It's my impression that he'd agree with you. He was only considering government-funded manned space flight. I think he's saying that if private individuals wish to go, they're likely to find that it won't repay their investment, except in the ego-fulfillment sense. As many slashdotters have said so far, that's more than enough for them.
Government spaceflight is likely to be the most important spaceflight for a long time to come. For around $20m, Scaled Composites solved roughly half the problem of getting to orbit; they could probably get there for another $20m. From there, it's maybe another $20m to get people to geosynchronous orbit, and $Xm to build a station there, and $Ym to get to the moon from there. X and Y are large numbers. Maybe they could do it for another $20m each, but I'd guess closer to $100m, or even more than that. That's still a couple of orders of magnitude less than it cost NASA, but NASA serves many masters and it's amazing how much that costs.
My point is that it's going to be really, really expensive, and his point is that the financial returns are likely to be really, really low, and the scientific returns low as well. As you say, "That's [a private investor's] choice to make." He's betting none will, because they won't find it worth the effort, not for that kind of money.
But hey, if any of the numerous slashdotters who have posted in favor of private spaceflight pull a Carmack [that is, get rich writing software and then decide to spend a lot of money getting into space], more power to ya, buddy.
Who knows? Scaled Composites thinks they can make their money back on space tourism on a simple up-and-down flight for a six-figure sum. Maybe orbit would get them seven figures, and they'd find enough people to take it to pay for that as well. Beyond that..., well, there aren't many people who even have eight figures, much less willing to blow them on a space flight no matter what the duration. But I can't prove it won't happen.
That was pretty much my impression, too. I'm kinda hoping that when this hits Science News it'll have the the right photo. Except that I don't really know all that much about fish, and if they were to put a picture of a trout with a scale showing "7 mm" next to it I'd probably believe them.
The article has zero information about the computers involved. Were they older machines? Did they have uncommon hardware? Or impolite drivers?
60% failure does seem unlikely to me. Microsoft presumably does at least some internal testing, and they're not going to release it if that many machines are going to be problematic (even a "release candidate").
The wide array of hardware Windows accepts must be a huge nightmare for Microsoft. I begin to understand why Apple wants to be the only ones who make Macintosh-compatible computers.
Bingo. Two-way communication is probably centuries off, either due to comms lag or the time it will take to discover the sci-fi advance that will cut out the time lag.
But that's largely irrelevant. The philosophical, social, and theological implications have an immediate, massive impact. Hell, even discovering some sort of microbe on Mars would be a massive advance from "here is the only place in the universe with life" to "there's something out there".
I believe most Slashdotters have no particular desire to hold up humans as the center of the universe, and would be thrilled to know that life could happen elsewhere. But many others would be less than thrilled. Even among Slashdotters there is the occasional creationist (or very sincere troll) who I suspect would be rather put out to know that God neglected to inform them that He created life more than once in the universe. Just yesterday I saw somebody claiming that evolution makes no testable predictions. It does: one is that life should exist elsewhere in the universe. It's not a terribly falsifiable hypothesis, but we could at least put error bars on it.
Even a single data additional data point would double the number of known places where life could evolve, which would greatly improve the precision of the calculations in the Drake Equation (which has error bars measured in orders-of-magnitude). We'd know a lot more about just how lonely the universe is, how fast civilizations evolve, and how quickly they decline.
Compared to all that, intelligible communications would be just the icing on the cake. Sweet icing indeed: even a single translated intercept would give us our first look at the syntax of a mind without human builtin structures, not to mention the semantic and semiotic implications.
But to me, I'd be satisfied just knowing that they're there.
Reading the abstract, it struck me as odd that this didn't seem to involve computers in any way. Computers are Microsoft's business, after all.
You have to read way down to figure out that the part they're really patenting isn't the incentive system itself but the automated response gathering systems, over the web and over email.
There are even some bits I'd I'd consider non-obvious, like localizing the prize by inserting the "there's a quiz coming up" signal further downstream.
It's all got in mind the idea of a Web+TV terminal like (for example) Microsoft's WebTV. Claim 1 is definitely overbroad, but I'm not aware of prior art for many of the other ideas.
In other words, as long as the guy was pulling the personal data for his own edification, not for any profit, it would be all right?
Of course there is a difference between "stealing music" (which is deliberately made public, just not _too_ public) and "stealing data" (which is more or less private, modulo the fact that Acxiom themselves are kind of sleazy even having it).
