There was an interview with one of the directors a while back in which he basically confirmed my worst fears about the show - that they filmed things without knowing where they were going in the plot and then made up storyline for them later.
Now, I can understand it would be difficult to write a series without knowing exactly when it would end (in which season)... but come on... A lot of people wasted a lot of time watching this and they deserved better.
How about being able to access the track description in the iPod app? The "best iPod" is lacking the most basic functionality of the first iPods.
Does anyone actually use their iPhone to list to podcasts? Why isn't anyone else complaining about this? Gee, I could listen to "NPR Fresh Air 03-09" or "NPR Fresh Air 03-10"... I think 09 sounds more interesting than 10 doesn't it? I'm sure glad I can't find out what it's actually about... because that might mess up the beauty of the interface somehow.
People give references, not, in general, companies... Give the new employer the names of non-crazy people you worked with.
The most a company would likely ever give out officially would be an acknowledgment that you worked there at a certain time. There would be all kinds of legal consequences to them bad mouthing you.
If your new employer is ok with it, offer to consult with them freelance after you leave for a decent rate. Else, forget 'em.
The attacks that he presented in the talk boil down to the following:
0) There used to be an egregious bug in certificate verification that blew up everything (you could create certs for whatever you want). That's been fixed in most cases and so he moves on.
1) For everything that follows you need to get into a position to do a MITM (man in the middle) attack. He claims that this is really easy via ARP spoofing, etc.
2) You exploit the fact that most secure sites either redirect from unsecure (http) servers or blatantly start from an unsecure page and post login over https from there. Since you are a MITM you just rewrite the pages to strip out the https.
Most of his talk is about #2, which I agree is serious, but basically obvious stuff stemming from being a MITM.
3) He discusses ways to make #2 appear more secure to the user by:
a) putting up fake lock icons on the page b) using international domain name lookalikes to put up your own https secured fake sites c) using a nasty IDN lookalike for https:/// that lets you shove the true domain name off the address bar.
Point a is blah.
Point b seems to have been taken care of to some extent in Firefox by not displaying international character sets for some domains like.com.
Point c looks *really* nasty but seems to have obvious fixes in the browser. i.e. stop displaying things that look like http(s):// as part of a subdomain.
People asked many questions at the end: About half just missed the point that you're a MITM and can rewrite anything the site puts in the page. The other half wanted new kinds of auth mechanisms supported either by DNS or the sites. The speaker points out that as long as not all sites implement the new features client browsers can't rely on them and can't even "test" for them properly because of DOS attacks.
Basically it sounds like the only solution is browser side list of sites that you should only hit via https.
Twitter stated that they simply did not plan ahead for the popularity of their service. Period. That is not the fault of the platform they use.
Not knowing the future is pretty much the rule, not the exception. If the framework or the way they employed it can't hold up to unexpected changes then that's a problem. Twitter has been around for a while now. I suspect that they knew they were getting popular. I don't know the true story, but if they are having a lot of down time they are probably doing something wrong.
Tools are tools. Maybe a rapid prototyping environment doesn't yield the most maintainable or re-purposable code. Or maybe it's fine and they just made bad choices. Or maybe it was just bad luck:)
It's a matter of taste... I had exactly the opposite experience. Moving from Palms with chicklet keys to the iPhone took a little getting used to, but I'd never go back. With touch you get bigger buttons that adapt to what you're doing and you don't take any real estate away from the screen.
I have an ssh app for the iPhone that I use to check in on servers... It puts up a semi-transparent keyboard over the screen so that I can type and read at the same time. There are advantages to "soft" keyboards.
So, logically static profiling plus dynamic profiling yields even better results, right? Java and similar languages do have a compiler you know:) But they can also do things that you cannot do in a purely static environment. For example, the hotspot VM can dynamically inline method calls that might end up being virtual and then un-unline them later if needed. Also, it's called "hot spot" because the point of the profiling is to spend the time where it's useful... not everywhere. And you can't necessarily divine statically where that will be. That's the whole point of the PGO pass the article discussed... you have to run the code to understand what is calling what and juggle resources accordingly. There is no simple static "best" answer. And so, again, this is where Java and similar languages have a performance advantage over purely static languages - they get the benefits of both static and dynamic analysis.
