...To prevent the Progress of Science and useful Arts, by securing for unlimited Times to the employers of Authors and Inventors and Trolls the exclusive Right to all Writings and Discoveries.
Listening to a guy talking and taking notes is a terrible way of learning in of itself. It is much more efficient sitting with a book on the subject...
Reminds me of the old comment "The classroom lecture system is the best method discovered so for for teaching people who can't read."
There are a few cases where standing up in front of people and talking at them is better than putting it in print (or an audio file). The TED talks come to mind, which are intended to be concise, thoughtful commentaries on a specific topic. But most kinds of real information are better put into a form that can be read. This is mostly because most people can read faster than they talk. But there are other advantages to reading, such as the ability to instantly stop and think, then restart. Or backtrack. Or do a quick google to find some definitions or data or other opinions.
Well, I've compiled and assembled a number of unix and linux kernels, but so far I haven't actually worked with Android much, so I haven't had the opportunity to do a tailored Android kernel.
There are many more reasons that security that one might want to do this. A very common reason is that you're building a server box, and you want to maximize the available memory (and disk) space for the server's needs. A carefully configured kernel can have a memory footprint that's half the size of the distributed kernels. One reason is simple: A kernel built for distribution needs to be able to recognize and use most of the common hardware. This means it has lots of device drivers, most of which will never be used on your machine. Yes, you can install and link them after the boot, and most linux kernels now do this. But still, startup is faster if the most common devices have builtin drivers. By linking the kernel to exactly the needed drivers, and no others, you free up a significant amount of memory. And in a server that won't have new hardware added for years, removing things like unneeded drivers from the disk frees up some disk space. There are also assorted other kernel packages that you sometimes don't use and can delete, with varying improvements in size and speed.
Anyway, it's likely that Android will be an important OS kernel for the next decade or so. We can expect to start finding lots of people with experience in configuring and building Android kernels. You might not want to do such a job, but there are employers who will want someone to do it. Security is just one of the reasons.
Actually, if you dig around in the archives, you'll find a number of stories of backdoors being snuck into releases of various open-source products, including as I recall things like linux, firefox and other less well-known packages. The "many eyes" approach led to these being exposed and fixed very quickly, typically on a timescale of weeks. (Has anyone kept a handy list of such incidents?)
It doesn't matter much whether you, personally, are able to read the source and spot hidden goodies. What matters is that we be able to do so. There are lots of us who enjoy such things. Some of us will keep them secret, of course, and sell the info to the highest bidders. But others of us like the reputation enhancement that follows public exposure of malware.
(And, of course, some of us have graduated from the second class to the first, in response to attacks from powerful corporations/governments and their lawyers.;-)
One of my personal anecdotes is about getting a message from one of Dan Bernstein (djb)'s students, telling me how to exploit a buffer overflow in a program that I'd fallen heir to and used in an important - to some - web site. I spent a few hours studying it, corrected the problems, and sent back a nice thank-you note. So I consider putting that source code online a real win. Which software it was doesn't matter for our purposes here; the important point is that opening up the source to any interested hackers resulted in fixing a potentially serious problem. I've also received some useful enhancements to the code from several users, and the web site now supplies those enhancements to clients.
(And my "payment" for this help has been to do similar things for others on several occasions. Again, which software is was doesn't matter here; what matters is that others' open-source has occasionally allowed me personally to add useful enhancements to others' software.)
Or, you could just get a real phone that doesn't do this kind of BS: blackberry.
And we know this exactly how? As I recall, blackberries contain close to 100% closed-source code. This means that they can include any sort of extra "feature" that they don't tell you about, and you have no way of discovering it's there (until it's too late).
If you believe they don't do tracking because they told you, then you're truly a gullible mark. The only sensible approach is to assume that their software contains anything they want it to contain, and what their sales/support people tell you is little more than PR.
Of course, I could be wrong, and there could be a way to learn about a BB's innards. But I had one for a few years, supplied by my employer, and I never learned a way to dig into it.
If there's a way to learn about all of a BB's capabilities, could you tell us where we can learn about it? [My signature is sorta applicable here.;-]
I wonder if the devices still store locations while running in Airplane Mode.
It's likely. Note that the metaphor "Airplane Mode" comes from the claim by the airlines that cell phones' broadcasts might interfere with the airplane's electronics. The solution to this is to ban cell phones from sending data while inside an airplane. But the phone can be monitoring incoming signals without broadcasting anything, and all that the location software really needs is the signal strengths and header data (to extract the cell-towers' IDs). Similarly with GPS, which is receive-only for everyone. Determining location doesn't require sending any messages at all, it's done by decoding the packets sent by others with known positions.
Unless we can get access to the actual code, we should assume that little computers with wireless comm capabilities can always determine their position to some degree of precision. There may no longer be any part of the world where the air isn't full of data packets that suffice to determine location. If you don't want your gadget (and various other people) to know where it is, you probably should turn it off. And even then, you don't know that it's actually totally off; you just know that it's not showing any external signs of activity. So maybe you should leave it home.
And if you ever get arrested or even stopped for speeding(http://news.cnet.com/8301-17938_105-20055431-1.html) they have access to everywhere you've ever been.
