I can conceive a challenge-response scheme inside the card with the PIN pad built directly into the card, or assuming a trusted reader (e.g. a sealed device that's a lot harder to trojan). But that's a lot of infrastructure.
The next trick would be getting the web merchants to agree on a protocol. You can do the EMV over TCP, but you're not generally opening your PC to TCP requests. You'd probably want some sort of browser tie-in that says, "Click here to send $194.43 to amazon.com to pay for transaction 3458234". The device can then either communicate with amazon directly or use that plugin as a tunnel.
The alternative would be some sort of display, "Type the following twelve-digit code displayed on your card into this text box" but that's error prone and inconvenient.
However, most of these cards will probably also have a contact plate, so you can use them with a contact reader attached to your PC.
But to my knowledge there's no protocol, web-based or otherwise, for actually doing the operation. If I go to amazon.com, for example, I'd really love to (say) tap my pin and the amount and the payee and get a little cryptographic check out that I can use to pay Amazon without the card number ever leaving my computer.
Getting those chips into people's hands will be a great start, though.
In that mode, you provide your PIN to the card reader through a PIN pad, and that unlocks your card to perform the transaction.
Is that PIN pad on the card itself? If I enter my PIN into somebody else's device that's a great opportunity for them to steal it. Can that be made durable enough to live in my wallet?
It sounds like these cards are going to be pricey (several dollars each to manufacture). Fine with me, if they can improve the currently horrific security associated with credit cards.
Is there a way to extend that unique RFID chip to online transactions? Maybe a reader hooked to your computer? Right now there's no good way to authorize a transaction over the Internet without sending them your credit card number (along with the sooper-seekrit protection code on the back).
Famously, Al Capone was nailed not for his violent crimes but for tax evasion. I wonder if this is similar: charge him with CAN-SPAM just to make sure you've got something to nail him on, and to increase the penalty even if you could nail him.
It also gives them an opportunity to test the law, to see if it's worth going after other spammers. If the courts decide to throw out the CAN-SPAM charge on the basis that the law is badly written, they've still got other crimes they can hit him on, so their time isn't wasted in this case, but they won't waste time on any other spammers unless they've got something else.
The other thing is that it's hard to prosecute pure spammers because they're so hard to find. Everybody criticized CAN-SPAM precisely because the spammers can so easily send mail through some other country and make it hard to tie to the source. They nailed this idiot because he showed up to a meeting.
Eliminating the difference between $41 and $D0B0 feels like a hack; it would leave a hole in whatever character set D0B0 is in. A Greek P (rho) and an English P are not the same character; neither are the Russian H and the English H, even though they're orthographically identical.
Still, mapping those together at the DNS level would solve this problem neatly. You just reject registrations for domain names with identical orthographies, especially when they have mixed character sets. Yeah, I can see some Greek complaining that he wasn't allowed to register rho-rho-rho.com because it looked too much like PPP.com, but the number of such complaints should be tiny.
"they'd stop selling DVDs entirely as unprofitable"
I said:
if "a few thousand" became "a few million"
Right now copying is making only a small dent in their profitability. But you're going to want to watch how you use the word "trivially". I'm a professional computer scientist and I don't know how to copy a protected DVD. Yeah, there's something about DeCSS and I could probably find it and download it, but I wouldn't call that "trivial". Nor is my bandwidth high enough (yet) that I can comfortably download an entire movie from a file-sharing service.
Maybe the threat will never rise all that high. Maybe it will always be difficult enough, and people honest enough, that they'd rather pay $4 to rent the DVD or $20 to buy it. And in that case where you're watching movies that they're paying for, bully for you.
It's a good recommendation, but not always as practical as it might seem.
Amazon, for example, has "affiliate" programs: you advertise a book on your web site and link to Amazon to purchase it. You have to use their link or the affiliate doesn't get credit. If that link asked me for my password, I might give it, even though I shouldn't be expecting it.
Perhaps that's a pathological case. The paypal link, for porn or otherwise, is more likely. In those cases it's good policy to do exactly what you say. But I'm thinking that requires me to remember an awful lot and type an awful lot. The effort is trivial compared to fixing an identity theft, but it gets tiring anyway when you do it every single day, usually for no reason (since 99.9999% of the sites I visit wouldn't try to steal my money.)
