The whitelist should be quite enough. If you're going to allow installations at all (which you shouldn't, just install flash, quicktime and adobe reader and lockdown the computer; the plugin installer doesn't even work for quicktime anyway, or most other plugins), it is much easier for kids to download an executable installer and run it than bypass the whitelist. So disabling the harder method of installing software while leaving the easy one will hardly improve your security.
Yes, making things hard is a great job. Running random code should be hard because the consequences can be disastrous. As soon as you allow some code to run it has complete and total control over your computer. Unfortunately, users don't understand this. They judge the consequences of an action by the difficulty of performing that action. Therefore actions with big consequences should be hard to perform so that users don't perform them flippantly or accidentally.
Why would you uncheck "Allow websites to install software"? The whitelist is already plenty secure, as we have just been discussing. If you uncheck that box on purpose, then you have no right to complain when Firefox doesn't allow you to install Flash from the web. Of course, an error message would be nice, but the plugin installer has always been flaky; it is one of the worst parts of Firefox IMHO. Hopefully it will be fixed up in 1.1.
you just have to click the Allow button on the yellow bar
You have to do a bit more than that. The text on the yellow bar does not instruct you in how to bypass the block, the button on the bar is ambiguously labled "edit options..." not "Allow", and the whole process requires at least six clicks and a wait through a three-second countdown timer on a dialog box with bold warning text before you can install an extension from a random site. Overall it is much more involved than one-click ActiveX installs (or even downloading a plain.exe installer), and it gives the impression of being a much more serious operation which users are much more likely to balk at. The Mozilla developers did a great job with this.
I'm not saying you should make a 1600x1200 wallpaper with no concern for how it looks at 1024x768, just that the source art should be 1600x1200 or higher. You can always scale stuff down with no quality loss (if you don't put in details too small for a 1024x768 image), but scaling up always loses quality. Taking a 1024x768 wallpaper and "filling it out" with stuff around the edges sounds like a recipie for a bad wallpaper. 1024x768 pixels is less than half the area of a 1600x1200 screen; you'll need more filler than original wallpaper!. Just make your wallpapers 1600x1200 or higher, and if they have any text or small details make sure they are large enough to look fine at 1024x768. That way everyone enjoys a great wallpaper.
There has recently been a a bunch of great work work on integrating speech synthesis software with KDE. You can read about it here: "KDE 3.4 Will Talk to You". It's not yet ready for completely blind users but the plan is for KDE 4.0 to support blind users. Plus, it's just cool to have your computer talk.
These things integrate themselves into Windows so deep, some of them might still load in safe mode. If you use safe mode with networking, I know that some of them will for sure. Plus safe mode is a pain, it takes forever and the video driver sucks. Plus you'll still screw up your OS if you remove.dlls from the network stack in safe mode without fixing the appropriate registry keys. It's not worth the trouble. Ad-Aware does the job automatically, and what it doesn't fix is unlikely to yield to do-it-yourself methods in less than several hours' work, unless you've already dealt with a particular piece of spyware before.
Firewalls are useless crap as long as you install all the Windows updates when the automatic thingy tells you to. Anti-virus software doesn't work on the newest viruses (i.e. the biggest threats), only ones that have been discovered and documented; and it doesn't remove spyware either. Spyware removers often miss one or more of the problems on any given computer. The only thing that really keeps a computer safe is good users.
Obviously you are a good user, and apparently your girlfriend is too (some heavy computer users are not, and some light users are; just depends). I suspect the main vectors for crapware installation are: IE bug exploits, ActiveX controls installed by users clicking through the security dialog, and piggybacking on semi-legit software that you would never download such as weatherbug and crappy off-brand IE toolbars. If you patch, click "no" on security dialogs, and don't install stupid web search toolbars or form-fillers from flashing banner ads proclaiming "FREE", you won't get hit.
If shareware or freeware programs install spyware, they almost always give an opt-out option or at least tell you. In my experience, warez almost never contains viruses or spyware; I'm not sure why. Installing shareware and warez really doesn't put you in much danger of getting spyware or a virus. It's the stupid stuff like free search toolbars that causes problems, but you would never install those because you know they're stupid.