It might be interesting to see how this works out in courts. There are often interesting "artifacts" in the iPhone's record of where it's been. Some time back (last summer), while my wife was driving, I held both her iPhone and my G1 phone, and watched our track on both. After watching the iPhone track us doing things like driving across a good-size lake, and rapidly jumping around between several roads that were a few miles apart, I watched an especially odd part of our travels. Suddenly it showed our position about 80 miles to the east-southeast, where we were driving north along maybe 10 miles off the coast of Cape Cod. We apparently continued this ocean drive for maybe 10 minutes, then we suddenly teleported back to roughly the position we saw out our windows.
Similarly, I've recently seen Google Maps on my G1 show me driving around in Montana, western Ontario, Nova Scotia, and even Alaska. This was shortly before or after it had my position as being near home in the Boston area. Several times it has jumped back and forth every few minutes between my actual position and one of these other places. Once I had to reboot it to get it to stabilize on one location (the correct one;-).
Such behavior on the part of cell-phone mapping software would be pretty easy to document and present in court. I wonder how the courts would react to it?
Anyone else whose phone has shown similar wildly-inaccurate positions is welcome to comment. Maybe we should be building records of such things, for the benefit of people whose phones have been subpoenaed by the courts.
Re:To paraphrase ButtHead
on
Is Sugar Toxic?
·
· Score: 3, Interesting
are addicted to food. The withdrawal symptoms are worse than for any other drug.
Nah; oxygen addiction is far worse. The withdrawal symptoms include death within minutes. Most people can survive a lack of food for days.
Would the Chinese or other governments take the opportunity to create back doors into western IT networks? Wouldn't they be crazy not to?
Would the US or other Western governments take the opportunity to create back doors into Chinese IT networks? Wouldn't they be crazy not to?
Then there's the observation that the security folks have been making from the very beginning: If you are actually serious about computer security, you don't install any software unless you have the source and you've compiled it yourself. This especially applies to the security software itself, though it applies to everything installed on every machine.
If your organization's security team is installing software from anything other than the source code, there are only two possible explanations: 1) They're incompetent; or 2) They understand that their job is "security theater" rather than actual security, and are acting appropriately to impress management without actually providing any added security over what your computers came with.
When there's a real security team, it doesn't matter whether any government agency has imposed backdoors on the software. The security people will analyze the code, discover the backdoors, and close them. They are highly likely to do this by sharing the source with their colleagues in the general security community, to invoke the "many eyes" process and to keep each other up to date on what that vendor is foisting on their customers. They're also likely to have tools of their own that they don't tell anyone about, which is watching the installed software to catch it at mischief.
(And, of course, there is also the famous Ken Thompson "Reflections on Trusting Trust" paper, which introduced the fun topic of whethert your compiler can be trusted to not introduce backdoors. And there's the added question of what's hiding in the firmware. Nobody ever said that real security is easy.;-)
If your document relies on another document, then your server could cache that other document, and serve it up.
No, it can't. Not for technical reasons; for legal reasons. Nearly everywhere in the world, copyright law makes it illegal to copy more than a small excerpt from someone else's text, unless you have explicit written permission to do so by that text's owner. Such permission is rarely available, and the legal mechanisms involved are sufficiently time-consuming as to make it impractical even when the owner would probably be willing to give permission.
There are many situations where an interesting technical approach is made impractical by the legal system. This is mostly why we don't have our flying cars yet. Nobody wants the legal system to allow all the idiots who are now driving cars to be soaring overhead instead. So no matter how cool an idea it might be if you and I could do it without asking permission, it just ain't gonna happen.
But we can keep pushing. Maybe if we get enough valuable, practical examples of real deep linking or automagical caching of entire documents (or flying cars), we can eventually prevail on the legal system to officially allow such things. But probably not in our lifetime.
We do have scattered examples of real-world cooperation between web sites, in which they build on each other's capabilities. It's not all that difficult, if the participants communicate and want to cooperate. But there are many reasons that it can't be easily done willy-nilly, and those reasons will continue to prevent cooperation between strangers. And most of the world will continue to be strangers to each other for the forseeable future.
... native means that it comes with the computer and you don't have to download it...
So "native HTML5" is HTML5 that comes with the computer? But I'd think you'd mostly want it to be able to handle non-native HTML5, that is, HTML5 in docs that you download from the Web.
Maybe this is a truly new development: an HTML renderer that only handles HTML5 that comes with the computer, but misinterprets HTML5 that comes from "foreign" sources. If that's what they mean, it could truly qualify as an "innovative" implementation of HTML. (Nah; IE6 did that pretty well.;-)
... what the heck does "native HTML5" even *mean*?
Well, I took it to mean the obvious: IE9's HTML-rendering code is written in machine code. Not java, not C#, not C, not even assembly language; they wrote it as a string of hex bytes.
I'll take it a step further. Neanderthal and humans lived side by side, they were able to interbreed and their offspring was fertile, yet they were different species.
Actually, this has been debated quite a bit by biologists, who haven't quite agreed on the classification. Some say Homo neanderthalensis; others say Homo sapiens neanderthalensis. Note that "species" is an abstract concept, not a fact of nature. It's our classification scheme, and we aren't always right when we classify something.