My little troll was just to point out what I consider to be a hypocritical, but frequent, argument in other threads, that "stealing music" isn't stealing because your copy isn't diminished. There may be reasons why copyright infringement is a different violation from physical property theft, but nobody ever seemed to correct those in this thread who referred to this as "theft of data".
As many slashdot readers will be sure to point out, this isn't theft. Like music pulled off Kazaa, Acxiom still has the original data, and their use of it is not diminished by this guy having a copy.
When you look at the time scales you're discussing, yes, the first man on the moon or Mars will be far more important than the miscellaneous wars, political campaigns, the Internet, etc.
However, from that distance, whether we get to Mars today, or twenty years from now, makes no difference. I see no reason to rush to space so that schoolchildren in 12004 can learn that the first steps on Mars were taken in 2010 rather than 2020. Not at a cost of ignoring those wars and other conflicts that affect people today, in 2010, and in 2020.
Let us proceed, by all means: there is much to learn from space, and there's no reason to put every single dollar towards immediate goals. But we should spend the most on today, some on tomorrow, and a bit on years from now. The billions it would cost to put somebody on Mars strike me as "a lot on years from now", which is injudicious.
Funny; I'd rather scrap the Man on Mars mission and spend the money on science (as opposed to engineering.)
Not that a man (or woman) on Mars wouldn't be unbearably cool, and certainly capable of doing some great science (a human could walk from crater to crater in hours, not months), but the cost is astronomical (pardon the pun). We put two rovers on Mars for less than a hundred million; people on Mars would cost tens of billions.
Of course if they were talking about sending _me_ to Mars I'd feel differently; I'd love to go. But I don't get real vicarious thrills watching somebody else go, so I'd rather spend the money more carefully.
Western economics says that you get paid based not on how hard you work, but on how much people want you to do that work, and how hard it is to get. Burger-flippers get minimum wage because anybody can flip burgers. (I've done it, and it's damned hard work.) Baseball players get millions of dollars because fans pay millions of dollars to sit in seats and watch them play, but only for the best select few. That's just supply-and-demand economics.
And in a way, that's exactly the way it works for artists like painters: they create a painting, "the world" buys it (that is, they hold an auction and the one who wants it most pays that price), and he now gets to do with it whatever he wants. Usually, he doesn't give out free copies, but he could if he wanted. (Actually, it gets a bit complicated legally there, but that's kind of bogus. Even at that, copies of a painting are different things from the painting itself, unlike digital copies of a record.)
The musical artists would love it if the world got together and said, "Some of us like that album. We'd like for you to give it to the world, for us to copy freely and do what we want, and altogether we'll give you ten thousand bucks for it." The bargain would be struck, economics satisfied.
In practice, the world doesn't get together to do that. Nor even do the album's "fans", since it's hard to have fans for an album which still belongs solely to its creators. So we do it by proxy: the record company takes a risk and agrees to buy the album and sell copies. They could buy it outright up front, just like the plumber or the nurse, paid by the job. But they'd rather shift the risk around a bit: we'll buy the album and distribute it, and give you some of each copy we sell.
That works, except it requires that the only ones copying it are the record companies; they're the proxy for the band, and the band hasn't been fully paid yet. That worked great when it took a big record-pressing machine to duplicate an album; it doesn't work when anybody can duplicate it.
So in the upshot: certain kinds of artists are paid by the job: painters, stage actors [like myself], concert musicians. Just like regular people. But people whose work is easily duplicated (authors [like me], programmers [again, like me], and recording musicians) spread the risk around a bit, trying to charge each and every person who's interested a piece of the work, because the work can be sold to far more people, and not just people who were there for the original event. You can't re-use the work of a plumber or a burger-flipper, but you can for a record artists. That's why there's a difference.
In effect, you do sell it to the world: each person who actually wants it gets to pay a piece. So you don't quite get paid continuously: at most you sell one copy to each person in the world. But it comes down to the economics: you get paid not for how hard you worked, but on how much the world wants it.
As a programmer I work far less hard than I ever did as a burger flipper and get paid orders-of-magnitude more. Is that fair? Depends on your definition of "fair". Certainly not Marx's definition; certainly Adam Smith's. I'll not take sides on that argument.
Their comment did seem a bit flip to me. The question before us is not "how do TMBG make enough money to eat?" but "how do we set up an economic system such that artists in general can be paid fairly for their work?"
If I ever ceased to be able to design secure networks, I doubt the company would keep me onbaord and pay me a per packet royality.
