We got one of their top of the line app-connected fancy front loaders ($1400) 2 years ago. The firmware is absolute crap, for example you can only use a 32 character WPA password (I had to set up another SSID, "Samsung Sucks", with a shorter password just for this thing). They value engineered the processor such that response on the touchscreen controls are laughably slow.
The connected features are 100% marketing fluff, you have to go to the machine and tell it to make a connection to your phone so you can see how long is left in the cycle (but of course you're standing there so you can just look at the machine at that point). As soon as you leave the app (or the phone goes to sleep) you then have to go back and re-authorize the connection on the front panel. 100% worthless as a feature.
The washing part did well until it broke with a cryptic error code that according to the service company means "main motor is toast". Samsung does not stock replacement parts (they are on "permanent backorder") so after 2 years we had to buy another washer. The factory authorized service tech told me there are no spare parts available because these can't be repaired reliably in the field even with the parts, something about how they are assembled in the factory is a one way process that is not reproducible in the field.
The matching dryer fails to boot every 2nd or 3rd time we turn it on so I'm guessing there will be a new one of those in our near term future as well.
Amazingly enough my review of this POS washer on their website was rejected as 'not meeting review guidlines' -- which meant not a 5 star review. That was really just done for a grin, I didn't expect a critical review to make it through their marketing dept interns.
tldr: Samsung sucks. A 2 year old machine is completely unrepairable and is now scrap metal due to lack of parts and value engineering, firmware is crap.
I don't really care if an online identity is provably linkable to a physical identity, just that its secure and when (for example) 'LadyBigMac' posts its trustable that its the same entity that posted with that identity (per service obviously) in the past.
Having additional identity tie ins to help prevent identity theft seems good but shouldn't be required. You'll never know if something someone posted was posted under duress or not anyway, its as useful as security by obscurity when it comes to determining someone's motive/reasoning behind a given communication.
In a current embedded product that is mostly C++ based I'm working on I had the same issue. I wrote a command line interpreter that talks to a telnet client; it works fine, but it was getting painful writing ascii 'reports' for complex classes that were readable. Writing the output via html and letting the browser deal with layout (using nested tables for instance) is close to trivial and makes formatting almost a non task (a little CSS can even dress up an otherwise plain pages).
As to how to do the introspection, there is a library called BFD (part of gnu binutils) that understands how to plug through the debug symbol tables, and in a previous product we did use it for this sort of thing, but IMO its way too painful and not really intended for this sort of use. It ended up being a giant rathole, although we got what we wanted in the end (ability to do a formatted system dump on a saved raw system image using compiler metadata to find the interesting stuff and print it out nicely, think the old unix 'crash' command).
The current product has a few hundred classes that are worth looking at in a running system, I've used the convention that operator<<(std::ostream&, class) will serialize out the class ("programmer visible introspection?") in an easily parsable format, specifically TCL style lists of key/value pairs for each (interesting) field in the object. For aggregated objects (or optionally referenced objects) you output the name of the object in parent class then call operator<< on the child object (... elephants all the way down). Its relatively easy to write these serializers, example:
Boost also has a serialization library that may automate some of this (its fairly new and I haven't looked into it yet).
If you have threads available (we do) and don't mind linking with the TCL library the tclhttpd server is a fairly comprehensive embedded web server that can run in its own thread (using blocking I/O and not getting in the way of any system wide epoll/event loop). TCL scripts are triggered by various urls (it also has an asp/jsp like thing which hasn't been useful in our environment), these TCL scripts suck the serialized version of the object to look at into a TCL associate array ("array set t [xyzStatus]") and then a small hunk of code generates the HTML from stuff in the array. For most classes I just use a short generic routine that makes a table from a TCL array (couple of lines), and understands about sublists, creating a sub-table when it detects an aggregated object. Putting all the generation of HTML in TCL script makes it pretty easy to whip up a page in short order.
There's a fair TCL library that deals with some of the arcana of form generation (which isn't that hard), package html; it has thin but barely adequate docs (if you don't mind reading the code sometimes). Posts are easy to deal with to change debug settings. You can push javascript that talks to the DOM out to the browser to get more dynamic and interactive displays ("AJAX").
On a prior project I had a go at doing this client/server as some have suggested, the overhead of writing RPC for the various classes was somewhat higher than the simple serialization stuff above. The main issue was that changes to displays require a redeployment of the client app on several platforms. While some random developer would be happy to stick some support code in his class and maybe write some TCL scripting to make a web page to talk to it, almost no one was willing to
Scrum worked well for us, but not a cure-all
on
Microsoft Lauds Scrum
·
· Score: 3, Interesting
We used scrum in our development for about a year. Our ~25 developers were already arranged into several groups, each one with a technical lead, we turned each of these teams into a scrum and did the daily meeting. At first the meeting ran long and everyone was frustrated, but eventually we got it down to a short meeting that accomplished the main goals of having everyone in the same room: 1) where are we, 2) where are we going in the next day, and 3) who needs something from someone else.
For us the weakest part of the scrum process ended up being the time tracking (which is really cool in theory and draws pretty pictures for sr mgmt on progress). This isn't due to a fault in the concept, but the nature of our workload. Many of the groups were still heavily into the 'R' side of R&D at this stage, and its very hard to predict what you'll turn up and how much that will cost you when you're still in research and design work. From a mgmt point of view this looked like us slipping daily on the charts, which caused some bad feelings.
Once things moved to implementation and testing in a given group the scrum stuff worked brilliantly. As one of the team leads I generally dislike excessive meeting time (preferring instead more informal 1:1 or 1:n in the hallway or on IRC), but these got short enough and had enough value they were worthwhile.
It really does help to force everyone to think about what they've accomplished in the past day and 'promise' what they expect to accomplish in the next day to their team. We didn't have any real slackers, but just spending the couple of minutes planning out your day enough to tell everyone else what you'd be up to was very beneficial.
