Think of the possible evolution of species separated from the mainland.
This isn't the first time it's happened in eastern Africa, of course. A big chunk, India+Madagascar, broke off around 150-160 million years ago, as part of the breakup of Gondwana. Then around 90 million years ago, Madagascar broke off from India. The fossil evidence shows that lots of independent evolution was happening on both of them. Eventually, India crashed into Asia, and that evolutionary experiment came to an end, or rather was merged with the species in Asia.
In Madagascar, independent evolution should still be happening, but starting a couple thousand years ago, a major extinction event started with the arrival of humans (and the rats hitching a ride on the boats). We've lost a lot of species that only existed there, including a lot of primates.
If east Africa splits off into a separate island, there probably won't be much independent evolution there, at least not if we're still around. But maybe we'll be extinct, or migrate to another planet, or transcend to a pure electronic existence, or something. Then the species in east Africa will have a chance to show what they can do.
The planet has forced a lot of "evolutionary experiments" like this over its history.
We havn't seen this happening in the last 200 years!
Actually, the first couple of expiditions to the north magnetic pole, in the early and mid 1800's, found that the pole had moved a few miles. Since then, navigators have kept track of its wanderings. Navigation charts are reprinted every few years, and this is one of the reasons (along with changing sandbars, harbor construction, etc).
The only actual news in this story is that in the past 5 or 10 years, the magnetic pole seems to have moved faster than before. Nobody really knows if this is "normal", though. It's probably not really significant to anyone other than navigators (who are rapidly switching to GPS as their primary technology).
Well, I haven't seen it a lot, but I have been surprised by such popups. Being an experienced computer user (programmer whatever), I was naturally suspicious and didn't give permission. But many users wouldn't be as suspicious as you or I, and could be tricked this way. It only takes once.
The unexpected popups that I've seen have been mostly from web pages or email with "active" content. This includes things like flash, which can do it. I have a lot of browsers on my PB, and I mostly use mozilla and firefox, primarily because they are the best at blocking active junk and not bogging down the cpu. But they both have a bug: You can block javascript or flash, but you can't block both. So I run mozilla with JS active and flash blocked, and firefox with flash active and JS blocked. So I occasionally get popups trying to scam me into typing my password.
This is also a problem with email. The mail readers I use on my PB, mostly Thunderbird, and firefox for gmail, do a good job of spotting and blocking spam. But they tend to miss a few now and then, and if I read those, I often get something active that I don't know how to block, and sometimes it asks me for my password. Again, I'm too suspicious to fall for it, but since the popup looks just like the usual ones, it's easy to imagine a naive user responding to it.
In some other fora, I have read a number of comments from Mac users who say that they've been conned this way. So maybe it's not a major problem like on MS Windows, but it's a problem that bites some users.
In general, I'd say that Mac and linux users aren't much bothered by this because of all the other checks done by the software, so that such scams are often intercepted and killed before the user sees them.
OS X is a great example of how asking for the admin password every time a modification of the central system is requested makes worms all but impossible and trojans much more difficult.
Actually, OS X is a great example of how asking for the admin password every time a modification of the central system is requested quickly trains the user to type in their password whenever "the system" asks for it in a popup window.
The result can hardly be described as "secure". All a piece of malware needs to do is pop up the same sort of window, and it'll have the password. This will work with all but the most experienced computer users.
It's funny that linux and *BSD software (other than OS X) seems not to have much adopted this approach. Hardly anything uses this popup password window approach. Maybe this has something to do with their greater security.
In general, training novice users to type in their password many times per day, whenever some app wants it, is not an approach that will lead to a more secure system.
Yeah, but there have a number of cases in which an Onion article got emailed around as real news. Their kind of humor is sometimes a bit too subtle for a lot of people.
The same thing has happened with Jon Stewart. No matter how often he tells everyone that he's a comedian, people insist on taking his stuff seriously.
Yeah, but in this case they're not giving us any of that information. They only say that the malware is installed "when you play the CD". So not only do they not mention the platform; they also don't bother telling us which player(s) might be susceptible. MS systems have several players, of course, as do Macs and linux. Even some cell phones have more than one player available (though I don't know of a cell phone that accepts CDs).
There's precious little information here. Actually, I'd guess MS Windows (which releases?) and WMP. But the main reason for guessing those is that they're the "default" that most of the media assumes we're all using. Not many users are knowledgeable enough to pick a higher-quality platform or player, so the media doesn't mention it.
And in some cases, it's because much of the mainstream media doesn't know enough to distinguish brand names. They're barely able to understand that there are several models of auto; the idea that there are several models of computer and that not all computers run the same CD-player software is beyond their comprehension.
So what OS+player combo(s) does this bit of Sony malware infect?
It just doesnt make sense. Would you hire the burglar that broke into your home to install your security system?
Ah, but the great majority of victims of the first Sony rootkit still have it installed. They haven't heard about the problem, or head and didn't understand at all. If you take a look at the removal instructions, you'll see that there isn't a chance that your typical Joe Sixpack could ever follow them. If he tried, the result would probably be a machine that didn't boot.
But most of the victims haven't tried to remove it, because they don't have any idea it's there.
You might well hire the burglar if you had no clues that he was the burglar, and if friends and the BBB recommended him. This is an old sort of scam.
Call me paranoid, but, when shit like this gets 'found', they call it being 'found' because someone put it there.
Hey, Paranoid, you're not paranoid enough.