True. But I suspect that if everybody went out and duplicated your exact network configuration and therefore you found your services less required, you'd go out seeking another way to get paid other than by the job.
Obviously the metaphor doesn't quite hold: your months of effort to design a network usually can't be trivially duplicated, because everybody's network is different. A band puts in roughly the same effort into an album, but everybody wants pretty much the identical album. (They're unlikely to be paid again because somebody wants roughly the same song but with more cowbell.)
"Trojan" also implies that the program is disguised as something the user wants. I first saw it applied to programs uploaded to bulletin boards as games or utilities, and they often actually served those purposes in addition to the malware payload.
I suppose that matches this case, but man, what kind of a fool does the user have to be to take software from an unsolicited email? At least with a BBS you were fooled into inviting the software in. I'd like a separate category for programs that are obviously malicious and are run only by the dumbest users (or by smart users who are momentarily careless; I've seen those, too).
Wow. That really sucks. If I were Comcast, anybody who asks for port 25 to be opened is either a code jockey type, in which case you should open it, or the world's most brazen spammer, in which case he should be arrested.
So tell 'em you've upgraded your operating system (true enough) and hopefully whatever typo screwed you in the first place won't happen again.
The flaw certainly affected Firefox, but given that it also affected things like Microsoft Word, was Firefox itself necessarily targeted? That is, did the guy who came up with the exploit have Firefox in mind?
The difference may seem irrelevant, but if Firefox wasn't targeted, it means that the evil will of the cracker community has not yet been turned to finding the bugs in Firefox the way that they have in IE. I'm pretty sure Firefox will fare better than IE did, but when you've got so much effort aimed at a product, and with the source available, they will find any easily-findable bugs.
If they did target Firefox, then we begin to have some idea how many security bugs there really are in Firefox, by seeing the rate at which new exploits appear. Thus far, the answer is "quite slow", and I hope that's because people are targeting it and failing.
There are ways to do remote authentication, using time-based hashes. Example:
The server challenges you with a problem for which it will only accept an answer for (say) sixty seconds. That problem can be solved quickly only using the biometric info (for example, a large composite number one of whose factors is a hash of the fingerprint data). It can be solved via brute force eventually, but you set the time limit low.
An even easier way, for example, is to give every user a public-private key pair, and keep the private key on a USB keychain locked biometrically. The biometric authentication is remote, and then securely drives other authentication.
Public-private key comms are considered pretty secure. They're still vulnerable to simply being subverted (as Mitnick often did, by getting physical access or having people tell him passwords) but the comms themselves are fairly secure as long as security procedures are followed.
But you're absolutely right about the inability to change biometric info. Current techniques are subject to all sorts of hacks, because much of your biometric info is rather public. You don't go leaving your password on every object you touch, as you do with fingerprints.
Biometrics combined with passwords may be more secure than passwords alone, or at least as secure, but that opens up a new era of social engineering, where people consider their passwords to be less important since they have the biometric backup.
So I'm dubious, but I think I'd be happy with passwords on a biometric and password-protected keychain. It's not totally secure, but you need to do three things to hack in to me: steal my keychain, fake my biometrics, and guess my password. If I lose the keychain, I can change my public and private keys, and the theft of my biometrics becomes meaningless. You can hack all that stuff in the meantime, but I should have enough time to get there before you do.
It's a pain in the ass: One's public/private key pair becomes one's identity, and changing it means changing identity. You have to go to your bank, your friends, your favorite web sites, etc. and convince them that the guy formerly identifying himself via pair X is now using pair Y. It's a bit like the mess when you change email accounts, with the added bonus of lots more infrastructure to change.
Like baseball, I've always assumed that the length of a cricket match was one of the beloved features to its devotees. As baseball fanatic George Will has pointed out, baseball is the only major team sport without a clock.
If you cut a baseball game to its "highlights", you're really missing the game. I assume it must be the same way in cricket. It's gotta be, because the game utterly baffles me.
Good point. I'll be a lot more comfortable recommending Firefox when it's no longer classified as a "technology preview". I am comfortable upgrading my software every few weeks, but many users are perfectly content with what they have. I'll install version 1.0, or more likely 1.02, for non-geek users, and it'll make them happy for a long, long time.
Me, I've been using Firefox since it was Phoenix, and there are still copies of Phoenix running around my computer somewhere (since one of the things it lacked at the time was an uninstaller, and I'd always add the new system without deleting the old one on the off chance the new one was worse.)