Generally the 'what help do I need' part of the meeting was the least useful, as most people would IRC or email around directly (perhaps at the cost of some NMI style distraction) and not really ever come to a meeting needing anything. It was still IMO worthwhile.
Scrum only worked when we could break down implementation into bite sized chunks (no more than 2 days I think is the guideline in the book); at the risk of repeating myself it really didn't work well going into a big problem and trying to work out a plan and design.
I might pay $8-$10 for a movie I want to own (precious few) rather than just watch once or twice; I define ownership as being able to watch it anywhere I want (laptop, DVD players, Buffalo LT in hidef) in at least DVD quality -- in other words, competetive to buying a physical DVD.
My personal issue with this as a business model is I've already filled my DVD changers with all the old movies I'm interested in owning, and its a rare new release that is worth buying given the alternative option of renting (1 view). Since I can rent DVD's for new releases at Redbox for $1/night (an honest $1, w/o any of the traditional blockbuster/hollywood hassles or tricks) that covers most of my families DVD appetite.
I would pay $1 to d/l a DVD quality (in terms of bitrate and DRM) movie for a 1 day use rather than have to physically go out to RedBox, but given how easy Redbox is I wouldn't pay even a modest premium ($2/night) unless there was a blizzard on or something similarly drastic.
I sure wouldn't trust any DRM scheme that dicks with any of my h/w or s/w. Perhaps they could distribute a standalone 'network' DVD burner/player that would d/l and burn a normal DVD (or HD-DVD); its hard to imagine any rube goldberg crap running on a normal system that would be worth anything long term to them w/o having total locked down control of the PC hardware (which isn't an option I would be interested in).
The current DVD standard has a very simple virtual machine with a handful of instructions. The interface this machine has to playing video is very basic, once the 'script' has chosen a title set to play the h/w just plays it (following the sequence of cells/vobs prescribed in the compiled ifo files). It is easy to write programs that can blindly read all the titles off a DVD; no matter what hijinks the Disney people come up with, at the end of the day you still have a nice standard titleset that has the whole movie.
I expect they will give the JVM much more direct control of the process, perhaps letting it send individual cells (or whatever their equivalent for HD is) to the player engine under program control.
IMO this makes it very easy to come up with schemes where the cell list is program generated and the only way to get the actual movie off the disk in the right order is by running the java code. This may require some type of user input (perhaps timing how much of a preview is watched and using that as a key to an encrypted list of cell addresses, or requiring you to type in a code from the first page of the 'manual' to play it) or implement more standard copy protection (like writing an erratic spiral and timing seeks to determine if you're running a backup. It could be made very difficult to write something like Nero Recode (think how you would write a program to 'recode' the output from playing a particular game of Doom3 to Divx as an example).
Since this is all ROM (the media) and standalone players will likely not have any writable (program) storage it means we'll be at the full mercy of whatever funky games the media types come up with ("to watch this movie you must buy a Pepsi and enter the code on the cap").
This is IMO much worse from an "abuse the consumer" point of view than current DVD's. You just know some skippy will come up with a way to seek the head just so and figure out the line frequency, then decide you're trying to play the DVD in the wrong region and play goatse instead.
I actually think this is a great step forward and will open up all sorts of cool apps, it is just going to make it much harder to do the kinds of things we take for granted with DVD's (watch using MPC or VLC, make backups, do things like Nero Recode, rip to DIVX)... for about 10 seconds after a new release (at which point the cell list will be posted somewhere on the Net).
It seems that first order its pretty clear: whoever had to have a complete copy of the material in hand is the one who perpretated the violation. Everyone else is a 'common carrier' (morally).
Where it gets fuzzy for me morally is once someone has the downloaded the full file and becomes a seed it seems like they should then be as liable as the first guy -- but they likely have no intent to be a distributor (aside from just using BT) so perhaps not. If they started a new torrent with the file as a seed its pretty clear.
Morally, being on the receiving end of stolen goods is also pretty shakey obviously, but that's a different debate.
Well, I did read the bill off the senate website, it does seem like certain provisions are fairly noxious.
The parent sure is missing the point on points 3 and 4 (private residence addresses and business access to private data).
In MN there is a lame ass chain of liquor store (MGM) who require a state drivers licence ONLY to purchase alchohol. They are not particularly interested in verifying your age, they want marketing data. When they started this I tried presenting my passport to buy some beer, its good enough to get into the country but not good enough ID to buy beer aparently (the manager overrode the skippy with a stern warning to me he wouldn't do it again). I just don't do business there anymore, no big deal, but it sure seems a standardized system nationwide would make it more likely places would demand this ID to give service (of many kinds) and guard the data with the diligence we see from credit agencies.
The second issue is not being able to have a private address. MN and my prior state both support (with some reasonable conditions and an affadavit) an almost complete off the record actual address with a mailing address on the physical licence and in the publicly viewable part of the DMV database. This bill removes that possibility. It will be very hard to refuse to give out this ID (unless you're willing to go tin-foil hat and live in the woods). This means real lack of physical security as the commercial interests that gather this data have nothing to profit from preserving my confidential data.
I'm not really hip on the whole 'show your papers' and travel restriction/tracking aspects of federal government either, but I'm really worried about the commercial privacy abuse this will bring.
My problem with losing hard media is that online distribution tends to demand DRM; at least when you buy a DVD you pretty much have it, you can rip it and if your drive fails rip it again, it plays on any player, etc.
Give them a personal 1:1 connection to your PC and they will use it to make things better for them, not you.
I agree with the principle though, it is silly to have to get hard media for the most part (aside from getting a backup copy for free). If I could buy a DVD, download it, remain as anonymous as I am buying it at Target, and not have it gooberize my system any more than any other DVD I'll do it (and expect a discount:)).