I keep noticing the same misuse of the passive voice to avoid saying who's to blame. As a programmer, it's perfectly obvious to me that no computer ever installs software by accident. It takes some significant software to install something like this, and (as the Intelligent Design folks like to point out), this software doesn't get there by random flipping of bits from alpha-particle impacts. Someone spent a lot of time writing the software that does the installing, and they knew what they were doing when they wrote it.
Something else I noticed: Before seeing this article on slashdot, I'd just been reading the coverage of the story on news.google.com, and I was a bit bemused by the fact that I couldn't find mention of the kinds of computers that were vulnerable to this exploit. Now, call me paranoid too, but I'll make the wild surmise that they were running Microsoft Windows.
Anyone know? Is this one infecting OSX, linux and Solaris boxes? Or maybe PalmOS or Symbian smartphones?
Who in their right mind would voluntarily install something from SunComm or SonyBMG given their track record?
Most of the victims have no idea that they're installing software on their computer. They're just playing a CD that they bought.
We geeks and nerds on/. understand the issue. 99% of the population don't even know what "installing software" means, have never done it (intentionally), and aren't to blame for being victims of such things.
OK, guys; enough bashing Sony. It's time to bash M$.
My suggestion: Microsoft would donate the building regardless. But when the police tried to move in, they'd be hit with a huge bill, because MS had only donated the physical building. The police didn't have a license to use the building. That would cost them an extra $1 million per year.
Upgrades to the building or its services would be an extra charge.
The Bush administration has been warning of a digital Pearl Harbor [cnn.com] for years.
Pikers and latecomers.
The DOD has been warning of such things for decades
Back in the 60's, when the DOD's ARPAnet project was started, one of the design goals was that the network should have sufficient redundancy and intelligence so that when an enemy knocked out lines or relays, the software would just silently route around the break and keep the communication going.
This has been one of the more difficult things to implement. Not primarily for technical reasons, though. The problem is that when you hand the installation over to private businesses, they want to save costs by cutting corners. In particular, they try to eliminate redundancy whenever possible.
The result is that the commercial internet is riddled with single points of failure, and lacks the redundancy to handle even minor local outages by rerouting.
Criticising this of course means that you're one of those people who approves of government inefficiency.;-)
What exactly did you mean that half the internet can be taken down with a backhoe?
This has been a common internet metaphor since a certain event some years back (1987 as I recall; I should look it up). The New England part of the Internet was connected to the rest of the world via 7 separate trunk lines, which you'd think would have been enough redundancy. But one day all 7 trunks went silent simultaneously, and New England was isolated from the rest of the Net.
Investigation quickly showed that the phone company that owned the lines had routed them through a single cable, and a backhoe operator with a bad map had cut that cable.
This is now a standard textbook example of the dangers of believing in multi-level design. Part of such design is invariably that the layers should be kept strictly separate. In this case, the idea is that people and software working at the network transport layer should not have access to data about the physical layer. This backhoe anecdote explains why this is wrong. It means that despite all your clever design of failsafe redundancy at the network layer, someone working at the physical layer can shoot down your design by mapping your redundancies into a single physical object, making you susceptible to a single point of failure, and you have no way to discover that they've done this to you. The only way out of this is to have ways that "independent" layers can see into each others' workings to detect such violations. (More often, you implement a separate error-checking subsystem that can see into all the other subsystems and do the sanity testing independently of the other components.)
Anyway, google for backhoe and you'll find lots of metaphical usage to describe situations where poor design allows a single outside operator to produce a disaster with a single strike to a single point. This has happened more often than you might guess.
We had a big "backhoe" incident in New York in 2001. On Sep 11, much of the comm system in Manhattan died around 10 am. The cables had been routed through the large subway tunnels under the World Trade Center. For the usual efficiency reasons, there wasn't nearly enough redundancy in the system, so with thousands of lines cut by the WTC collapse, the phone and internet systems on the island simply crashed. It wasn't all fully functional again for months, and a number of small companies who weren't even in the WTC went out of business due to the loss of their comm capabilities.
Since then, there has been a lot of pressure to ensure that there is sufficient redundancy in the cabling that such a single-point failure can't kill all of Manhattan's communications again. But the lines are still mostly owned by the phone company (Verizon), and for cost reasons, they resist the idea of installing redundant cable.
I've heard Hurricane Katrina referred to as a "backhoe". It seems that New Orleans wasn't just a major shipping port; it was also a major comm center for an area much larger than just the city. Guess what happened to phone and internet service in several states when the levees broke...
Yeah; I understand all that. But I was talking about a paragraph of the article, where the author stated that "these forces could provide their own means to move from wheel to wheel".
This sure sounds like they think that the gadget could be pulled by gravity (for example) in such a way that when one wheel is pulled down, gravity itself will also move the rotating mass to the next wheel. This sort of thing is historically the basic of most designs of perpetual-motion machines. Somehow the designers are never able to make this part work, of course. But it really sounds like the author of this sentence thinks that they can do it.
The rest of the article sounds reasonable, but this struck me as a true "howler" that discredits at least one of them (or maybe their ghostwriter).
Well, I would argue, then, that every piece of "made in China" stuff you own supports chinese censorship as well.
Maybe, maybe not. There's an interesting argument in the other direction.
It starts with Vint Cerf's old observation that censorship on the Internet is ultimately doomed, because the Internet treats censorship as packet damage and routes around it.
The West is slowly learning the accuracy of this remark. So far, China hasn't, but it's mostly because the Internet isn't as pervasive there, and there often aren't many alternate routes. But, like the rest of the world, their economy is slowly becoming more dependent on good communication, which leads to more data links, which leads to more alternate routes.
