I have seen my entire medical records. Everything that a doctor has access to about myself. They were handed to me while I was at my doctors once and left alone in the room for several minutes while they arranged something. This was pre-computerisation, and they were my damn records, so I sat and read through them all.
Most of them were boring. Most of them related to childhood reports that were ultimately no-diagnosis because it was a cold or sniffles or whatever. One of them relating to my birth describes sub-conjuctival haemorrhaging (bleeding behind the eye) - today my birth would have resulted in compensation and investigations as they damaged my eyes pulling me out.
Apart from that, it was not interesting. Hell, they didn't even have my blood type, because they don't test for it unless they need to. And I haven't been to the doctors in YEARS except to register with a new one. I'm in the UK so there's no "cost" involved in treating me that I shouldn't know, as such.
That said, why would you not want me to see them. If I have a condition, can you really hide it from myself? Seems like nothing more than an arse-covering exercise and - if that's so - why do you have to cover your arse? Why should you care that a previous doctor might have to cover their arse?
Don't let me delete them or modify them, but I should at least be able to view them on demand and provide notes/comments as necessary if there's a dispute. How else can I be assured that the data you have is accurate? I can even query my entire criminal record and have it corrected if necessary (e.g. if someone falsely used my identity to commit a crime, which is quite a common thing), so why can't I do the same for medical records?
In the UK, the PNC has an access and appeals process because there are recorded instances of someone being refused a job only to discover that the things on their record WEREN'T THEIRS - computer error, deliberate fraud, etc. is quite common - enough that there's a procedure to identify you with fingerprints in that case and modify criminal records accordingly, and have an appeals process.
You're not telling me that medical records can't have exactly the same problem and solution, especially in countries where that person's insurance is going to be paying for that medical treatment?
Hell, in the UK, even the Data Protection Act can be brought in here - you're storing data concerning my personal details on a computer system - that's automatic right to query, appeal, correction, etc. before you even start whether that's your image on CCTV (yes, under the UK DPA you can ask for all 'personal data' about yourself, including CCTV of you, from anyone who records it and stores it - there's even an official FAQ about it and they have 40 days to respond, so long as you provide enough details to isolate the data you require), the details your employer holds, or what a certain website holds on you in terms of cookies and stored data on their systems.
It's entirely a malpractice cover, from what I can see. And if you're scared of someone potentially discovering malpractice, then maybe you should deal with your patients more carefully, not try to hide your tracks. And, honestly, that would be #1, top-of-my-list reason for records TO be opened, if that's the case.
Yet another instance where "Wait until a month after release before you buy" would have saved an awful lot of people an awful lot of money, and forced a game developer to start delivering something people want.
I was *REALLY* keen to buy Aliens: Colonial Marines. I literally had to stop myself keep going back to the Steam page, etc. My favourite movie ever and so ripe for a decent FPS conversion with the original sounds etc. But I held off. I knew there was trouble when there were no playable reviews appearing (which suggest they were embargoed until release date), but I also knew it was sometimes just standard practice in the industry for bigger games.
Boy, am I glad. Already discounted on Steam. Pathetic ratings on any site you happen to go on. Another blasphemy to the franchise.
Holding out hope for Age of Empires II HD on Steam (certainly should be better than any other AoE title since the first time round), but I've learned over many years not to trust anything before a month after release.
Seems the last 12-24 months has been a really bad time for retro-remakes / sequels. Syndicate. Diablo III. Carrier Command. XCOM. Aliens. Sim City. Seems like someone is out to destroy every good video game memory from my childhood.
Seriously, this is like saying "why doesn't someone just make a car that can't crash, or a plane that will never stop flying?".
We can make computers that you can bet your life on. They still fail, but the failure rate is so low that we can bet people's lives on them every day (I'm not talking traffic lights - whose total failure isn't really that big of a deal in the long run, but things like life-support machines, nuclear reactors, etc.). It's EXTRAORDINARILY expensive, and relies on there being an absolute minimum of human input at runtime.
Even spacecraft and aircraft send two or three of the same computers up so they can just swap them out or take the majority vote. You can design systems all you like to be infallible, the fact is that they aren't - even in terms of hardware, and certainly not in terms of software. And the more you want to do with them, the more the work needed to eliminate problems increases - usually exponentially.
Have you seen how much it costs to formally prove code? Hell, just putting the requirements to begin the process can be something more expensive than an entire development cycle of conventional programming, and still contain human errors that the computer will happily prove to be correct (because they are) even if that's not what the humans involved intended (and thus you have a classic software bug again).
By comparison, your web browser is more complex, has more to do, updates more often (new specs and features, etc.) and is business-class programming, not critical. It would take decades or even centuries of man-hours to formally prove even a tiny section of it and every time it changes you need to do it again.
You can't design a secure language to express these things in. You can't design a machine that will cope with anything. You can't design a process involving humans that will be infallible.
Hell, we can't even design a piece of software that will find these bugs by itself (or else we wouldn't need bug-testing) - and yet MILLIONS is spent every year on products that help do just that (static code analysers, fuzz-testers, standard-compliance suites, etc.).
You will never have a "secure" computer, as long as its users and designers are human. When machines start to replicate themselves and write their own operating systems, then maybe it's possible (but how to get there without relying on the output of a human to do that job in the first place?).
Until then, honestly, what do you suggest? A "secure" programming language? There's been hundreds of attempts and ironically Java was one of them (it's all contained within a virtual machine, don't you know?, and thus can't damage the computer it's installed on.... least that's how it was sold for over TWO DECADES).
Summary: It ain't gonna happen in your lifetime. You can deal with it, or prove everyone in CS wrong.
I agree, but there's a lot of places where it just doesn't work (they're wrong, of course, but convincing them to see that is another matter entirely).
I've been offered training by employers several times (sometimes even while as a contractor) and I turn it down. Usually the training they want to provide is inadequate or just unsuitable and they don't know, but also even the "good" training does nothing more than look pretty on a CV (resume) after a year or so.
We can just ignore the box-ticking, book-memorisation vendor-sponsored courses and go straight to those with actual practical benefit and, basically, you find that you're already doing the job that they are intended to train you for.
It doesn't mean you're perfect or know everything, but the value available from such a course is usually greatly diminished for anyone who's half-decent at their job. And if they're not half-decent at their job, the training will be over their heads, stress them out, show them up, or just plain make them leave (and, well, that's kind of what you get when you employ those who aren't good enough for the job anyway).
I've politely explained this to several workplaces and they've tended to agree but there is a culture in some industries that even box-ticking on training your staff is considered vital. Who cares if they learn, so long as you can say you sent them on a course? The worst kind of red-tape management bullshit.
And does lack of training prevent me finding work? Not really. I've never been unemployed. I changed jobs at the height of the recession. I've applied for, and got, jobs that state they "require" X, Y, Z without any of them - just demonstrating the ability to learn on my own, and get on with the job, and even know more than some of those people who are supposed to have certifications in a specific area.
Training is a management box-ticking exercise, nothing more. If you have to train your staff to do their job, they aren't doing their job. Sure, if you have to send them on a course to - say - be a fire warden when they've never been a fire warden - that's different. That's outside their normal bounds. Or if you have to have some H&S review training because someone was an idiot and didn't follow procedure. But if you have to send them on courses to increase their skills in their own job, then maybe they are in the wrong place anyway.