For all the bitching about the privacy violations (which are real and massive), I'd much rather see somebody address the real issue.
Roads are expensive. States have always found it equitable to put a tax on gasoline to pay for them. The more you drive, the more gas you use, the more you pay. Drive a fuel-efficient car, a thing we want to encourage, and your taxes go down.
Unfortunately, the competing goals are starting to come to loggerheads: people in highly efficient cars are using up the same amount of roadway, which still costs money, but they're not paying as much of the tax intended to cover it.
So the problem remains, and simply whining about privacy violations (real as they are) doesn't solve the problem.
You can raise the gas tax, encouraging more people to ditch SUVs and raising the price for using your hybrid. People hate that, but it's closer to fair. Eventually you may reach the point where you'd have to raise the tax per gallon through the roof to pay for the roads, even while the total tax remains the same. That drives people nuts, irrationally, but it doesn't involve the huge privacy violations, which they (again irrationally) ignore.
The problem is that you can't always easily identify an international domain name. In particular, IDNs contain characters that are nearly identical to Latin character set but are treated differently. Slashdot won't let me put in examples, but examples here.
The paypal.com one is particularly scary. It looks like paypal.com in your status bar when you hover over the link. It reads paypal.com in your address bar. But it isn't Paypal. That's because the "a" isn't an "a" but is really Unicode D0B0 If they'd put any effort into making it look like Paypal, it would be easy for somebody to direct you there and steal your Paypal password.
In Firefox and IE they're indistinguishable. Even if they added a clue that something was different (e.g. colors to indicate an IDN) you'd have to look closely, and if IDNs became common you'd start to ignore the color coding. If the only difference between "paypal.com" and an identical spoof were small, you'd get tired of looking closely, and forget. If the warning was unignorable, like a popup, you'd turn it off.
So the upshot is, yeah, beware of web sites you don't know, but with IDNs you don't always know whom you know.
MS isn't usually known for innovation in that direction. They're most famous for taking existing ideas and driving them closer to their logical limits. My hunch is that it has to do with the fact that they can throw many developers at the concept, which means that they can flesh out an idea that gets only a bit of support in an academic environment (where a lot of innovation starts).
I don't know what they'd have to throw at the problem that's truly innovative. Variations on the "zooming" metaphor would be nice (e.g. OS X's Expose), but those would be a lot easier to support when Longhorn comes out, with its fancy video-card based transformations. I'm thinking of something where a click is "zooming in"; back is "zooming out", and opening a tab is "setting up another branch to go down".
But of course "innovative" kind of implies "not the sort of thing I'm likely to come up with off the top of my head", so I wouldn't know. If they've got something brillant and clever I'd love to see it. If all they're doing is playing catch-up to Firefox, well, I guess it'll make it suck less when I have to use a computer without FF installed.
MS really depends on blazing performance to keep its users happy. Shipping IE separately means an upgrade to those internal components, not delivery of a separate product. I doubt you'll be able to use it alongside the existing IE, for example.
It's terrible for security, but MS's approach to security has never been to contain threats. Their approach heen been much more all-or-nothing; ActiveX signed certificates means that the program is either trusted or it's not.
Security is always a double-edged sword. Users hate it when security interferes with them, and if it gets in their way before they see the benefits of whatever you're selling them, they'll pick something less safe but whose benefits are more clearly visible.
It's vaguely possible that in Longhorn they might alter some of those balances between security and performance, since.NET gives you more control, but I'm betting not for this upgrade. Most users will always equate "faster" with "better", and "more secure" will come in a distant third.
And without belaboring the point, that's the point. Video stores have many, many customers, so they buy many, many disks, especially for popular movies where they need a many copies all at once. Thus the studio gets many, many sales.
It's far more complicated than that, since the big stores all have agreements that let them spread the risk around better, but basically the studios make considerable money selling to video stores and effectively zero on that single copy sold to a pirate. The difference between "a few dozen" and "a few thousand" is highly relevant, and if "a few thousand" became "a few million" they'd stop selling DVDs entirely as unprofitable.
In order to rent you a DVD, the video store had to buy it. They're sharing it out among a few dozen people, but the disc is still sold and the movie company gets its inch of green (or in this case, millimeter of green, but millimeters add up.)
So while it's clearly faulty to assert that every downloaded movie is a lost sale, it's just as faulty to say that nobody who downloaded a movie would have bought it or rented it. The correct answer is somewhere in between.
