[Users] feel that the product should be well-designed enough that most of what they want to accomplish should be apparent without having to read any doc.
You're right. But the problem here is the applications, and I daresay I've run into as many obtuse Windows apps as I have Linux applications. But my wife, perhaps the least technical person I've ever met in my life, was able to use Mozilla and Evolution in seconds to browse the web and email her family in another country with very little instruction. She opens OpenOffice files I send her and prints them with no difficulty. All without reading a single bit of documentation.
And yes, I can install software without any difficulty, assuming it's well-put-together as most of it is. OK, I cheat - I use yum under Fedora. But Windows can't do that. But you point out that users want to be able to sit down and do the equivalent of bang out "Mary Had a Little Lamb" without being told to RTFM. Again, all I can say is that there are plenty of users who are able to do that. Windows is not the most intuitive interface in the world, and neither is GNOME. But both can get the job done, and it's a fallacy to say that it's impossible for the average user to achieve some level of immediate productivity in a Free software environment.
I used to believe in "dreaming" solutions to math or coding problems, but it rarely actually works for me (whatever I work out in my sleep doesn't turn out to be the actual cause). But a good night's sleep does two things:
(a) Being rested lets you think more clearly; you're refreshed and more energetic. That's what "rested" means, after all: peace, ease, or refreshment resulting from sleep or the cessation of an activity.
(b) Walking away from a problem gets you out of the mental rut that keeps you looking at the same set of non-working solutions. Hitting that mental reset button causes you to go through the process again and find the stumbling block that you're missing.
The article just says that there's an investigation under way and that the academy isn't identifying the screener being looked at; the LA Times is the one fingering Caridi. So while the Academy and the MPAA may occasionally be up to no good, there's no indication right now that in this case they're unfairly blaming the wrong guy. (And assuming that it couldn't be him because of his age would be a pretty poor way to run an investigation).
Actually, tracking down the leak is the right way to handle this. Go after the distributors and those actually responsible for the infringement. Enforcing your copyright is not in itself the problem; it's pretty clear here that someone is doing something wrong. The problem comes in the way you enforce it, and whether it's the screener or someone in the supply chain or a family member, tracking down that person is the way to go.
Disclosure: I work for a telecom company with a pretty successful ISP and wireless unit that obviously competes with both T-Mobile and AOL. This is my personal opinion, though, and I don't represent it as being that of my employer.
These two fit together well, if for no other reason than that they're both pretty bad about responding to security complaints. T-Online is notorious as a simultaneous source of scanning/exploit activity and a sink for abuse reports. AOL doesn't fare much better. Also, they'll probably end up keeping the brand name AOL since most of their customers could be easily confused by that sort of switch (most still don't know that Voicestream got bought by T-Mobile). So the sum effect of this would be that another company gets owned by Deutsche Telekom. Works for me: when I tell friends who really owns T-Mobile, more than one has decided they'd like to go with a domestic provider, even if it's not my employer.
My real question is, will Catherine Zeta Jones be in the new commercials?:)
Despite all the Big Brother bellyaching, I don't see where you're required to do this. If you don't like it, don't patronize those bars. There's no God-given right to drink at a particular bar, and voting with your feet is a pretty easy way to deal with it. If the government were requiring this system, then that would be a different matter, but as for now I don't see any difference between this and the ATMs that take your picture, etc.
Let's face it: private establishments can do what they want without violating inalienable rights, and if they don't want to do business with you anonymously, so be it. I don't think I'd go to such a bar, either, but that's just because I think it's bad etiquette - not because the bars are becoming Big Brother.
I don't know that RHL is the best pairing for Guinness. RH is great and I run it in many places, but I think of it more as the first non-mainstream beer that people try before they dig in and discover how many varieties there really are. Where I live, that's Shiner Bock. Maybe Guinness fits better with OpenBSD: stout, bitter, not to everyone's taste, but if you enjoy it, you almost can't drink anything else.
I need to be able to edit Visio diagrams in Linux. There are some rumblings that it might work with Codeweaver's product, and I haven't tested that, but that's the #1 thing I miss for work. Oh, and GnuCash still hasn't caught up with MS Money IMHO, which is really the only reason I dual-boot at home.
I'm moving into SBC territory next month, and the same situation exists here in Texas. Essentially, if I want to use another ISP, I have to pay that ISP a monthly fee and a separate line charge to SBC. But if I sign up with SBC, the combined line/ISP charge is the same as the line charge to go with someone else. So I can spend $30-$60 on the line charge and another $20-$40 to stay with my ISP, or just that $30-$60 to use their ISP. As much as I like my current provider, the financial incentive to switch is too great. But that still smacks of predatory pricing on the part of a monopoly.