If you were a programmer, or a NASA specialist, or a research physician, sending you "on training" to some external company to get a little certificate isn't going to do squat that you aren't already required to do as part of your job anyway. There's required on-the-job training that can't be learned any other way (e.g. doctors, nurses, etc. practising on patients under supervision before they are let loose on their own), there's training to comply with some legislation (H&S, fire, etc.), and there's training to make your CV look better. And, of course, employers should be wary of the latter, because it's the stuff that that employee should have been learning for themselves anyway.
I detest workplaces full of people who qualified to do the job 20+ years ago and refuse to change (because they can't) and don't TRY to update their methods. Unfortunately, I work in one of the worst industries for that (education).
If I didn't update my skills for 20 years, I'd be putting ZX Spectrums into ICT Suites, and would be sacked in seconds. Do I get paid to do it? Yes. It's called my job. Do I get sent on external training to do it? No. It's called my job.
I once had the irony of being told I "needed" to go on a basic IT course that *I* had set up the room for that it was going to be held in. I bet the person running the session wasn't able to do that, they just had a basic understanding of Office. When I pointed out that *I* was the person that built and installed the system the training was going to be held on, it was decided that maybe it wasn't "needed" after all.
Because the Amazon page could be written by any random person selling the product - even Amazon itself. I can find all kinds of product descriptions that have NOTHING to do with the original manufacturer on Amazon when you just search for a specific product. The manufacturer themselves makes no such claims that I can see. As such, I wonder why you rely on Amazon to know the product better than Canon themselves?
Additionally, my comparison to a still camera was not meant as an alternative product. A still SLR camera will provide vastly better low-light performance, and yet your camcorder wouldn't buy even the most basic of still cameras. That tells you exactly what you should expect from such a camcorder in terms of low-light performance, i.e. worse than the most basic DSLR. Is it because of their sensors? No. They make some fabulous low-light, and even astronomically-specialised sensors for their still cameras. That's about a tough a market for low-light sensitivity as you can get, but you'd rather paint everything the company does with the same brush as your camcorder.
Additionally, the article is about a CMOS sensor which is demonstrated on both still and moving imagery, and therefore applicable to both (it could end up in either product).
Claiming that your camera that you got from Jessops (vastly overpriced every time I've ever visited them, which is probably why they went bust, and I do astrophotography which is the "vastly overpriced" range of digital imaging) after reading a product description from Amazon (probably not even written by Canon), and then expecting it to do anything even close to what the most basic DSLR could manage on a still is, basically, the definition of ridiculousness.
Then saying that Canon are liars this time because you got stung in that instance because of your false expectations - that's really just shooting yourself in the foot on the way to hospital after shooting yourself in the foot.
You proof that, since the Top Gear review, sales have decreased by a noticeable amount.
Or that some of your suppliers/investors raised concern over the issues presented that might hit upon their bottom line.
Or you interview potential buyers anonymously (e.g. through market research companies) and ask if the episode had affected their buying habits.
Basically, anything except go to a court - as an expensive, paid-for professional lawyer who's been told what they need to prove - and whine that you are right without any significant evidence to back up your assertion.
You don't need to prove the impossible. You just need to get off your arse and provide data that suggests there could be some link enough that might, possibly, one-day, in the right mood, convince a jury.
The fact that Tesla didn't probably means that Tesla couldn't, which probably means it didn't happen and Top Gear had nothing to do with their sales at all (i.e. the episode had no effect, or people were already steering clear).
About the only claim on the Canon website I can find to that effect is:
"The light gathering area of the pixels is 160% greater than a conventional CMOS, for wider dynamic range and better low-light performance."
Nowhere does it promise some miraculous low-light effect. And it very much depends on what you class as a "conventional" CMOS.
And you can pay the same price for even a basic SLR Canon nowadays, let alone a HD camcorder, so I wouldn't be expecting anything miraculous from such a product.
My TV claims to offer a "better picture" and all sorts. I paid £200 for it. Chances are that it would never do anything miraculous. Same thing.
Canon already do two still astronomy cameras (well, one since they discontinued the 20a), so it's quite possible this could form the technology of the next one they produce.
However, the 60da is already 30% more expensive despite having nothing more than a firmware change and the removal of an IR filter from the 60d. God knows what this would cost in a consumer technology, let alone a specialist astronomical version.
I think you'd be better off with a bigger telescope, to be honest.
"It shall be possible for a physically present user to use the Custom Mode firmware setup option to modify the contents of the Secure Boot signature databases and the PK. *****This may be implemented by simply providing the option to clear all Secure Boot databases (PK, KEK, db, dbx), which puts the system into setup mode.******"
So the minimum requirement is that you can delete all the keys.
"If the user ends up deleting the PK then, upon exiting the Custom Mode firmware setup, the system is operating in Setup Mode with SecureBoot turned off."
So when you delete the keys, SecureBoot is turned off.
There's also an option to always put the Microsoft key back in place. But that's it. At no point does it guarantee that you can enter an arbitrary key and keep secure mode on. Which is basically what I said.
And "possible" can be provided by means of, say, a supplied disk available at extra cost from the manufacturer that has to be inserted for such action to be taken at all.
I think this is the biggest, and most complained about, assumption in all the debacle. If it was true, the Microsoft key issue wouldn't exist (we'd just have a "Linus key" and that would be the end of it).
Sure, MS give lip service to this but there's nothing that guarantees it will be available. Nothing at all. You can turn Secure Boot off, but then you've had BIOS engineers working on a feature that you then turn off because it doesn't work as you need it to.
But nothing guarantees that every user will ever be able to add a key to their own machines, nor that machines would ever come supplied in a way that would ever suggest that's what needed.
Having just fixed a 2012-issue BIOS bug a few months ago, and it being pretty much par for the course with even the larger consumer manufacturers to have such bugs, I don't trust that a BIOS option to enter a key I trust will be present in machines before I've bought them.
The bug I reported (and had to get a custom BIOS patch for)? A whole series of laptop machines from my normal supplier, using big-name BIOS's, motherboards, and other components (and Windows 7 stickers on them!), would refuse to boot if a certain offset on the selected bootable partition on the first disk was not zero.
That offset is actually always zero on a plain Windows NTFS drive. On Linux, or any other filesystem, it is not. On any encrypted system - even with an NTFS partition - (we discovered the problem using Truecrypt), it was not.
You could not fake partitions and juggle them around - whatever the bootable partition was was checked, no matter what the filesystem signature on it. God knows what happens if you use GPT and equivalents. Even chain-loading from partitions was next-to-impossible to set up with booting into an encrypted Windows setup (you would have to boot from an unencrypted NTFS partition into an encrypted one somehow and even playing games with syslinux etc. it was too difficult to even demonstrate a single working example, let alone deploy company-wide) .
Any non-zero byte in that position on the disk, which could be verified with a hex-editor on a blank disk, rendered the machine unbootable. Black screen, no boot options, no truecrypt loader, it just stopped. Zero the byte and it would happily boot again.
