be green after all, if it only lasts 50 000 miles, because production and scrapping harms the environment, too.
Of course the bigger challenge is to make people buy this car. And that is very much a question of price and comfort of driving. Unfortunately, the Lupo was good at neither.
> That was the place where you'd get online help from the software companies, download new drivers, beta-tests, patches etc _years_ before the web was invented.
True, that was in the 80s. I think it never really took off in Europe because modems were illegal back then (and extreme expensive). But in the 90s it was just a slow slide to the bottom of the pile.
Anyway, this seems to be recurring theme for "top 100 ever" lists: people like to see fallen stars in there. One good idea, a short period an glory, and then the company fails to keep up with the competition. I think this pattern fits most of the items on list.
> What kind of metric would you propose be used to compare spreadsheets to ipods?
While I agree that it is difficult, exactly this was done to create the list. For example, they decided that the iPod is more important than GMail. How would you do that? I don't know, but they think they do. For course the fact alone is only half-news (half-true?), unless you can also follow the reasoning. Which is exactly the point the grandparent made. There you are.
14. Apple Mac 27. WoW 29. HP LaserJet 4 44. EOS Digital Rebel 45. RedHat
They completely miss CD-writer, Gmail, Opera and the Commodore C-64, which is inexcusable. And what do they have instead? I can't believe it:
Eudora? One of the worst email readers in existence? (yes, it is has a few nice feature, but overall it completely fails) Sony Mavica FD? Storing pictures on a floppy disk is a silly idea. Yes, it was practical for certain uses, but only if you had no USB. Windows 95? Sure, the eye candy was nice, but under the hood is was nasty DOS all over again. ZIP Driver? Are you joking? CD-writer finally put us out of this misery. McAfee? The software with more security problems than virus detected? CompuServe? Charging emails per page, and still mangling the attachments? No, thank you.
> Hummingbird 's Exceed is definitely what you want
Maybe it is a matter of taste, but I found Exceed rather clumsy, difficult to configure and very slow on start up. While I agree that CygwinX is certainly not perfect, I did get rather fond of X-ming, which is a native port of the X-server. It does not have the lovely UNIX-feeling that Cygwin gives you, but it starts really quickly, is easy to configure and performs rather nicely.
If you want more UNIX, you can always combine X-ming with colinux (yes, it is beta and a bit fiddly, but pretty light on the machine), or you can use one of the virtual machines available.
... I don't want to have to deal with support, or even the complaints department. I guess you have to file a complaint in person, and then the monster bits your head of:-)
> What's surprising is how inneficiently tuned a lot of engines come from the factory.
For American cars, I absolutely agree. Those engine sizes are just massive, and the power is not usually what you could expect. Of course the upside is that the engine will last forever.
European cars (especially the engines designed in Germany) and Toyota engines are much smaller, but develop an astonishing amount of power. This does benefit the efficiency, but it is possible to ruin such an engine if you abuse it (revving when cold, cheap oil etc).
So what have we learned? Nothing. Science is about generalising, and running a sample of one is not. So what they need to do is to look at different cars and see how efficient the engines are, and whether there are any side effects.
> Support businesses which treat their employees well.
I generally agree, but there are two problems with this: a) I don't know whether the employees are treated well, and b) this is usually none of my business. If employer and employees agree upon something, why should I interfere?
> Try to buy American made whenever you can.
I am sorry, but I can't here this any more (and neither "buy British", "buy German", "buy Dutch" or "buy French"). If customers leave in big numbers, it is usually because the price (German engineering) or the quality (British engineering) is not right. By buying anyway you just delay the inevitable: that sellers get their *** together and offer a reasonable product.
SQLite is great for what it is: an embedded database. So if only one process (thread?) has access to the database, SQLite is doing a reasonable job. The performance pattern is ok for easy operations, but updates and complex operations may be slower than on a full blown database system. Also the administration tools are limited (which is not usually a problem for an embedded database).
Actually many programs use SQLite, but because it is embedded, the user may not know about it.