I have a couple of Nex/IA+'s (Frontier Labs, worst Flash site *EVER*), they are similar idea but for CF. They're overall quality is somewhat low (which is why I have 2) and the firmware is flakey, but for $80 its not bad. Given the past price advantage of CF over MMC/SD this was the only solution (now SD and CF are $70 for a Gig so it really doesn't matter).
Does the NewGen deal with playlists? That's my main problem with the Nex/IA, I listen to audio books on it and they are usually 200 to 300 mp3 files 5 or 10 mins each; the nexia can only order playback randomly (shuffle) or in the order in the DOS FAT filesystem directory. To play a book I have to format the card then copy files in in the right order (regardless of filename). You also have to break them up into directories with no more than 47 files each (the dirs have to get created in the right order too). Finally, when the battery dies it doesn't save where it was, which really sucks on a book. Overall a PITA but usable. I'd jump at a better solution (that doesn't require using some gay 'media manager' where you have to manually click on 300 files to load the damn thing).
I recently got a PPC-6600 ("AudioVox") phone from Sprint. Its running Windows mobile 2003 (ick), but its a capable phone nonetheless and has the Windows Media player thingie as well as an Audible player (both DRM happy).
Sprint does nothing to prevent me from downloading MP3's or DRM'ed crap (at EVDO/3G speeds) then playing them. The phone has a SmartMedia slot and I've got a 1G card in it ($70 at Sams club), there is nothing that prevents me from putting my own cards in and playing music off it.
It has bluetooth and nothing prevents me from transferring whatever files I like to or from the internal memory or SmartMedia slot.
Finally, you can tell the phone app to use any wav or mp3 you like as a ringtone.
Has all the other junk you'd expect these days: still and video camera's, plays stored or streaming video, sync with desktop, ability to load any 3rd party app you like (ssh/irc/decent non-IE browser, etc).
Total price: $420.
It totally mystifies me that Sprint would sell me this thing (with the $150 off) yet wouldn't allow an Ipod style phone. Is that 1G of music on a flash card is somehow less threatening than 20G?
Related issue: if conditions are 'just wrong' and it picks up someone standing next to you in line rather than yours there is basically no way to know.
Seems like this would only really be feasible if the range was very small and/or you had to put in a pin to make sure its yours.
A local sports bar chain (Wild Bill Buffalo Wings) has 'free' WiFi access from some company called HarborLink.
They have a transparent proxy on port 80 which initially intercepts any web page access and pushes you to an AUP page which you have to click 'yes' on. Until you do this your IP is blocked outbound, afterwards everything works fine (esp ssh which I use heavily). Every now and then (5-10 mins) the transparent proxy responds to a random http get with a page of ads instead of whatever you asked for.
According to the manager of one of the bars they pay a monthly fee to harborlink but its "minimal".
If they make money on this model it seems about as reasonable as one could expect. I still occasionally see their ads and its real internet access. If I was really offended I could just tunnel thru ssh to my squid proxy at home and bypass the ads - but why bother.
Since many people will want to actually check mail (via POP3S, IMAPS, etc) a web proxy only internet service will hopefully go over poorly. If they allow https (which would be hard not to if they expect you to get your email via a browser) one can always tunnel (google for 'https ssh tunnel') trivially through an https proxy.
T-Mobile go to great pains to publish a privacy policy which claims they use industry standard practices such as SSL to protect private customer data, yet, when one tries to get customer support via their website they *require* your social security number on a non-SSL encrypted page.
If you make one up because the question is fairly general (like "when will Danger's servers come back up so I can get email again, I've been watching the 2 dot dance for 12 hours now") they will refuse to answer it and request your 'social' via email (also unencrypted).
After 12 round trip emails (I should stick them on my web site, they are fairly classic) it is clear they realize they have a privacy policy but they refuse to follow it.
I'm not surprised with the attitude and general ignorance I've encountered so far that they're having problems of a more serious nature.
Offtopic rant:
I've had my Sidekick Color for 1.5 yrs or so and the service has gone way downhill in the last 3-4 months or so. The connection to Danger's servers via GPRS is snappy, but it can take their server 1-2mins to fetch a web page and render it down (say, slashdot) -- even with images turned off.
Email also recently has gone suck: it used to be your email was pushed to the handheld realtime and you could read it when out of range, now it only pulls the email down when you open the email app and try to read (meaning you can't read email when out of range and have to wait for downloads when in range, which is quite slow due to the overloaded servers).
Overall my satisfaction with them has just about dipped to the point its worth buying new cell phones/pda's and finding another GPRS carrier. I think I'm stuck with a Palm thing though if I want to keep ssh over gprs (which I use a lot).
I replaced my Tivo with a 721 when the 721 came out (2 yrs?) and it is very nice to have 2 tuners able to record simultaneously. I do agree the scheduling sucks rocks, it is really just a slightly easier to use vcr rather than a DVR that follows the shows you want. They also have stability problems that you would think a little QA would solve.
I also have a MythTV box (I would never ever suggest a 'normal' go through setting one up, but I enjoy such pain and it has paid off).
Overall I'd rate MythTV about 9, Tivo 6, and the 721 perhaps 5. Myth isn't a 10 because of lack of support for mplayer/xine to output DVD or DIVX video to the PVR350's S-video out (maybe someday they'll have that YUV stuff working in the driver).
Unfortunately Ad-Aware misses lots of stuff that Giant doesn't. I used the usual mix of Ad-Aware and S&D on a recently infested machine (Nov or so) and while both ran clean some junk was still in there; the Giant thing (pre-microsoft) found and wacked it.
I've since had this same experience on one other family members machine (sigh), assuming MS doesn't water down Giant's database this seems to be technically superior, at least in my limited testing.
I still wish I could just run a scan from a CD w/o installing gobs of stuff, but the Giant product does seem pretty good otherwise.