So, the argument goes, the way to get rid of Chinese censorchip is to encourage this development. As their foreign sales increase, they need more and more comm links with their suppliers and customers. With time, those comm links are all going over to IP, because it's the cheapest way to get good communication. And as comm lines become saturated, they will have to build new ones.
The end result will be that the Chinese government won't be able to censor the traffic effectively, because to do so will require shutting down all their industrial and commercial comm links, which will kill their economy.
I'm not sure that I fully believe this, but it's an interesting talking point. It's fun to watch people try to argue against it.
We've already seen some major effects along this line in the US and Europe. It used to be that politicians could keep us afraid of foreign devils by telling us lies about them. We could only get news through a few commercial channels, and much of those channels were controlled by only a few people with close ties to the political power structure. Now, for example, the US government has a problem telling us lies about what's happening in Iraq, or the evils of Islam or whatever, because we can just go online and get 10 different versions of the story, from all sorts of sources. Many of the sources are right in the middle of the action. You have to be wilfully ignorant now to believe the lies.
Granted, there's still a large American population that isn't smart enough to take advantage of this. But it's pretty obvious that there's also a large population that is. It's impressive how many Americans can now quote the Koran and various Middle-Eastern clerics and politicians. Fifteen years ago, you didn't hear this at all, and most people believed the propaganda. But now nobody can block our access to information from all over, and if we want to learn, we do.
Maybe China will find a way to avoid this. But the safe money would probably be on the bet that they won't. And lots of commercial cross-border ties could easily help a lot in this particular struggle, even if that's not the companies' intent. More links gives the Internet lots of alternate routes for routing around packet damage.
1. Pay them based on what they produce, not how many hours they're in the office.
Careful here; in the hands of your typical IT manager, this can easily lead to disaster.
To many managers, a programmer's output is measured in lines of code. This is often the worst thing you can do. It naturally leads to bloated code, because the above wording explicitly rewards bloat.
I've worked on several projects where I spent a lot of time removing code, usually replacing big chunks with something smaller and simpler. Often this resulted in a more general routine, so they got some new capability with the smaller, faster code.
But by the above rule, my productivity was negative, so I should be punished for what I did.
This isn't a joke; this has happened to me several times. I found a new job, of course.
And yes, many managers really are that stupid. So you need to find a way to phrase the rule so that it can't be misinterpreted this way.
The main driving force for the table top prototype is produced by gravity pulling downward. Other forces that could hold the car against a surface, and provide the moving force necessary to increment the car along, include aerodynamic, hydrodynamic, magnetic, electromagnetic, and electrostatic. Such forces could be independent of the car mass, and could thus propel the vehicle with much greater force and velocity. In some instances, these forces could provide their own means to move from wheel to wheel, eliminating the central motor used in the prototype.
How many people here read that and immediately thought "Hey, perpetual motion machine!"?
They do seem to be claiming that their "car" could move across a level surface powered only by an external static field. Thus, on a surface that's a smooth sphere, it would continue to travel along a great circle forever.
If they solve the turning problem, they can make it travel around in a small circle, thus powering a small motor at the center of the circle.
Why do I have this feeling that it just might not work?
If drinking 2 cups of beer a day prevents cancer, then by drinking 12 I will live to 100, right?
A few years ago, the term "hormesis" was coined to deal with this fallacy. Google for it. It basically refers to a situation where low and high doses of something have opposite effects.
The classical example of hormesis is vitamins. Except for C, all the known vitamins are toxic in high doses, but of course you need low doses of them to stay alive.
The studies showing the benefits of booze are also starting to use the term, since there's now lots of documentation of the benefits of low doses of alcohol (mostly wine and beer), while the problems with high doses have been well known since pre-history.
Sometimes it's useful to coin a scientific term for a phenomenon. Now we can just counter the old "If a little is good, more must be better" fallacy by the incantation "hormesis".
In reality, biochemical processes are hardly ever linear. They're usually not even monotonic.
True, true. And there's also the fact that about half of the existing root servers (and most of the full set of DNS servers) are outside the control of any US agency. They are scattered around the world, both physically and electronically, for very good reasons.
In reality, they are controlled by the tiny cabal of admins who run the actual servers. And if the US government gets too uppity, or some UN agency tries for a power grab, they'll find those admins saying "Yes sir" while practicing all their best passive resistance techniques to keep things running.
The US doesn't control the root servers in Sweden or Australia in any meaningful sense; all it can do is try to keep everyone cooperating to keep the system running smoothly. If the US government orders some flakey change, those admins in Sweden and Australia will simply ignore the order and wait for the US to regain its senses, while zillions of US citizens start clamoring for something to be done to "fix the internet".
Also, as others have pointed out here on numberous occasions, it's not at all difficult to set up your own "root" DNS server to be used by whoever decides to go along with you.
I've done this on some projects, where we wanted our own isolated "internet" that was running over the same wires as the usual internet. This was done mostly for testing purposes, so that our alpha stuff wouldn't screw up the DNS system for others. We had root domains like.test and.foo, of course, but since the public servers didn't point to ours, outsiders using those domains would just get "Unknown host..." replies.
There's no reason not to do this yourself permanently, and some organizations are in fact doing it, for various reasons. As long as the your root domain's name doesn't duplicate any of the common names, nobody will care, or even notice if you don't tell them.
Really, if the UN wants to run some root servers, all it has to do is hire a few people to set them up and keep them running. A bit of publicity would get a lot of people to include them in their search lists. And there's nothing any US politician can do to stop it.
Also, note that what the UN wants is already done for the 2-letter country-code domains. The.uk domain's root servers are controlled by the UK government, for example, and the.fr domain's root servers are controlled by the French. Is there a.un domain? If not, maybe we should create one, with you-know-who in charge. Then we can tell them to set up their own damned root servers; it's not our job.