Anyway, last May there was a paper published in Science that describe the results of a systematic comparison of fossil Neanderthal nuclear DNA with that of several groups of modern humans. Their conclusion was that it's almost certain that 1-4% of the genetic material of modern non-African humans is of Neanderthal origin, and this genetic material isn't found in the tested African populations. Basically, there are genes in the tested populations (in France, China and New Guinea) that are also found in some well-preserved Neanderthal fossils, but not in the tested African populations. The conclusion is that Neanderthals interbred with the Cro Magnons and other "modern" humans, and modern non-African humans should consider themselves as part Neanderthal.
There were a lot of jokes along the lines of "This explains some of my friends." It also validates a lot of suspicions that the many physical features shared by modern Europeans and Neanderthals aren't entirely due to convergent adaptation to European climates. Some features probably are due to convergence. E.g., the light skin coloring is a straightforward adaptation to colder, less sunny climates. But many common facial features are probably due to interbreeding.
Anyway, the conventional conclusion right now is that Homo sapiens neanderthalensis is the correct classification, and we have to look a bit farther back to find our closest non-human ancestor.
Note that understanding the study's results requires not just good knowledge of how DNA works, but also an understanding of the statistics used. The latter is a problem for over 99% of the population, who may not want to believe the results, but lack the mathematical knowledge required to do a valid job of debunking. Archaeology and paleontology aren't the only subject that require a good understanding of certain kinds of statistics; effective plant/animal breeding also requires such understanding. Without the required statistical knowledge, you can rant on the topic, but you really can't do much valid reasoning.
In the ongoing "discussion" with the creationists, it has occasionally been pointed out that whenever a biologist finds a fossil that fills in a gap in the fossil record, one result is to replace the one gap with two gaps. Thus, no such discovery can ever persuade the creationists; it just adds to their list of known gaps in the fossil record To them, evolutionary theory can't be ready for prime time until all the fossil gaps are filled in. They don't acknowledge the patterns that biologists find in the (admittedly very sketchy) fossil record.
Or maybe it's part of a 3-day countdown type event.
So tomorrow we'll probably have a story about a real keylogger that was discovered somewhere else in a Samsung (or maybe another company's) product. But nobody will believe it because of the date, so the password harvest will proceed until a few million people are victims of identity theft.
The mere presence of a _folder_ with the offending name triggered the AV. That AV's gotto be the new benchmark as far as being crappy goes.
It's hardly anything new. There was this notorious case from 8 years ago, when the RIAA sent threatening C&D letters to Professor Peter Usher at Penn State, because his web site contained files with "Usher" in their name, including several.mp3 files. So the RIAA concluded that he was illegally distributing songs by the band Usher. As in this case, they looked only at the file names, and couldn't be bothered to check the files' contents. You can read lots about this case by googling "Professor Usher copyright" (without the quotes).
The problem has long existed outside the computer industry. The TSA has blocked people from flying simply because their surname was the same as (or sometimes just similar to) a name on their do-not-fly list. Security agencies have done this for ages, and every year we read of a number of arrests of people with names similar to a name on an arrest warrant.
This sort of thing has probably happened to a number of people reading this forum. Maybe they'll speak up...
In the decades that I've spent reading newpapers and news magazines, I've noticed that citing sources is something that tends to stand out - because it is rarely done by those publications. You mostly only see such attributions in "editorial" content, not in "news".
You and I may think that "journalists" should cite their sources, or link to them in online stories. But a brief search through archived newspapers and other news publications show clearly that the people who produced those publications didn't think that such citation was necessary.
So this "newspaper" is actually just following traditional newspaper practice. The online world has developed a somewhat different standard, since (as TFA and others have pointed out) it's very easy to include links to sources in your HTML. But we shouldn't be surprised that journalists from a newspaper background don't think this way. Those archived newspapers show that they never have.
So we should approach this as a "teaching moment". We should treat them as n00bs in the online news arena, and patiently explain to them that their age-old practice of not mentioning the sources of their information is not socially acceptable in the brave new world of Internet journalism.
Perhaps a way to encourage them might be: Whenever we read a news article that contains no links, we send them a link to a description of the syntax of a hyperlink. If they get enough of these, they might get the idea and start including links in their news articles.
It might not hurt to reply to a lot of comments here on/. with the same link.
Anyone got other URLs that would be as good as that one for explaining how hyperlinks work?
The "publish or perish" principle is at work worldwide, and has a well-known effect on publication quality everywhere. True, China has pushed this rather strongly lately, and it's good grounds to look at their publication data with skepticism. But this is true to a great degree everywhere in the world.
So far, there doesn't seem to be any single reliable metric for "quality" in scientific publication. This is why a number of different metrics are used (citations, etc.), and why nobody with any sense uses any of them as anything other than a rough measure.
The topic has gotten even more complex over the past decade, asscientific "publishing" slowly migrates to the Internet. Science's PR people (;-) haven't quite figured out how to put the right spin on this yet. But stay tuned; they'll come out with metrics for online publishing, and we'll all have some new graphs to view with skepticism.
Since jellyfish are around 99% water, it would probably take more energy to boil the water off than the 1% remaining contains.