SBC's not the only one that does this, of course. I work for another RBOC (though not in the telco or ISP areas) that does virtually the same thing. Evidently either my understanding of deregulation is flawed (the data services (DSL) unit must charge all ISPs the same, including their own) or the RBOC ISPs are really netting $0 after the line charges. Somehow I don't believe it's the latter.
I don't know, actually. It might have something to do with civil liability. The lawyers don't ask us grunts before they hand down edicts and they (unfortunately) rarely explain the reasoning. Too bad, because it would hopefully help us make on-the-spot decisions that aren't covered by previous instructions.
A lot of companies no longer ask these questions for legal reasons; I know mine (a very large US phone company) definitely doesn't. Point remains, though, that one should leave professionally.
If you haven't already read them, find something by Cory Doctorow (he's made his novel Down and Out in the Magic Kingdom freely available if you don't want to buy it, but it's worth it) or Charles Stross. Another good author more hyperpunk than cyberpunk is Eric Nylund; his two novels Signal to Noise and A Signal Shattered are great. I find picking up an anthology like The Year's Best Science Fiction helps me find authors whose work might interest me; that's how I found Charles Stross's work, at any rate. There are plenty of others out there, go digging around and you'll find tons of pointers on the Web for what to read.
To the poster: your parents sound like they're doing their job. Be glad they're interested in your achievement. If all parents felt the same way, our society would be in a wholly different situation.
That said, the login process probably does need to be changed, but doing that might end up defeating the purpose: if they sent a login via snail mail, kids are likely to intercept it. Then again, if the whole area knows about it, parents would get suspicious about why they haven't received theirs. It's a simple problem to fix, though, and doesn't change the fact that the underlying program keeping parents informed is a great idea.
What are dittos?
on
Kiln People
·
· Score: 5, Informative
The review never actually explains it... there's another review out there which does, fortunately.
I wrote up my view of the article and posted it earlier. I think that (for obvious reasons) he tends to view things from a cryptography perspective and tends to miss what really happens "on the ground", but hopefully his voice will be influential in such matters among his colleagues.
Put out the fire
on
Science Askew
·
· Score: 3, Funny
A psychologist went out to eat with an engineer and a mathematician. The three sat next to a window and ordered several waters. The psychologist then took out a lighter, set a napkin on fire, then placed the napkin on the floor. He asked the engineer to put out the fire. The engineer quickly picked up his water from the table and doused the fire. Undeterred, the psychologist lit a second napkin on fire and asked the mathematician to put out the fire. The mathematician moved his water from the windowsill to the table and replied, "It is now reduced to a previously solved problem."
Would this law require that network security companies announce when they find a client's systems vulnerable, becuase technically it is a "break in"?
Given that such auditing is either done by authorized internal personnel (I do this for my company), or by authorized external personnel (generally under a pretty draconian NDA), I don't think any confidential material is accessed without authorization. Whether the admin authorized it is besides the point; the directors of the corporation did, and that's what matters.
Since you can only jumpstart from a server on the clients subnet...
Not true, the boot server has to be on the same subnet (the boot and install server do not have to be the same machine). And if you have control of the routers and can set up directed broadcast, even that might not be necessary.
Personally, I've had loads of success submitting bugs for Mozilla. Since I've been using it for my day-to-day work for so long, I decided a lon gimte ago that I could at least bother to report the problems that I find. And the developers have been incredibly responsive. Sometimes they don't agree with me on how it should actually work, but they respond quickly and are willing to discuss the reasons behind their decision, which is good enough for me.
I've only submitted one bug in a distribution package (to Debian), and I saw a reply as well -- 3 months later. Although I still use Debian, responsiveness is probably not high on the list of reasons I do. Then again, most Debian maintainers are volunteers but a substantial chunk of Mozilla developers are paid, so that probably explains it.
Sometimes you just have to go to a class because the boss wants it -- makes a nice bullet point on presentations to prospective customers, executives, etc. Plus, it never hurts to learn a few new things and have an appropriate environment in which to play.
That, and it beats being in the office for a week.
If you think there is, you're fooling yourself. That said, as long as that axiom is kept in mind, something is better than nothing. FIPS (or any other certification) may not be a guarantee, but it should be a good indicator that due diligence has been performed and the software meets widely-accepted best practices.
The same applies to those practices. In and of themselves, they do not guarantee that no incident will take place. But they'll hopefully minimize the impact and frequency of those incidents. The fact that the NSA or some other entity may be able to get past your security doesn't invalidate that security entirely; depending on the environment, it may be good enough.
