The problem is not time frame. The problem is differential treatment of traders; some get prices before others can see them, and can make decisions on those prices. While there's always going to be some differentiation, co-locating a trading server with the exchange is probably outwith most people's budget, and is probably what needs to be stopped. Require enough delay that anyone can participate on a good home broadband connection, and that the exchange sends prices to all recipients (direct from it, anyway) simultaneously, and you can level the playing field much more simply.
> some regular trader, accidentally put up stock for $1 instead of $41, would anyone "fix" it for us?
Yes. Go read the trading terms on the exchanges, there is scope for cancelling trades if a clear mis-price is done. There's an admin cost the size of a small moon (it's very much a last resort), and there's a maximum number in a time period (I can't remember the details off hand, and they vary by exchange), but it does happen
Why do you want people trading? What's wrong with computers trading with each other?
A lot of people worry that some single glitch will bring down a computer based trading network. Nonsense, this software is heavily customised or unique to each company that runs it.
Anyone should be able to download a trading platform ( http://code.google.com/p/jbooktrader/ is a good start ) and be able to run it, so that's a good base time, but I fail to see why people have to be involved directly.
Also, if you think a minute 30 is a minimum for humans, scalpers will terrify you with their trading pace.
Thermal paste is substantially less conductive than a heatsink; sure, there's conductive bits on there, but there's also all sorts of stuff to make it a paste. You want just enough for it to fill in the minuscule gaps between the heatsink and chip, and nothing more.
> Why should I be throttled to 25kbs or less like my ISP tries to??
So that others can get a decent portion of the network?
I'm a little disappointed with BT, who appear to have stopped publishing contention ratios. I'm going to use Namesco (who run over BT's lines) as my example instead; http://www.names.co.uk/adsl.html . With at ratio of 50:1, you're sharing your upstream connection from the exchange to your ISP, with 49 other people. 20:1, 19 other people. Either way, the contract with the ISP is fairly clearly saying "We don't have enough bandwidth to go around".
I'm disappointed with BT _because_ this should be made clearer to customers, that most home broadband connections are just a slice of a bigger connection, and usage will be limited by those around you.
Okay... so why would they do that? Because they don't have enough bandwidth to go around. What's the alternative? Leave TCP congestion control to do it.
So... how do you tell the difference between TCP throttling BitTorrent usage due to exponential backoff triggered by packet loss, and traffic shaping?
This is the news equivalent of staring into the sky until other people start collecting around you, wondering what you're looking at. I clicked because I figured I had to be missing something other people saw in this story. I was disappointed.
There's an even worse scenario, in that spoofing could allow an attacker to fake being a different origin. For bonus points, launch a nonsense attack that ties up your biggest competitors in an information/legal war...
I think everyone who has ever done information security from the defence side has had this thought cross their head. Like "Why don't we write a virus that patches Windows?", it turns up every now and then. It's very very illegal (can you imagine trying to persuade the US & China to provide mutual legal immunity to cyber-retaliation? North & South Korea?), damage to innocent bystanders is practically guaranteed, and escalation could turn the wild-west that the Internet is right now, into a glowing nuclear wasteland.
Without having the show to hand to check, I thought they showed it DID affect older instruments (on an built test rig), but on a newer plane there was no issue...
Amazon.co.uk has it for £6.89, or about $10 (although for some reason I can't paste the URL, so you'll have to trust me). On top of which, I don't have to tie up my Internet connection for several hours downloading it, and the Steam sale was a limited time special. If I want to buy a game at launch, I can expect to pay £5-10 more for the digital copy (really, we don't know what's with that), compared to having a physical copy shipped to me in time for release day.
The point being that digital sales aren't always clearly better.
Wait, is he claiming robots will suddenly make software have more real world consequences? If so, I'd like to introduce him to Therac-25... http://en.wikipedia.org/wiki/Therac-25
Short, not too squeamish version: Software bug in rare cases allowed radiation overdoses. People died.