I am in the same situation as you until two weeks ago. That week I downloaded a.zip attatchment from a mailing list archive, and double-clicked on the contents before I even realized it was a.scr file with a text file icon. All it takes is one mistake for your machine to be hosed. Lucklily I caught my mistake and did a free virus scan right away, which was able to remove the virus.
The nasty ones aren't executables anymore, they're.dlls which get loaded into various parts of the operating system: IE, the explorer shell, the network stack, etc. You can't delete the files because they're locked while the OS is running, and in some cases if you do somehow prevent them from loading it can screw up your system. It's gotten to the point where do-it-yourself spyware removal is too complex; you would have to have a PhD in Windows OS internals to extract some of this crap.
They do make exceptions in some cases. For example, it is possible to search for "c++" or "c#". But if you search for "++c" or "c#c", it treats the non-letters as spaces. Actually, now that I try it, "c c" returns different results than "c#c". In the first case Google removes the space and searches for "cc"; in the second case Google treats the # as a space.
You don't. SVG is scalable, so an SVG document can be rendered at any pixel size. Just make sure you use the right aspect ratio, and use cm, in, ft, or even or km as your measurement unit. Whatever floats your boat.
Don't make 1024x768 wallpapers anyway, make them 1600x1200 and scale them down. That way everybody can use them.
Well, I'm not that guy, but I've studied music a little. Certainly a lot has been ignored in the composing of this album. There is no concern for rhythm, for one thing. Rhythm is pretty much a required component of any music a person on the street would consider "good". Purely from a harmonic standpoint, though, the chords used (if you can call them that) are so complex as to be unidentifiable. For one thing, there is no concept of "key" to tie these pieces together; instead the notes seem to be picked at random from the 12 possibilities (or perhaps not even sticking to those). Furthermore, too many different notes are sounding at any given time, and as a result the sound is almost always dissonant. Again, all music that a person on the street would consider "good" contains a lot of consonant parts; these pieces are almost completely dissonance. Finally, the progression between "chords" is pretty much random, ignoring all of the rules that make for an interesting melody.
I suspect the mehod used to compose these pieces basically amounts to performing a Fourier transform on the input music, analyzing the resulting spectrum, and generating output that has a similar spectrum. This process loses a lot of the time information in the original music, such as rhythm and melodic progression.
How about XCas? I haven't seen it mentioned here yet but it seems to fit the parameters of the question pretty well. Its user interface leaves a little to be desired but it is a graphing calculator akin to a TI-89 (in fact it has a TI-89 compatibility mode), GPLed. XCas, like the TI-89, can do lots of classroom-type stuff from simple arithmetic to 3-D graphing and symbolic calculus (the biggie that students love). Maybe not so good for professional engineers but it might be just the ticket for educators and students. With a little work to pretty up that user interface. A KDE frontend would easily make it the best Free math program out there for students not in advanced math or technical courses.
I think you missed something here in your rush to defend Apple. The article is not about building high-teraflop supercomputers; it is about using small-to-medium sized clusters of commodity hardware to run high-end visualization systems (with Linux's help of course). Since they specifically want top-of-the-line graphics cards in these machines, Macs would not be the best choice. PCs have PCI express now (important for nontraditional uses of programmable graphics cards, as these guys are probably doing) and the latest from ATI/NVidia is always out first on PCs, cheaper.
You miss the point. Of course hash functions will have collisions, it's inevitable. The point is that they should be computationally infeasible to find, and MD5 has just been broken in that respect. Read the article. Using the attack it is possible to get a benign executable digitally signed (using an MD5 hash of course, think ActiveX control), then later replace the executable with a malicious version that has the same MD5 hash. The attack still probably isn't practical for spreading malware, since as the author points out, the security model for ActiveX controls has never been a technical one, it is a legal one (if it attacks us we know who to sue). However, there may be other scenarios not yet thought of where this attack is feasible. Being able to swap out a constructed benign file with a constructed malicious one that has the same hash might break other crypto-systems. Also, it is quite likely that new attacks on MD5 will follow soon, meaning that its days as a useful hash are numbered. That's what the "big deal" is.