I think the pragmatic view is DRM doesn't have to be unbreakable. It sure doesn't seem possible unless you encrypt the content and never decrypt it for any reason. Even the theoritcal poster child of working DRM (console games) proves this: with a totally closed system and everything under your control you are still going to be hacked. Like with accounting rules ("it shouldn't cost more to track the thing than the thing is worth") I think this is just a matter of how painful it is. Its like asking if anyone makes a lock for your front door that is unbreakable -- no, but that's not the point.
Hardware dongles are pretty close to 'working' (for some definition of the term). Sure you can hack the app, but they give a reasonable in-between: you can copy the s/w all you like, use it anywhere, etc, as long as you have the physical token that goes with the license. As long as the physical token isn't fragile this is IMO a fair compromise; with USB its even moderately convenient.
I worked as a developer on a couple of products using these and the theory was you could create enough FUD that legitimate users wouldn't use a hacked version: dongles of the mid 90's gave you enough space to put code in the dongle, the suggested use is that you put bits of your application into the dongle and pull them out at runtime. They recommended you put a couple of obvious "this program can't run w/o a dongle" messages in, but then also put more subtle chunks of code that if not run would corrupt or crash the product in subtle and recognizable (to tech support) ways.
From a business/moral/usability point of view h/w dongle based DRM (for pricey s/w) 'works'. This doesn't mean its unbreakable, just that its 'fair' enough it isn't worth the effort (the chief complain of having a single point of failure is to just send two dongles per license and suffer the possibility of it being abused).
None of this helps with music of course, since they have to support normal audio players.
I hope they keep trying crap like this and making it worse and worse, with any luck it will implode on itself and 'no DRM' will be a selling feature. I turned the corner of not buying PC games with HL2's DiVX scheme coming on the scene.
Sams club lets you download pix over the net and prints them at the nearest big box, they're on the order of.17/print too (4x6) and the quality is excellent. Generally we can send a picture, drive to the store and they're ready.
I tried prints from far away places and I just don't have the patience to wait. Given how long it takes to get decent color matching and the high price of inkjet prints we almost never print inkjet anymore (generally just use it to dump web pages with driving directions on them).
The only downfall with Sams is they do some BS censoring: if the image looks like it was shot professionally or pretty much anything scanned (I think they look at attributes in the jpg) they won't print it. I'm sure they're just protecting themselves but it is *really* annoying when you have a big batch to print for the holidays/whatever and they 'silently' don't print some of them because they don't want to infringe (the images *are* mine).
I've been pretty happy with my Nexia.
It uses 2 AA's, the NiMH rechargables last around 20 hours, and its easy to keep a spare set around even when biking or whatever. It uses cheap, standard CF cards populated by simply copying files into the VFAT filesystem. No wacky 'media manager' or any of that BS.
The s/w is just a little lame: in over a year they haven't been able to make it follow a playlist in order (it does almost always play in the order the directory was filled in though, so you can use it for audio books). Whoever they got for support in the US has a worthless website, if you want to d/l the latest firmware you have to go to the europe support site. Other than those minor issues the thing does what it does and does it well.
Most incandenscent dimmers use PWM to dim as well. I've wired up LED's in a passive configuration and used them with an AC dimmer w/o any problem (the 30hz frequency is a little annoying since there is no filament to cool off slowly and smooth it out).
It still seems to me someone would have to go out of their way to make an LED fixture not dimmable using off the shelf dimmers.
These aren't apparently any good for indoor area lighting (I have dozens of ceiling can lights I'd love to use such a thing in): per the website they cannot be installed in can's (temperature issues?) and cannot be dimmed (which leads me to wonder how you run them at 15W to get the rated lumen output rather than 22W as speced).
No dimming is the reason I haven't switched to using excellent warm compact flouresecent lamps.
Maybe they just stuck a resistor in series with a bunch of LED's and they're burning the other (large) chunk of power in heat. Nah... if they did that at least it would be dimmable. I wonder how they could make a PWM thing generate so much heat you can't use it in an enclosed fixture.
Having some white noise is nice and actually covers up some background noise. What drives me to distraction is a high pitched whine, the normal fan noises aren't too bad.
I worked with 2 or 3 machines under my desk for years w/o thinking much about it, but then during a power outage I had to shut everything off and noticed how noisy it really was, a sound pressure meter put it as around 70dbA where I was sitting and long term this is not good for your hearing.
Me too post. I've used this strategy for about 10 years, put the loud stuff in another room and use long cables.
Building long analog VGA cables that can run high res well isn't too hard, just get a bunch of F-Connector to BNC-Connector adapters, a couple of short VGA->BNC adapters (all available from places like L-Com, and as much high quality RG6U/QS coax as you need. The bundle of 5 coax (2 are sync and could be crappier cable but its not worth the hassle) is kind of thick, but even at 100' there is no ghosting at 1600x1200. If you're running dual headed 10 thick coax is kind of bulky, but still managable.
The hard part used to be the PS/2 keyboard/mouse (which you can build long cables for and they mostly always work), nowdays I use USB for everything (you can 'extend' USB quite a distance by using active cables). DVI has also made the long monitor cable thing less of a pain (DVI cables are much thinner than 10 coax). Also, with USB-2 I can stick my DVD and CD burners at the desktop. Audio is obviously easy: either USB or plain line level analog.
The only major recent negative surprise was Plextor's last generation external USB2 DVD burner has a fan in it that sounds like a leaf blower, I have to leave it shut off except when I'm using it.
Finally, if you want super low tech, with a little attention to temperature (a low speed baffled fan) you can simply stick your whole rig under a big rubbermaid trash bin (turned upside down). That kills almost all the high frequency noise, the only trick is making an exhaust stack to pull out the hot air at the top that doesn't leak too much noise. If you like woodworking build it with 3/4 plywood and its almost totally silent. I did this for a couple of years but the contraption was ugly.