> However if the programmer did do something that made it easier for people to break into something then maybe the company should be held liable.
Okay, but define "easier" for me. I mean, do we have it run Linux, and need security patches on a week to week basis? Maybe OpenBSD, that really raises the bar for cracking the software. Or, go all the way, have the whole software stack proven mathematically.
What I'm getting at is that actually, the level of security expected is very vague, and hard to determine. As a programmer, that's unsettling...
It also occurs, in the same way that if you build a bridge, there are well defined standards to adhere to, by the time we're selling free-roving robots I pray we'll have similar specs for software accreditation.
Autopilots have a hard time dealing with situations that are not previously imagined, but don't underestimate how much the engineers can plan for, and the usefulness of an autopilot that can react far faster (and more calmly) than a human.
That said, having a person on-hand is a good idea anyway, out of the basic principal of having no single point of failure for a system.
Basically... oh I don't even have a simple way of breaking this down...
Is there really evidence that the problem getting customers is lack of features? All the features in the world won't help if the product isn't something people want, or it's not being marketed effectively.
Can the developers prioritize features over, say, usability or stability, if they're just looking for a box to tick (ladies and gentlemen, I give you Microsoft)?
If developers have to work 50+ hour weeks on a long term basis, they will screw up your code base. You will have to spend a lot of time later, un-screwing it. Expect to at least match every hour over a 40 hour week, in time to undo the damage. Is getting features at the cost of massive technical debt, going to help?
Worth pointing out that O2 has already dropped down to 500MB usage cap, up to 1GB on the most expensive plans.
Although mobile Internet access here is sufficiently useless that sending an e-mail is typically faster by travelling the rest of the distance to my destination, and typing it into a computer, so suffice to say I'm nowhere near the cap...
Tacitly outsource pirate eradication to countries that can just kill them and don't have to follow rules.
If you'd been following the Somali pirate problem for a while, you'd know that several countries have armed naval vessels in the area. Oddly, it turns out that when a large armed ship turns up, everyone's just "fishing". Well except for some real Darwin award candidates ( http://www.bbc.co.uk/news/world-us-canada-11825293 ) who attacked a ship.
Also, no, you can't just wander around the seas with a heavily armed ship and be fine. A lot of countries will arrest you if you enter their waters (we can start with the UK, I'm not going to do an exhaustive search of gun laws right now).
> One of the best proposals I've seen on/. for authentication would be a little bit awkward, but beats passwords. Enter your username at a site. The site presents a serial number. The user selects the serial number, signs it with their PGP/gpg key, and pastes the signature. The server validates the file against the key and grants/denies access. With this method, the server doesn't need to maintain much state (other than the serial number to prevent replay attacks), and no sensitive material is exchanged.
Err... how is that not SSL based authentication, done with PGP? Is there's something subtle I'm missing here?
It took me a very long time to realise this. I don't think faster, or better (at least compared to those around me), but differently. I can re-factor large software systems in my head, as well having a skill at predicting problems before they arise, but struggle to remember what I'm doing today without a calendar.
Add RSA key generation and X.509 issuing as standard on all browsers. Provide easy tools for copying these keys & certificates around. Present them when connecting to a web site. Bingo, website knows you're the same person that last presented that certificate, in a secure fashion, with no/minimal user interaction required.
Oh, and the remote site can't fake your credentials from what you sent them.
Slashdot Mirror
No, there doesn't.
The problem is not time frame. The problem is differential treatment of traders; some get prices before others can see them, and can make decisions on those prices. While there's always going to be some differentiation, co-locating a trading server with the exchange is probably outwith most people's budget, and is probably what needs to be stopped. Require enough delay that anyone can participate on a good home broadband connection, and that the exchange sends prices to all recipients (direct from it, anyway) simultaneously, and you can level the playing field much more simply.
> some regular trader, accidentally put up stock for $1 instead of $41, would anyone "fix" it for us?