Information security is really all about risk management. At the end of the day, are we managing our security to the point where the risk is less than the value of the information itself? Balance business need (or whatever needs you have, if you're not a business) against the cost of extra measures. When additional measures are too expensive for the value of what you're protecting, you're secure -- at least secure enough, anyway. If everyone followed security best practices, we'd have a lot less problems than we do.
I took the Foundstone "Ultimate Hacking" course a few months ago, and some of these guys were on the team who taught it. While I can't speak to the book itself, not having read it, the authors themselves were very knowledgeable and authoritative in their fields. I expect that the information in this book should (hopefully) be of the same caliber.
Slashdot Mirror
You're right. But the problem here is the applications, and I daresay I've run into as many obtuse Windows apps as I have Linux applications. But my wife, perhaps the least technical person I've ever met in my life, was able to use Mozilla and Evolution in seconds to browse the web and email her family in another country with very little instruction. She opens OpenOffice files I send her and prints them with no difficulty. All without reading a single bit of documentation.
And yes, I can install software without any difficulty, assuming it's well-put-together as most of it is. OK, I cheat - I use yum under Fedora. But Windows can't do that. But you point out that users want to be able to sit down and do the equivalent of bang out "Mary Had a Little Lamb" without being told to RTFM. Again, all I can say is that there are plenty of users who are able to do that. Windows is not the most intuitive interface in the world, and neither is GNOME. But both can get the job done, and it's a fallacy to say that it's impossible for the average user to achieve some level of immediate productivity in a Free software environment.
I used to believe in "dreaming" solutions to math or coding problems, but it rarely actually works for me (whatever I work out in my sleep doesn't turn out to be the actual cause). But a good night's sleep does two things:
(a) Being rested lets you think more clearly; you're refreshed and more energetic. That's what "rested" means, after all: peace, ease, or refreshment resulting from sleep or the cessation of an activity.
(b) Walking away from a problem gets you out of the mental rut that keeps you looking at the same set of non-working solutions. Hitting that mental reset button causes you to go through the process again and find the stumbling block that you're missing.
Do you mean AUS $30? That's like $23 US, which is still a bit high but not too far past the common list price here of like USD $18-20.
The article just says that there's an investigation under way and that the academy isn't identifying the screener being looked at; the LA Times is the one fingering Caridi. So while the Academy and the MPAA may occasionally be up to no good, there's no indication right now that in this case they're unfairly blaming the wrong guy. (And assuming that it couldn't be him because of his age would be a pretty poor way to run an investigation).
Actually, tracking down the leak is the right way to handle this. Go after the distributors and those actually responsible for the infringement. Enforcing your copyright is not in itself the problem; it's pretty clear here that someone is doing something wrong. The problem comes in the way you enforce it, and whether it's the screener or someone in the supply chain or a family member, tracking down that person is the way to go.
Disclosure: I work for a telecom company with a pretty successful ISP and wireless unit that obviously competes with both T-Mobile and AOL. This is my personal opinion, though, and I don't represent it as being that of my employer.
These two fit together well, if for no other reason than that they're both pretty bad about responding to security complaints. T-Online is notorious as a simultaneous source of scanning/exploit activity and a sink for abuse reports. AOL doesn't fare much better. Also, they'll probably end up keeping the brand name AOL since most of their customers could be easily confused by that sort of switch (most still don't know that Voicestream got bought by T-Mobile). So the sum effect of this would be that another company gets owned by Deutsche Telekom. Works for me: when I tell friends who really owns T-Mobile, more than one has decided they'd like to go with a domestic provider, even if it's not my employer.
My real question is, will Catherine Zeta Jones be in the new commercials? :)
Let's face it: private establishments can do what they want without violating inalienable rights, and if they don't want to do business with you anonymously, so be it. I don't think I'd go to such a bar, either, but that's just because I think it's bad etiquette - not because the bars are becoming Big Brother.
I don't know that RHL is the best pairing for Guinness. RH is great and I run it in many places, but I think of it more as the first non-mainstream beer that people try before they dig in and discover how many varieties there really are. Where I live, that's Shiner Bock. Maybe Guinness fits better with OpenBSD: stout, bitter, not to everyone's taste, but if you enjoy it, you almost can't drink anything else.
I need to be able to edit Visio diagrams in Linux. There are some rumblings that it might work with Codeweaver's product, and I haven't tested that, but that's the #1 thing I miss for work. Oh, and GnuCash still hasn't caught up with MS Money IMHO, which is really the only reason I dual-boot at home.