I had a problem with the BSD three clause license once. If you every read commercial software documentation, there is usually a section full of advertising clauses for contributed software. But no, management deemed this not acceptable. Of course there was no time either to remove the BSD code, so we just left it there.
On the other hand the leaking of GPL code is a reasonable concern. It happens all to often with common software such as MySQL. And you here statements such as "but if we use Perl, we are not linking against the MySQL code", which are dubious at best. Or "if the customer downloads the library himself, we are not responsible".
Of course banning open source is not the solution. Actually most commercial software packages have some content of open source code (Windows has the BSD network stack, Matlab has BLAS, Adobe uses the JPEG library...). And even if you ban all open source software, you can still violate the license of a commercial package:-). The only solution is to be careful with what you ship, period.
I would think that is much more of show stopper than not having POP3 or IMAP4. Not having protocol X is just an incomplete service, but not allowing any alternative means that they want a captive audience.
So what is next? "You have to attend our student introduction seminar, which is supported by Coca Cola commercials?" Scary world.
This guy wants to build a "green PC", and he uses a wireless keyboard with batteries? I give him the benefit of the doubt: maybe he was not around yet when all the eco hippies were running their holy crusade against batteries. But anyway the problem should be obvious: getting two new batteries every few month probably offsets all the savings of a few kilowatt hours. Especially if they are just thrown in the bin.
This is kind of a funny statement from the Microsoft guy. After all, one of the main draws of Windows Vista is supposed to be "more security".
And now this guy says that there is not actually a "security boundary". So he agrees that there are "implementation issues" in the security features, but he declares them to be ok, and not bugs.
So what is the point of security when it is not actually working? From what I can understand, MIC is fundamentally flawed, because it does not block read access. And UIPI has holes, so it is not actually effected. Oh, and UAC can be tricked by calling your exploit install.exe.
They killed the role (assistant), not Clippy!
on
The Death of Clippy
·
· Score: 1
I wonder why people always refer to Clippy. It is an annoying character, no doubt. But the feature is called "Office Assistant", and you can choose from a number of different characters. Einstein is probably just as annoying, but the Cat is rather cute.
So please stop whining about Clippy, and think for a minute about all the other characters!
> My WinXP installation decided that a "security" tab was just too confusing so it didn't display it.
That is a deliberate restriction in Windows XP Home. In the specs it says that XP Home does not support ACLs. But of course the kernel does support ACLs, only the GUI refuses to deal with them. But they are still there, which can make life an absolute pain if you try to set up a LUA.
"Broken by design" are the words to come to my mind here...
So? What is Unix anyway? It is only a name, and a code base developed in the 70s and 80s.
POSIX is what people want (although it is just a bunch of specs written by a committee). Some places suck badly, but others are quite useful. Of course most systems are POSIX nowadays, including Windows.
> I've personally found almost every release of Evolution to be horribly unstable.
I am glad that I am not the only one. Every version I tried had very basic bugs. Even worse: every new version may fix some old bugs, but it will certainly introduce new bugs. So you are constantly trying to catch up.
Plus Evolution is just butt ugly. It might be as close to Outlook as you get for free, but in my experience it is just not worth the hassle.
> Repair or replacement, as provided under this warranty, is your exclusive remedy. KENSINGTON shall not be liable for any incidental or consequential damages. Implied warranties of merchantability and fitness for a particular purpose on this product are limited in duration to the duration of this warranty.
Translated into plain English this means: we will not even promise that the product does what we say it does, but some evil courts have interpreted this promise to be implied because we sell the gadget. So we want to make it perfectly clear that we only promise (which we don't) that the device works for 1 year. And if it does not work (e.g. you loose all your data or Mister BadGuy cracks it), you may get a new device, but only if you can produce the old device (which is probably difficult, if Mister BadGuy nicked your device).
To me this sounds like the lawyers that made up these terms did not trust the thing for five seconds. So why should you?
Usually that would be sufficient, but for a just in time compiler, 64-bit clean is not enough. It also has to be *rewritten* to produce 64-bit code. So I think there is a long way to go for Java before it catches up with the hype.