I don't know whether the 4% figure means that for every 24 sales there is one illegal download, or if it's some accountant's estimation of the actual number of sales they would have had if the downloads weren't available. It could well be the latter; it doesn't sound completely unreasonable to me.
But we'd be having the same argument if it were 2% or 1%. I strongly doubt that it's 0%. As the grandparent post points out, shrinkage comes out of your profit margin and can mean the difference between profit and loss.
Just for reference, you might try to avoid Wired as a source of information. It's a lot of fun, and that's why I read it too, but it's not really a source of knowledge. Wired's "hit rate" (predicted technologies that actually come to fruition) is pretty damn near zero.
I read that article, and I'd love to see it happen. But I'm not holding my breath just because I read it in Wired.
That's precisely correct, but the nice thing is that those 10 bytes are "pure information". In doing the compression you've eliminated all of the redundancy, and you're left with a truly random number.
Therefore, a brute force attack would require 2^80 guesses, which is on the number-of-the-atoms-in-the-universe scale.
A lot of protocols tend to use 128 bits for security, but that's partly a matter of overkill and partly a matter of 128 bits being a nice number for the power-of-two based computer to work with. Any attacks on them are based on weaknesses in the encryption algorithms, not on the key size.
Eighty truly random bits is likely to be more than sufficient.
Well, "impossible" is a bit much. The US takes in around a million migrants per year. But many, many more would if they could.
The illegal route is particularly common for those in the "gray economy" mentioned in a sibling post to yours. Many of those are people who don't want to immigrate. They simply wish to work here and live in Mexico, or live here and send much of their earnings back to their families in a country where it's far harder to earn a living.
That gray economy is very important economically, since it's a major component of agriculture in California. The President's approach calls for basically recognizing a class of second-class citizens to work for sub-minimum wage in exchange for certain rights, like driver's licenses. That's the point on which this whole issue is going to stick in the Senate, and may kill the entire bill.
The Star Trek:TNG writer's manual called for you to use the word TECH every time you needed a word like that; they got their science advisor to fill it in later.
So you really would see scripts with "Captain, I can compensate using TECH to TECH..."
I can't help but think that the series would have been better if TECH hadn't been such a cop-out. Sci-fi is about people, not technology, but often it's about how people interact with technology. If you don't know anything about technology then it's just the way people interact with mumbo-jumbo.
It's certainly not a law, but "observation" doesn't quite cover it either, since he was making a prediction that it would continue to hold true. Moore's Theory would be perhaps better, in the scientific sense of the word "theory".
You're right that it really applies to transistor density rather than speed, but thus far they've been closely tied.
It's 2005 today, but it's still earily in 2005. Back in April 2004, MS said (and I'm quoting Microsoft Watch, which is where a the hoo-rah started):
Microsoft is expected to recommend that the "average" Longhorn PC feature a dual-core CPU running at 4 to 6GHz; a minimum of 2 gigs of RAM; up to a terabyte of storage; a 1 Gbit, built-in, Ethernet-wired port and an 802.11g wireless link; and a graphics processor that runs three times faster than those on the market today.
So that's what Microsoft Watch says Microsoft said, so I can't tell you for certain if Microsoft believed it at the time, and I can't tell you if they still believe it now. I'd say that in mid-2006, that sounds more like a high-end system than a mid-level system. Intel has slacked off the rate of speedup, but I'd believe a 4 GHz dual-core would be available (if not common) in 18 months. (Moore's Law says speed doubles every 18 months.)
2 gigs of RAM sounds like a bit much for an average system, since today a quarter that much is sufficient even for MS bloatware for the average user. I don't know enough about video processor speeds to comment on them, but I'd believe that gigabit ethernet and wireless could be common in 18 months.
So yeah, it sounds like MS was being rather optimistic with those numbers, at least for Longhorn launch time. But by the time Longhorn has been out for a year (which will be only a fraction of the way through it's lifecycle) those systems should be common.
It sounds like MS is telling its developers to come up with something neat for a very powerful system. Whether they're talking revolutions, eye candy, or lazy programming, we'll know later this year when the betas appear. I'm betting it'll be a bit of the former and rather heavy on the latter two.
What was reported as the "minimum requirements" were actually the "expected average new system". It shouldn't be the least surprising that the average new system in 2006 is rather better than a top-end system today.