Is it really surprising that the Czech republic spends less on education? Their Gross National Income per capita is $6,740, while it is $37,610 for the US source. I would be surprised if salaries there are 1/3 of salaries in the US; they're probably lower (though the purchasing power parity figures might be higher, but I doubt that's how the 1/3 figure was calculated). However, this doesn't mean that their teachers are any less effective, they just get paid less. So I fail to see how it is surprising that they get more for their money. Furthermore, for the Czech republic to spend 1/3 of what we spend on education, they would have to be spending a much larger percentage of their GDP on education than us, since our GDP is much larger than 3 times the Czech Republic's. So we find after all that the Czech republic cares a lot about education and spends a lot of their money on it. Is it any surprise then that their schools are good?
Re:I don't mean to be a hypocrite...
on
That's Using Your Head
·
· Score: 2, Informative
I think the social stigma surrounding cyborgs and brain implants, plus the cost and risk of the brain implant surgery, plus the cost of the training, plus the fact that you will have a permanent metal plug in your head (probably with a constant risk of infection), plus the years of training it will probably take to actually perform better than using your hands (if that is even possible, there's no guarantee), will make people reluctant to just go out and do this.
If it didn't require brain surgery and only took a few months to learn, though, I could definitely see it taking off. Also, if it turns out that people can enhance their performance at certain tasks by extreme amounts (which I am not at all convinced of), it could become somewhat common in those fields.
Re:I don't mean to be a hypocrite...
on
That's Using Your Head
·
· Score: 3, Informative
This technology is not what people often think it is. There is no way it could be used for mind-reading or thought control in the forseeable future. We would have to understand the brain a LOT better than we do to even begin to think about these things, plus we would need interface technology a million times better than a few electrodes.
Basically how this works is the brain adapts to the implanted electrodes, learning how to activate neurons in the right way such that a computer can detect the changes in electrical potential at the electrodes. The computer can't interpret the signals at all; it just reads potentials from the electrodes. What makes this interesting is that the brain is quite adaptable, and if the signals are used to control the inputs to a device the brain can learn to use the device much like an extra limb.
It remains to be seen just how fine and complex the control can be and how much adaptation the brain can do; but I think the medical community has been way too conservative about this so far, and I am optimistic that once we learn the right places to put the electrodes and the right way to process the brain's signals, controlling mice/keyboards/game controllers/robot limbs will be a matter of a few implants and a year or two of training. The benefit to quadriplegics will be immesurable. For the rest of us, this technology is probably not very useful. Getting the implants and doing the training will be quite an ordeal, not something you'd do to get an edge in Counter-Strike (if it even would give you an edge at all).
This can be helped in several ways. First, by choosing a fast widget style so that buttons and things are drawn faster. Second, by using the newest Xorg server with the composite extension turned on so that windows don't have to be redrawn as often. Third, by upgrading to the newest KDE. A lot of work has gone into reducing the number of redraws that Konqueror does on its icon views while browsing files. I can't find it now, but there was a really interesting couple of articles by the guy who went in and fixed the problems. I believe he reduced the amount of redrawing to just one total redraw when you enter a folder, and a couple of smaller ones as things are loaded, instead of three or four total redraws like it was before.
BTW, the firefox bug is: Grab the scrollbar and drag the mouse outside the window, then click the right mouse button, then release the left button, then move the mouse back inside the window. I've actually gotten kinda used to it...
Yeah, but there are about a million better ways to implement it that *don't* add a giant annoyance to everyday scrollbar usage. For example, pressing both buttons could cancel the scroll. The best alternative, however, is to draw a shadow on the scrollbar at the original position of the slider during the drag, and have the slider snap back to it if you return (you would have to be careful to avoid annoyance in the case that you only want to scroll a little, but it could be done fairly easily).