Jellyfish are also remarkably low in nutritional value. The critters that eat them have to eat a lot for it to be worthwhile (and dispose of most of the water content).
Of course, the same could be said about things like cucumbers, which are also very high in water content. But they are a good source of those mythical 8 glasses of water you supposedly need every day, plus some trace vitamins.
I've worked on a number of projects where I've shot down the attempted use of OSX as a web server in much simpler ways. I've even gotten the problems across to managers with no understanding of "obscure technical details" (such as code management or version dependencies;-).
One way I've done this is by taking detailed notes of the "help" I've gotten from Apple's Customer Support. Thus, in one case, we set up some automatic printouts of certain kinds of events, but found that we couldn't get the OSX server to deal with a networked printer. We even plugged a printer into a nearby Airport (Apple's wireless base station). The CS guy that I talked to insisted that before he could help me get the printer set up, I had to shut down the non-Apple systems on the local network. This included our operational linux web server, which I wasn't about to shut down, of course. The message that Apple CS wouldn't help us unless we reduced the company's network to Apple-only hardware was easily sufficient to get OSX banned for important customer-facing server usage.
Another thing that has come up repeatedly is OSX's munging of file names. The primary problem is the caseless filename matching. A more obscure, nearly intractable problem is the rewriting complex characters as the base letter plus one or more "combining" characters (accents, etc). Both of these mean that you can't just rsync a directory tree on a development machine to an OSX server's tree. The file-name changes tend to break software in subtle ways that can be very difficult to diagnose and fix. After seeing how much time it can take to diagnose and fix these problems, again the management gets the idea, and simply bans use of OSX-based customer-facing servers.
Such problems are rare or nonexistent on servers running linux or "sane" unix systems. Companies like Red Hat and Debian are happy to support mixed-vendor networks. And normal unixoid file systems don't munge filenames inside the kernel. Everything except NUL and '/' are "just bytes" that aren't interpreted at all by the kernel, and are interpreted at the application level. It's easy enough to implement caseless matching yourself, using any of several approaches; there's no need to waste cpu cycles doing it (wrong;-) inside the kernel.
An interesting aspect to the file-name problems in OSX is that we've seen the kernel change how it does this after several upgrades. The evidence is that rsync suddenly copies a file to a differently-named file, where the resulting glyph looks the same, but the bytes are different. We've also seen rsyncs between different versions of OSX result in changed file names. This is a headache you don't need when you're trying to keep a web site working sanely.
Of course, if you never use anything but 7-bit bytes in file names, you may not think this is a serious problem. But you might be surprised at how soon you have reason to deal with languages other than English, and being able to use file names with non-ASCII characters can really make your life easier. Debugging changed or mismatched characters in the name of a tmp file can soak up a lot of hours of developer time.
For any important web use, life is much simpler if you insist that the OS not play any clever games with file names. And it's also really helpful if as much of the app-level software as possible use UTF-8 encoding for everything. This way, you avoid nasty surprises when non-English (or mixed-case;-) file names start to appear in your web directories. And these are rules that are easy for non-geek managers to understand.
(OTOH, I've personally found it easier to deal with Chinese or Arabic text in OSX than in linux. But it's not easy with either, and this is app-level stuff that isn't the fault of the kernel.;-)
I have been wondering this since I read RMS does not carry a cellphone. Do we need another creative visionary to come up with a completely unanticipated solution to this problem?
I used to think of RMS as an heroic visionary, but I've gradually lost respect for him. That quote from him, calling cell phones the perfect tool for a Stalin, was breathtakingly out of touch with reality.
Right; he should have said "Big Brother". Then the metaphor would work a lot better.
After all, Stalin really didn't institute any effective data system that kept track of the minute details of his citizens' lives. This was mostly because he didn't have the technology, but that's just a detail. His major Evil Achievement was arranging to slaughter tens of millions of his own citizens, mostly people who weren't even his political enemies. This didn't require massive monitoring or huge databases; it merely required sending out the troops.
The current story is rather about an insidious attempt to monitor and control our every motion. Big Brother is the main literary metaphor we have for this, and we don't really have much in the way of actual historical parallels. We're treading new ground here, creating the future metaphors for such control.
Actually, we do have one other good historical parallel. Our religious leaders have long told us that God knows not just our every action, but our every thought. His eye is on the sparrow, and all that. This has long been used as a way to keep the population submissive. Only now we're seeing the first attempts to implement this level of intimite knowledge in the real world. If you want an idea of how effective it might become, you might look into past religious societies. And you might ask yourself if you want to live in such a society.
Investment banking is less and less about investment which is good for the economy, and more and more about arbitrage and pumping transactions to make a fee,...
So when was it different? There have been many explanations that a great part of the recent worldwide financial disaster wasn't because the finance industry wanted to commit the shady deals that caused it all; it was because the government's financial regulators (and the judicial system) has for several decades been looking the other way. This gave the financial industry permission to do the things that they've wanted to do, but knew they couldn't get away with.
In a sane world, the people who committed the shady financial deals would have been prosecuted and jailed. This has happened to a few, true, but very few. Most have been rewarded, including at taxpayer expense.
The saying "Bad money drives out good" is rather old, and should be recalled at times like this. As long as the crooks in the finance industry know they can get away with it, they will.