Ok, so you have a shared secret, and you use part of it every time to authenticate yourself. That does not sound like a new idea to me. In fact, German banks have all used this scheme for years. They use a more refined version:
The matrix is mailed in a sealed envelop. This is important - try to seal email:-).
Each entry is 6 digits long, so the change of guessing it is very low.
You use one entry for every transaction. So you don't need the matrix to check your balance.
This may sound complicated, but actually the user experience is quite ok. And you are always reminded if you do something important, because you have to give another secret number.
The only scheme more secure is one I used in Holland. You have a little token that is PIN secured. The bank sends you a 9 digit number, which the token turns into another 9 digit number for authorization. On the whole, I found that rather tedious, and probably not worth the small additional security. Another good option is using SMS, but the cost of an SMS is pretty much prohibitive in Europe.
The big looming danger for online banking is a man-in-the-middle attack. No current scheme offers much protection against that. I think it is only a matter of time until we see some black hats (successfully?) trying this.
I have not used them, but I know that Sanyo makes them. They have around 10000 mAh and cost nearly 20 dollars per piece. This probably explains why you don't see them in retail, because after the 3 times markup they are just way to expensive. They have some use in industrial applications, although they are rare even there. C-Cells where popular at a time, but now everything seems to standardize on sub-C.
> Having a basic unit of measurement between a cm and a m (ie a foot) seems nicely convenient for measuring things at the size of an average human work product, given the size of our hands, feet, etc.
I agree that this was true for the longest time in history, which explains why we have these units. And of course the metric system is no exception: you can use decimeters (dm for short), which are 1/10 m or 10 cm. However, I don't think that they are particularly useful nowadays.
The use for many units comes from the fact that they avoid huge numbers. Huge is defined by what you are used to. So if you tell a caveman that your drink has 500 milliliters, he will think that it is enormous (certainly bigger than anything he has heard of). Nowadays people should be comfortable with numbers up to around 1000. (And yes, I now that most people like to confuse millions and billions.) And a scale of 1000 is actually very convenient, and used in most linear measurements.
This reminds me of a book on "victorian engineering". The British used to have the most precise mechanical instruments available during those days, and they could easily measure 1 um (1/000 mm). However, the average workshop still tends to use measurements like "a slim 16th", meaning just a little bit less than a 16th of an inch. This goes a long way to explain why the British invented steam engines, while they still can't make doors that close properly:-)
After reading all the posts this may sound funny, but: you can determine how to cancel a contract. As soon as you have made it perfectly clear that you want to cancel, the other party has to oblige.
So the easiest way to cancel a difficult service is probably to send a letter. (Yes, this does involve buying a stamp and finding a snail-mail access port.) If you are especially paranoid, you may even use registered delivery. Once the company receives your cancellation letter, they have to address it. This is basic business practice.
And if they don't, you can use the copy of the letter and the receipt to defend your rights. Any smart company would of course back off here, but you never know.
> Arguably every OS should come with an RDBMS and applications should make more use of it instead of depending on a broad assortment of different mini-databases like sqlite and such. There's nothing wrong with them on their own but with ten programs that each use them, I've effectively got ten copies of sqlite
Try ubuntu. It comes with one version of sqlite (3.0), and every piece of software can use only this version. So from amarok to xine, they all use the *same* sqlite library. And you get security updates just hours after the discovery of a new problem.
Otherwise, I completely agree. The way Windows handles dependencies (in words: not) is just ridiculous.
> And I would hope that developers (especially language developers) would realize that the really correct approach is not to glue SQL statements together from fixed strings and quoted arguments
To be fair, the original article is about XPath and LDAP injection. As far as I know, there is no alternative to "brutal" string operations here. Around SQL you have a number of (not nice but) working data binding APIs, but for many new languages you do not have that (yet).
Sometimes you have to use quoting, and you want to make sure that your quoting function is absolutely correct. This is difficult because of encoding, locale, fonts etc. So the best solution is to use the quoting function provided by the API:-)
Slashdot Mirror
> You could probably start with a VW lupo (78 miles per US gallon)
Exactly my thought, see wikipedia on http://en.wikipedia.org/wiki/Volkswagen_Lupo . Only the Lupo 3L is out of production, and pretty much everybody agreed that it was a really bad car. Don't get me wrong: I would love to have a really efficient car, but you have to look at the problem from all sides. A car with low fuel consumption may not be green after all, if it only lasts 50 000 miles, because production and scrapping harms the environment, too.