Actually, I think the scroll bar could use a complete overhaul. Here's how they should *really* work: The buttons should be gone. Arrows could still be drawn at the ends for the visual "scrollbar" cue, but clicking on them would be just like clicking the rest of the bar. Clicking the "empty" space would also have the same effect as clicking on the scroller thingy. That effect would be: the mouse pointer either disappears or is locked to the scroller, and the scroller is highlighted in a very obvious way (possibly involving animation to catch the eye). Dragging the mouse is not required; a single click locks the scrollbar until you release it with another click (though dragging would still work too). The speed of the mouse movement is adjusted during the scrolling operation so that mouse movement always moves documents at the same speed, independent of the document size. A shadow is drawn at the original position of the scroller so you can easily return. When you release the scroll bar, the mouse pointer would always be at the position of the scroller.
I got this idea when I ran into a firefox bug that forgets to release the scrollbar when you release the mouse button until you click again. To my surprise, I found that I really liked it. The one problem I see with this improved scroll bar is that the adjusted scrolling speed I suggested could make it difficult to jump to the end of a long document quickly. Acceleration would help somewhat, but for extremely large documents it would be a problem. One way to fix this would be to make right-clicking the scrollbar bring the scroller to that position instantly (like middle-click in Linux today). Unfortunately, your mom might not discover that by herself, leaving her frustrated trying to reach the end of a huge document. Comments and suggestions are welcome.
Rusty metal, yellow caution stripes, radioactive sludge? Could be any of a billion computer games. For some reason, rusty metal, yellow caution stripes, and radioactive sludge (always green and/or brown) seem to be staples of computer game art. Almost as much as crates and barrels.
Slashdot Mirror
The whitelist should be quite enough. If you're going to allow installations at all (which you shouldn't, just install flash, quicktime and adobe reader and lockdown the computer; the plugin installer doesn't even work for quicktime anyway, or most other plugins), it is much easier for kids to download an executable installer and run it than bypass the whitelist. So disabling the harder method of installing software while leaving the easy one will hardly improve your security.
Why would you uncheck "Allow websites to install software"? The whitelist is already plenty secure, as we have just been discussing. If you uncheck that box on purpose, then you have no right to complain when Firefox doesn't allow you to install Flash from the web. Of course, an error message would be nice, but the plugin installer has always been flaky; it is one of the worst parts of Firefox IMHO. Hopefully it will be fixed up in 1.1.
You have to do a bit more than that. The text on the yellow bar does not instruct you in how to bypass the block, the button on the bar is ambiguously labled "edit options..." not "Allow", and the whole process requires at least six clicks and a wait through a three-second countdown timer on a dialog box with bold warning text before you can install an extension from a random site. Overall it is much more involved than one-click ActiveX installs (or even downloading a plain .exe installer), and it gives the impression of being a much more serious operation which users are much more likely to balk at. The Mozilla developers did a great job with this.
I'm not saying you should make a 1600x1200 wallpaper with no concern for how it looks at 1024x768, just that the source art should be 1600x1200 or higher. You can always scale stuff down with no quality loss (if you don't put in details too small for a 1024x768 image), but scaling up always loses quality. Taking a 1024x768 wallpaper and "filling it out" with stuff around the edges sounds like a recipie for a bad wallpaper. 1024x768 pixels is less than half the area of a 1600x1200 screen; you'll need more filler than original wallpaper!. Just make your wallpapers 1600x1200 or higher, and if they have any text or small details make sure they are large enough to look fine at 1024x768. That way everyone enjoys a great wallpaper.
There has recently been a a bunch of great work work on integrating speech synthesis software with KDE. You can read about it here: "KDE 3.4 Will Talk to You". It's not yet ready for completely blind users but the plan is for KDE 4.0 to support blind users. Plus, it's just cool to have your computer talk.
These things integrate themselves into Windows so deep, some of them might still load in safe mode. If you use safe mode with networking, I know that some of them will for sure. Plus safe mode is a pain, it takes forever and the video driver sucks. Plus you'll still screw up your OS if you remove .dlls from the network stack in safe mode without fixing the appropriate registry keys. It's not worth the trouble. Ad-Aware does the job automatically, and what it doesn't fix is unlikely to yield to do-it-yourself methods in less than several hours' work, unless you've already dealt with a particular piece of spyware before.