Slashdot Mirror
...To prevent the Progress of Science and useful Arts, by securing for unlimited Times to the employers of Authors and Inventors and Trolls the exclusive Right to all Writings and Discoveries.
There; FTFY. ;-)
Listening to a guy talking and taking notes is a terrible way of learning in of itself. It is much more efficient sitting with a book on the subject ...
Reminds me of the old comment "The classroom lecture system is the best method discovered so for for teaching people who can't read."
There are a few cases where standing up in front of people and talking at them is better than putting it in print (or an audio file). The TED talks come to mind, which are intended to be concise, thoughtful commentaries on a specific topic. But most kinds of real information are better put into a form that can be read. This is mostly because most people can read faster than they talk. But there are other advantages to reading, such as the ability to instantly stop and think, then restart. Or backtrack. Or do a quick google to find some definitions or data or other opinions.
There are many more reasons that security that one might want to do this. A very common reason is that you're building a server box, and you want to maximize the available memory (and disk) space for the server's needs. A carefully configured kernel can have a memory footprint that's half the size of the distributed kernels. One reason is simple: A kernel built for distribution needs to be able to recognize and use most of the common hardware. This means it has lots of device drivers, most of which will never be used on your machine. Yes, you can install and link them after the boot, and most linux kernels now do this. But still, startup is faster if the most common devices have builtin drivers. By linking the kernel to exactly the needed drivers, and no others, you free up a significant amount of memory. And in a server that won't have new hardware added for years, removing things like unneeded drivers from the disk frees up some disk space. There are also assorted other kernel packages that you sometimes don't use and can delete, with varying improvements in size and speed.
Anyway, it's likely that Android will be an important OS kernel for the next decade or so. We can expect to start finding lots of people with experience in configuring and building Android kernels. You might not want to do such a job, but there are employers who will want someone to do it. Security is just one of the reasons.
It doesn't matter much whether you, personally, are able to read the source and spot hidden goodies. What matters is that we be able to do so. There are lots of us who enjoy such things. Some of us will keep them secret, of course, and sell the info to the highest bidders. But others of us like the reputation enhancement that follows public exposure of malware.
(And, of course, some of us have graduated from the second class to the first, in response to attacks from powerful corporations/governments and their lawyers. ;-)
One of my personal anecdotes is about getting a message from one of Dan Bernstein (djb)'s students, telling me how to exploit a buffer overflow in a program that I'd fallen heir to and used in an important - to some - web site. I spent a few hours studying it, corrected the problems, and sent back a nice thank-you note. So I consider putting that source code online a real win. Which software it was doesn't matter for our purposes here; the important point is that opening up the source to any interested hackers resulted in fixing a potentially serious problem. I've also received some useful enhancements to the code from several users, and the web site now supplies those enhancements to clients.
(And my "payment" for this help has been to do similar things for others on several occasions. Again, which software is was doesn't matter here; what matters is that others' open-source has occasionally allowed me personally to add useful enhancements to others' software.)
Or, you could just get a real phone that doesn't do this kind of BS: blackberry.
And we know this exactly how? As I recall, blackberries contain close to 100% closed-source code. This means that they can include any sort of extra "feature" that they don't tell you about, and you have no way of discovering it's there (until it's too late).
If you believe they don't do tracking because they told you, then you're truly a gullible mark. The only sensible approach is to assume that their software contains anything they want it to contain, and what their sales/support people tell you is little more than PR.
Of course, I could be wrong, and there could be a way to learn about a BB's innards. But I had one for a few years, supplied by my employer, and I never learned a way to dig into it.
If there's a way to learn about all of a BB's capabilities, could you tell us where we can learn about it? [My signature is sorta applicable here. ;-]
On Slashdot, "good" equals that which I agree with, and "evil" is anything I disagree with. Lametard virgins.
On Slashdot? I thought those were the definitions in General English.
I wonder if the devices still store locations while running in Airplane Mode.
It's likely. Note that the metaphor "Airplane Mode" comes from the claim by the airlines that cell phones' broadcasts might interfere with the airplane's electronics. The solution to this is to ban cell phones from sending data while inside an airplane. But the phone can be monitoring incoming signals without broadcasting anything, and all that the location software really needs is the signal strengths and header data (to extract the cell-towers' IDs). Similarly with GPS, which is receive-only for everyone. Determining location doesn't require sending any messages at all, it's done by decoding the packets sent by others with known positions.
Unless we can get access to the actual code, we should assume that little computers with wireless comm capabilities can always determine their position to some degree of precision. There may no longer be any part of the world where the air isn't full of data packets that suffice to determine location. If you don't want your gadget (and various other people) to know where it is, you probably should turn it off. And even then, you don't know that it's actually totally off; you just know that it's not showing any external signs of activity. So maybe you should leave it home.
And if you ever get arrested or even stopped for speeding(http://news.cnet.com/8301-17938_105-20055431-1.html) they have access to everywhere you've ever been.