I'm moving into SBC territory next month, and the same situation exists here in Texas. Essentially, if I want to use another ISP, I have to pay that ISP a monthly fee and a separate line charge to SBC. But if I sign up with SBC, the combined line/ISP charge is the same as the line charge to go with someone else. So I can spend $30-$60 on the line charge and another $20-$40 to stay with my ISP, or just that $30-$60 to use their ISP. As much as I like my current provider, the financial incentive to switch is too great. But that still smacks of predatory pricing on the part of a monopoly.
SBC's not the only one that does this, of course. I work for another RBOC (though not in the telco or ISP areas) that does virtually the same thing. Evidently either my understanding of deregulation is flawed (the data services (DSL) unit must charge all ISPs the same, including their own) or the RBOC ISPs are really netting $0 after the line charges. Somehow I don't believe it's the latter.
I don't know, actually. It might have something to do with civil liability. The lawyers don't ask us grunts before they hand down edicts and they (unfortunately) rarely explain the reasoning. Too bad, because it would hopefully help us make on-the-spot decisions that aren't covered by previous instructions.
Someone's already done this and it's called VulnWatch.
It's not very in-depth, but I posted my thoughts on XD2 the other day on my weblog.
A lot of companies no longer ask these questions for legal reasons; I know mine (a very large US phone company) definitely doesn't. Point remains, though, that one should leave professionally.
If you haven't already read them, find something by Cory Doctorow (he's made his novel Down and Out in the Magic Kingdom freely available if you don't want to buy it, but it's worth it) or Charles Stross. Another good author more hyperpunk than cyberpunk is Eric Nylund; his two novels Signal to Noise and A Signal Shattered are great. I find picking up an anthology like The Year's Best Science Fiction helps me find authors whose work might interest me; that's how I found Charles Stross's work, at any rate. There are plenty of others out there, go digging around and you'll find tons of pointers on the Web for what to read.
To the poster: your parents sound like they're doing their job. Be glad they're interested in your achievement. If all parents felt the same way, our society would be in a wholly different situation.
That said, the login process probably does need to be changed, but doing that might end up defeating the purpose: if they sent a login via snail mail, kids are likely to intercept it. Then again, if the whole area knows about it, parents would get suspicious about why they haven't received theirs. It's a simple problem to fix, though, and doesn't change the fact that the underlying program keeping parents informed is a great idea.
The review never actually explains it... there's another review out there which does, fortunately.
I wrote up my view of the article and posted it earlier. I think that (for obvious reasons) he tends to view things from a cryptography perspective and tends to miss what really happens "on the ground", but hopefully his voice will be influential in such matters among his colleagues.
A psychologist went out to eat with an engineer and a mathematician. The three sat next to a window and ordered several waters. The psychologist then took out a lighter, set a napkin on fire, then placed the napkin on the floor. He asked the engineer to put out the fire. The engineer quickly picked up his water from the table and doused the fire. Undeterred, the psychologist lit a second napkin on fire and asked the mathematician to put out the fire. The mathematician moved his water from the windowsill to the table and replied, "It is now reduced to a previously solved problem."
Given that such auditing is either done by authorized internal personnel (I do this for my company), or by authorized external personnel (generally under a pretty draconian NDA), I don't think any confidential material is accessed without authorization. Whether the admin authorized it is besides the point; the directors of the corporation did, and that's what matters.
Not true, the boot server has to be on the same subnet (the boot and install server do not have to be the same machine). And if you have control of the routers and can set up directed broadcast, even that might not be necessary.
I've only submitted one bug in a distribution package (to Debian), and I saw a reply as well -- 3 months later. Although I still use Debian, responsiveness is probably not high on the list of reasons I do. Then again, most Debian maintainers are volunteers but a substantial chunk of Mozilla developers are paid, so that probably explains it.
That, and it beats being in the office for a week.
The same applies to those practices. In and of themselves, they do not guarantee that no incident will take place. But they'll hopefully minimize the impact and frequency of those incidents. The fact that the NSA or some other entity may be able to get past your security doesn't invalidate that security entirely; depending on the environment, it may be good enough.
Information security is really all about risk management. At the end of the day, are we managing our security to the point where the risk is less than the value of the information itself? Balance business need (or whatever needs you have, if you're not a business) against the cost of extra measures. When additional measures are too expensive for the value of what you're protecting, you're secure -- at least secure enough, anyway. If everyone followed security best practices, we'd have a lot less problems than we do.
I took the Foundstone "Ultimate Hacking" course a few months ago, and some of these guys were on the team who taught it. While I can't speak to the book itself, not having read it, the authors themselves were very knowledgeable and authoritative in their fields. I expect that the information in this book should (hopefully) be of the same caliber.
Have you tried this lately? Works for me, in menus as well as in the bookmark bar.