Obviously you are a good user, and apparently your girlfriend is too (some heavy computer users are not, and some light users are; just depends). I suspect the main vectors for crapware installation are: IE bug exploits, ActiveX controls installed by users clicking through the security dialog, and piggybacking on semi-legit software that you would never download such as weatherbug and crappy off-brand IE toolbars. If you patch, click "no" on security dialogs, and don't install stupid web search toolbars or form-fillers from flashing banner ads proclaiming "FREE", you won't get hit.
If shareware or freeware programs install spyware, they almost always give an opt-out option or at least tell you. In my experience, warez almost never contains viruses or spyware; I'm not sure why. Installing shareware and warez really doesn't put you in much danger of getting spyware or a virus. It's the stupid stuff like free search toolbars that causes problems, but you would never install those because you know they're stupid.
I am in the same situation as you until two weeks ago. That week I downloaded a .zip attatchment from a mailing list archive, and double-clicked on the contents before I even realized it was a .scr file with a text file icon. All it takes is one mistake for your machine to be hosed. Lucklily I caught my mistake and did a free virus scan right away, which was able to remove the virus.
The nasty ones aren't executables anymore, they're .dlls which get loaded into various parts of the operating system: IE, the explorer shell, the network stack, etc. You can't delete the files because they're locked while the OS is running, and in some cases if you do somehow prevent them from loading it can screw up your system. It's gotten to the point where do-it-yourself spyware removal is too complex; you would have to have a PhD in Windows OS internals to extract some of this crap.
They do make exceptions in some cases. For example, it is possible to search for "c++" or "c#". But if you search for "++c" or "c#c", it treats the non-letters as spaces. Actually, now that I try it, "c c" returns different results than "c#c". In the first case Google removes the space and searches for "cc"; in the second case Google treats the # as a space.
Don't make 1024x768 wallpapers anyway, make them 1600x1200 and scale them down. That way everybody can use them.
I suspect the mehod used to compose these pieces basically amounts to performing a Fourier transform on the input music, analyzing the resulting spectrum, and generating output that has a similar spectrum. This process loses a lot of the time information in the original music, such as rhythm and melodic progression.
Also, more bugs means more support contracts.
How about XCas? I haven't seen it mentioned here yet but it seems to fit the parameters of the question pretty well. Its user interface leaves a little to be desired but it is a graphing calculator akin to a TI-89 (in fact it has a TI-89 compatibility mode), GPLed. XCas, like the TI-89, can do lots of classroom-type stuff from simple arithmetic to 3-D graphing and symbolic calculus (the biggie that students love). Maybe not so good for professional engineers but it might be just the ticket for educators and students. With a little work to pretty up that user interface. A KDE frontend would easily make it the best Free math program out there for students not in advanced math or technical courses.
I think you missed something here in your rush to defend Apple. The article is not about building high-teraflop supercomputers; it is about using small-to-medium sized clusters of commodity hardware to run high-end visualization systems (with Linux's help of course). Since they specifically want top-of-the-line graphics cards in these machines, Macs would not be the best choice. PCs have PCI express now (important for nontraditional uses of programmable graphics cards, as these guys are probably doing) and the latest from ATI/NVidia is always out first on PCs, cheaper.
You miss the point. Of course hash functions will have collisions, it's inevitable. The point is that they should be computationally infeasible to find, and MD5 has just been broken in that respect. Read the article. Using the attack it is possible to get a benign executable digitally signed (using an MD5 hash of course, think ActiveX control), then later replace the executable with a malicious version that has the same MD5 hash. The attack still probably isn't practical for spreading malware, since as the author points out, the security model for ActiveX controls has never been a technical one, it is a legal one (if it attacks us we know who to sue). However, there may be other scenarios not yet thought of where this attack is feasible. Being able to swap out a constructed benign file with a constructed malicious one that has the same hash might break other crypto-systems. Also, it is quite likely that new attacks on MD5 will follow soon, meaning that its days as a useful hash are numbered. That's what the "big deal" is.