It might be interesting to see how this works out in courts. There are often interesting "artifacts" in the iPhone's record of where it's been. Some time back (last summer), while my wife was driving, I held both her iPhone and my G1 phone, and watched our track on both. After watching the iPhone track us doing things like driving across a good-size lake, and rapidly jumping around between several roads that were a few miles apart, I watched an especially odd part of our travels. Suddenly it showed our position about 80 miles to the east-southeast, where we were driving north along maybe 10 miles off the coast of Cape Cod. We apparently continued this ocean drive for maybe 10 minutes, then we suddenly teleported back to roughly the position we saw out our windows.
Similarly, I've recently seen Google Maps on my G1 show me driving around in Montana, western Ontario, Nova Scotia, and even Alaska. This was shortly before or after it had my position as being near home in the Boston area. Several times it has jumped back and forth every few minutes between my actual position and one of these other places. Once I had to reboot it to get it to stabilize on one location (the correct one ;-).
Such behavior on the part of cell-phone mapping software would be pretty easy to document and present in court. I wonder how the courts would react to it?
Anyone else whose phone has shown similar wildly-inaccurate positions is welcome to comment. Maybe we should be building records of such things, for the benefit of people whose phones have been subpoenaed by the courts.
are addicted to food. The withdrawal symptoms are worse than for any other drug.
Nah; oxygen addiction is far worse. The withdrawal symptoms include death within minutes. Most people can survive a lack of food for days.
Would the Chinese or other governments take the opportunity to create back doors into western IT networks? Wouldn't they be crazy not to?
Would the US or other Western governments take the opportunity to create back doors into Chinese IT networks? Wouldn't they be crazy not to?
Then there's the observation that the security folks have been making from the very beginning: If you are actually serious about computer security, you don't install any software unless you have the source and you've compiled it yourself. This especially applies to the security software itself, though it applies to everything installed on every machine.
If your organization's security team is installing software from anything other than the source code, there are only two possible explanations: 1) They're incompetent; or 2) They understand that their job is "security theater" rather than actual security, and are acting appropriately to impress management without actually providing any added security over what your computers came with.
When there's a real security team, it doesn't matter whether any government agency has imposed backdoors on the software. The security people will analyze the code, discover the backdoors, and close them. They are highly likely to do this by sharing the source with their colleagues in the general security community, to invoke the "many eyes" process and to keep each other up to date on what that vendor is foisting on their customers. They're also likely to have tools of their own that they don't tell anyone about, which is watching the installed software to catch it at mischief.
(And, of course, there is also the famous Ken Thompson "Reflections on Trusting Trust" paper, which introduced the fun topic of whethert your compiler can be trusted to not introduce backdoors. And there's the added question of what's hiding in the firmware. Nobody ever said that real security is easy. ;-)
If your document relies on another document, then your server could cache that other document, and serve it up.
No, it can't. Not for technical reasons; for legal reasons. Nearly everywhere in the world, copyright law makes it illegal to copy more than a small excerpt from someone else's text, unless you have explicit written permission to do so by that text's owner. Such permission is rarely available, and the legal mechanisms involved are sufficiently time-consuming as to make it impractical even when the owner would probably be willing to give permission.
There are many situations where an interesting technical approach is made impractical by the legal system. This is mostly why we don't have our flying cars yet. Nobody wants the legal system to allow all the idiots who are now driving cars to be soaring overhead instead. So no matter how cool an idea it might be if you and I could do it without asking permission, it just ain't gonna happen.
But we can keep pushing. Maybe if we get enough valuable, practical examples of real deep linking or automagical caching of entire documents (or flying cars), we can eventually prevail on the legal system to officially allow such things. But probably not in our lifetime.
We do have scattered examples of real-world cooperation between web sites, in which they build on each other's capabilities. It's not all that difficult, if the participants communicate and want to cooperate. But there are many reasons that it can't be easily done willy-nilly, and those reasons will continue to prevent cooperation between strangers. And most of the world will continue to be strangers to each other for the forseeable future.
... native means that it comes with the computer and you don't have to download it...
So "native HTML5" is HTML5 that comes with the computer? But I'd think you'd mostly want it to be able to handle non-native HTML5, that is, HTML5 in docs that you download from the Web.
Maybe this is a truly new development: an HTML renderer that only handles HTML5 that comes with the computer, but misinterprets HTML5 that comes from "foreign" sources. If that's what they mean, it could truly qualify as an "innovative" implementation of HTML. (Nah; IE6 did that pretty well. ;-)
... what the heck does "native HTML5" even *mean*?
Well, I took it to mean the obvious: IE9's HTML-rendering code is written in machine code. Not java, not C#, not C, not even assembly language; they wrote it as a string of hex bytes.
I wouldn't be surprised ...
I'll take it a step further. Neanderthal and humans lived side by side, they were able to interbreed and their offspring was fertile, yet they were different species.
Actually, this has been debated quite a bit by biologists, who haven't quite agreed on the classification. Some say Homo neanderthalensis; others say Homo sapiens neanderthalensis. Note that "species" is an abstract concept, not a fact of nature. It's our classification scheme, and we aren't always right when we classify something.
Anyway, last May there was a paper published in Science that describe the results of a systematic comparison of fossil Neanderthal nuclear DNA with that of several groups of modern humans. Their conclusion was that it's almost certain that 1-4% of the genetic material of modern non-African humans is of Neanderthal origin, and this genetic material isn't found in the tested African populations. Basically, there are genes in the tested populations (in France, China and New Guinea) that are also found in some well-preserved Neanderthal fossils, but not in the tested African populations. The conclusion is that Neanderthals interbred with the Cro Magnons and other "modern" humans, and modern non-African humans should consider themselves as part Neanderthal.