Yes, it's stupid and it SHOULD NOT HAPPEN. But only our threat of sending many thousands of pounds worth of laptops back because they did not fulfill the stated purpose actually prompted the reseller to nudge the manufacturer to nudge the board supplier, to nudge the BIOS supplier, to hack up a dirty patch to their BIOS labelled with all sorts of beta/not for distribution / etc. warnings. And even that, it was a close run thing because the reseller was ready to just say "not our problem, it runs Windows which we supplied with it" at any second and only the threat of a lot of future business prompted any sort of action from them.
UEFI just puts an unnecessary burden of responsibility onto BIOS manufacturers and Microsoft. And the vast majority of BIOS manufacturers (even AMI, Pegasus, etc.) are inherently bad and aim at making machines that boot only Windows and then walk away saying "not my problem". Try finding a machine with valid ACPI tables, the problem has actually got WORSE since ACPI become commonplace and in every machine.
Samsung only the other week had a problem where a BIOS issue can cause a complete machine bricking no matter what the OS, but Windows triggers it less because it doesn't do certain things that are perfectly reasonable to do by the standards.
Nobody *cares* what *SHOULD* work. They care what could *NOT* work. And relying on your BIOS manufacturer to be able to boot Linux successfully is, historically, one of the most contentious areas of computer manufacture ever.
Never seen the Quake Wars / Wolfenstein etc. ray-traced games? They basically have to have a lot of machine behind them to replicate even quite old games. And, to be honest, they look not much better.
Sure, the shiny-shiny effects of a chandelier reflecting a million-and-one droplet's reflections looks really nice the first time you stare at it, but to be honest I played through Mirror's Edge the other month and I didn't look at the graphics once. When you do, you realise that actually it's all just clever tricks because you're NOT going to stand around while enemies are chasing you looking at a chandelier.
On the other hand, I played Dear Esther yesterday. It's *not* a game, I have to hasten that, it's much closer to tech demo / arty-farty piece, but it looks really, really beautiful. It probably can't do huge reflections, it probably cheats like hell on the shadows, fog, and everything else. It's just a bog-standard 3D engine but it looks really nice and pretty enough for you to say "Wow, I'll zoom in on that, that looks cool". And you have the time and inclination to do so because you're SUPPOSED to and there's nothing driving you to enjoy anything but the scenery.
Ray-tracing had its day. We can do it now, in high-res, on high-end machines. But it's really no easier to do and no prettier to do and not worth the power to do. The models have to be made differently, but involve the same or more work as normal 3D "cheating" models used in games (with mipmapping, bump-mapping, etc.). They don't look any prettier until you're doing things like hundreds and hundreds of tiny glass beads reflecting each other and - to be honest - how often does a game NEED that? And, in the end, the performance isn't on the same scale. Sure, a high-end gaming machine can probably do it, but the average gaming machine can't, so it would sell much less for more effort.
And ray-tracing is exactly the kind of thing that's providing the research, shortcuts and techniques that go into the modern graphics programming anyway. It's just like the historical stealing of OpenGL hardware and techniques from high-end CAD systems to run games nowadays.
I don't want a ray-traced game. I'd pay more for greater worlds, greater freedom, greater storyline, more recorded lines, more plot, more expansions, more physics, destructible enviroments (all things promised by every game and rarely delivered) etc. before I'll pay for shiny chandeliers in the mansions I'm shooting to pieces.
Well, working for a solicitors, you should ask them.
I would think the first answer that would spring to mind is "UK jurisdiction of law applies to the ownership and management of the domain name".
When another firm in the US kicks up a fuss about that solicitor doing something, or arguing over ownership of the name, or arguing about services provided from that name, they will be in their own jurisdiction and your UK solicitors will have to work in a foreign one to allow their business to continue to operate from that name.
Sure, it's a minor thing that may never happen, but isn't that how solicitors make their money?
No mention of this in the 12.14 release notes (even as a "vulnerability with details to follow later", which is common practice for Opera changelogs), and silence on the article about exactly how/why/where Opera is vulnerable.
If something pops up a million times and asks you for a Gigabyte and you click yes, then that's perfectly accepted user permission to do so.
I had a cheap Nokia. Had it for years (probably nearly a decade). It's the size of every other phone I've ever had, and has Java, a webcam, a radio, a camera, and god-knows-what-else on it (i.e. that's how "simple" it is). It ran out of internal memory every 100 texts or a few dozen camera shots (not that I ever used it) and had no external storage.
Binned it when it became almost impossible to find batteries and chargers for it, for the least-smart smartphone available I could get without basically ending up with the same thing (thought that the smartphone side might be helpful in my job - so far I've played several games and binned one subnet calculator app for taking longer to operate than just working it out myself). Spend more time managing the damn thing than I do calling on it.
If you don't see how "carrying an old crap 'pre-smart-phone' phone around" or "using a smartphone" is different to what I'm saying, you've misunderstood.
How's that going to work when no packets reach the "real" Internet at all until you've clicked agree?
Not saying Comcast do this, but it's trivial nowadays and available in every captive portal technology. The usual method is a blanket firewall over every packet EXCEPT packets to and from the desired services (e.g. ordinary DNS and HTTP) that are redirected through to internal servers - no exceptions. When you say "Yes", then you get your proper Internet (and thus ability to talk to a Tor node at all) back.
It's not hard to transparently forward packets to a particular server. We do it all the time for HTTP, and for DNS it's just a matter of changing the port on an iptables line.
Given me being the only gateway at the other end of your connection, I can screw with anything you do if I want. Once you're marked as "restricted", you could basically end up on an internal VLAN that prevents all outside access. It's not even that difficult without VLAN-specific support, these people are being trusted by you to talk to 8.8.8.8 or whatever on your behalf anyway and return the packets - there's nothing stopping them setting up an "offline" Internet with 8.8.8.8 just being redirected wherever they like.
You *think* you're talking to 8.8.8.8 but it's really just my internal DNS returning always "1.1.1.1", which (although it is also a valid external IP address) is really just an internal address that I put a webpage up at.
Until you click "I agree", you don't get put back on the normal network, and the restricted network can block anything and everything.
If you need a real-world example, go to a wifi hotspot. You can do what you like and set what settings you like, but until you pay money through their portal page, nothing will resolve properly, not even google's DNS servers. Every page you try to access will go to the captive portal webpage. And then, when you're authorised, it'll go back to "normal" and you can send email, use Google's servers, etc.
Just because you think you're being clever, doesn't mean it'll work. As a further hint, how does the SSL certificate for any page verify that you're on www.google.com without trusting the DNS response from the network (answer, it doesn't). Sure, there are solutions (DNSSEC, etc.)
I haven't read TFA, and am not speaking for Comcast (nor condoning them), but most of your concern is probably misguided:
They probably insert a javascript popup into javascript / HTML files that are accessed. Yes, it will affect all NAT'd users but you can't say "Well, you informed my flatmate but not me the account holder" because you used a different connection to the one warned.