Just wanted to point out that this is the advantage that Java and other runtime profiling languages have over purely statically compiled code. The more information you have the more you can do.
It must be hard to get excited about learning electronics these days. When I was building stuff in high school (late 80's) part of the fun was that I could make things that I couldn't readily go out and buy... or that didn't exist. A little later with an early micro-controller I could put a computer in a tiny box and build brains into anything I wanted... something new.
Now everything's been pushed down a level and this project almost seems more like an exercise than a real project... It makes me kind of sad to think that my son (should he have any interest) probably won't enjoy actually building anything physical... at least not in this way.
Who knows, maybe desktop fabrication machines will open a whole new world of building and designing... Just sad to note the passing of this kind of stuff.
I've had good luck for years with my RAID 5 setup, but it's just too complicated and too proprietary... It has too many moving parts (literally). Obviously if cost allows we'd rather have a RAID-1 (simply mirror) ZFS pool with a couple of SSDs... And if they are really cheap you could rotate one out as an off-site backup. I think this setup would also allow you to easily upgrade storage size by dropping in larger drives.
Of course you can do the above with regular disks... just stating my ideal situation.
Of course I don't know anything about the long term storage of flash/SSD tech, but presumably you'd just keep this chain going continually and maybe throw the old disks in a box somewhere for extra protection.
Imagine what it'll be like in 20 years-- anything other than NTSC, PAL, or SECAM will be effectively extinct.
Well, there aren't *that* many standards that are really in consumers hands. I suspect that in 20 years we'll still have VLC or its successor and that developers will dutifully create or recreate codecs for virtually every video format that has ever existed.
Look at people digging through ROMs of old video games and creating emulators... There is a bigger market for recovering old video, I suspect.
Every hour of video I take on my Sony HD camera consumes 8GB. You can easily eat up a few hundred gigs a year if you have a kid:)
Fortunately two things are working in our favor - HD video codecs are pushing the file size *down* as the storage price drop exponentially. e.g. a raw DV stream used to be 13GB / hour... worse than the 8GB for an HD stream today.
You can also now get a 1TB disk for $100.
What I'm really waiting for is for 1TB of SSD in a raid-1 configuration for a few hundred dollars... I really don't want to lose all of our photos and home video due to a lame raid.
Oh, and beware of most cheap raid solutions out there right now. If they don't do disk scrubbing (parity checks or checksums like ZFS) then you really don't know if your data is safe.
Perhaps the Japanese will enjoy being able to find their destinations so much that the culture will change.
As I recall, people used to be really irritated by others talking on cell phones in public areas, even when there was no rational difference between that and any other conversation in earshot. You don't really hear about that grievance any more. Why? I think it's because almost *everyone* has a cell phone now and it doesn't really draw attention the way it once did. People got used to it.
The Japanese will get used to having good maps. Or they'll do something about it and have bad maps. It's really up to them:)
The effect of a small force integrated over years and a few billion miles produces a significant effect. In this case a relatively small deflection gets magnified by the 2029 flyby. In this case it's not a small force integrated over years but a small force integrated over the fraction of a second of the impact with a satellite. And while surely even a tiny change in course could lead to a large change over the long period of its orbit, what makes us think that there would not be hundreds or thousands of impacts of equal or greater significance during that period? I applaud the kid for thinking about this but I think the error bars on this one are more significant than calculation.
It's much more intuitive if you consider a lot of doors and condense the guessing. Say there are a million doors. You choose one. Now Monty offers to open 999,998 other doors, leaving only your door and one other. Now, clearly your odds of picking the right door on the first try were 1 in a million... but Monty has eliminated a bunch of choices for you and that other door is now almost certainly the correct choice... It's now a 1 in a million chance that it's *not* the other door.
Here in St. Louis AT&T was granted the rights to deploy city wide wifi, without any bidding process that I'm aware of. This week they announced unceremoniously that they are canceling the project because they didn't realize that the street lamps only receive power at night and it would be too expensive to work around that. It would be funny if it weren't true.
First, most of the desktop (and non-desktop) development going on in the world is stuff that you do not see. It's going on inside businesses for their own use. And as a rule it's overwhelmingly Java and now.NET.