When your sample size is large enough, your error margin gets vanishingly small. They can look at the logs of important web sites and see what browsers are hitting them; that way they can "survey" a million users, which makes the sampling error.1%. And they number is probably more like 10 million.
That assumes, of course, that their methodology for picking users is correct. If last month they chose MSN.com, and this month they swapped it out for slashdot, that would skew their results far more than the sampling error would. But methodological errors are hard to put error bars on.
I don't use Adblock because I'm perfectly content to let the ads be there, as long as they're not too intrusive. It's my minimal way of paying for sites (like Slashdot) that use advertising to support a service I really like.
Mind you, I don't have Flash loaded, and I have moving gifs set to repeat only once (a spiffy extension called Things They Left Out). So the ads aren't nearly as intrusive as they might be.
I'd even click through an ad, if it were well done (I don't want to reward obnoxious ads) and it were something I was looking for. Google ads sometimes fall into that category (especially since they're text-only).
I dunno if sites can detect users who aren't downloading the ads, but I suspect they can get a rough count by looking at their logs (and seeing how many page views don't match up with ad downloads). If that drives down the price of ads, which then drives the sites out of business, I'd be unhappy.
When the Fellowship extended edition came out, Peter Jackson was pretty clear: the real movie is the one you saw in the theater, and this is just the version with extra stuff for the squeeing fanboys/girls. The new material was interesting, but it generally didn't add much to the story.
When The Two Towers came out, I heard no such explanation from Jackson. Many important scenes were left out of the theatrical release, including a scene that gave crucial backstory to Jackson's radically different interpretation of Faramir. (His Faramir was potentially more interesting than the goody-two-shoes in the book, but without that scene, he was just a jerk.)
Now, to my tastes, the battle scenes in TTT went on a bit too long, and I would have edited the movie somewhat differently, losing some stuff and adding much of what was cut. Regardless, Return of the King makes more sense if you've seen the extended Two Towers.
It's my impression that he'd agree with you. He was only considering government-funded manned space flight. I think he's saying that if private individuals wish to go, they're likely to find that it won't repay their investment, except in the ego-fulfillment sense. As many slashdotters have said so far, that's more than enough for them.
Government spaceflight is likely to be the most important spaceflight for a long time to come. For around $20m, Scaled Composites solved roughly half the problem of getting to orbit; they could probably get there for another $20m. From there, it's maybe another $20m to get people to geosynchronous orbit, and $Xm to build a station there, and $Ym to get to the moon from there. X and Y are large numbers. Maybe they could do it for another $20m each, but I'd guess closer to $100m, or even more than that. That's still a couple of orders of magnitude less than it cost NASA, but NASA serves many masters and it's amazing how much that costs.
My point is that it's going to be really, really expensive, and his point is that the financial returns are likely to be really, really low, and the scientific returns low as well. As you say, "That's [a private investor's] choice to make." He's betting none will, because they won't find it worth the effort, not for that kind of money.
But hey, if any of the numerous slashdotters who have posted in favor of private spaceflight pull a Carmack [that is, get rich writing software and then decide to spend a lot of money getting into space], more power to ya, buddy.
Who knows? Scaled Composites thinks they can make their money back on space tourism on a simple up-and-down flight for a six-figure sum. Maybe orbit would get them seven figures, and they'd find enough people to take it to pay for that as well. Beyond that..., well, there aren't many people who even have eight figures, much less willing to blow them on a space flight no matter what the duration. But I can't prove it won't happen.
That was pretty much my impression, too. I'm kinda hoping that when this hits Science News it'll have the the right photo. Except that I don't really know all that much about fish, and if they were to put a picture of a trout with a scale showing "7 mm" next to it I'd probably believe them.
The article has zero information about the computers involved. Were they older machines? Did they have uncommon hardware? Or impolite drivers?
60% failure does seem unlikely to me. Microsoft presumably does at least some internal testing, and they're not going to release it if that many machines are going to be problematic (even a "release candidate").
The wide array of hardware Windows accepts must be a huge nightmare for Microsoft. I begin to understand why Apple wants to be the only ones who make Macintosh-compatible computers.
Bingo. Two-way communication is probably centuries off, either due to comms lag or the time it will take to discover the sci-fi advance that will cut out the time lag.