Of course the bigger challenge is to make people buy this car. And that is very much a question of price and comfort of driving. Unfortunately, the Lupo was good at neither.
>> CompuServe
> That was the place where you'd get online help from the software companies, download new drivers, beta-tests, patches etc _years_ before the web was invented.
True, that was in the 80s. I think it never really took off in Europe because modems were illegal back then (and extreme expensive). But in the 90s it was just a slow slide to the bottom of the pile.
Anyway, this seems to be recurring theme for "top 100 ever" lists: people like to see fallen stars in there. One good idea, a short period an glory, and then the company fails to keep up with the competition. I think this pattern fits most of the items on list.
> What kind of metric would you propose be used to compare spreadsheets to ipods?
While I agree that it is difficult, exactly this was done to create the list. For example, they decided that the iPod is more important than GMail. How would you do that? I don't know, but they think they do. For course the fact alone is only half-news (half-true?), unless you can also follow the reasoning. Which is exactly the point the grandparent made. There you are.
I can only agree with a few of these:
14. Apple Mac
27. WoW
29. HP LaserJet 4
44. EOS Digital Rebel
45. RedHat
They completely miss CD-writer, Gmail, Opera and the Commodore C-64, which is inexcusable. And what do they have instead? I can't believe it:
Eudora? One of the worst email readers in existence? (yes, it is has a few nice feature, but overall it completely fails)
Sony Mavica FD? Storing pictures on a floppy disk is a silly idea. Yes, it was practical for certain uses, but only if you had no USB.
Windows 95? Sure, the eye candy was nice, but under the hood is was nasty DOS all over again.
ZIP Driver? Are you joking? CD-writer finally put us out of this misery.
McAfee? The software with more security problems than virus detected?
CompuServe? Charging emails per page, and still mangling the attachments? No, thank you.
> Hummingbird 's Exceed is definitely what you want
Maybe it is a matter of taste, but I found Exceed rather clumsy, difficult to configure and very slow on start up. While I agree that CygwinX is certainly not perfect, I did get rather fond of X-ming, which is a native port of the X-server. It does not have the lovely UNIX-feeling that Cygwin gives you, but it starts really quickly, is easy to configure and performs rather nicely.
If you want more UNIX, you can always combine X-ming with colinux (yes, it is beta and a bit fiddly, but pretty light on the machine), or you can use one of the virtual machines available.
... I don't want to have to deal with support, or even the complaints department. I guess you have to file a complaint in person, and then the monster bits your head of :-)
> What's surprising is how inneficiently tuned a lot of engines come from the factory.
For American cars, I absolutely agree. Those engine sizes are just massive, and the power is not usually what you could expect. Of course the upside is that the engine will last forever.
European cars (especially the engines designed in Germany) and Toyota engines are much smaller, but develop an astonishing amount of power. This does benefit the efficiency, but it is possible to ruin such an engine if you abuse it (revving when cold, cheap oil etc).
So what have we learned? Nothing. Science is about generalising, and running a sample of one is not. So what they need to do is to look at different cars and see how efficient the engines are, and whether there are any side effects.
> Support businesses which treat their employees well.
I generally agree, but there are two problems with this: a) I don't know whether the employees are treated well, and b) this is usually none of my business. If employer and employees agree upon something, why should I interfere?
> Try to buy American made whenever you can.
I am sorry, but I can't here this any more (and neither "buy British", "buy German", "buy Dutch" or "buy French"). If customers leave in big numbers, it is usually because the price (German engineering) or the quality (British engineering) is not right. By buying anyway you just delay the inevitable: that sellers get their *** together and offer a reasonable product.
> SQLite looks like it was almost written for me.
> So, what's wrong with it.