Second - What makes you think that you can optimize anything better than a compiler, much less one that profiles your application *as it runs* and makes adjustments on the fly? This has been proven over and over again - Java's garbage collection is in most cases *faster* than hand coded garbage collection. How is that possible? Because Java has more *information* about what is going on at runtime than you do at compile time. It can put very very short lived objects on a special part of the heap, it can do all kinds of things that you cannot do statically.
There are many reasons that Java and now.NET haven't yet taken over the traditional desktop app share yet. But they are not about raw performance and haven't been for many years.
Pat Niemeyer Author of Learning Java, O'Reilly & Associates
The most compelling use for LiveScript at the time was that you could interact with Applets and plugins in the page... Hence the overexcited name change.
I was just pointing out the absurdity that web content could have had a really solid programming model underpinning it - Java or something like Java. But this was not in Microsoft's best interest and didn't make Sun much money on the client side, so we all lost out.
I have nothing against scripting languages in general;)
So the world had this great language designed to run on small devices and it was perfect for the web... Microsoft poisoned it and Sun dropped the ball. So now we're imitating real applications in a scripting language that was intended to serve as glue for the real language.
How can they make money from you using your phone?
How can a cafe make money from you using your computer? Put a micro-cell on the plane and charge you to use it. Perhaps this would mitigate the risk if phones put out lower power to communicate with the "tower". Or perhaps VOIP from mobile phones will be more common at some point and it will be over IP over Wifi or something like that. You know it's going to happen at some point... and it will involve some infrastructure in the plane, which will be safe.
In the mean time, if the phones could really cause a disaster, it's not good enough to simply say "don't use them". You don't give random people the power to endanger the plane. Maybe AU has it right? I'm not arguing that point... I'm saying the voluntary usage ban is not a good solution.
Slashdot Mirror
isn't this what NASA wanted? publicity?
Give him the name and we may keep paying attention.
What's the difference to you if you go to the guillotine vs being burned alive... you end up dead either way, right? Tell the guards to surprise you.
There was an interview with one of the directors a while back in which he basically confirmed my worst fears about the show - that they filmed things without knowing where they were going in the plot and then made up storyline for them later.
Now, I can understand it would be difficult to write a series without knowing exactly when it would end (in which season)... but come on... A lot of people wasted a lot of time watching this and they deserved better.
Why wouldn't Adama live with his son (family) in the new civilization? To me this was more ridiculous than Kara disappearing.
How about being able to access the track description in the iPod app? The "best iPod" is lacking the most basic functionality of the first iPods.
Does anyone actually use their iPhone to list to podcasts? Why isn't anyone else complaining about this? Gee, I could listen to "NPR Fresh Air 03-09" or "NPR Fresh Air 03-10"... I think 09 sounds more interesting than 10 doesn't it? I'm sure glad I can't find out what it's actually about... because that might mess up the beauty of the interface somehow.
Arg!
People give references, not, in general, companies... Give the new employer the names of non-crazy people you worked with.
The most a company would likely ever give out officially would be an acknowledgment that you worked there at a certain time. There would be all kinds of legal consequences to them bad mouthing you.
If your new employer is ok with it, offer to consult with them freelance after you leave for a decent rate. Else, forget 'em.
The attacks that he presented in the talk boil down to the following:
0) There used to be an egregious bug in certificate verification that blew up everything (you could create certs for whatever you want). That's been fixed in most cases and so he moves on.
1) For everything that follows you need to get into a position to do a MITM (man in the middle) attack. He claims that this is really easy via ARP spoofing, etc.
2) You exploit the fact that most secure sites either redirect from unsecure (http) servers or blatantly start from an unsecure page and post login over https from there. Since you are a MITM you just rewrite the pages to strip out the https.
Most of his talk is about #2, which I agree is serious, but basically obvious stuff stemming from being a MITM.
3) He discusses ways to make #2 appear more secure to the user by:
a) putting up fake lock icons on the page
b) using international domain name lookalikes to put up your own https secured fake sites
c) using a nasty IDN lookalike for https:/// that lets you shove the true domain name off the address bar.
Point a is blah.