It's not obvious who controls the.us domain, actually; is anyone actually running it?;-)
This whole thing is basically silly power politics by people who are under the impression that there's something to control or worth controlling.
Why should one believe the English site and the Arabic site say the same thing?
Well, my method is to ask my wife, but that might not work for you.;-)
Actually, she's not that fluent; she's using aljazeera.com and a few other Arabic sites to improve her Arabic. She decided a couple of years ago that she should get serious about this, because there are important things happening in the Middle East and lots of people are lying to us about them. She opens adjacent English and Arabic windows, finds the same articles in each, and goes through them. She says it works pretty well, because the Arabic articles are usually a fairly direct translation of the Arabic. Sometimes they're a bit abbreviated. And, of course, there are a fair number of articles that don't show up in English, mostly articles of only local interest.
At first, it was pretty obvious that many of aljazeera's translations were done by people with somewhat limited English. This has changed with time, and they now have a lot of writers who are very fluent in English. But still, you'll spot occasional awkward translations.
The aljazeera folks seem to be fairly serious in their intent to present Arabic attitudes to the West, rather than to propagandize. The difference can sometimes be subtle, but it's there. They're not so much saying "You should believe this" as "People are saying this and you should know". Like a lot of news people, they don't believe a lot of the stuff they report, either. But they report it because they consider it something that others should know about.
The same situation has long existed with Voice of America. VOA has an explicit charter to present the US government's views to the world. They are pretty good at subtly making clear when they're reporting straight facts and when they're reporting some US official's spin on those facts. People all over the world understand this, and listen to VOA for both news and US government attitudes. Even when those officials are lying, what they're saying can be important.
You should take the same cynical approach to aljazeera. They're not actually government funded like VOA, but they are consciously trying to do the same sort of thing. "This happened today; here's what so-and-so said about it." Read and make up your own mind who's lying to you.
I don't know what Al-Jazeera is, as I don't read arabic,...
Check out english.aljazeera.com and judge for yourself. Here in the US, just aljazeera.com gets you the English page, but in other countries, you might need the "english." part.
Their English page is more oriented to international news than their arabic pages, of course. So you won't get much of the local crime/scandal/celebrity news. But the English pages will give you a pretty good idea of what they consider of interest to "international" readers.
Their English site has been online for some years. At first, there was a lot of trouble with it, as various agencies tried hard to keep them off the Net. But this failed, of course, and they now have a number of mirrors scattered around the world, so you can read them as easily as you can any other big news agency.
They're really just another major news agency, with an emphasis on the Middle East. They are well worth reading, for a view of events that's often somewhat different that what you get from American or European sources. They include editorials and opinion pieces, of course, and those are often especially interesting for Western readers. There are also several south Asian news sources that will give you yet another viewpoint.
Rather than their biases, the most annoying thing about them is their "active" web pages. On my 1 GHz Powerbook, firefox soaks up 10% to 15% of the cpu when the main aljazeera.com page is displayed. If you're using your cpu for anything else, you might want to turn off JS and other scripting. This won't cut out any of the articles; it'll just kill the cute moving banners and such.
I'm also a bit annoyed that they don't include their logo on their English pages. It's just their name, but it's a well-done example of traditional Arabic calligraphy. Too bad they don't show it on their main English page.
Or, as Guy Clark once said: "it's so flat you can see the curvature of the earth."
Yup. And, as lots of historians have observed, the shape of the Earth has always been known to sailors.
This is because, as you sail away from on a large body of water, you see things disappear from the bottom up. First the low buildings disappear, then the tall buildings and spires, so only the hills are visible. Then the hills shrink until you only see their tips. And as you approach land, you see the opposite sequence, with first the hilltops, then the tall buildings and trees, and then finally the short buildings and people appearing. After a while, you "see" the shape of the water's surface. It's only those stupid landlubbers who can't see the shape of the world that they live on.
This is part of why historians like to point out that when Columbus sailed, everyone but a few religious nuts knew quite well the Earth's shape. The dispute was how big it was. It seems that Columbus was wrong. He thought the planet was about 60% of its actual size. Apparently he was never convinced that he hadn't reached eastern Asia, though others at the time understood that he had found unknown land out in the middle of the ocean. If that land hadn't been there, Columbus and his crew would have probably starved to death and never been heard from again.
But the idea that he was trying to show that the world was round turns out to be completely bogus. Columbus and all his men knew quite well the Earth's shape. They saw the evidence every time they sailed over the horizon.
I saw a cute puzzle about this a few years ago. We know that people had measured the Earth long before Columbus. As far back as 2500 years ago the Greeks had a good estimate. But the textbook explanations require some north-south travel. Describe a way to measure the Earth's size (diameter or circumference) while standing in one spot. Use only technology available to Columbus.
Actually, ancient Greek sailors had the technology to do this to within a few percent. In Columbus's time, they had more accurate navigation equipment and could get the correct value to better than two places accuracy. It's a bit bizarre that Columbus believe a smaller figure. He might have been a good fundraiser and commander, but he couldn't have been much of a navigator.
Think of the possible evolution of species separated from the mainland.
This isn't the first time it's happened in eastern Africa, of course.
A big chunk, India+Madagascar, broke off around 150-160 million years ago, as part of the breakup of Gondwana. Then around 90 million years ago, Madagascar broke off from India. The fossil evidence shows that lots of independent evolution was happening on both of them. Eventually, India crashed into Asia, and that evolutionary experiment came to an end, or rather was merged with the species in Asia.