One very minor problem with spamikaze is they do not (did not?) advertise SPF records for their honeypots. This leads to some bounces and 'ASK' style replies ("did you send this?" queries to get on a whitelist) getting ones mail server on the black list. Sure its easy to remove, but since T-Mobile and Danger use their blacklist it means everyone in my company loses email going to their wireless devices.
The guy running it is friendly, but I can't say I agree with the notion of these honeypots allowing spammers to send mail to my servers as them, then penalizing me for responding to the spam with a 'WTF' message (automated or not), esp since real money (our monthly services fees and wireless connectivity) is being flushed down the toilet when this happens.
Anyone with evil intent can pick a vitcim domain, send a buttload of 'spam' to it with a from address of one of these honeypots and get the victim domain blacklisted.
Yes, we asked Danger/T-Mobile to not do this to us. It would be pretty hilarious to imagine t-mobile even understanding the nature of the question much less doing something about it.
Slashdot Mirror
My new current model samsung washer lasted 2 years and couldn't be repaired for any cost because parts are on 'permanent backorder'.
We got one of their top of the line app-connected fancy front loaders ($1400) 2 years ago. The firmware is absolute crap, for example you can only use a 32 character WPA password (I had to set up another SSID, "Samsung Sucks", with a shorter password just for this thing). They value engineered the processor such that response on the touchscreen controls are laughably slow.
The connected features are 100% marketing fluff, you have to go to the machine and tell it to make a connection to your phone so you can see how long is left in the cycle (but of course you're standing there so you can just look at the machine at that point). As soon as you leave the app (or the phone goes to sleep) you then have to go back and re-authorize the connection on the front panel. 100% worthless as a feature.
The washing part did well until it broke with a cryptic error code that according to the service company means "main motor is toast". Samsung does not stock replacement parts (they are on "permanent backorder") so after 2 years we had to buy another washer. The factory authorized service tech told me there are no spare parts available because these can't be repaired reliably in the field even with the parts, something about how they are assembled in the factory is a one way process that is not reproducible in the field.
The matching dryer fails to boot every 2nd or 3rd time we turn it on so I'm guessing there will be a new one of those in our near term future as well.
Amazingly enough my review of this POS washer on their website was rejected as 'not meeting review guidlines' -- which meant not a 5 star review. That was really just done for a grin, I didn't expect a critical review to make it through their marketing dept interns.
tldr: Samsung sucks. A 2 year old machine is completely unrepairable and is now scrap metal due to lack of parts and value engineering, firmware is crap.
I don't really care if an online identity is provably linkable to a physical identity, just that its secure and when (for example) 'LadyBigMac' posts its trustable that its the same entity that posted with that identity (per service obviously) in the past. Having additional identity tie ins to help prevent identity theft seems good but shouldn't be required. You'll never know if something someone posted was posted under duress or not anyway, its as useful as security by obscurity when it comes to determining someone's motive/reasoning behind a given communication.
As to how to do the introspection, there is a library called BFD (part of gnu binutils) that understands how to plug through the debug symbol tables, and in a previous product we did use it for this sort of thing, but IMO its way too painful and not really intended for this sort of use. It ended up being a giant rathole, although we got what we wanted in the end (ability to do a formatted system dump on a saved raw system image using compiler metadata to find the interesting stuff and print it out nicely, think the old unix 'crash' command).
The current product has a few hundred classes that are worth looking at in a running system, I've used the convention that operator<<(std::ostream&, class) will serialize out the class ("programmer visible introspection?") in an easily parsable format, specifically TCL style lists of key/value pairs for each (interesting) field in the object. For aggregated objects (or optionally referenced objects) you output the name of the object in parent class then call operator<< on the child object (... elephants all the way down). Its relatively easy to write these serializers, example:
Boost also has a serialization library that may automate some of this (its fairly new and I haven't looked into it yet).
If you have threads available (we do) and don't mind linking with the TCL library the tclhttpd server is a fairly comprehensive embedded web server that can run in its own thread (using blocking I/O and not getting in the way of any system wide epoll/event loop). TCL scripts are triggered by various urls (it also has an asp/jsp like thing which hasn't been useful in our environment), these TCL scripts suck the serialized version of the object to look at into a TCL associate array ("array set t [xyzStatus]") and then a small hunk of code generates the HTML from stuff in the array. For most classes I just use a short generic routine that makes a table from a TCL array (couple of lines), and understands about sublists, creating a sub-table when it detects an aggregated object. Putting all the generation of HTML in TCL script makes it pretty easy to whip up a page in short order.
There's a fair TCL library that deals with some of the arcana of form generation (which isn't that hard), package html; it has thin but barely adequate docs (if you don't mind reading the code sometimes). Posts are easy to deal with to change debug settings. You can push javascript that talks to the DOM out to the browser to get more dynamic and interactive displays ("AJAX").
On a prior project I had a go at doing this client/server as some have suggested, the overhead of writing RPC for the various classes was somewhat higher than the simple serialization stuff above. The main issue was that changes to displays require a redeployment of the client app on several platforms. While some random developer would be happy to stick some support code in his class and maybe write some TCL scripting to make a web page to talk to it, almost no one was willing to
For us the weakest part of the scrum process ended up being the time tracking (which is really cool in theory and draws pretty pictures for sr mgmt on progress). This isn't due to a fault in the concept, but the nature of our workload. Many of the groups were still heavily into the 'R' side of R&D at this stage, and its very hard to predict what you'll turn up and how much that will cost you when you're still in research and design work. From a mgmt point of view this looked like us slipping daily on the charts, which caused some bad feelings.
Once things moved to implementation and testing in a given group the scrum stuff worked brilliantly. As one of the team leads I generally dislike excessive meeting time (preferring instead more informal 1:1 or 1:n in the hallway or on IRC), but these got short enough and had enough value they were worthwhile.
It really does help to force everyone to think about what they've accomplished in the past day and 'promise' what they expect to accomplish in the next day to their team. We didn't have any real slackers, but just spending the couple of minutes planning out your day enough to tell everyone else what you'd be up to was very beneficial.