Point b seems to have been taken care of to some extent in Firefox by not displaying international character sets for some domains like .com.
Point c looks *really* nasty but seems to have obvious fixes in the browser. i.e. stop displaying things that look like http(s):// as part of a subdomain.
People asked many questions at the end: About half just missed the point that you're a MITM and can rewrite anything the site puts in the page. The other half wanted new kinds of auth mechanisms supported either by DNS or the sites. The speaker points out that as long as not all sites implement the new features client browsers can't rely on them and can't even "test" for them properly because of DOS attacks.
Basically it sounds like the only solution is browser side list of sites that you should only hit via https.
Twitter stated that they simply did not plan ahead for the popularity of their service. Period. That is not the fault of the platform they use.
Not knowing the future is pretty much the rule, not the exception. If the framework or the way they employed it can't hold up to unexpected changes then that's a problem. Twitter has been around for a while now. I suspect that they knew they were getting popular. I don't know the true story, but if they are having a lot of down time they are probably doing something wrong.
Tools are tools. Maybe a rapid prototyping environment doesn't yield the most maintainable or re-purposable code. Or maybe it's fine and they just made bad choices. Or maybe it was just bad luck :)
It's a matter of taste... I had exactly the opposite experience. Moving from Palms with chicklet keys to the iPhone took a little getting used to, but I'd never go back. With touch you get bigger buttons that adapt to what you're doing and you don't take any real estate away from the screen.
I have an ssh app for the iPhone that I use to check in on servers... It puts up a semi-transparent keyboard over the screen so that I can type and read at the same time. There are advantages to "soft" keyboards.
So, logically static profiling plus dynamic profiling yields even better results, right? Java and similar languages do have a compiler you know :) But they can also do things that you cannot do in a purely static environment. For example, the hotspot VM can dynamically inline method calls that might end up being virtual and then un-unline them later if needed. Also, it's called "hot spot" because the point of the profiling is to spend the time where it's useful... not everywhere. And you can't necessarily divine statically where that will be. That's the whole point of the PGO pass the article discussed... you have to run the code to understand what is calling what and juggle resources accordingly. There is no simple static "best" answer. And so, again, this is where Java and similar languages have a performance advantage over purely static languages - they get the benefits of both static and dynamic analysis.
- Pat Niemeyer
Just wanted to point out that this is the advantage that Java and other runtime profiling languages have over purely statically compiled code. The more information you have the more you can do.
It must be hard to get excited about learning electronics these days. When I was building stuff in high school (late 80's) part of the fun was that I could make things that I couldn't readily go out and buy... or that didn't exist. A little later with an early micro-controller I could put a computer in a tiny box and build brains into anything I wanted... something new.
Now everything's been pushed down a level and this project almost seems more like an exercise than a real project... It makes me kind of sad to think that my son (should he have any interest) probably won't enjoy actually building anything physical... at least not in this way.
Who knows, maybe desktop fabrication machines will open a whole new world of building and designing... Just sad to note the passing of this kind of stuff.
Pat
I've had good luck for years with my RAID 5 setup, but it's just too complicated and too proprietary... It has too many moving parts (literally). Obviously if cost allows we'd rather have a RAID-1 (simply mirror) ZFS pool with a couple of SSDs... And if they are really cheap you could rotate one out as an off-site backup. I think this setup would also allow you to easily upgrade storage size by dropping in larger drives.
Of course you can do the above with regular disks... just stating my ideal situation.
Of course I don't know anything about the long term storage of flash /SSD tech, but presumably you'd just keep this chain going continually and maybe throw the old disks in a box somewhere for extra protection.
Imagine what it'll be like in 20 years-- anything other than NTSC, PAL, or SECAM will be effectively extinct.
Well, there aren't *that* many standards that are really in consumers hands. I suspect that in 20 years we'll still have VLC or its successor and that developers will dutifully create or recreate codecs for virtually every video format that has ever existed.
Look at people digging through ROMs of old video games and creating emulators... There is a bigger market for recovering old video, I suspect.
Pat
Every hour of video I take on my Sony HD camera consumes 8GB. You can easily eat up a few hundred gigs a year if you have a kid :)
Fortunately two things are working in our favor - HD video codecs are pushing the file size *down* as the storage price drop exponentially. e.g. a raw DV stream used to be 13GB / hour... worse than the 8GB for an HD stream today.