Yes. Go read the trading terms on the exchanges, there is scope for cancelling trades if a clear mis-price is done. There's an admin cost the size of a small moon (it's very much a last resort), and there's a maximum number in a time period (I can't remember the details off hand, and they vary by exchange), but it does happen
Why do you want people trading? What's wrong with computers trading with each other?
A lot of people worry that some single glitch will bring down a computer based trading network. Nonsense, this software is heavily customised or unique to each company that runs it.
Anyone should be able to download a trading platform ( http://code.google.com/p/jbooktrader/ is a good start ) and be able to run it, so that's a good base time, but I fail to see why people have to be involved directly.
Also, if you think a minute 30 is a minimum for humans, scalpers will terrify you with their trading pace.
Thermal paste is substantially less conductive than a heatsink; sure, there's conductive bits on there, but there's also all sorts of stuff to make it a paste. You want just enough for it to fill in the minuscule gaps between the heatsink and chip, and nothing more.
"magg", apparently: http://slashdot.org/~magg/
I worry slightly I spent the time to find that out.
You know what happened last time /. got into a user ID waving competition? http://slashdot.org/~palpatine (#94) turned up and made us all look silly.
> Why should I be throttled to 25kbs or less like my ISP tries to??
So that others can get a decent portion of the network?
I'm a little disappointed with BT, who appear to have stopped publishing contention ratios. I'm going to use Namesco (who run over BT's lines) as my example instead; http://www.names.co.uk/adsl.html . With at ratio of 50:1, you're sharing your upstream connection from the exchange to your ISP, with 49 other people. 20:1, 19 other people. Either way, the contract with the ISP is fairly clearly saying "We don't have enough bandwidth to go around".
I'm disappointed with BT _because_ this should be made clearer to customers, that most home broadband connections are just a slice of a bigger connection, and usage will be limited by those around you.
Okay... so why would they do that? Because they don't have enough bandwidth to go around. What's the alternative? Leave TCP congestion control to do it.
So... how do you tell the difference between TCP throttling BitTorrent usage due to exponential backoff triggered by packet loss, and traffic shaping?
This is the news equivalent of staring into the sky until other people start collecting around you, wondering what you're looking at. I clicked because I figured I had to be missing something other people saw in this story. I was disappointed.
There's an even worse scenario, in that spoofing could allow an attacker to fake being a different origin. For bonus points, launch a nonsense attack that ties up your biggest competitors in an information/legal war...
I think everyone who has ever done information security from the defence side has had this thought cross their head. Like "Why don't we write a virus that patches Windows?", it turns up every now and then. It's very very illegal (can you imagine trying to persuade the US & China to provide mutual legal immunity to cyber-retaliation? North & South Korea?), damage to innocent bystanders is practically guaranteed, and escalation could turn the wild-west that the Internet is right now, into a glowing nuclear wasteland.
Without having the show to hand to check, I thought they showed it DID affect older instruments (on an built test rig), but on a newer plane there was no issue...
Amazon.co.uk has it for £6.89, or about $10 (although for some reason I can't paste the URL, so you'll have to trust me). On top of which, I don't have to tie up my Internet connection for several hours downloading it, and the Steam sale was a limited time special. If I want to buy a game at launch, I can expect to pay £5-10 more for the digital copy (really, we don't know what's with that), compared to having a physical copy shipped to me in time for release day.
The point being that digital sales aren't always clearly better.
I'll raise that, and say if you paid me to take this, I would have to seriously consider whether it was worth the space it would consume.
Wait, is he claiming robots will suddenly make software have more real world consequences? If so, I'd like to introduce him to Therac-25... http://en.wikipedia.org/wiki/Therac-25
Short, not too squeamish version: Software bug in rare cases allowed radiation overdoses. People died.
> However if the programmer did do something that made it easier for people to break into something then maybe the company should be held liable.