Generally the 'what help do I need' part of the meeting was the least useful, as most people would IRC or email around directly (perhaps at the cost of some NMI style distraction) and not really ever come to a meeting needing anything. It was still IMO worthwhile.
Scrum only worked when we could break down implementation into bite sized chunks (no more than 2 days I think is the guideline in the book); at the risk of repeating myself it really didn't work well going into a big problem and trying to work out a plan and design.
I might pay $8-$10 for a movie I want to own (precious few) rather than just watch once or twice; I define ownership as being able to watch it anywhere I want (laptop, DVD players, Buffalo LT in hidef) in at least DVD quality -- in other words, competetive to buying a physical DVD. My personal issue with this as a business model is I've already filled my DVD changers with all the old movies I'm interested in owning, and its a rare new release that is worth buying given the alternative option of renting (1 view). Since I can rent DVD's for new releases at Redbox for $1/night (an honest $1, w/o any of the traditional blockbuster/hollywood hassles or tricks) that covers most of my families DVD appetite. I would pay $1 to d/l a DVD quality (in terms of bitrate and DRM) movie for a 1 day use rather than have to physically go out to RedBox, but given how easy Redbox is I wouldn't pay even a modest premium ($2/night) unless there was a blizzard on or something similarly drastic. I sure wouldn't trust any DRM scheme that dicks with any of my h/w or s/w. Perhaps they could distribute a standalone 'network' DVD burner/player that would d/l and burn a normal DVD (or HD-DVD); its hard to imagine any rube goldberg crap running on a normal system that would be worth anything long term to them w/o having total locked down control of the PC hardware (which isn't an option I would be interested in).
The current DVD standard has a very simple virtual machine with a handful of instructions. The interface this machine has to playing video is very basic, once the 'script' has chosen a title set to play the h/w just plays it (following the sequence of cells/vobs prescribed in the compiled ifo files). It is easy to write programs that can blindly read all the titles off a DVD; no matter what hijinks the Disney people come up with, at the end of the day you still have a nice standard titleset that has the whole movie.
I expect they will give the JVM much more direct control of the process, perhaps letting it send individual cells (or whatever their equivalent for HD is) to the player engine under program control.
IMO this makes it very easy to come up with schemes where the cell list is program generated and the only way to get the actual movie off the disk in the right order is by running the java code. This may require some type of user input (perhaps timing how much of a preview is watched and using that as a key to an encrypted list of cell addresses, or requiring you to type in a code from the first page of the 'manual' to play it) or implement more standard copy protection (like writing an erratic spiral and timing seeks to determine if you're running a backup. It could be made very difficult to write something like Nero Recode (think how you would write a program to 'recode' the output from playing a particular game of Doom3 to Divx as an example).
Since this is all ROM (the media) and standalone players will likely not have any writable (program) storage it means we'll be at the full mercy of whatever funky games the media types come up with ("to watch this movie you must buy a Pepsi and enter the code on the cap").
This is IMO much worse from an "abuse the consumer" point of view than current DVD's. You just know some skippy will come up with a way to seek the head just so and figure out the line frequency, then decide you're trying to play the DVD in the wrong region and play goatse instead.
I actually think this is a great step forward and will open up all sorts of cool apps, it is just going to make it much harder to do the kinds of things we take for granted with DVD's (watch using MPC or VLC, make backups, do things like Nero Recode, rip to DIVX)... for about 10 seconds after a new release (at which point the cell list will be posted somewhere on the Net).
It seems that first order its pretty clear: whoever had to have a complete copy of the material in hand is the one who perpretated the violation. Everyone else is a 'common carrier' (morally).
Where it gets fuzzy for me morally is once someone has the downloaded the full file and becomes a seed it seems like they should then be as liable as the first guy -- but they likely have no intent to be a distributor (aside from just using BT) so perhaps not. If they started a new torrent with the file as a seed its pretty clear.
Morally, being on the receiving end of stolen goods is also pretty shakey obviously, but that's a different debate.
Well, I did read the bill off the senate website, it does seem like certain provisions are fairly noxious.
The parent sure is missing the point on points 3 and 4 (private residence addresses and business access to private data).
In MN there is a lame ass chain of liquor store (MGM) who require a state drivers licence ONLY to purchase alchohol. They are not particularly interested in verifying your age, they want marketing data. When they started this I tried presenting my passport to buy some beer, its good enough to get into the country but not good enough ID to buy beer aparently (the manager overrode the skippy with a stern warning to me he wouldn't do it again). I just don't do business there anymore, no big deal, but it sure seems a standardized system nationwide would make it more likely places would demand this ID to give service (of many kinds) and guard the data with the diligence we see from credit agencies.
The second issue is not being able to have a private address. MN and my prior state both support (with some reasonable conditions and an affadavit) an almost complete off the record actual address with a mailing address on the physical licence and in the publicly viewable part of the DMV database. This bill removes that possibility. It will be very hard to refuse to give out this ID (unless you're willing to go tin-foil hat and live in the woods). This means real lack of physical security as the commercial interests that gather this data have nothing to profit from preserving my confidential data.
I'm not really hip on the whole 'show your papers' and travel restriction/tracking aspects of federal government either, but I'm really worried about the commercial privacy abuse this will bring.
Give them a personal 1:1 connection to your PC and they will use it to make things better for them, not you.
I agree with the principle though, it is silly to have to get hard media for the most part (aside from getting a backup copy for free). If I could buy a DVD, download it, remain as anonymous as I am buying it at Target, and not have it gooberize my system any more than any other DVD I'll do it (and expect a discount :)).