In Madagascar, independent evolution should still be happening, but starting a couple thousand years ago, a major extinction event started with the arrival of humans (and the rats hitching a ride on the boats). We've lost a lot of species that only existed there, including a lot of primates.
If east Africa splits off into a separate island, there probably won't be much independent evolution there, at least not if we're still around. But maybe we'll be extinct, or migrate to another planet, or transcend to a pure electronic existence, or something. Then the species in east Africa will have a chance to show what they can do.
The planet has forced a lot of "evolutionary experiments" like this over its history.
We havn't seen this happening in the last 200 years!
Actually, the first couple of expiditions to the north magnetic pole, in the early and mid 1800's, found that the pole had moved a few miles. Since then, navigators have kept track of its wanderings. Navigation charts are reprinted every few years, and this is one of the reasons (along with changing sandbars, harbor construction, etc).
The only actual news in this story is that in the past 5 or 10 years, the magnetic pole seems to have moved faster than before. Nobody really knows if this is "normal", though. It's probably not really significant to anyone other than navigators (who are rapidly switching to GPS as their primary technology).
Well, any Fortran programmer will tell you that Santa is real unless declared integer.
Well, I haven't seen it a lot, but I have been surprised by such popups. Being an experienced computer user (programmer whatever), I was naturally suspicious and didn't give permission. But many users wouldn't be as suspicious as you or I, and could be tricked this way. It only takes once.
The unexpected popups that I've seen have been mostly from web pages or email with "active" content. This includes things like flash, which can do it. I have a lot of browsers on my PB, and I mostly use mozilla and firefox, primarily because they are the best at blocking active junk and not bogging down the cpu. But they both have a bug: You can block javascript or flash, but you can't block both. So I run mozilla with JS active and flash blocked, and firefox with flash active and JS blocked. So I occasionally get popups trying to scam me into typing my password.
This is also a problem with email. The mail readers I use on my PB, mostly Thunderbird, and firefox for gmail, do a good job of spotting and blocking spam. But they tend to miss a few now and then, and if I read those, I often get something active that I don't know how to block, and sometimes it asks me for my password. Again, I'm too suspicious to fall for it, but since the popup looks just like the usual ones, it's easy to imagine a naive user responding to it.
In some other fora, I have read a number of comments from Mac users who say that they've been conned this way. So maybe it's not a major problem like on MS Windows, but it's a problem that bites some users.
In general, I'd say that Mac and linux users aren't much bothered by this because of all the other checks done by the software, so that such scams are often intercepted and killed before the user sees them.
I wonder how they count a 'naked' Linux/BSD/Apple machine?
Why, they obvious counted all of those they could find, and added them to the "no security at all" total.
After all, this study was done by MSNBC.
Everyone knows that "PC" == "Windows". Duh.
;-)
Well, my linux box has lots of windows. It's running X-Windows X11R6, to be precise.
There are also many windows visible on my Mac PB, too.
Double-Duh!
OS X is a great example of how asking for the admin password every time a modification of the central system is requested makes worms all but impossible and trojans much more difficult.
Actually, OS X is a great example of how asking for the admin password every time a modification of the central system is requested quickly trains the user to type in their password whenever "the system" asks for it in a popup window.
The result can hardly be described as "secure". All a piece of malware needs to do is pop up the same sort of window, and it'll have the password. This will work with all but the most experienced computer users.
It's funny that linux and *BSD software (other than OS X) seems not to have much adopted this approach. Hardly anything uses this popup password window approach. Maybe this has something to do with their greater security.
In general, training novice users to type in their password many times per day, whenever some app wants it, is not an approach that will lead to a more secure system.
Yeah, but there have a number of cases in which an Onion article got emailed around as real news. Their kind of humor is sometimes a bit too subtle for a lot of people.
The same thing has happened with Jon Stewart. No matter how often he tells everyone that he's a comedian, people insist on taking his stuff seriously.
Yeah, but in this case they're not giving us any of that information. They only say that the malware is installed "when you play the CD". So not only do they not mention the platform; they also don't bother telling us which player(s) might be susceptible. MS systems have several players, of course, as do Macs and linux. Even some cell phones have more than one player available (though I don't know of a cell phone that accepts CDs).
There's precious little information here. Actually, I'd guess MS Windows (which releases?) and WMP. But the main reason for guessing those is that they're the "default" that most of the media assumes we're all using. Not many users are knowledgeable enough to pick a higher-quality platform or player, so the media doesn't mention it.
And in some cases, it's because much of the mainstream media doesn't know enough to distinguish brand names. They're barely able to understand that there are several models of auto; the idea that there are several models of computer and that not all computers run the same CD-player software is beyond their comprehension.
So what OS+player combo(s) does this bit of Sony malware infect?
It just doesnt make sense. Would you hire the burglar that broke into your home to install your security system?
Ah, but the great majority of victims of the first Sony rootkit still have it installed. They haven't heard about the problem, or head and didn't understand at all. If you take a look at the removal instructions, you'll see that there isn't a chance that your typical Joe Sixpack could ever follow them. If he tried, the result would probably be a machine that didn't boot.
But most of the victims haven't tried to remove it, because they don't have any idea it's there.
You might well hire the burglar if you had no clues that he was the burglar, and if friends and the BBB recommended him. This is an old sort of scam.
Call me paranoid, but, when shit like this gets 'found', they call it being 'found' because someone put it there.
...
Hey, Paranoid, you're not paranoid enough.