But that's largely irrelevant. The philosophical, social, and theological implications have an immediate, massive impact. Hell, even discovering some sort of microbe on Mars would be a massive advance from "here is the only place in the universe with life" to "there's something out there".
I believe most Slashdotters have no particular desire to hold up humans as the center of the universe, and would be thrilled to know that life could happen elsewhere. But many others would be less than thrilled. Even among Slashdotters there is the occasional creationist (or very sincere troll) who I suspect would be rather put out to know that God neglected to inform them that He created life more than once in the universe. Just yesterday I saw somebody claiming that evolution makes no testable predictions. It does: one is that life should exist elsewhere in the universe. It's not a terribly falsifiable hypothesis, but we could at least put error bars on it.
Even a single data additional data point would double the number of known places where life could evolve, which would greatly improve the precision of the calculations in the Drake Equation (which has error bars measured in orders-of-magnitude). We'd know a lot more about just how lonely the universe is, how fast civilizations evolve, and how quickly they decline.
Compared to all that, intelligible communications would be just the icing on the cake. Sweet icing indeed: even a single translated intercept would give us our first look at the syntax of a mind without human builtin structures, not to mention the semantic and semiotic implications.
But to me, I'd be satisfied just knowing that they're there.
Reading the abstract, it struck me as odd that this didn't seem to involve computers in any way. Computers are Microsoft's business, after all.
You have to read way down to figure out that the part they're really patenting isn't the incentive system itself but the automated response gathering systems, over the web and over email.
There are even some bits I'd I'd consider non-obvious, like localizing the prize by inserting the "there's a quiz coming up" signal further downstream.
It's all got in mind the idea of a Web+TV terminal like (for example) Microsoft's WebTV. Claim 1 is definitely overbroad, but I'm not aware of prior art for many of the other ideas.
In other words, as long as the guy was pulling the personal data for his own edification, not for any profit, it would be all right?
Of course there is a difference between "stealing music" (which is deliberately made public, just not _too_ public) and "stealing data" (which is more or less private, modulo the fact that Acxiom themselves are kind of sleazy even having it).
My little troll was just to point out what I consider to be a hypocritical, but frequent, argument in other threads, that "stealing music" isn't stealing because your copy isn't diminished. There may be reasons why copyright infringement is a different violation from physical property theft, but nobody ever seemed to correct those in this thread who referred to this as "theft of data".
As many slashdot readers will be sure to point out, this isn't theft. Like music pulled off Kazaa, Acxiom still has the original data, and their use of it is not diminished by this guy having a copy.
You are correct about the figures. I had $80 million in my head but I had misplaced the decimal point. Thank you.
When you look at the time scales you're discussing, yes, the first man on the moon or Mars will be far more important than the miscellaneous wars, political campaigns, the Internet, etc.
However, from that distance, whether we get to Mars today, or twenty years from now, makes no difference. I see no reason to rush to space so that schoolchildren in 12004 can learn that the first steps on Mars were taken in 2010 rather than 2020. Not at a cost of ignoring those wars and other conflicts that affect people today, in 2010, and in 2020.
Let us proceed, by all means: there is much to learn from space, and there's no reason to put every single dollar towards immediate goals. But we should spend the most on today, some on tomorrow, and a bit on years from now. The billions it would cost to put somebody on Mars strike me as "a lot on years from now", which is injudicious.
Funny; I'd rather scrap the Man on Mars mission and spend the money on science (as opposed to engineering.)
Not that a man (or woman) on Mars wouldn't be unbearably cool, and certainly capable of doing some great science (a human could walk from crater to crater in hours, not months), but the cost is astronomical (pardon the pun). We put two rovers on Mars for less than a hundred million; people on Mars would cost tens of billions.
Of course if they were talking about sending _me_ to Mars I'd feel differently; I'd love to go. But I don't get real vicarious thrills watching somebody else go, so I'd rather spend the money more carefully.
Western economics says that you get paid based not on how hard you work, but on how much people want you to do that work, and how hard it is to get. Burger-flippers get minimum wage because anybody can flip burgers. (I've done it, and it's damned hard work.) Baseball players get millions of dollars because fans pay millions of dollars to sit in seats and watch them play, but only for the best select few. That's just supply-and-demand economics.
And in a way, that's exactly the way it works for artists like painters: they create a painting, "the world" buys it (that is, they hold an auction and the one who wants it most pays that price), and he now gets to do with it whatever he wants. Usually, he doesn't give out free copies, but he could if he wanted. (Actually, it gets a bit complicated legally there, but that's kind of bogus. Even at that, copies of a painting are different things from the painting itself, unlike digital copies of a record.)