I don't actually know the minimum requirements for Longhorn. I do know that it will require a lot of horsepower and a high-end video card, because they're playing catchup with OS X (both in terms of eye candy and in terms of useful features such as Expose').
So I expect that Longhorn will run perfectly well on today's mid- to high-end systems, since they're trying to take advantage of video power currently going unused. Today's bottom-range systems may not run it at all, or will do so pokily.
Unless Y happens to have genetic engineering to remove the "Hell yes I want Gator!" gene, there's going to be a distressingly large class of users who will manage to acquire malware anyway.
I recommend a link on the Firefox web site that says, "Click here if you're a moron." It leads to a Firefox download with a half-dozen important plugins (yeah, of course the moron wants Shockwave; otherwise the ads just sit there!) and absolutely no ability to add more.
Joking aside, maybe that really is the best scheme: turn all plugin downloading off until the user who would be called in to remove the spyware (i.e. you, the Slashdot reader) turns it on. Hide it in the "about:config" dialog. Call it the "high-security" Firefox and make it the default download.
They've got this thing called winzip. You should try it some time.
Actually, what you need to do is get your friends to try it some time. Or even better, get your friends to learn to use plain text. Man, you gotta get some smarter friends.
Actually, it's usually my clients who send me Word files when plain text would do. And my clients are supposed to be computer programmers.
It will amost certainly break the format. Word is designed for processing large documents, and most of this stuff is "reserved space" where the next few thousand characters would go on a disk.
That's what allows you to, for example, type the letter "a" at the beginning of a 2 MB document without it having to shift the position of all two million subsequent characters. It allocates that stuff several thousand bytes at a time because that means it doesn't have to do it very often.
They figure that this 20K is just fine to waste. It costs you far less than a penny worth of disk space and improves performance. The case of a file with a single character in it is degenerate; the amount of space wasted is usually far, far less.
Theoretically they could let you tune the constant; if it were open source I'm sure you could go into some.h file and change it. But to offer that to a user, along with the thousands of other similar options, would confuse the user without making his life noticeably better.
I can conceive a challenge-response scheme inside the card with the PIN pad built directly into the card, or assuming a trusted reader (e.g. a sealed device that's a lot harder to trojan). But that's a lot of infrastructure.
The next trick would be getting the web merchants to agree on a protocol. You can do the EMV over TCP, but you're not generally opening your PC to TCP requests. You'd probably want some sort of browser tie-in that says, "Click here to send $194.43 to amazon.com to pay for transaction 3458234". The device can then either communicate with amazon directly or use that plugin as a tunnel.
The alternative would be some sort of display, "Type the following twelve-digit code displayed on your card into this text box" but that's error prone and inconvenient.
However, most of these cards will probably also have a contact plate, so you can use them with a contact reader attached to your PC.
But to my knowledge there's no protocol, web-based or otherwise, for actually doing the operation. If I go to amazon.com, for example, I'd really love to (say) tap my pin and the amount and the payee and get a little cryptographic check out that I can use to pay Amazon without the card number ever leaving my computer.
Getting those chips into people's hands will be a great start, though.
In that mode, you provide your PIN to the card reader through a PIN pad, and that unlocks your card to perform the transaction.
Is that PIN pad on the card itself? If I enter my PIN into somebody else's device that's a great opportunity for them to steal it. Can that be made durable enough to live in my wallet?
It sounds like these cards are going to be pricey (several dollars each to manufacture). Fine with me, if they can improve the currently horrific security associated with credit cards.
Is there a way to extend that unique RFID chip to online transactions? Maybe a reader hooked to your computer? Right now there's no good way to authorize a transaction over the Internet without sending them your credit card number (along with the sooper-seekrit protection code on the back).
Famously, Al Capone was nailed not for his violent crimes but for tax evasion. I wonder if this is similar: charge him with CAN-SPAM just to make sure you've got something to nail him on, and to increase the penalty even if you could nail him.
It also gives them an opportunity to test the law, to see if it's worth going after other spammers. If the courts decide to throw out the CAN-SPAM charge on the basis that the law is badly written, they've still got other crimes they can hit him on, so their time isn't wasted in this case, but they won't waste time on any other spammers unless they've got something else.