You can also now get a 1TB disk for $100.
What I'm really waiting for is for 1TB of SSD in a raid-1 configuration for a few hundred dollars... I really don't want to lose all of our photos and home video due to a lame raid.
Oh, and beware of most cheap raid solutions out there right now. If they don't do disk scrubbing (parity checks or checksums like ZFS) then you really don't know if your data is safe.
Pat
"Without open source, Apple will find itself in the same position as today's Microsoft in seven years."
So, they'll have $50B dollars in cash and a near total monopoly? Yah, they'd hate that :)
I'm being facetious, but... I think Apple will do the right thing eventually... after making a lot of money from the iPhone.
- Pat
Perhaps the Japanese will enjoy being able to find their destinations so much that the culture will change.
As I recall, people used to be really irritated by others talking on cell phones in public areas, even when there was no rational difference between that and any other conversation in earshot. You don't really hear about that grievance any more. Why? I think it's because almost *everyone* has a cell phone now and it doesn't really draw attention the way it once did. People got used to it.
The Japanese will get used to having good maps. Or they'll do something about it and have bad maps. It's really up to them :)
Pat
Pat
It's much more intuitive if you consider a lot of doors and condense the guessing. Say there are a million doors. You choose one. Now Monty offers to open 999,998 other doors, leaving only your door and one other. Now, clearly your odds of picking the right door on the first try were 1 in a million... but Monty has eliminated a bunch of choices for you and that other door is now almost certainly the correct choice... It's now a 1 in a million chance that it's *not* the other door.
Pat
Here in St. Louis AT&T was granted the rights to deploy city wide wifi, without any bidding process that I'm aware of. This week they announced unceremoniously that they are canceling the project because they didn't realize that the street lamps only receive power at night and it would be too expensive to work around that. It would be funny if it weren't true.
Pat
First, most of the desktop (and non-desktop) development going on in the world is stuff that you do not see. It's going on inside businesses for their own use. And as a rule it's overwhelmingly Java and now .NET.
.NET haven't yet taken over the traditional desktop app share yet. But they are not about raw performance and haven't been for many years.
Second - What makes you think that you can optimize anything better than a compiler, much less one that profiles your application *as it runs* and makes adjustments on the fly? This has been proven over and over again - Java's garbage collection is in most cases *faster* than hand coded garbage collection. How is that possible? Because Java has more *information* about what is going on at runtime than you do at compile time. It can put very very short lived objects on a special part of the heap, it can do all kinds of things that you cannot do statically.
There are many reasons that Java and now
Pat Niemeyer
Author of Learning Java, O'Reilly & Associates
Why would you choose either the max or the min height as the starting point?
Wouldn't it be more correct to say that the average person is 6 feet with a variation of 2 feet... So, humans vary in height by up to 33%?
Pat
The most compelling use for LiveScript at the time was that you could interact with Applets and plugins in the page... Hence the overexcited name change.
;)
I was just pointing out the absurdity that web content could have had a really solid programming model underpinning it - Java or something like Java. But this was not in Microsoft's best interest and didn't make Sun much money on the client side, so we all lost out.
I have nothing against scripting languages in general
Pat Niemeyer
So the world had this great language designed to run on small devices and it was perfect for the web... Microsoft poisoned it and Sun dropped the ball. So now we're imitating real applications in a scripting language that was intended to serve as glue for the real language.
And now we want to run that on our phones.
Sigh.
Pat Niemeyer
How can a cafe make money from you using your computer? Put a micro-cell on the plane and charge you to use it. Perhaps this would mitigate the risk if phones put out lower power to communicate with the "tower". Or perhaps VOIP from mobile phones will be more common at some point and it will be over IP over Wifi or something like that. You know it's going to happen at some point... and it will involve some infrastructure in the plane, which will be safe.
In the mean time, if the phones could really cause a disaster, it's not good enough to simply say "don't use them". You don't give random people the power to endanger the plane. Maybe AU has it right? I'm not arguing that point... I'm saying the voluntary usage ban is not a good solution.