I keep noticing the same misuse of the passive voice to avoid saying who's to blame. As a programmer, it's perfectly obvious to me that no computer ever installs software by accident. It takes some significant software to install something like this, and (as the Intelligent Design folks like to point out), this software doesn't get there by random flipping of bits from alpha-particle impacts. Someone spent a lot of time writing the software that does the installing, and they knew what they were doing when they wrote it.
Something else I noticed: Before seeing this article on slashdot, I'd just been reading the coverage of the story on news.google.com, and I was a bit bemused by the fact that I couldn't find mention of the kinds of computers that were vulnerable to this exploit. Now, call me paranoid too, but I'll make the wild surmise that they were running Microsoft Windows.
Anyone know? Is this one infecting OSX, linux and Solaris boxes? Or maybe PalmOS or Symbian smartphones?
Inquiring minds want to know
Who in their right mind would voluntarily install something from SunComm or SonyBMG given their track record?
/. understand the issue. 99% of the population don't even know what "installing software" means, have never done it (intentionally), and aren't to blame for being victims of such things.
Most of the victims have no idea that they're installing software on their computer. They're just playing a CD that they bought.
We geeks and nerds on
Blame the criminals, not their victims.
OK, guys; enough bashing Sony. It's time to bash M$.
...
My suggestion: Microsoft would donate the building regardless. But when the police tried to move in, they'd be hit with a huge bill, because MS had only donated the physical building. The police didn't have a license to use the building. That would cost them an extra $1 million per year.
Upgrades to the building or its services would be an extra charge.
OK; it's your turn
The Bush administration has been warning of a digital Pearl Harbor [cnn.com] for years.
;-)
Pikers and latecomers.
The DOD has been warning of such things for decades
Back in the 60's, when the DOD's ARPAnet project was started, one of the design goals was that the network should have sufficient redundancy and intelligence so that when an enemy knocked out lines or relays, the software would just silently route around the break and keep the communication going.
This has been one of the more difficult things to implement. Not primarily for technical reasons, though. The problem is that when you hand the installation over to private businesses, they want to save costs by cutting corners. In particular, they try to eliminate redundancy whenever possible.
The result is that the commercial internet is riddled with single points of failure, and lacks the redundancy to handle even minor local outages by rerouting.
Criticising this of course means that you're one of those people who approves of government inefficiency.
What exactly did you mean that half the internet can be taken down with a backhoe?
...
This has been a common internet metaphor since a certain event some years back (1987 as I recall; I should look it up). The New England part of the Internet was connected to the rest of the world via 7 separate trunk lines, which you'd think would have been enough redundancy. But one day all 7 trunks went silent simultaneously, and New England was isolated from the rest of the Net.
Investigation quickly showed that the phone company that owned the lines had routed them through a single cable, and a backhoe operator with a bad map had cut that cable.
This is now a standard textbook example of the dangers of believing in multi-level design. Part of such design is invariably that the layers should be kept strictly separate. In this case, the idea is that people and software working at the network transport layer should not have access to data about the physical layer. This backhoe anecdote explains why this is wrong. It means that despite all your clever design of failsafe redundancy at the network layer, someone working at the physical layer can shoot down your design by mapping your redundancies into a single physical object, making you susceptible to a single point of failure, and you have no way to discover that they've done this to you. The only way out of this is to have ways that "independent" layers can see into each others' workings to detect such violations. (More often, you implement a separate error-checking subsystem that can see into all the other subsystems and do the sanity testing independently of the other components.)
Anyway, google for backhoe and you'll find lots of metaphical usage to describe situations where poor design allows a single outside operator to produce a disaster with a single strike to a single point. This has happened more often than you might guess.
We had a big "backhoe" incident in New York in 2001. On Sep 11, much of the comm system in Manhattan died around 10 am. The cables had been routed through the large subway tunnels under the World Trade Center. For the usual efficiency reasons, there wasn't nearly enough redundancy in the system, so with thousands of lines cut by the WTC collapse, the phone and internet systems on the island simply crashed. It wasn't all fully functional again for months, and a number of small companies who weren't even in the WTC went out of business due to the loss of their comm capabilities.
Since then, there has been a lot of pressure to ensure that there is sufficient redundancy in the cabling that such a single-point failure can't kill all of Manhattan's communications again. But the lines are still mostly owned by the phone company (Verizon), and for cost reasons, they resist the idea of installing redundant cable.
I've heard Hurricane Katrina referred to as a "backhoe". It seems that New Orleans wasn't just a major shipping port; it was also a major comm center for an area much larger than just the city. Guess what happened to phone and internet service in several states when the levees broke
Yeah; I understand all that. But I was talking about a paragraph of the article, where the author stated that "these forces could provide their own means to move from wheel to wheel".
This sure sounds like they think that the gadget could be pulled by gravity (for example) in such a way that when one wheel is pulled down, gravity itself will also move the rotating mass to the next wheel. This sort of thing is historically the basic of most designs of perpetual-motion machines. Somehow the designers are never able to make this part work, of course. But it really sounds like the author of this sentence thinks that they can do it.
The rest of the article sounds reasonable, but this struck me as a true "howler" that discredits at least one of them (or maybe their ghostwriter).
Well, I would argue, then, that every piece of "made in China" stuff you own supports chinese censorship as well.
Maybe, maybe not. There's an interesting argument in the other direction.
It starts with Vint Cerf's old observation that censorship on the Internet is ultimately doomed, because the Internet treats censorship as packet damage and routes around it.
The West is slowly learning the accuracy of this remark. So far, China hasn't, but it's mostly because the Internet isn't as pervasive there, and there often aren't many alternate routes. But, like the rest of the world, their economy is slowly becoming more dependent on good communication, which leads to more data links, which leads to more alternate routes.