I imagine they intercept ALL HTTP requests that provide an HTML response. Thus, everyone behind the NAT sees it. And no downloads or other services are affected. Because it's an inserted code into the HTML stream, it doesn't matter if you block popups, nor even that Javascript is turned off. When you request www.google.com, they will send you an HTML file that contains the popup and won't stop doing that until you "agree" to it (the question of who ends up clicking that agree button is a legal minefield, I admit). It won't set off SSL warnings because you can't inject into an HTTPS stream without breaking things. It won't matter what browser or settings you use - any HTML request will respond with the page that you need to agree to.
It's the same method used to operate wifi hotspots all over the world.
How do I know? My ISP used to have something similar 10 years ago. If they detected port 139 was unsecured on your network (by the presence of packets heading out of the network) they would block your web access until you agreed that you would take responsibility for it. I clicked that dialog four times in my life, I think (and, no, I didn't have open SMB shares exposed to the world, I'd just done a couple of nmap scans on my own external machines and it caused the alerts).
It didn't break anything, it was pretty certain that someone would see it and agree to it (and this was back before browsers supported half of what they do now), and it was effective (they had logs of when I had "agreed" to it, which was used by one of their tech support reps to determine that I know what I was talking about when I later had a problem - "Ah, an nmap user, okay, could you just do this for me...").
And show me an ISP that lets you run Tor in their AUP. Because pretty much all of them forbid any sort of proxying for others, which would be taken to include Tor.
Hell, even my external virtual server has a clause about "only proxying for your own use" (so I can set up a VPN, or email proxy, and proxy my connection, but only for me to use - I can't go advertising it or selling it to others)
In my country, the dispatcher doesn't get a choice.
In fact, last night I watched "999", a program that follows the emergency services. They got 18 calls from the same guy, and they went through the same routine every time sending out all the services, and it was always a hoax. Eventually, at the end of the conversations on the phone, the dispatcher would say "Yeah, it's that hoaxer, again" (or words to that effect). Hell, most of the time he called them to the same street for the same things.
But still they dispatched the amount of fire, ambulance and police that would be necessary to handle the reported incident before they'd even properly started the conversation on the phone (literally, as soon as they asked what was happening).
Yes, it's an enormous waste of time and money, but it's not up to the dispatcher to decide if the call is genuine or not. If help is requested, they are obliged to send it. Even if help isn't requested, but they think it's necessary, they are obliged to send it.
For every 100 4-year-olds who pick up the phone and dial the emergency services to "talk to the man", there's one who's done it while shit-scared (maybe of the fact that they've been left in the house alone because their daddy has collapsed in the back garden and they don't know it) - and they can't express what's worrying them, or what the problem is, or even talk to a stranger, but they know to dial the emergency services because something is wrong.
With adults, you get mental illness, you get shock, confusion, drunkenness, drugs, fume intoxication, and yes - still hoax calls. Some people will give you an address they haven't lived at for 20 years because they are panicking. But you don't get a choice. You dispatch as soon as you have enough information to do so - a drunk on the way home from the pub might well have been the only one around to see something happen and ask for help, even if he wouldn't be able to tie his own shoelaces. Anything else will cost genuine, innocent lives in need of help even if dealing with the hoaxer might do the same.
Dispatchers aren't there to analyse the voice, except to calm you down to get the information that needs to transfer between caller and dispatcher to do just that. They are there to send help. Even those idiots who "cry wolf" still have to have help sent to them on their 100th hoax call because this MIGHT be a real one that kills them and others.
The use of text-to-speech is not new, hell that's how a lot IRA bomb threats to the UK services were made back in the 80's. And the threats given were often obscure, weird, complete nutters phoning it in, and after a while similar hoaxers did the same stuff. You don't get to decide "who gets help", you send it.
Yes, it's a pain, and we should lock up the hoaxers if caught, but that's not the dispatcher's job to be judge, jury and executioner (literally). The guy on TV last night eventually got caught, got a prison sentence and couldn't even explain why he'd done it (not drunk, not drugged, not insane, etc.).
Text services for the deaf have been around for decades, as have dispatchers who know a hoax call when they hear one. But you still don't take the chance.
And, personally, I'd be quite happy to have "just a phone" that was absolutely miniscule.
What does a phone need? A way to connect a headset (Bluetooth), a way to answer an incoming call (a button on the headset, normally), and a way to dial a contact number (e.g. jogwheel and tiny 10-character display which can double up as caller-ID, but even a tiny watch-size LCD would be okay).
Gimme a phone the size of the smallest iPod nano's and it's fulfilled its purpose.
I'd rather carry that and then a phone-size tablet only for the times I need it, so long as the tablet can't auto-dial out (though using the Bluetooth to share a 3G connection on the nano-phone might be helpful occasionally) and the phone doesn't try and run games / apps / whatever.
Feature creep makes us want to carry one thing that does everything well and that can cause problems (apps spending money, dialling out, interfering with calls, etc.). Gimme a nano-phone and, when I want it, a mini-tablet about the size of the smaller Galaxy handsets. Take the 3G etc. functions out of the tablet and let it do what it does best. Take the app-crap and touchscreens out of the phone and let it do what it does best.
Hell, if you did it right, the pair could probably join together physically smaller than a conventional smartphone if you really wanted them to.
I spend my working life managing computer devices that try to do everything and be everything. I'd much rather not have to deal with that in my personal life too, when I just want to make a phone call. Last time I picked up my phone, it told me that apps needed updating, an OS update was ready and it was running out of internal memory.
Make computers computers, and make phones phones. Make them join, we have perfectly good protocols and cabling for that. But make them specialise in getting out of the user's damn way.
Exactly. In five minutes, I could have taught them that phrase, with a pretty picture, and they would know it to the same depth.
Five minutes of directed education therefore would be superior to months this "undirected" education.
Children, by default, have a huge desire to learn. But it will be focused on precisely the things that cause them to fail in later life unless directed. And dulling the enthusiasm is most easily achieved by NOT USING THE KNOWLEDGE or NOT LEARNING for a while.
If you want to see what "undirected education" really looks like, grab the kids who are bunking off school all the time, have parents who have no interest in teaching them, and then follow them for 20 years. You'll find the odd "success", but mostly they will be below average on just about every metric.
I work in schools. The kids who don't WANT to learn, learn nothing. The kids who DO want to learn can be hindered by those who don't to the point that they become one of them.
Hell, if anything, modern education systems are rigorous, structured and focused ENOUGH. We should be separating out the time-wasters and layabouts into their own classes and let the kids who want to learn excel at what they do, like we used to allow to happen.
A pop-up I wasn't expecting inserted into my normal web browsers, and breaking any secure sites that it might pop up on prompting security warnings, asking me to click a button, sign-in, etc.?
Yeah, that won't be a scam, will it?
How about this - you have these people's address and billing details, send them a damn letter by recorded delivery if you want them to read it.
Personally, everything I've been advising my users NOT to do for the last ten years would ensure that those warnings are ALL ignored and/or the person runs off to check their antivirus because they are quite obviously not supposed to be there when you have typed in www.google.com or whatever.
Slashdot Mirror
I have seen my entire medical records. Everything that a doctor has access to about myself. They were handed to me while I was at my doctors once and left alone in the room for several minutes while they arranged something. This was pre-computerisation, and they were my damn records, so I sat and read through them all.