The musical artists would love it if the world got together and said, "Some of us like that album. We'd like for you to give it to the world, for us to copy freely and do what we want, and altogether we'll give you ten thousand bucks for it." The bargain would be struck, economics satisfied.
In practice, the world doesn't get together to do that. Nor even do the album's "fans", since it's hard to have fans for an album which still belongs solely to its creators. So we do it by proxy: the record company takes a risk and agrees to buy the album and sell copies. They could buy it outright up front, just like the plumber or the nurse, paid by the job. But they'd rather shift the risk around a bit: we'll buy the album and distribute it, and give you some of each copy we sell.
That works, except it requires that the only ones copying it are the record companies; they're the proxy for the band, and the band hasn't been fully paid yet. That worked great when it took a big record-pressing machine to duplicate an album; it doesn't work when anybody can duplicate it.
So in the upshot: certain kinds of artists are paid by the job: painters, stage actors [like myself], concert musicians. Just like regular people. But people whose work is easily duplicated (authors [like me], programmers [again, like me], and recording musicians) spread the risk around a bit, trying to charge each and every person who's interested a piece of the work, because the work can be sold to far more people, and not just people who were there for the original event. You can't re-use the work of a plumber or a burger-flipper, but you can for a record artists. That's why there's a difference.
In effect, you do sell it to the world: each person who actually wants it gets to pay a piece. So you don't quite get paid continuously: at most you sell one copy to each person in the world. But it comes down to the economics: you get paid not for how hard you worked, but on how much the world wants it.
As a programmer I work far less hard than I ever did as a burger flipper and get paid orders-of-magnitude more. Is that fair? Depends on your definition of "fair". Certainly not Marx's definition; certainly Adam Smith's. I'll not take sides on that argument.
Their comment did seem a bit flip to me. The question before us is not "how do TMBG make enough money to eat?" but "how do we set up an economic system such that artists in general can be paid fairly for their work?"
If I ever ceased to be able to design secure networks, I doubt the company would keep me onbaord and pay me a per packet royality.
True. But I suspect that if everybody went out and duplicated your exact network configuration and therefore you found your services less required, you'd go out seeking another way to get paid other than by the job.
Obviously the metaphor doesn't quite hold: your months of effort to design a network usually can't be trivially duplicated, because everybody's network is different. A band puts in roughly the same effort into an album, but everybody wants pretty much the identical album. (They're unlikely to be paid again because somebody wants roughly the same song but with more cowbell.)
The article begins, "I doubt it's possible to get a definitive answer".
I doubt it's possible to get a meaningful answer. Yeah, yeah, I know, it's supposed to be funny.
You wouldn't rather just download it for free off Kazaa?
Whoops, wrong thread.
"Trojan" also implies that the program is disguised as something the user wants. I first saw it applied to programs uploaded to bulletin boards as games or utilities, and they often actually served those purposes in addition to the malware payload.
I suppose that matches this case, but man, what kind of a fool does the user have to be to take software from an unsolicited email? At least with a BBS you were fooled into inviting the software in. I'd like a separate category for programs that are obviously malicious and are run only by the dumbest users (or by smart users who are momentarily careless; I've seen those, too).
That research was already done. Complete with pictures of dropped cats. These guys are just taking advantage of the previous research.
Wow. That really sucks. If I were Comcast, anybody who asks for port 25 to be opened is either a code jockey type, in which case you should open it, or the world's most brazen spammer, in which case he should be arrested.
So tell 'em you've upgraded your operating system (true enough) and hopefully whatever typo screwed you in the first place won't happen again.
The flaw certainly affected Firefox, but given that it also affected things like Microsoft Word, was Firefox itself necessarily targeted? That is, did the guy who came up with the exploit have Firefox in mind?
The difference may seem irrelevant, but if Firefox wasn't targeted, it means that the evil will of the cracker community has not yet been turned to finding the bugs in Firefox the way that they have in IE. I'm pretty sure Firefox will fare better than IE did, but when you've got so much effort aimed at a product, and with the source available, they will find any easily-findable bugs.
If they did target Firefox, then we begin to have some idea how many security bugs there really are in Firefox, by seeing the rate at which new exploits appear. Thus far, the answer is "quite slow", and I hope that's because people are targeting it and failing.