So, the argument goes, the way to get rid of Chinese censorchip is to encourage this development. As their foreign sales increase, they need more and more comm links with their suppliers and customers. With time, those comm links are all going over to IP, because it's the cheapest way to get good communication. And as comm lines become saturated, they will have to build new ones.
The end result will be that the Chinese government won't be able to censor the traffic effectively, because to do so will require shutting down all their industrial and commercial comm links, which will kill their economy.
I'm not sure that I fully believe this, but it's an interesting talking point. It's fun to watch people try to argue against it.
We've already seen some major effects along this line in the US and Europe. It used to be that politicians could keep us afraid of foreign devils by telling us lies about them. We could only get news through a few commercial channels, and much of those channels were controlled by only a few people with close ties to the political power structure. Now, for example, the US government has a problem telling us lies about what's happening in Iraq, or the evils of Islam or whatever, because we can just go online and get 10 different versions of the story, from all sorts of sources. Many of the sources are right in the middle of the action. You have to be wilfully ignorant now to believe the lies.
Granted, there's still a large American population that isn't smart enough to take advantage of this. But it's pretty obvious that there's also a large population that is. It's impressive how many Americans can now quote the Koran and various Middle-Eastern clerics and politicians. Fifteen years ago, you didn't hear this at all, and most people believed the propaganda. But now nobody can block our access to information from all over, and if we want to learn, we do.
Maybe China will find a way to avoid this. But the safe money would probably be on the bet that they won't. And lots of commercial cross-border ties could easily help a lot in this particular struggle, even if that's not the companies' intent. More links gives the Internet lots of alternate routes for routing around packet damage.
1. Pay them based on what they produce, not how many hours they're in the office.
Careful here; in the hands of your typical IT manager, this can easily lead to disaster.
To many managers, a programmer's output is measured in lines of code. This is often the worst thing you can do. It naturally leads to bloated code, because the above wording explicitly rewards bloat.
I've worked on several projects where I spent a lot of time removing code, usually replacing big chunks with something smaller and simpler. Often this resulted in a more general routine, so they got some new capability with the smaller, faster code.
But by the above rule, my productivity was negative, so I should be punished for what I did.
This isn't a joke; this has happened to me several times. I found a new job, of course.
And yes, many managers really are that stupid. So you need to find a way to phrase the rule so that it can't be misinterpreted this way.
... was the paragraph:
The main driving force for the table top prototype is produced by gravity pulling downward. Other forces that could hold the car against a surface, and provide the moving force necessary to increment the car along, include aerodynamic, hydrodynamic, magnetic, electromagnetic, and electrostatic. Such forces could be independent of the car mass, and could thus propel the vehicle with much greater force and velocity. In some instances, these forces could provide their own means to move from wheel to wheel, eliminating the central motor used in the prototype.
How many people here read that and immediately thought "Hey, perpetual motion machine!"?
They do seem to be claiming that their "car" could move across a level surface powered only by an external static field. Thus, on a surface that's a smooth sphere, it would continue to travel along a great circle forever.
If they solve the turning problem, they can make it travel around in a small circle, thus powering a small motor at the center of the circle.
Why do I have this feeling that it just might not work?
If drinking 2 cups of beer a day prevents cancer, then by drinking 12 I will live to 100, right?
A few years ago, the term "hormesis" was coined to deal with this fallacy. Google for it. It basically refers to a situation where low and high doses of something have opposite effects.
The classical example of hormesis is vitamins. Except for C, all the known vitamins are toxic in high doses, but of course you need low doses of them to stay alive.
The studies showing the benefits of booze are also starting to use the term, since there's now lots of documentation of the benefits of low doses of alcohol (mostly wine and beer), while the problems with high doses have been well known since pre-history.
Sometimes it's useful to coin a scientific term for a phenomenon. Now we can just counter the old "If a little is good, more must be better" fallacy by the incantation "hormesis".
In reality, biochemical processes are hardly ever linear. They're usually not even monotonic.
True, true. And there's also the fact that about half of the existing root servers (and most of the full set of DNS servers) are outside the control of any US agency. They are scattered around the world, both physically and electronically, for very good reasons.
.test and .foo, of course, but since the public servers didn't point to ours, outsiders using those domains would just get "Unknown host ..." replies.
.uk domain's root servers are controlled by the UK government, for example, and the .fr domain's root servers are controlled by the French. Is there a .un domain? If not, maybe we should create one, with you-know-who in charge. Then we can tell them to set up their own damned root servers; it's not our job.
.us domain, actually; is anyone actually running it? ;-)
In reality, they are controlled by the tiny cabal of admins who run the actual servers. And if the US government gets too uppity, or some UN agency tries for a power grab, they'll find those admins saying "Yes sir" while practicing all their best passive resistance techniques to keep things running.
The US doesn't control the root servers in Sweden or Australia in any meaningful sense; all it can do is try to keep everyone cooperating to keep the system running smoothly. If the US government orders some flakey change, those admins in Sweden and Australia will simply ignore the order and wait for the US to regain its senses, while zillions of US citizens start clamoring for something to be done to "fix the internet".
Also, as others have pointed out here on numberous occasions, it's not at all difficult to set up your own "root" DNS server to be used by whoever decides to go along with you.
I've done this on some projects, where we wanted our own isolated "internet" that was running over the same wires as the usual internet. This was done mostly for testing purposes, so that our alpha stuff wouldn't screw up the DNS system for others. We had root domains like
There's no reason not to do this yourself permanently, and some organizations are in fact doing it, for various reasons. As long as the your root domain's name doesn't duplicate any of the common names, nobody will care, or even notice if you don't tell them.