Most of them were boring. Most of them related to childhood reports that were ultimately no-diagnosis because it was a cold or sniffles or whatever. One of them relating to my birth describes sub-conjuctival haemorrhaging (bleeding behind the eye) - today my birth would have resulted in compensation and investigations as they damaged my eyes pulling me out.
Apart from that, it was not interesting. Hell, they didn't even have my blood type, because they don't test for it unless they need to. And I haven't been to the doctors in YEARS except to register with a new one. I'm in the UK so there's no "cost" involved in treating me that I shouldn't know, as such.
That said, why would you not want me to see them. If I have a condition, can you really hide it from myself? Seems like nothing more than an arse-covering exercise and - if that's so - why do you have to cover your arse? Why should you care that a previous doctor might have to cover their arse?
Don't let me delete them or modify them, but I should at least be able to view them on demand and provide notes/comments as necessary if there's a dispute. How else can I be assured that the data you have is accurate? I can even query my entire criminal record and have it corrected if necessary (e.g. if someone falsely used my identity to commit a crime, which is quite a common thing), so why can't I do the same for medical records?
In the UK, the PNC has an access and appeals process because there are recorded instances of someone being refused a job only to discover that the things on their record WEREN'T THEIRS - computer error, deliberate fraud, etc. is quite common - enough that there's a procedure to identify you with fingerprints in that case and modify criminal records accordingly, and have an appeals process.
You're not telling me that medical records can't have exactly the same problem and solution, especially in countries where that person's insurance is going to be paying for that medical treatment?
Hell, in the UK, even the Data Protection Act can be brought in here - you're storing data concerning my personal details on a computer system - that's automatic right to query, appeal, correction, etc. before you even start whether that's your image on CCTV (yes, under the UK DPA you can ask for all 'personal data' about yourself, including CCTV of you, from anyone who records it and stores it - there's even an official FAQ about it and they have 40 days to respond, so long as you provide enough details to isolate the data you require), the details your employer holds, or what a certain website holds on you in terms of cookies and stored data on their systems.
It's entirely a malpractice cover, from what I can see. And if you're scared of someone potentially discovering malpractice, then maybe you should deal with your patients more carefully, not try to hide your tracks. And, honestly, that would be #1, top-of-my-list reason for records TO be opened, if that's the case.
Oh, +1 mod, please.
Well played, sir, well played.
Yet another instance where "Wait until a month after release before you buy" would have saved an awful lot of people an awful lot of money, and forced a game developer to start delivering something people want.
I was *REALLY* keen to buy Aliens: Colonial Marines. I literally had to stop myself keep going back to the Steam page, etc. My favourite movie ever and so ripe for a decent FPS conversion with the original sounds etc. But I held off. I knew there was trouble when there were no playable reviews appearing (which suggest they were embargoed until release date), but I also knew it was sometimes just standard practice in the industry for bigger games.
Boy, am I glad. Already discounted on Steam. Pathetic ratings on any site you happen to go on. Another blasphemy to the franchise.
Holding out hope for Age of Empires II HD on Steam (certainly should be better than any other AoE title since the first time round), but I've learned over many years not to trust anything before a month after release.
Seems the last 12-24 months has been a really bad time for retro-remakes / sequels. Syndicate. Diablo III. Carrier Command. XCOM. Aliens. Sim City. Seems like someone is out to destroy every good video game memory from my childhood.
When pigs fly.
Seriously, this is like saying "why doesn't someone just make a car that can't crash, or a plane that will never stop flying?".
We can make computers that you can bet your life on. They still fail, but the failure rate is so low that we can bet people's lives on them every day (I'm not talking traffic lights - whose total failure isn't really that big of a deal in the long run, but things like life-support machines, nuclear reactors, etc.). It's EXTRAORDINARILY expensive, and relies on there being an absolute minimum of human input at runtime.
Even spacecraft and aircraft send two or three of the same computers up so they can just swap them out or take the majority vote. You can design systems all you like to be infallible, the fact is that they aren't - even in terms of hardware, and certainly not in terms of software. And the more you want to do with them, the more the work needed to eliminate problems increases - usually exponentially.
Have you seen how much it costs to formally prove code? Hell, just putting the requirements to begin the process can be something more expensive than an entire development cycle of conventional programming, and still contain human errors that the computer will happily prove to be correct (because they are) even if that's not what the humans involved intended (and thus you have a classic software bug again).
By comparison, your web browser is more complex, has more to do, updates more often (new specs and features, etc.) and is business-class programming, not critical. It would take decades or even centuries of man-hours to formally prove even a tiny section of it and every time it changes you need to do it again.
You can't design a secure language to express these things in. You can't design a machine that will cope with anything. You can't design a process involving humans that will be infallible.
Hell, we can't even design a piece of software that will find these bugs by itself (or else we wouldn't need bug-testing) - and yet MILLIONS is spent every year on products that help do just that (static code analysers, fuzz-testers, standard-compliance suites, etc.).
You will never have a "secure" computer, as long as its users and designers are human. When machines start to replicate themselves and write their own operating systems, then maybe it's possible (but how to get there without relying on the output of a human to do that job in the first place?).
Until then, honestly, what do you suggest? A "secure" programming language? There's been hundreds of attempts and ironically Java was one of them (it's all contained within a virtual machine, don't you know?, and thus can't damage the computer it's installed on.... least that's how it was sold for over TWO DECADES).
Summary: It ain't gonna happen in your lifetime. You can deal with it, or prove everyone in CS wrong.
I agree, but there's a lot of places where it just doesn't work (they're wrong, of course, but convincing them to see that is another matter entirely).
I've been offered training by employers several times (sometimes even while as a contractor) and I turn it down. Usually the training they want to provide is inadequate or just unsuitable and they don't know, but also even the "good" training does nothing more than look pretty on a CV (resume) after a year or so.
We can just ignore the box-ticking, book-memorisation vendor-sponsored courses and go straight to those with actual practical benefit and, basically, you find that you're already doing the job that they are intended to train you for.
It doesn't mean you're perfect or know everything, but the value available from such a course is usually greatly diminished for anyone who's half-decent at their job. And if they're not half-decent at their job, the training will be over their heads, stress them out, show them up, or just plain make them leave (and, well, that's kind of what you get when you employ those who aren't good enough for the job anyway).
I've politely explained this to several workplaces and they've tended to agree but there is a culture in some industries that even box-ticking on training your staff is considered vital. Who cares if they learn, so long as you can say you sent them on a course? The worst kind of red-tape management bullshit.
And does lack of training prevent me finding work? Not really. I've never been unemployed. I changed jobs at the height of the recession. I've applied for, and got, jobs that state they "require" X, Y, Z without any of them - just demonstrating the ability to learn on my own, and get on with the job, and even know more than some of those people who are supposed to have certifications in a specific area.
Training is a management box-ticking exercise, nothing more. If you have to train your staff to do their job, they aren't doing their job. Sure, if you have to send them on a course to - say - be a fire warden when they've never been a fire warden - that's different. That's outside their normal bounds. Or if you have to have some H&S review training because someone was an idiot and didn't follow procedure. But if you have to send them on courses to increase their skills in their own job, then maybe they are in the wrong place anyway.