Is it really surprising that the Czech republic spends less on education? Their Gross National Income per capita is $6,740, while it is $37,610 for the US source. I would be surprised if salaries there are 1/3 of salaries in the US; they're probably lower (though the purchasing power parity figures might be higher, but I doubt that's how the 1/3 figure was calculated). However, this doesn't mean that their teachers are any less effective, they just get paid less. So I fail to see how it is surprising that they get more for their money. Furthermore, for the Czech republic to spend 1/3 of what we spend on education, they would have to be spending a much larger percentage of their GDP on education than us, since our GDP is much larger than 3 times the Czech Republic's. So we find after all that the Czech republic cares a lot about education and spends a lot of their money on it. Is it any surprise then that their schools are good?
If it didn't require brain surgery and only took a few months to learn, though, I could definitely see it taking off. Also, if it turns out that people can enhance their performance at certain tasks by extreme amounts (which I am not at all convinced of), it could become somewhat common in those fields.
Basically how this works is the brain adapts to the implanted electrodes, learning how to activate neurons in the right way such that a computer can detect the changes in electrical potential at the electrodes. The computer can't interpret the signals at all; it just reads potentials from the electrodes. What makes this interesting is that the brain is quite adaptable, and if the signals are used to control the inputs to a device the brain can learn to use the device much like an extra limb.
It remains to be seen just how fine and complex the control can be and how much adaptation the brain can do; but I think the medical community has been way too conservative about this so far, and I am optimistic that once we learn the right places to put the electrodes and the right way to process the brain's signals, controlling mice/keyboards/game controllers/robot limbs will be a matter of a few implants and a year or two of training. The benefit to quadriplegics will be immesurable. For the rest of us, this technology is probably not very useful. Getting the implants and doing the training will be quite an ordeal, not something you'd do to get an edge in Counter-Strike (if it even would give you an edge at all).
This can be helped in several ways. First, by choosing a fast widget style so that buttons and things are drawn faster. Second, by using the newest Xorg server with the composite extension turned on so that windows don't have to be redrawn as often. Third, by upgrading to the newest KDE. A lot of work has gone into reducing the number of redraws that Konqueror does on its icon views while browsing files. I can't find it now, but there was a really interesting couple of articles by the guy who went in and fixed the problems. I believe he reduced the amount of redrawing to just one total redraw when you enter a folder, and a couple of smaller ones as things are loaded, instead of three or four total redraws like it was before.
Thanks for my new sig!
I have just discovered Adobe Reader speed-up. It is a godsend.
BTW, the firefox bug is: Grab the scrollbar and drag the mouse outside the window, then click the right mouse button, then release the left button, then move the mouse back inside the window. I've actually gotten kinda used to it...
Actually, I think the scroll bar could use a complete overhaul. Here's how they should *really* work: The buttons should be gone. Arrows could still be drawn at the ends for the visual "scrollbar" cue, but clicking on them would be just like clicking the rest of the bar. Clicking the "empty" space would also have the same effect as clicking on the scroller thingy. That effect would be: the mouse pointer either disappears or is locked to the scroller, and the scroller is highlighted in a very obvious way (possibly involving animation to catch the eye). Dragging the mouse is not required; a single click locks the scrollbar until you release it with another click (though dragging would still work too). The speed of the mouse movement is adjusted during the scrolling operation so that mouse movement always moves documents at the same speed, independent of the document size. A shadow is drawn at the original position of the scroller so you can easily return. When you release the scroll bar, the mouse pointer would always be at the position of the scroller.
I got this idea when I ran into a firefox bug that forgets to release the scrollbar when you release the mouse button until you click again. To my surprise, I found that I really liked it. The one problem I see with this improved scroll bar is that the adjusted scrolling speed I suggested could make it difficult to jump to the end of a long document quickly. Acceleration would help somewhat, but for extremely large documents it would be a problem. One way to fix this would be to make right-clicking the scrollbar bring the scroller to that position instantly (like middle-click in Linux today). Unfortunately, your mom might not discover that by herself, leaving her frustrated trying to reach the end of a huge document. Comments and suggestions are welcome.
Nope. We turned it off.
Rusty metal, yellow caution stripes, radioactive sludge? Could be any of a billion computer games. For some reason, rusty metal, yellow caution stripes, and radioactive sludge (always green and/or brown) seem to be staples of computer game art. Almost as much as crates and barrels.