The other thing is that it's hard to prosecute pure spammers because they're so hard to find. Everybody criticized CAN-SPAM precisely because the spammers can so easily send mail through some other country and make it hard to tie to the source. They nailed this idiot because he showed up to a meeting.
Eliminating the difference between $41 and $D0B0 feels like a hack; it would leave a hole in whatever character set D0B0 is in. A Greek P (rho) and an English P are not the same character; neither are the Russian H and the English H, even though they're orthographically identical.
Still, mapping those together at the DNS level would solve this problem neatly. You just reject registrations for domain names with identical orthographies, especially when they have mixed character sets. Yeah, I can see some Greek complaining that he wasn't allowed to register rho-rho-rho.com because it looked too much like PPP.com, but the number of such complaints should be tiny.
Immediately before I said:
"they'd stop selling DVDs entirely as unprofitable"
I said:
if "a few thousand" became "a few million"
Right now copying is making only a small dent in their profitability. But you're going to want to watch how you use the word "trivially". I'm a professional computer scientist and I don't know how to copy a protected DVD. Yeah, there's something about DeCSS and I could probably find it and download it, but I wouldn't call that "trivial". Nor is my bandwidth high enough (yet) that I can comfortably download an entire movie from a file-sharing service.
Maybe the threat will never rise all that high. Maybe it will always be difficult enough, and people honest enough, that they'd rather pay $4 to rent the DVD or $20 to buy it. And in that case where you're watching movies that they're paying for, bully for you.
It's a good recommendation, but not always as practical as it might seem.
Amazon, for example, has "affiliate" programs: you advertise a book on your web site and link to Amazon to purchase it. You have to use their link or the affiliate doesn't get credit. If that link asked me for my password, I might give it, even though I shouldn't be expecting it.
Perhaps that's a pathological case. The paypal link, for porn or otherwise, is more likely. In those cases it's good policy to do exactly what you say. But I'm thinking that requires me to remember an awful lot and type an awful lot. The effort is trivial compared to fixing an identity theft, but it gets tiring anyway when you do it every single day, usually for no reason (since 99.9999% of the sites I visit wouldn't try to steal my money.)
For all the bitching about the privacy violations (which are real and massive), I'd much rather see somebody address the real issue.
Roads are expensive. States have always found it equitable to put a tax on gasoline to pay for them. The more you drive, the more gas you use, the more you pay. Drive a fuel-efficient car, a thing we want to encourage, and your taxes go down.
Unfortunately, the competing goals are starting to come to loggerheads: people in highly efficient cars are using up the same amount of roadway, which still costs money, but they're not paying as much of the tax intended to cover it.
So the problem remains, and simply whining about privacy violations (real as they are) doesn't solve the problem.
You can raise the gas tax, encouraging more people to ditch SUVs and raising the price for using your hybrid. People hate that, but it's closer to fair. Eventually you may reach the point where you'd have to raise the tax per gallon through the roof to pay for the roads, even while the total tax remains the same. That drives people nuts, irrationally, but it doesn't involve the huge privacy violations, which they (again irrationally) ignore.
The problem is that you can't always easily identify an international domain name. In particular, IDNs contain characters that are nearly identical to Latin character set but are treated differently. Slashdot won't let me put in examples, but examples here.
The paypal.com one is particularly scary. It looks like paypal.com in your status bar when you hover over the link. It reads paypal.com in your address bar. But it isn't Paypal. That's because the "a" isn't an "a" but is really Unicode D0B0 If they'd put any effort into making it look like Paypal, it would be easy for somebody to direct you there and steal your Paypal password.
In Firefox and IE they're indistinguishable. Even if they added a clue that something was different (e.g. colors to indicate an IDN) you'd have to look closely, and if IDNs became common you'd start to ignore the color coding. If the only difference between "paypal.com" and an identical spoof were small, you'd get tired of looking closely, and forget. If the warning was unignorable, like a popup, you'd turn it off.
So the upshot is, yeah, beware of web sites you don't know, but with IDNs you don't always know whom you know.
MS isn't usually known for innovation in that direction. They're most famous for taking existing ideas and driving them closer to their logical limits. My hunch is that it has to do with the fact that they can throw many developers at the concept, which means that they can flesh out an idea that gets only a bit of support in an academic environment (where a lot of innovation starts).