Really, if the UN wants to run some root servers, all it has to do is hire a few people to set them up and keep them running. A bit of publicity would get a lot of people to include them in their search lists. And there's nothing any US politician can do to stop it.
Also, note that what the UN wants is already done for the 2-letter country-code domains. The
It's not obvious who controls the
This whole thing is basically silly power politics by people who are under the impression that there's something to control or worth controlling.
Yeah, a Rice-McCain ticket would be fun to see.
;-)
But consider that the Democratic candidates could well be Hillary Clinton and Barack Obama (or maybe the other way around).
Now wouldn't that be a fun campaign?
Nah; we'll probably just get more party hacks to choose from.
Why should one believe the English site and the Arabic site say the same thing?
;-)
Well, my method is to ask my wife, but that might not work for you.
Actually, she's not that fluent; she's using aljazeera.com and a few other Arabic sites to improve her Arabic. She decided a couple of years ago that she should get serious about this, because there are important things happening in the Middle East and lots of people are lying to us about them. She opens adjacent English and Arabic windows, finds the same articles in each, and goes through them. She says it works pretty well, because the Arabic articles are usually a fairly direct translation of the Arabic. Sometimes they're a bit abbreviated. And, of course, there are a fair number of articles that don't show up in English, mostly articles of only local interest.
At first, it was pretty obvious that many of aljazeera's translations were done by people with somewhat limited English. This has changed with time, and they now have a lot of writers who are very fluent in English. But still, you'll spot occasional awkward translations.
The aljazeera folks seem to be fairly serious in their intent to present Arabic attitudes to the West, rather than to propagandize. The difference can sometimes be subtle, but it's there. They're not so much saying "You should believe this" as "People are saying this and you should know". Like a lot of news people, they don't believe a lot of the stuff they report, either. But they report it because they consider it something that others should know about.
The same situation has long existed with Voice of America. VOA has an explicit charter to present the US government's views to the world. They are pretty good at subtly making clear when they're reporting straight facts and when they're reporting some US official's spin on those facts. People all over the world understand this, and listen to VOA for both news and US government attitudes. Even when those officials are lying, what they're saying can be important.
You should take the same cynical approach to aljazeera. They're not actually government funded like VOA, but they are consciously trying to do the same sort of thing. "This happened today; here's what so-and-so said about it." Read and make up your own mind who's lying to you.
I don't know what Al-Jazeera is, as I don't read arabic, ...
Check out english.aljazeera.com and judge for yourself. Here in the US, just aljazeera.com gets you the English page, but in other countries, you might need the "english." part.
Their English page is more oriented to international news than their arabic pages, of course. So you won't get much of the local crime/scandal/celebrity news. But the English pages will give you a pretty good idea of what they consider of interest to "international" readers.
Their English site has been online for some years. At first, there was a lot of trouble with it, as various agencies tried hard to keep them off the Net. But this failed, of course, and they now have a number of mirrors scattered around the world, so you can read them as easily as you can any other big news agency.
They're really just another major news agency, with an emphasis on the Middle East. They are well worth reading, for a view of events that's often somewhat different that what you get from American or European sources. They include editorials and opinion pieces, of course, and those are often especially interesting for Western readers. There are also several south Asian news sources that will give you yet another viewpoint.
Rather than their biases, the most annoying thing about them is their "active" web pages. On my 1 GHz Powerbook, firefox soaks up 10% to 15% of the cpu when the main aljazeera.com page is displayed. If you're using your cpu for anything else, you might want to turn off JS and other scripting. This won't cut out any of the articles; it'll just kill the cute moving banners and such.
I'm also a bit annoyed that they don't include their logo on their English pages. It's just their name, but it's a well-done example of traditional Arabic calligraphy. Too bad they don't show it on their main English page.
Or, as Guy Clark once said: "it's so flat you can see the curvature of the earth."
Yup. And, as lots of historians have observed, the shape of the Earth has always been known to sailors.
This is because, as you sail away from on a large body of water, you see things disappear from the bottom up. First the low buildings disappear, then the tall buildings and spires, so only the hills are visible. Then the hills shrink until you only see their tips. And as you approach land, you see the opposite sequence, with first the hilltops, then the tall buildings and trees, and then finally the short buildings and people appearing. After a while, you "see" the shape of the water's surface. It's only those stupid landlubbers who can't see the shape of the world that they live on.
This is part of why historians like to point out that when Columbus sailed, everyone but a few religious nuts knew quite well the Earth's shape. The dispute was how big it was. It seems that Columbus was wrong. He thought the planet was about 60% of its actual size. Apparently he was never convinced that he hadn't reached eastern Asia, though others at the time understood that he had found unknown land out in the middle of the ocean. If that land hadn't been there, Columbus and his crew would have probably starved to death and never been heard from again.
But the idea that he was trying to show that the world was round turns out to be completely bogus. Columbus and all his men knew quite well the Earth's shape. They saw the evidence every time they sailed over the horizon.
I saw a cute puzzle about this a few years ago. We know that people had measured the Earth long before Columbus. As far back as 2500 years ago the Greeks had a good estimate. But the textbook explanations require some north-south travel. Describe a way to measure the Earth's size (diameter or circumference) while standing in one spot. Use only technology available to Columbus.
Actually, ancient Greek sailors had the technology to do this to within a few percent. In Columbus's time, they had more accurate navigation equipment and could get the correct value to better than two places accuracy. It's a bit bizarre that Columbus believe a smaller figure. He might have been a good fundraiser and commander, but he couldn't have been much of a navigator.