If you were a programmer, or a NASA specialist, or a research physician, sending you "on training" to some external company to get a little certificate isn't going to do squat that you aren't already required to do as part of your job anyway. There's required on-the-job training that can't be learned any other way (e.g. doctors, nurses, etc. practising on patients under supervision before they are let loose on their own), there's training to comply with some legislation (H&S, fire, etc.), and there's training to make your CV look better. And, of course, employers should be wary of the latter, because it's the stuff that that employee should have been learning for themselves anyway.
I detest workplaces full of people who qualified to do the job 20+ years ago and refuse to change (because they can't) and don't TRY to update their methods. Unfortunately, I work in one of the worst industries for that (education).
If I didn't update my skills for 20 years, I'd be putting ZX Spectrums into ICT Suites, and would be sacked in seconds. Do I get paid to do it? Yes. It's called my job. Do I get sent on external training to do it? No. It's called my job.
I once had the irony of being told I "needed" to go on a basic IT course that *I* had set up the room for that it was going to be held in. I bet the person running the session wasn't able to do that, they just had a basic understanding of Office. When I pointed out that *I* was the person that built and installed the system the training was going to be held on, it was decided that maybe it wasn't "needed" after all.
I know Jessops. I'm British too.
Because the Amazon page could be written by any random person selling the product - even Amazon itself. I can find all kinds of product descriptions that have NOTHING to do with the original manufacturer on Amazon when you just search for a specific product. The manufacturer themselves makes no such claims that I can see. As such, I wonder why you rely on Amazon to know the product better than Canon themselves?
Additionally, my comparison to a still camera was not meant as an alternative product. A still SLR camera will provide vastly better low-light performance, and yet your camcorder wouldn't buy even the most basic of still cameras. That tells you exactly what you should expect from such a camcorder in terms of low-light performance, i.e. worse than the most basic DSLR. Is it because of their sensors? No. They make some fabulous low-light, and even astronomically-specialised sensors for their still cameras. That's about a tough a market for low-light sensitivity as you can get, but you'd rather paint everything the company does with the same brush as your camcorder.
Additionally, the article is about a CMOS sensor which is demonstrated on both still and moving imagery, and therefore applicable to both (it could end up in either product).
Claiming that your camera that you got from Jessops (vastly overpriced every time I've ever visited them, which is probably why they went bust, and I do astrophotography which is the "vastly overpriced" range of digital imaging) after reading a product description from Amazon (probably not even written by Canon), and then expecting it to do anything even close to what the most basic DSLR could manage on a still is, basically, the definition of ridiculousness.
Then saying that Canon are liars this time because you got stung in that instance because of your false expectations - that's really just shooting yourself in the foot on the way to hospital after shooting yourself in the foot.
You don't.
You proof that, since the Top Gear review, sales have decreased by a noticeable amount.
Or that some of your suppliers/investors raised concern over the issues presented that might hit upon their bottom line.
Or you interview potential buyers anonymously (e.g. through market research companies) and ask if the episode had affected their buying habits.
Basically, anything except go to a court - as an expensive, paid-for professional lawyer who's been told what they need to prove - and whine that you are right without any significant evidence to back up your assertion.
You don't need to prove the impossible. You just need to get off your arse and provide data that suggests there could be some link enough that might, possibly, one-day, in the right mood, convince a jury.
The fact that Tesla didn't probably means that Tesla couldn't, which probably means it didn't happen and Top Gear had nothing to do with their sales at all (i.e. the episode had no effect, or people were already steering clear).
About the only claim on the Canon website I can find to that effect is:
"The light gathering area of the pixels is 160% greater than a conventional CMOS, for wider dynamic range and better low-light performance."
Nowhere does it promise some miraculous low-light effect. And it very much depends on what you class as a "conventional" CMOS.
And you can pay the same price for even a basic SLR Canon nowadays, let alone a HD camcorder, so I wouldn't be expecting anything miraculous from such a product.
My TV claims to offer a "better picture" and all sorts. I paid £200 for it. Chances are that it would never do anything miraculous. Same thing.
Canon already do two still astronomy cameras (well, one since they discontinued the 20a), so it's quite possible this could form the technology of the next one they produce.
However, the 60da is already 30% more expensive despite having nothing more than a firmware change and the removal of an IR filter from the 60d. God knows what this would cost in a consumer technology, let alone a specialist astronomical version.
I think you'd be better off with a bigger telescope, to be honest.
Now read what you wrote.
"It shall be possible for a physically present user to use the Custom Mode firmware setup option to modify the contents of the Secure Boot signature databases and the PK. *****This may be implemented by simply providing the option to clear all Secure Boot databases (PK, KEK, db, dbx), which puts the system into setup mode.******"
So the minimum requirement is that you can delete all the keys.
"If the user ends up deleting the PK then, upon exiting the Custom Mode firmware setup, the system is operating in Setup Mode with SecureBoot turned off."
So when you delete the keys, SecureBoot is turned off.
There's also an option to always put the Microsoft key back in place. But that's it. At no point does it guarantee that you can enter an arbitrary key and keep secure mode on. Which is basically what I said.
And "possible" can be provided by means of, say, a supplied disk available at extra cost from the manufacturer that has to be inserted for such action to be taken at all.
Lip service.
"you can load keys of your choice"
I think this is the biggest, and most complained about, assumption in all the debacle. If it was true, the Microsoft key issue wouldn't exist (we'd just have a "Linus key" and that would be the end of it).
Sure, MS give lip service to this but there's nothing that guarantees it will be available. Nothing at all. You can turn Secure Boot off, but then you've had BIOS engineers working on a feature that you then turn off because it doesn't work as you need it to.
But nothing guarantees that every user will ever be able to add a key to their own machines, nor that machines would ever come supplied in a way that would ever suggest that's what needed.
Having just fixed a 2012-issue BIOS bug a few months ago, and it being pretty much par for the course with even the larger consumer manufacturers to have such bugs, I don't trust that a BIOS option to enter a key I trust will be present in machines before I've bought them.
The bug I reported (and had to get a custom BIOS patch for)? A whole series of laptop machines from my normal supplier, using big-name BIOS's, motherboards, and other components (and Windows 7 stickers on them!), would refuse to boot if a certain offset on the selected bootable partition on the first disk was not zero.
That offset is actually always zero on a plain Windows NTFS drive. On Linux, or any other filesystem, it is not. On any encrypted system - even with an NTFS partition - (we discovered the problem using Truecrypt), it was not.
You could not fake partitions and juggle them around - whatever the bootable partition was was checked, no matter what the filesystem signature on it. God knows what happens if you use GPT and equivalents. Even chain-loading from partitions was next-to-impossible to set up with booting into an encrypted Windows setup (you would have to boot from an unencrypted NTFS partition into an encrypted one somehow and even playing games with syslinux etc. it was too difficult to even demonstrate a single working example, let alone deploy company-wide) .
Any non-zero byte in that position on the disk, which could be verified with a hex-editor on a blank disk, rendered the machine unbootable. Black screen, no boot options, no truecrypt loader, it just stopped. Zero the byte and it would happily boot again.