I don't know what they'd have to throw at the problem that's truly innovative. Variations on the "zooming" metaphor would be nice (e.g. OS X's Expose), but those would be a lot easier to support when Longhorn comes out, with its fancy video-card based transformations. I'm thinking of something where a click is "zooming in"; back is "zooming out", and opening a tab is "setting up another branch to go down".
But of course "innovative" kind of implies "not the sort of thing I'm likely to come up with off the top of my head", so I wouldn't know. If they've got something brillant and clever I'd love to see it. If all they're doing is playing catch-up to Firefox, well, I guess it'll make it suck less when I have to use a computer without FF installed.
MS really depends on blazing performance to keep its users happy. Shipping IE separately means an upgrade to those internal components, not delivery of a separate product. I doubt you'll be able to use it alongside the existing IE, for example.
.NET gives you more control, but I'm betting not for this upgrade. Most users will always equate "faster" with "better", and "more secure" will come in a distant third.
It's terrible for security, but MS's approach to security has never been to contain threats. Their approach heen been much more all-or-nothing; ActiveX signed certificates means that the program is either trusted or it's not.
Security is always a double-edged sword. Users hate it when security interferes with them, and if it gets in their way before they see the benefits of whatever you're selling them, they'll pick something less safe but whose benefits are more clearly visible.
It's vaguely possible that in Longhorn they might alter some of those balances between security and performance, since
And without belaboring the point, that's the point. Video stores have many, many customers, so they buy many, many disks, especially for popular movies where they need a many copies all at once. Thus the studio gets many, many sales.
It's far more complicated than that, since the big stores all have agreements that let them spread the risk around better, but basically the studios make considerable money selling to video stores and effectively zero on that single copy sold to a pirate. The difference between "a few dozen" and "a few thousand" is highly relevant, and if "a few thousand" became "a few million" they'd stop selling DVDs entirely as unprofitable.
In order to rent you a DVD, the video store had to buy it. They're sharing it out among a few dozen people, but the disc is still sold and the movie company gets its inch of green (or in this case, millimeter of green, but millimeters add up.)
So while it's clearly faulty to assert that every downloaded movie is a lost sale, it's just as faulty to say that nobody who downloaded a movie would have bought it or rented it. The correct answer is somewhere in between.
I don't know whether the 4% figure means that for every 24 sales there is one illegal download, or if it's some accountant's estimation of the actual number of sales they would have had if the downloads weren't available. It could well be the latter; it doesn't sound completely unreasonable to me.
But we'd be having the same argument if it were 2% or 1%. I strongly doubt that it's 0%. As the grandparent post points out, shrinkage comes out of your profit margin and can mean the difference between profit and loss.
Just for reference, you might try to avoid Wired as a source of information. It's a lot of fun, and that's why I read it too, but it's not really a source of knowledge. Wired's "hit rate" (predicted technologies that actually come to fruition) is pretty damn near zero.
I read that article, and I'd love to see it happen. But I'm not holding my breath just because I read it in Wired.
That's precisely correct, but the nice thing is that those 10 bytes are "pure information". In doing the compression you've eliminated all of the redundancy, and you're left with a truly random number.
Therefore, a brute force attack would require 2^80 guesses, which is on the number-of-the-atoms-in-the-universe scale.
A lot of protocols tend to use 128 bits for security, but that's partly a matter of overkill and partly a matter of 128 bits being a nice number for the power-of-two based computer to work with. Any attacks on them are based on weaknesses in the encryption algorithms, not on the key size.
Eighty truly random bits is likely to be more than sufficient.
And I use Firefox because it's fast enough and a lot cheaper.
Well, "impossible" is a bit much. The US takes in around a million migrants per year. But many, many more would if they could.
The illegal route is particularly common for those in the "gray economy" mentioned in a sibling post to yours. Many of those are people who don't want to immigrate. They simply wish to work here and live in Mexico, or live here and send much of their earnings back to their families in a country where it's far harder to earn a living.
That gray economy is very important economically, since it's a major component of agriculture in California. The President's approach calls for basically recognizing a class of second-class citizens to work for sub-minimum wage in exchange for certain rights, like driver's licenses. That's the point on which this whole issue is going to stick in the Senate, and may kill the entire bill.
Naren Shakar held the title of "science consultant".
I feel your pain.
The Star Trek:TNG writer's manual called for you to use the word TECH every time you needed a word like that; they got their science advisor to fill it in later.