There are ways to do remote authentication, using time-based hashes. Example:
The server challenges you with a problem for which it will only accept an answer for (say) sixty seconds. That problem can be solved quickly only using the biometric info (for example, a large composite number one of whose factors is a hash of the fingerprint data). It can be solved via brute force eventually, but you set the time limit low.
An even easier way, for example, is to give every user a public-private key pair, and keep the private key on a USB keychain locked biometrically. The biometric authentication is remote, and then securely drives other authentication.
Public-private key comms are considered pretty secure. They're still vulnerable to simply being subverted (as Mitnick often did, by getting physical access or having people tell him passwords) but the comms themselves are fairly secure as long as security procedures are followed.
But you're absolutely right about the inability to change biometric info. Current techniques are subject to all sorts of hacks, because much of your biometric info is rather public. You don't go leaving your password on every object you touch, as you do with fingerprints.
Biometrics combined with passwords may be more secure than passwords alone, or at least as secure, but that opens up a new era of social engineering, where people consider their passwords to be less important since they have the biometric backup.
So I'm dubious, but I think I'd be happy with passwords on a biometric and password-protected keychain. It's not totally secure, but you need to do three things to hack in to me: steal my keychain, fake my biometrics, and guess my password. If I lose the keychain, I can change my public and private keys, and the theft of my biometrics becomes meaningless. You can hack all that stuff in the meantime, but I should have enough time to get there before you do.
It's a pain in the ass: One's public/private key pair becomes one's identity, and changing it means changing identity. You have to go to your bank, your friends, your favorite web sites, etc. and convince them that the guy formerly identifying himself via pair X is now using pair Y. It's a bit like the mess when you change email accounts, with the added bonus of lots more infrastructure to change.
Like baseball, I've always assumed that the length of a cricket match was one of the beloved features to its devotees. As baseball fanatic George Will has pointed out, baseball is the only major team sport without a clock.
If you cut a baseball game to its "highlights", you're really missing the game. I assume it must be the same way in cricket. It's gotta be, because the game utterly baffles me.
Good point. I'll be a lot more comfortable recommending Firefox when it's no longer classified as a "technology preview". I am comfortable upgrading my software every few weeks, but many users are perfectly content with what they have. I'll install version 1.0, or more likely 1.02, for non-geek users, and it'll make them happy for a long, long time.
Me, I've been using Firefox since it was Phoenix, and there are still copies of Phoenix running around my computer somewhere (since one of the things it lacked at the time was an uninstaller, and I'd always add the new system without deleting the old one on the off chance the new one was worse.)
When your sample size is large enough, your error margin gets vanishingly small. They can look at the logs of important web sites and see what browsers are hitting them; that way they can "survey" a million users, which makes the sampling error .1%. And they number is probably more like 10 million.
That assumes, of course, that their methodology for picking users is correct. If last month they chose MSN.com, and this month they swapped it out for slashdot, that would skew their results far more than the sampling error would. But methodological errors are hard to put error bars on.
I don't use Adblock because I'm perfectly content to let the ads be there, as long as they're not too intrusive. It's my minimal way of paying for sites (like Slashdot) that use advertising to support a service I really like.
Mind you, I don't have Flash loaded, and I have moving gifs set to repeat only once (a spiffy extension called Things They Left Out). So the ads aren't nearly as intrusive as they might be.
I'd even click through an ad, if it were well done (I don't want to reward obnoxious ads) and it were something I was looking for. Google ads sometimes fall into that category (especially since they're text-only).
I dunno if sites can detect users who aren't downloading the ads, but I suspect they can get a rough count by looking at their logs (and seeing how many page views don't match up with ad downloads). If that drives down the price of ads, which then drives the sites out of business, I'd be unhappy.
When the Fellowship extended edition came out, Peter Jackson was pretty clear: the real movie is the one you saw in the theater, and this is just the version with extra stuff for the squeeing fanboys/girls. The new material was interesting, but it generally didn't add much to the story.
When The Two Towers came out, I heard no such explanation from Jackson. Many important scenes were left out of the theatrical release, including a scene that gave crucial backstory to Jackson's radically different interpretation of Faramir. (His Faramir was potentially more interesting than the goody-two-shoes in the book, but without that scene, he was just a jerk.)
Now, to my tastes, the battle scenes in TTT went on a bit too long, and I would have edited the movie somewhat differently, losing some stuff and adding much of what was cut. Regardless, Return of the King makes more sense if you've seen the extended Two Towers.