Yes, it's stupid and it SHOULD NOT HAPPEN. But only our threat of sending many thousands of pounds worth of laptops back because they did not fulfill the stated purpose actually prompted the reseller to nudge the manufacturer to nudge the board supplier, to nudge the BIOS supplier, to hack up a dirty patch to their BIOS labelled with all sorts of beta /not for distribution / etc. warnings. And even that, it was a close run thing because the reseller was ready to just say "not our problem, it runs Windows which we supplied with it" at any second and only the threat of a lot of future business prompted any sort of action from them.
UEFI just puts an unnecessary burden of responsibility onto BIOS manufacturers and Microsoft. And the vast majority of BIOS manufacturers (even AMI, Pegasus, etc.) are inherently bad and aim at making machines that boot only Windows and then walk away saying "not my problem". Try finding a machine with valid ACPI tables, the problem has actually got WORSE since ACPI become commonplace and in every machine.
Samsung only the other week had a problem where a BIOS issue can cause a complete machine bricking no matter what the OS, but Windows triggers it less because it doesn't do certain things that are perfectly reasonable to do by the standards.
Nobody *cares* what *SHOULD* work. They care what could *NOT* work. And relying on your BIOS manufacturer to be able to boot Linux successfully is, historically, one of the most contentious areas of computer manufacture ever.
Never seen the Quake Wars / Wolfenstein etc. ray-traced games? They basically have to have a lot of machine behind them to replicate even quite old games. And, to be honest, they look not much better.
Sure, the shiny-shiny effects of a chandelier reflecting a million-and-one droplet's reflections looks really nice the first time you stare at it, but to be honest I played through Mirror's Edge the other month and I didn't look at the graphics once. When you do, you realise that actually it's all just clever tricks because you're NOT going to stand around while enemies are chasing you looking at a chandelier.
On the other hand, I played Dear Esther yesterday. It's *not* a game, I have to hasten that, it's much closer to tech demo / arty-farty piece, but it looks really, really beautiful. It probably can't do huge reflections, it probably cheats like hell on the shadows, fog, and everything else. It's just a bog-standard 3D engine but it looks really nice and pretty enough for you to say "Wow, I'll zoom in on that, that looks cool". And you have the time and inclination to do so because you're SUPPOSED to and there's nothing driving you to enjoy anything but the scenery.
Ray-tracing had its day. We can do it now, in high-res, on high-end machines. But it's really no easier to do and no prettier to do and not worth the power to do. The models have to be made differently, but involve the same or more work as normal 3D "cheating" models used in games (with mipmapping, bump-mapping, etc.). They don't look any prettier until you're doing things like hundreds and hundreds of tiny glass beads reflecting each other and - to be honest - how often does a game NEED that? And, in the end, the performance isn't on the same scale. Sure, a high-end gaming machine can probably do it, but the average gaming machine can't, so it would sell much less for more effort.
And ray-tracing is exactly the kind of thing that's providing the research, shortcuts and techniques that go into the modern graphics programming anyway. It's just like the historical stealing of OpenGL hardware and techniques from high-end CAD systems to run games nowadays.
I don't want a ray-traced game. I'd pay more for greater worlds, greater freedom, greater storyline, more recorded lines, more plot, more expansions, more physics, destructible enviroments (all things promised by every game and rarely delivered) etc. before I'll pay for shiny chandeliers in the mansions I'm shooting to pieces.
Well, working for a solicitors, you should ask them.
I would think the first answer that would spring to mind is "UK jurisdiction of law applies to the ownership and management of the domain name".
When another firm in the US kicks up a fuss about that solicitor doing something, or arguing over ownership of the name, or arguing about services provided from that name, they will be in their own jurisdiction and your UK solicitors will have to work in a foreign one to allow their business to continue to operate from that name.
Sure, it's a minor thing that may never happen, but isn't that how solicitors make their money?
And Opera loses mention later on entirely. Probably because the bug doesn't exist on the last few Opera stable versions at all:
http://www.ledow.org.uk/Opera.jpg
I call crap on the Opera thing.
Latest stable Opera browser here, 12.14, updated 5th February:
http://www.ledow.org.uk/Opera.jpg
No mention of this in the 12.14 release notes (even as a "vulnerability with details to follow later", which is common practice for Opera changelogs), and silence on the article about exactly how/why/where Opera is vulnerable.
If something pops up a million times and asks you for a Gigabyte and you click yes, then that's perfectly accepted user permission to do so.
I had a cheap Nokia. Had it for years (probably nearly a decade). It's the size of every other phone I've ever had, and has Java, a webcam, a radio, a camera, and god-knows-what-else on it (i.e. that's how "simple" it is). It ran out of internal memory every 100 texts or a few dozen camera shots (not that I ever used it) and had no external storage.
Binned it when it became almost impossible to find batteries and chargers for it, for the least-smart smartphone available I could get without basically ending up with the same thing (thought that the smartphone side might be helpful in my job - so far I've played several games and binned one subnet calculator app for taking longer to operate than just working it out myself). Spend more time managing the damn thing than I do calling on it.
If you don't see how "carrying an old crap 'pre-smart-phone' phone around" or "using a smartphone" is different to what I'm saying, you've misunderstood.
Next question?
How's that going to work when no packets reach the "real" Internet at all until you've clicked agree?
Not saying Comcast do this, but it's trivial nowadays and available in every captive portal technology. The usual method is a blanket firewall over every packet EXCEPT packets to and from the desired services (e.g. ordinary DNS and HTTP) that are redirected through to internal servers - no exceptions. When you say "Yes", then you get your proper Internet (and thus ability to talk to a Tor node at all) back.
It's not hard to transparently forward packets to a particular server. We do it all the time for HTTP, and for DNS it's just a matter of changing the port on an iptables line.
Given me being the only gateway at the other end of your connection, I can screw with anything you do if I want. Once you're marked as "restricted", you could basically end up on an internal VLAN that prevents all outside access. It's not even that difficult without VLAN-specific support, these people are being trusted by you to talk to 8.8.8.8 or whatever on your behalf anyway and return the packets - there's nothing stopping them setting up an "offline" Internet with 8.8.8.8 just being redirected wherever they like.
You *think* you're talking to 8.8.8.8 but it's really just my internal DNS returning always "1.1.1.1", which (although it is also a valid external IP address) is really just an internal address that I put a webpage up at.
Until you click "I agree", you don't get put back on the normal network, and the restricted network can block anything and everything.
If you need a real-world example, go to a wifi hotspot. You can do what you like and set what settings you like, but until you pay money through their portal page, nothing will resolve properly, not even google's DNS servers. Every page you try to access will go to the captive portal webpage. And then, when you're authorised, it'll go back to "normal" and you can send email, use Google's servers, etc.
Just because you think you're being clever, doesn't mean it'll work. As a further hint, how does the SSL certificate for any page verify that you're on www.google.com without trusting the DNS response from the network (answer, it doesn't). Sure, there are solutions (DNSSEC, etc.)
I haven't read TFA, and am not speaking for Comcast (nor condoning them), but most of your concern is probably misguided:
They probably insert a javascript popup into javascript / HTML files that are accessed. Yes, it will affect all NAT'd users but you can't say "Well, you informed my flatmate but not me the account holder" because you used a different connection to the one warned.