There were a lot of jokes along the lines of "This explains some of my friends." It also validates a lot of suspicions that the many physical features shared by modern Europeans and Neanderthals aren't entirely due to convergent adaptation to European climates. Some features probably are due to convergence. E.g., the light skin coloring is a straightforward adaptation to colder, less sunny climates. But many common facial features are probably due to interbreeding.
Anyway, the conventional conclusion right now is that Homo sapiens neanderthalensis is the correct classification, and we have to look a bit farther back to find our closest non-human ancestor.
Note that understanding the study's results requires not just good knowledge of how DNA works, but also an understanding of the statistics used. The latter is a problem for over 99% of the population, who may not want to believe the results, but lack the mathematical knowledge required to do a valid job of debunking. Archaeology and paleontology aren't the only subject that require a good understanding of certain kinds of statistics; effective plant/animal breeding also requires such understanding. Without the required statistical knowledge, you can rant on the topic, but you really can't do much valid reasoning.
In the ongoing "discussion" with the creationists, it has occasionally been pointed out that whenever a biologist finds a fossil that fills in a gap in the fossil record, one result is to replace the one gap with two gaps. Thus, no such discovery can ever persuade the creationists; it just adds to their list of known gaps in the fossil record To them, evolutionary theory can't be ready for prime time until all the fossil gaps are filled in. They don't acknowledge the patterns that biologists find in the (admittedly very sketchy) fossil record.
Yeah; when I read that "whoa is me", I immediately thought it was a variant of "stop me if you've heard this one". ;-)
Or maybe it's part of a 3-day countdown type event.
So tomorrow we'll probably have a story about a real keylogger that was discovered somewhere else in a Samsung (or maybe another company's) product. But nobody will believe it because of the date, so the password harvest will proceed until a few million people are victims of identity theft.
The mere presence of a _folder_ with the offending name triggered the AV. That AV's gotto be the new benchmark as far as being crappy goes.
It's hardly anything new. There was this notorious case from 8 years ago, when the RIAA sent threatening C&D letters to Professor Peter Usher at Penn State, because his web site contained files with "Usher" in their name, including several .mp3 files. So the RIAA concluded that he was illegally distributing songs by the band Usher. As in this case, they looked only at the file names, and couldn't be bothered to check the files' contents. You can read lots about this case by googling "Professor Usher copyright" (without the quotes).
The problem has long existed outside the computer industry. The TSA has blocked people from flying simply because their surname was the same as (or sometimes just similar to) a name on their do-not-fly list. Security agencies have done this for ages, and every year we read of a number of arrests of people with names similar to a name on an arrest warrant.
This sort of thing has probably happened to a number of people reading this forum. Maybe they'll speak up ...
In the decades that I've spent reading newpapers and news magazines, I've noticed that citing sources is something that tends to stand out - because it is rarely done by those publications. You mostly only see such attributions in "editorial" content, not in "news".
You and I may think that "journalists" should cite their sources, or link to them in online stories. But a brief search through archived newspapers and other news publications show clearly that the people who produced those publications didn't think that such citation was necessary.
So this "newspaper" is actually just following traditional newspaper practice. The online world has developed a somewhat different standard, since (as TFA and others have pointed out) it's very easy to include links to sources in your HTML. But we shouldn't be surprised that journalists from a newspaper background don't think this way. Those archived newspapers show that they never have.
So we should approach this as a "teaching moment". We should treat them as n00bs in the online news arena, and patiently explain to them that their age-old practice of not mentioning the sources of their information is not socially acceptable in the brave new world of Internet journalism.
Perhaps a way to encourage them might be: Whenever we read a news article that contains no links, we send them a link to a description of the syntax of a hyperlink. If they get enough of these, they might get the idea and start including links in their news articles.
It might not hurt to reply to a lot of comments here on /. with the same link.
Anyone got other URLs that would be as good as that one for explaining how hyperlinks work?
The "publish or perish" principle is at work worldwide, and has a well-known effect on publication quality everywhere. True, China has pushed this rather strongly lately, and it's good grounds to look at their publication data with skepticism. But this is true to a great degree everywhere in the world.
So far, there doesn't seem to be any single reliable metric for "quality" in scientific publication. This is why a number of different metrics are used (citations, etc.), and why nobody with any sense uses any of them as anything other than a rough measure.
The topic has gotten even more complex over the past decade, asscientific "publishing" slowly migrates to the Internet. Science's PR people (;-) haven't quite figured out how to put the right spin on this yet. But stay tuned; they'll come out with metrics for online publishing, and we'll all have some new graphs to view with skepticism.
Since jellyfish are around 99% water, it would probably take more energy to boil the water off than the 1% remaining contains.
Jellyfish are also remarkably low in nutritional value. The critters that eat them have to eat a lot for it to be worthwhile (and dispose of most of the water content).
Of course, the same could be said about things like cucumbers, which are also very high in water content. But they are a good source of those mythical 8 glasses of water you supposedly need every day, plus some trace vitamins.