SQLite is great for what it is: an embedded database. So if only one process (thread?) has access to the database, SQLite is doing a reasonable job. The performance pattern is ok for easy operations, but updates and complex operations may be slower than on a full blown database system. Also the administration tools are limited (which is not usually a problem for an embedded database).
Actually many programs use SQLite, but because it is embedded, the user may not know about it.
I had a problem with the BSD three clause license once. If you every read commercial software documentation, there is usually a section full of advertising clauses for contributed software. But no, management deemed this not acceptable. Of course there was no time either to remove the BSD code, so we just left it there.
:-). The only solution is to be careful with what you ship, period.
On the other hand the leaking of GPL code is a reasonable concern. It happens all to often with common software such as MySQL. And you here statements such as "but if we use Perl, we are not linking against the MySQL code", which are dubious at best. Or "if the customer downloads the library himself, we are not responsible".
Of course banning open source is not the solution. Actually most commercial software packages have some content of open source code (Windows has the BSD network stack, Matlab has BLAS, Adobe uses the JPEG library...). And even if you ban all open source software, you can still violate the license of a commercial package
> "we're not allowed to forward our mail"
I would think that is much more of show stopper than not having POP3 or IMAP4. Not having protocol X is just an incomplete service, but not allowing any alternative means that they want a captive audience.
So what is next? "You have to attend our student introduction seminar, which is supported by Coca Cola commercials?" Scary world.
This guy wants to build a "green PC", and he uses a wireless keyboard with batteries? I give him the benefit of the doubt: maybe he was not around yet when all the eco hippies were running their holy crusade against batteries. But anyway the problem should be obvious: getting two new batteries every few month probably offsets all the savings of a few kilowatt hours. Especially if they are just thrown in the bin.
Summary: too much hot are to be green.
This is kind of a funny statement from the Microsoft guy. After all, one of the main draws of Windows Vista is supposed to be "more security".
And now this guy says that there is not actually a "security boundary". So he agrees that there are "implementation issues" in the security features, but he declares them to be ok, and not bugs.
So what is the point of security when it is not actually working? From what I can understand, MIC is fundamentally flawed, because it does not block read access. And UIPI has holes, so it is not actually effected. Oh, and UAC can be tricked by calling your exploit install.exe.
I wonder why people always refer to Clippy. It is an annoying character, no doubt. But the feature is called "Office Assistant", and you can choose from a number of different characters. Einstein is probably just as annoying, but the Cat is rather cute.
So please stop whining about Clippy, and think for a minute about all the other characters!
> My WinXP installation decided that a "security" tab was just too confusing so it didn't display it.
That is a deliberate restriction in Windows XP Home. In the specs it says that XP Home does not support ACLs. But of course the kernel does support ACLs, only the GUI refuses to deal with them. But they are still there, which can make life an absolute pain if you try to set up a LUA.
"Broken by design" are the words to come to my mind here...
> Solaris has a big advantage. Solaris is Unix.
So? What is Unix anyway? It is only a name, and a code base developed in the 70s and 80s.
POSIX is what people want (although it is just a bunch of specs written by a committee). Some places suck badly, but others are quite useful. Of course most systems are POSIX nowadays, including Windows.
Just my 2p.
> I've personally found almost every release of Evolution to be horribly unstable.
I am glad that I am not the only one. Every version I tried had very basic bugs. Even worse: every new version may fix some old bugs, but it will certainly introduce new bugs. So you are constantly trying to catch up.
Plus Evolution is just butt ugly. It might be as close to Outlook as you get for free, but in my experience it is just not worth the hassle.
Good point. The warranty says:
> Repair or replacement, as provided under this warranty, is your exclusive remedy. KENSINGTON shall not be liable for any incidental or consequential damages. Implied warranties of merchantability and fitness for a particular purpose on this product are limited in duration to the duration of this warranty.
Translated into plain English this means: we will not even promise that the product does what we say it does, but some evil courts have interpreted this promise to be implied because we sell the gadget. So we want to make it perfectly clear that we only promise (which we don't) that the device works for 1 year. And if it does not work (e.g. you loose all your data or Mister BadGuy cracks it), you may get a new device, but only if you can produce the old device (which is probably difficult, if Mister BadGuy nicked your device).