So you really would see scripts with "Captain, I can compensate using TECH to TECH..."
I can't help but think that the series would have been better if TECH hadn't been such a cop-out. Sci-fi is about people, not technology, but often it's about how people interact with technology. If you don't know anything about technology then it's just the way people interact with mumbo-jumbo.
It's certainly not a law, but "observation" doesn't quite cover it either, since he was making a prediction that it would continue to hold true. Moore's Theory would be perhaps better, in the scientific sense of the word "theory".
You're right that it really applies to transistor density rather than speed, but thus far they've been closely tied.
It's 2005 today, but it's still earily in 2005. Back in April 2004, MS said (and I'm quoting Microsoft Watch, which is where a the hoo-rah started):
Microsoft is expected to recommend that the "average" Longhorn PC feature a dual-core CPU running at 4 to 6GHz; a minimum of 2 gigs of RAM; up to a terabyte of storage; a 1 Gbit, built-in, Ethernet-wired port and an 802.11g wireless link; and a graphics processor that runs three times faster than those on the market today.
So that's what Microsoft Watch says Microsoft said, so I can't tell you for certain if Microsoft believed it at the time, and I can't tell you if they still believe it now. I'd say that in mid-2006, that sounds more like a high-end system than a mid-level system. Intel has slacked off the rate of speedup, but I'd believe a 4 GHz dual-core would be available (if not common) in 18 months. (Moore's Law says speed doubles every 18 months.)
2 gigs of RAM sounds like a bit much for an average system, since today a quarter that much is sufficient even for MS bloatware for the average user. I don't know enough about video processor speeds to comment on them, but I'd believe that gigabit ethernet and wireless could be common in 18 months.
So yeah, it sounds like MS was being rather optimistic with those numbers, at least for Longhorn launch time. But by the time Longhorn has been out for a year (which will be only a fraction of the way through it's lifecycle) those systems should be common.
It sounds like MS is telling its developers to come up with something neat for a very powerful system. Whether they're talking revolutions, eye candy, or lazy programming, we'll know later this year when the betas appear. I'm betting it'll be a bit of the former and rather heavy on the latter two.
What was reported as the "minimum requirements" were actually the "expected average new system". It shouldn't be the least surprising that the average new system in 2006 is rather better than a top-end system today.
I don't actually know the minimum requirements for Longhorn. I do know that it will require a lot of horsepower and a high-end video card, because they're playing catchup with OS X (both in terms of eye candy and in terms of useful features such as Expose').
So I expect that Longhorn will run perfectly well on today's mid- to high-end systems, since they're trying to take advantage of video power currently going unused. Today's bottom-range systems may not run it at all, or will do so pokily.
Unless Y happens to have genetic engineering to remove the "Hell yes I want Gator!" gene, there's going to be a distressingly large class of users who will manage to acquire malware anyway.
I recommend a link on the Firefox web site that says, "Click here if you're a moron." It leads to a Firefox download with a half-dozen important plugins (yeah, of course the moron wants Shockwave; otherwise the ads just sit there!) and absolutely no ability to add more.
Joking aside, maybe that really is the best scheme: turn all plugin downloading off until the user who would be called in to remove the spyware (i.e. you, the Slashdot reader) turns it on. Hide it in the "about:config" dialog. Call it the "high-security" Firefox and make it the default download.
They've got this thing called winzip. You should try it some time.
Actually, what you need to do is get your friends to try it some time. Or even better, get your friends to learn to use plain text. Man, you gotta get some smarter friends.
Actually, it's usually my clients who send me Word files when plain text would do. And my clients are supposed to be computer programmers.
It will amost certainly break the format. Word is designed for processing large documents, and most of this stuff is "reserved space" where the next few thousand characters would go on a disk.
.h file and change it. But to offer that to a user, along with the thousands of other similar options, would confuse the user without making his life noticeably better.
That's what allows you to, for example, type the letter "a" at the beginning of a 2 MB document without it having to shift the position of all two million subsequent characters. It allocates that stuff several thousand bytes at a time because that means it doesn't have to do it very often.
They figure that this 20K is just fine to waste. It costs you far less than a penny worth of disk space and improves performance. The case of a file with a single character in it is degenerate; the amount of space wasted is usually far, far less.
Theoretically they could let you tune the constant; if it were open source I'm sure you could go into some