Okay, but define "easier" for me. I mean, do we have it run Linux, and need security patches on a week to week basis? Maybe OpenBSD, that really raises the bar for cracking the software. Or, go all the way, have the whole software stack proven mathematically.
What I'm getting at is that actually, the level of security expected is very vague, and hard to determine. As a programmer, that's unsettling...
It also occurs, in the same way that if you build a bridge, there are well defined standards to adhere to, by the time we're selling free-roving robots I pray we'll have similar specs for software accreditation.
Also, people fail sometimes: http://en.wikipedia.org/wiki/Controlled_flight_into_terrain
Autopilots have a hard time dealing with situations that are not previously imagined, but don't underestimate how much the engineers can plan for, and the usefulness of an autopilot that can react far faster (and more calmly) than a human.
That said, having a person on-hand is a good idea anyway, out of the basic principal of having no single point of failure for a system.
Get your boss a copy of: http://www.amazon.com/Mythical-Man-Month-Software-Engineering-Anniversary/dp/0201835959/
Basically... oh I don't even have a simple way of breaking this down...
Is there really evidence that the problem getting customers is lack of features? All the features in the world won't help if the product isn't something people want, or it's not being marketed effectively.
Can the developers prioritize features over, say, usability or stability, if they're just looking for a box to tick (ladies and gentlemen, I give you Microsoft)?
If developers have to work 50+ hour weeks on a long term basis, they will screw up your code base. You will have to spend a lot of time later, un-screwing it. Expect to at least match every hour over a 40 hour week, in time to undo the damage. Is getting features at the cost of massive technical debt, going to help?
Worth pointing out that O2 has already dropped down to 500MB usage cap, up to 1GB on the most expensive plans.
Although mobile Internet access here is sufficiently useless that sending an e-mail is typically faster by travelling the rest of the distance to my destination, and typing it into a computer, so suffice to say I'm nowhere near the cap...
Tacitly outsource pirate eradication to countries that can just kill them and don't have to follow rules.
If you'd been following the Somali pirate problem for a while, you'd know that several countries have armed naval vessels in the area. Oddly, it turns out that when a large armed ship turns up, everyone's just "fishing". Well except for some real Darwin award candidates ( http://www.bbc.co.uk/news/world-us-canada-11825293 ) who attacked a ship.
Also, no, you can't just wander around the seas with a heavily armed ship and be fine. A lot of countries will arrest you if you enter their waters (we can start with the UK, I'm not going to do an exhaustive search of gun laws right now).
> One of the best proposals I've seen on /. for authentication would be a little bit awkward, but beats passwords. Enter your username at a site. The site presents a serial number. The user selects the serial number, signs it with their PGP/gpg key, and pastes the signature. The server validates the file against the key and grants/denies access. With this method, the server doesn't need to maintain much state (other than the serial number to prevent replay attacks), and no sensitive material is exchanged.
Err... how is that not SSL based authentication, done with PGP? Is there's something subtle I'm missing here?
> A forth type I might add is the “unfocused hacker”.
Guilty. I keep having to remind myself that we need the things I've been asked for, more than we need an Android app...
> I’ve also run into the inverse of this list on quite a few occasions “The Dedicated Idiot.”.
Seen that. 9 years on, we're still trying to undo mistakes they made.
I lost 2 hours... I think. Is it still Wednesday?
> I just work differently than the other people
It took me a very long time to realise this. I don't think faster, or better (at least compared to those around me), but differently. I can re-factor large software systems in my head, as well having a skill at predicting problems before they arise, but struggle to remember what I'm doing today without a calendar.
Way overcomplicating things...
Add RSA key generation and X.509 issuing as standard on all browsers. Provide easy tools for copying these keys & certificates around. Present them when connecting to a web site. Bingo, website knows you're the same person that last presented that certificate, in a secure fashion, with no/minimal user interaction required.
Oh, and the remote site can't fake your credentials from what you sent them.