To me this sounds like the lawyers that made up these terms did not trust the thing for five seconds. So why should you?
> to clean up any code that's not 64-bit clean
Usually that would be sufficient, but for a just in time compiler, 64-bit clean is not enough. It also has to be *rewritten* to produce 64-bit code. So I think there is a long way to go for Java before it catches up with the hype.
This may sound complicated, but actually the user experience is quite ok. And you are always reminded if you do something important, because you have to give another secret number.
The only scheme more secure is one I used in Holland. You have a little token that is PIN secured. The bank sends you a 9 digit number, which the token turns into another 9 digit number for authorization. On the whole, I found that rather tedious, and probably not worth the small additional security. Another good option is using SMS, but the cost of an SMS is pretty much prohibitive in Europe.
The big looming danger for online banking is a man-in-the-middle attack. No current scheme offers much protection against that. I think it is only a matter of time until we see some black hats (successfully?) trying this.
> Anybody ever found a "real" NiMH D-Cell?
I have not used them, but I know that Sanyo makes them. They have around 10000 mAh and cost nearly 20 dollars per piece. This probably explains why you don't see them in retail, because after the 3 times markup they are just way to expensive. They have some use in industrial applications, although they are rare even there. C-Cells where popular at a time, but now everything seems to standardize on sub-C.
> Having a basic unit of measurement between a cm and a m (ie a foot) seems nicely convenient for measuring things at the size of an average human work product, given the size of our hands, feet, etc.
:-)
I agree that this was true for the longest time in history, which explains why we have these units. And of course the metric system is no exception: you can use decimeters (dm for short), which are 1/10 m or 10 cm. However, I don't think that they are particularly useful nowadays.
The use for many units comes from the fact that they avoid huge numbers. Huge is defined by what you are used to. So if you tell a caveman that your drink has 500 milliliters, he will think that it is enormous (certainly bigger than anything he has heard of). Nowadays people should be comfortable with numbers up to around 1000. (And yes, I now that most people like to confuse millions and billions.) And a scale of 1000 is actually very convenient, and used in most linear measurements.
This reminds me of a book on "victorian engineering". The British used to have the most precise mechanical instruments available during those days, and they could easily measure 1 um (1/000 mm). However, the average workshop still tends to use measurements like "a slim 16th", meaning just a little bit less than a 16th of an inch. This goes a long way to explain why the British invented steam engines, while they still can't make doors that close properly
After reading all the posts this may sound funny, but: you can determine how to cancel a contract. As soon as you have made it perfectly clear that you want to cancel, the other party has to oblige.
So the easiest way to cancel a difficult service is probably to send a letter. (Yes, this does involve buying a stamp and finding a snail-mail access port.) If you are especially paranoid, you may even use registered delivery. Once the company receives your cancellation letter, they have to address it. This is basic business practice.
And if they don't, you can use the copy of the letter and the receipt to defend your rights. Any smart company would of course back off here, but you never know.
> Arguably every OS should come with an RDBMS and applications should make more use of it instead of depending on a broad assortment of different mini-databases like sqlite and such. There's nothing wrong with them on their own but with ten programs that each use them, I've effectively got ten copies of sqlite
Try ubuntu. It comes with one version of sqlite (3.0), and every piece of software can use only this version. So from amarok to xine, they all use the *same* sqlite library. And you get security updates just hours after the discovery of a new problem.
Otherwise, I completely agree. The way Windows handles dependencies (in words: not) is just ridiculous.
> And I would hope that developers (especially language developers) would realize that the really correct approach is not to glue SQL statements together from fixed strings and quoted arguments
:-)
To be fair, the original article is about XPath and LDAP injection. As far as I know, there is no alternative to "brutal" string operations here. Around SQL you have a number of (not nice but) working data binding APIs, but for many new languages you do not have that (yet).
Sometimes you have to use quoting, and you want to make sure that your quoting function is absolutely correct. This is difficult because of encoding, locale, fonts etc. So the best solution is to use the quoting function provided by the API