I've worked on a number of projects where I've shot down the attempted use of OSX as a web server in much simpler ways. I've even gotten the problems across to managers with no understanding of "obscure technical details" (such as code management or version dependencies ;-).
One way I've done this is by taking detailed notes of the "help" I've gotten from Apple's Customer Support. Thus, in one case, we set up some automatic printouts of certain kinds of events, but found that we couldn't get the OSX server to deal with a networked printer. We even plugged a printer into a nearby Airport (Apple's wireless base station). The CS guy that I talked to insisted that before he could help me get the printer set up, I had to shut down the non-Apple systems on the local network. This included our operational linux web server, which I wasn't about to shut down, of course. The message that Apple CS wouldn't help us unless we reduced the company's network to Apple-only hardware was easily sufficient to get OSX banned for important customer-facing server usage.
Another thing that has come up repeatedly is OSX's munging of file names. The primary problem is the caseless filename matching. A more obscure, nearly intractable problem is the rewriting complex characters as the base letter plus one or more "combining" characters (accents, etc). Both of these mean that you can't just rsync a directory tree on a development machine to an OSX server's tree. The file-name changes tend to break software in subtle ways that can be very difficult to diagnose and fix. After seeing how much time it can take to diagnose and fix these problems, again the management gets the idea, and simply bans use of OSX-based customer-facing servers.
Such problems are rare or nonexistent on servers running linux or "sane" unix systems. Companies like Red Hat and Debian are happy to support mixed-vendor networks. And normal unixoid file systems don't munge filenames inside the kernel. Everything except NUL and '/' are "just bytes" that aren't interpreted at all by the kernel, and are interpreted at the application level. It's easy enough to implement caseless matching yourself, using any of several approaches; there's no need to waste cpu cycles doing it (wrong;-) inside the kernel.
An interesting aspect to the file-name problems in OSX is that we've seen the kernel change how it does this after several upgrades. The evidence is that rsync suddenly copies a file to a differently-named file, where the resulting glyph looks the same, but the bytes are different. We've also seen rsyncs between different versions of OSX result in changed file names. This is a headache you don't need when you're trying to keep a web site working sanely.
Of course, if you never use anything but 7-bit bytes in file names, you may not think this is a serious problem. But you might be surprised at how soon you have reason to deal with languages other than English, and being able to use file names with non-ASCII characters can really make your life easier. Debugging changed or mismatched characters in the name of a tmp file can soak up a lot of hours of developer time.
For any important web use, life is much simpler if you insist that the OS not play any clever games with file names. And it's also really helpful if as much of the app-level software as possible use UTF-8 encoding for everything. This way, you avoid nasty surprises when non-English (or mixed-case ;-) file names start to appear in your web directories. And these are rules that are easy for non-geek managers to understand.
(OTOH, I've personally found it easier to deal with Chinese or Arabic text in OSX than in linux. But it's not easy with either, and this is app-level stuff that isn't the fault of the kernel. ;-)
I have been wondering this since I read RMS does not carry a cellphone. Do we need another creative visionary to come up with a completely unanticipated solution to this problem?
I used to think of RMS as an heroic visionary, but I've gradually lost respect for him. That quote from him, calling cell phones the perfect tool for a Stalin, was breathtakingly out of touch with reality.
Right; he should have said "Big Brother". Then the metaphor would work a lot better.
After all, Stalin really didn't institute any effective data system that kept track of the minute details of his citizens' lives. This was mostly because he didn't have the technology, but that's just a detail. His major Evil Achievement was arranging to slaughter tens of millions of his own citizens, mostly people who weren't even his political enemies. This didn't require massive monitoring or huge databases; it merely required sending out the troops.
The current story is rather about an insidious attempt to monitor and control our every motion. Big Brother is the main literary metaphor we have for this, and we don't really have much in the way of actual historical parallels. We're treading new ground here, creating the future metaphors for such control.
Actually, we do have one other good historical parallel. Our religious leaders have long told us that God knows not just our every action, but our every thought. His eye is on the sparrow, and all that. This has long been used as a way to keep the population submissive. Only now we're seeing the first attempts to implement this level of intimite knowledge in the real world. If you want an idea of how effective it might become, you might look into past religious societies. And you might ask yourself if you want to live in such a society.
Wow that sucks to watch, maybe they could have just typed it up and saved us all 10 minutes of our lives?
Um, they did, and published it in a whole lotta journals. But you didn't read them, did you?
Investment banking is less and less about investment which is good for the economy, and more and more about arbitrage and pumping transactions to make a fee, ...
So when was it different? There have been many explanations that a great part of the recent worldwide financial disaster wasn't because the finance industry wanted to commit the shady deals that caused it all; it was because the government's financial regulators (and the judicial system) has for several decades been looking the other way. This gave the financial industry permission to do the things that they've wanted to do, but knew they couldn't get away with.
In a sane world, the people who committed the shady financial deals would have been prosecuted and jailed. This has happened to a few, true, but very few. Most have been rewarded, including at taxpayer expense.
The saying "Bad money drives out good" is rather old, and should be recalled at times like this. As long as the crooks in the finance industry know they can get away with it, they will.