Does the NewGen deal with playlists? That's my main problem with the Nex/IA, I listen to audio books on it and they are usually 200 to 300 mp3 files 5 or 10 mins each; the nexia can only order playback randomly (shuffle) or in the order in the DOS FAT filesystem directory. To play a book I have to format the card then copy files in in the right order (regardless of filename). You also have to break them up into directories with no more than 47 files each (the dirs have to get created in the right order too). Finally, when the battery dies it doesn't save where it was, which really sucks on a book. Overall a PITA but usable. I'd jump at a better solution (that doesn't require using some gay 'media manager' where you have to manually click on 300 files to load the damn thing).
I recently got a PPC-6600 ("AudioVox") phone from Sprint. Its running Windows mobile 2003 (ick), but its a capable phone nonetheless and has the Windows Media player thingie as well as an Audible player (both DRM happy).
Sprint does nothing to prevent me from downloading MP3's or DRM'ed crap (at EVDO/3G speeds) then playing them. The phone has a SmartMedia slot and I've got a 1G card in it ($70 at Sams club), there is nothing that prevents me from putting my own cards in and playing music off it.
It has bluetooth and nothing prevents me from transferring whatever files I like to or from the internal memory or SmartMedia slot.
Finally, you can tell the phone app to use any wav or mp3 you like as a ringtone.
Has all the other junk you'd expect these days: still and video camera's, plays stored or streaming video, sync with desktop, ability to load any 3rd party app you like (ssh/irc/decent non-IE browser, etc).
Total price: $420.
It totally mystifies me that Sprint would sell me this thing (with the $150 off) yet wouldn't allow an Ipod style phone. Is that 1G of music on a flash card is somehow less threatening than 20G?
Related issue: if conditions are 'just wrong' and it picks up someone standing next to you in line rather than yours there is basically no way to know.
Seems like this would only really be feasible if the range was very small and/or you had to put in a pin to make sure its yours.
A local sports bar chain (Wild Bill Buffalo Wings) has 'free' WiFi access from some company called HarborLink.
They have a transparent proxy on port 80 which initially intercepts any web page access and pushes you to an AUP page which you have to click 'yes' on. Until you do this your IP is blocked outbound, afterwards everything works fine (esp ssh which I use heavily). Every now and then (5-10 mins) the transparent proxy responds to a random http get with a page of ads instead of whatever you asked for.
According to the manager of one of the bars they pay a monthly fee to harborlink but its "minimal".
If they make money on this model it seems about as reasonable as one could expect. I still occasionally see their ads and its real internet access. If I was really offended I could just tunnel thru ssh to my squid proxy at home and bypass the ads - but why bother.
Since many people will want to actually check mail (via POP3S, IMAPS, etc) a web proxy only internet service will hopefully go over poorly. If they allow https (which would be hard not to if they expect you to get your email via a browser) one can always tunnel (google for 'https ssh tunnel') trivially through an https proxy.
T-Mobile go to great pains to publish a privacy policy which claims they use industry standard practices such as SSL to protect private customer data, yet, when one tries to get customer support via their website they *require* your social security number on a non-SSL encrypted page.
If you make one up because the question is fairly general (like "when will Danger's servers come back up so I can get email again, I've been watching the 2 dot dance for 12 hours now") they will refuse to answer it and request your 'social' via email (also unencrypted).
After 12 round trip emails (I should stick them on my web site, they are fairly classic) it is clear they realize they have a privacy policy but they refuse to follow it.
I'm not surprised with the attitude and general ignorance I've encountered so far that they're having problems of a more serious nature.
Offtopic rant:
I've had my Sidekick Color for 1.5 yrs or so and the service has gone way downhill in the last 3-4 months or so. The connection to Danger's servers via GPRS is snappy, but it can take their server 1-2mins to fetch a web page and render it down (say, slashdot) -- even with images turned off.
Email also recently has gone suck: it used to be your email was pushed to the handheld realtime and you could read it when out of range, now it only pulls the email down when you open the email app and try to read (meaning you can't read email when out of range and have to wait for downloads when in range, which is quite slow due to the overloaded servers).
Overall my satisfaction with them has just about dipped to the point its worth buying new cell phones/pda's and finding another GPRS carrier. I think I'm stuck with a Palm thing though if I want to keep ssh over gprs (which I use a lot).
I replaced my Tivo with a 721 when the 721 came out (2 yrs?) and it is very nice to have 2 tuners able to record simultaneously. I do agree the scheduling sucks rocks, it is really just a slightly easier to use vcr rather than a DVR that follows the shows you want. They also have stability problems that you would think a little QA would solve.
I also have a MythTV box (I would never ever suggest a 'normal' go through setting one up, but I enjoy such pain and it has paid off).
Overall I'd rate MythTV about 9, Tivo 6, and the 721 perhaps 5. Myth isn't a 10 because of lack of support for mplayer/xine to output DVD or DIVX video to the PVR350's S-video out (maybe someday they'll have that YUV stuff working in the driver).
Unfortunately Ad-Aware misses lots of stuff that Giant doesn't. I used the usual mix of Ad-Aware and S&D on a recently infested machine (Nov or so) and while both ran clean some junk was still in there; the Giant thing (pre-microsoft) found and wacked it.
I've since had this same experience on one other family members machine (sigh), assuming MS doesn't water down Giant's database this seems to be technically superior, at least in my limited testing.
I still wish I could just run a scan from a CD w/o installing gobs of stuff, but the Giant product does seem pretty good otherwise.
I think the pragmatic view is DRM doesn't have to be unbreakable. It sure doesn't seem possible unless you encrypt the content and never decrypt it for any reason. Even the theoritcal poster child of working DRM (console games) proves this: with a totally closed system and everything under your control you are still going to be hacked. Like with accounting rules ("it shouldn't cost more to track the thing than the thing is worth") I think this is just a matter of how painful it is. Its like asking if anyone makes a lock for your front door that is unbreakable -- no, but that's not the point.