I imagine they intercept ALL HTTP requests that provide an HTML response. Thus, everyone behind the NAT sees it. And no downloads or other services are affected. Because it's an inserted code into the HTML stream, it doesn't matter if you block popups, nor even that Javascript is turned off. When you request www.google.com, they will send you an HTML file that contains the popup and won't stop doing that until you "agree" to it (the question of who ends up clicking that agree button is a legal minefield, I admit). It won't set off SSL warnings because you can't inject into an HTTPS stream without breaking things. It won't matter what browser or settings you use - any HTML request will respond with the page that you need to agree to.
It's the same method used to operate wifi hotspots all over the world.
How do I know? My ISP used to have something similar 10 years ago. If they detected port 139 was unsecured on your network (by the presence of packets heading out of the network) they would block your web access until you agreed that you would take responsibility for it. I clicked that dialog four times in my life, I think (and, no, I didn't have open SMB shares exposed to the world, I'd just done a couple of nmap scans on my own external machines and it caused the alerts).
It didn't break anything, it was pretty certain that someone would see it and agree to it (and this was back before browsers supported half of what they do now), and it was effective (they had logs of when I had "agreed" to it, which was used by one of their tech support reps to determine that I know what I was talking about when I later had a problem - "Ah, an nmap user, okay, could you just do this for me...").
And show me an ISP that lets you run Tor in their AUP. Because pretty much all of them forbid any sort of proxying for others, which would be taken to include Tor.
Hell, even my external virtual server has a clause about "only proxying for your own use" (so I can set up a VPN, or email proxy, and proxy my connection, but only for me to use - I can't go advertising it or selling it to others)
In my country, the dispatcher doesn't get a choice.
In fact, last night I watched "999", a program that follows the emergency services. They got 18 calls from the same guy, and they went through the same routine every time sending out all the services, and it was always a hoax. Eventually, at the end of the conversations on the phone, the dispatcher would say "Yeah, it's that hoaxer, again" (or words to that effect). Hell, most of the time he called them to the same street for the same things.
But still they dispatched the amount of fire, ambulance and police that would be necessary to handle the reported incident before they'd even properly started the conversation on the phone (literally, as soon as they asked what was happening).
Yes, it's an enormous waste of time and money, but it's not up to the dispatcher to decide if the call is genuine or not. If help is requested, they are obliged to send it. Even if help isn't requested, but they think it's necessary, they are obliged to send it.
For every 100 4-year-olds who pick up the phone and dial the emergency services to "talk to the man", there's one who's done it while shit-scared (maybe of the fact that they've been left in the house alone because their daddy has collapsed in the back garden and they don't know it) - and they can't express what's worrying them, or what the problem is, or even talk to a stranger, but they know to dial the emergency services because something is wrong.
With adults, you get mental illness, you get shock, confusion, drunkenness, drugs, fume intoxication, and yes - still hoax calls. Some people will give you an address they haven't lived at for 20 years because they are panicking. But you don't get a choice. You dispatch as soon as you have enough information to do so - a drunk on the way home from the pub might well have been the only one around to see something happen and ask for help, even if he wouldn't be able to tie his own shoelaces. Anything else will cost genuine, innocent lives in need of help even if dealing with the hoaxer might do the same.
Dispatchers aren't there to analyse the voice, except to calm you down to get the information that needs to transfer between caller and dispatcher to do just that. They are there to send help. Even those idiots who "cry wolf" still have to have help sent to them on their 100th hoax call because this MIGHT be a real one that kills them and others.
The use of text-to-speech is not new, hell that's how a lot IRA bomb threats to the UK services were made back in the 80's. And the threats given were often obscure, weird, complete nutters phoning it in, and after a while similar hoaxers did the same stuff. You don't get to decide "who gets help", you send it.
Yes, it's a pain, and we should lock up the hoaxers if caught, but that's not the dispatcher's job to be judge, jury and executioner (literally). The guy on TV last night eventually got caught, got a prison sentence and couldn't even explain why he'd done it (not drunk, not drugged, not insane, etc.).
Text services for the deaf have been around for decades, as have dispatchers who know a hoax call when they hear one. But you still don't take the chance.
And, personally, I'd be quite happy to have "just a phone" that was absolutely miniscule.
What does a phone need? A way to connect a headset (Bluetooth), a way to answer an incoming call (a button on the headset, normally), and a way to dial a contact number (e.g. jogwheel and tiny 10-character display which can double up as caller-ID, but even a tiny watch-size LCD would be okay).
Gimme a phone the size of the smallest iPod nano's and it's fulfilled its purpose.
I'd rather carry that and then a phone-size tablet only for the times I need it, so long as the tablet can't auto-dial out (though using the Bluetooth to share a 3G connection on the nano-phone might be helpful occasionally) and the phone doesn't try and run games / apps / whatever.
Feature creep makes us want to carry one thing that does everything well and that can cause problems (apps spending money, dialling out, interfering with calls, etc.). Gimme a nano-phone and, when I want it, a mini-tablet about the size of the smaller Galaxy handsets. Take the 3G etc. functions out of the tablet and let it do what it does best. Take the app-crap and touchscreens out of the phone and let it do what it does best.
Hell, if you did it right, the pair could probably join together physically smaller than a conventional smartphone if you really wanted them to.
I spend my working life managing computer devices that try to do everything and be everything. I'd much rather not have to deal with that in my personal life too, when I just want to make a phone call. Last time I picked up my phone, it told me that apps needed updating, an OS update was ready and it was running out of internal memory.
Make computers computers, and make phones phones. Make them join, we have perfectly good protocols and cabling for that. But make them specialise in getting out of the user's damn way.
Exactly. In five minutes, I could have taught them that phrase, with a pretty picture, and they would know it to the same depth.
Five minutes of directed education therefore would be superior to months this "undirected" education.
Children, by default, have a huge desire to learn. But it will be focused on precisely the things that cause them to fail in later life unless directed. And dulling the enthusiasm is most easily achieved by NOT USING THE KNOWLEDGE or NOT LEARNING for a while.
If you want to see what "undirected education" really looks like, grab the kids who are bunking off school all the time, have parents who have no interest in teaching them, and then follow them for 20 years. You'll find the odd "success", but mostly they will be below average on just about every metric.
I work in schools. The kids who don't WANT to learn, learn nothing. The kids who DO want to learn can be hindered by those who don't to the point that they become one of them.
Hell, if anything, modern education systems are rigorous, structured and focused ENOUGH. We should be separating out the time-wasters and layabouts into their own classes and let the kids who want to learn excel at what they do, like we used to allow to happen.
A pop-up I wasn't expecting inserted into my normal web browsers, and breaking any secure sites that it might pop up on prompting security warnings, asking me to click a button, sign-in, etc.?
Yeah, that won't be a scam, will it?
How about this - you have these people's address and billing details, send them a damn letter by recorded delivery if you want them to read it.
Personally, everything I've been advising my users NOT to do for the last ten years would ensure that those warnings are ALL ignored and/or the person runs off to check their antivirus because they are quite obviously not supposed to be there when you have typed in www.google.com or whatever.
Start up a kickstarter and I'm in.