Hardware dongles are pretty close to 'working' (for some definition of the term). Sure you can hack the app, but they give a reasonable in-between: you can copy the s/w all you like, use it anywhere, etc, as long as you have the physical token that goes with the license. As long as the physical token isn't fragile this is IMO a fair compromise; with USB its even moderately convenient.
I worked as a developer on a couple of products using these and the theory was you could create enough FUD that legitimate users wouldn't use a hacked version: dongles of the mid 90's gave you enough space to put code in the dongle, the suggested use is that you put bits of your application into the dongle and pull them out at runtime. They recommended you put a couple of obvious "this program can't run w/o a dongle" messages in, but then also put more subtle chunks of code that if not run would corrupt or crash the product in subtle and recognizable (to tech support) ways.
From a business/moral/usability point of view h/w dongle based DRM (for pricey s/w) 'works'. This doesn't mean its unbreakable, just that its 'fair' enough it isn't worth the effort (the chief complain of having a single point of failure is to just send two dongles per license and suffer the possibility of it being abused).
None of this helps with music of course, since they have to support normal audio players.
I hope they keep trying crap like this and making it worse and worse, with any luck it will implode on itself and 'no DRM' will be a selling feature. I turned the corner of not buying PC games with HL2's DiVX scheme coming on the scene.
Sams club lets you download pix over the net and prints them at the nearest big box, they're on the order of .17/print too (4x6) and the quality is excellent. Generally we can send a picture, drive to the store and they're ready.
I tried prints from far away places and I just don't have the patience to wait. Given how long it takes to get decent color matching and the high price of inkjet prints we almost never print inkjet anymore (generally just use it to dump web pages with driving directions on them).
The only downfall with Sams is they do some BS censoring: if the image looks like it was shot professionally or pretty much anything scanned (I think they look at attributes in the jpg) they won't print it. I'm sure they're just protecting themselves but it is *really* annoying when you have a big batch to print for the holidays/whatever and they 'silently' don't print some of them because they don't want to infringe (the images *are* mine).
The s/w is just a little lame: in over a year they haven't been able to make it follow a playlist in order (it does almost always play in the order the directory was filled in though, so you can use it for audio books). Whoever they got for support in the US has a worthless website, if you want to d/l the latest firmware you have to go to the europe support site. Other than those minor issues the thing does what it does and does it well.
Most incandenscent dimmers use PWM to dim as well. I've wired up LED's in a passive configuration and used them with an AC dimmer w/o any problem (the 30hz frequency is a little annoying since there is no filament to cool off slowly and smooth it out). It still seems to me someone would have to go out of their way to make an LED fixture not dimmable using off the shelf dimmers.
These aren't apparently any good for indoor area lighting (I have dozens of ceiling can lights I'd love to use such a thing in): per the website they cannot be installed in can's (temperature issues?) and cannot be dimmed (which leads me to wonder how you run them at 15W to get the rated lumen output rather than 22W as speced).
No dimming is the reason I haven't switched to using excellent warm compact flouresecent lamps.
Maybe they just stuck a resistor in series with a bunch of LED's and they're burning the other (large) chunk of power in heat. Nah... if they did that at least it would be dimmable. I wonder how they could make a PWM thing generate so much heat you can't use it in an enclosed fixture.
Sigh.
Having some white noise is nice and actually covers up some background noise. What drives me to distraction is a high pitched whine, the normal fan noises aren't too bad. I worked with 2 or 3 machines under my desk for years w/o thinking much about it, but then during a power outage I had to shut everything off and noticed how noisy it really was, a sound pressure meter put it as around 70dbA where I was sitting and long term this is not good for your hearing.
Building long analog VGA cables that can run high res well isn't too hard, just get a bunch of F-Connector to BNC-Connector adapters, a couple of short VGA->BNC adapters (all available from places like L-Com, and as much high quality RG6U/QS coax as you need. The bundle of 5 coax (2 are sync and could be crappier cable but its not worth the hassle) is kind of thick, but even at 100' there is no ghosting at 1600x1200. If you're running dual headed 10 thick coax is kind of bulky, but still managable.
The hard part used to be the PS/2 keyboard/mouse (which you can build long cables for and they mostly always work), nowdays I use USB for everything (you can 'extend' USB quite a distance by using active cables). DVI has also made the long monitor cable thing less of a pain (DVI cables are much thinner than 10 coax). Also, with USB-2 I can stick my DVD and CD burners at the desktop. Audio is obviously easy: either USB or plain line level analog.
The only major recent negative surprise was Plextor's last generation external USB2 DVD burner has a fan in it that sounds like a leaf blower, I have to leave it shut off except when I'm using it.
Finally, if you want super low tech, with a little attention to temperature (a low speed baffled fan) you can simply stick your whole rig under a big rubbermaid trash bin (turned upside down). That kills almost all the high frequency noise, the only trick is making an exhaust stack to pull out the hot air at the top that doesn't leak too much noise. If you like woodworking build it with 3/4 plywood and its almost totally silent. I did this for a couple of years but the contraption was ugly.
One very minor problem with spamikaze is they do not (did not?) advertise SPF records for their honeypots. This leads to some bounces and 'ASK' style replies ("did you send this?" queries to get on a whitelist) getting ones mail server on the black list. Sure its easy to remove, but since T-Mobile and Danger use their blacklist it means everyone in my company loses email going to their wireless devices.
The guy running it is friendly, but I can't say I agree with the notion of these honeypots allowing spammers to send mail to my servers as them, then penalizing me for responding to the spam with a 'WTF' message (automated or not), esp since real money (our monthly services fees and wireless connectivity) is being flushed down the toilet when this happens.
Anyone with evil intent can pick a vitcim domain, send a buttload of 'spam' to it with a from address of one of these honeypots and get the victim domain blacklisted.
Yes, we asked Danger/T-Mobile to not do this to us. It would be pretty hilarious to imagine t-mobile even understanding the nature of the question much less doing something about it.