Ooh - EXCELLENT point!
This actually makes my "do it like the iPhone" idea untenable since the entire room would see your password one letter at a time...
What TFA is suggesting is probably one of the dumbest ideas I've heard since... EVER. That said, the dots are a usability issue -- I've got plenty of otherwise very smart users who screw up passwords constantly.
As a compromise measure I propose stealing something from Apple's playbook: The iPhone password entry interface. The last character typed is visible for 2-3 seconds, everything else is masked (and backspacing doesn't reveal characters, just makes the dots go away). The design doesn't suck, and the security compromise isn't as bad as "leave the password on-screen for everyone to see" like the article is suggesting.
I use multiple OSX, Linux and FreeBSD machines daily - The Mac is in my office, the rest are about 45 miles away in our datacenter. I spend 80% of the day logged into various machines remotely and spend a substantial chunk of time copying files from host to host. There's also the headache when dotfiles get out of sync and machines behave differently for what should be identical commands (beyond the usual BSD-vs-SysV crap)
All by way of saying "Gee, wouldn't it be swell if I didn't have to manually sync these or painfully suffer through git merges?":)
I'd be interested in answers for this from the "I want the same homedir contents everywhere, but NFS makes me vomit" standpoint:)
For managing the default profiles around the office we use git - the dotfiles & such are managed, and the rest is left as an exercise for the user. It's not ideal (I hate it), but it's what we've got...
OK, your bank screwed the pooch and you should complain - LOUDLY - until it's fixed. You should also look for a bank that understands basic internet/web concepts like "SSL cert's CN must match DNS hostname" -- I fear for the rest of their infrastructure.
That said, you were logging into your bank, which presumably holds a large percentage of your cash assets, you received a SSL error and you continued the transaction? You deserve to have your account cleaned out for reckless disregard for the security of your financial information. Go to a brick-and-mortar bank, or call them on the telephone (*gasp*) if your banking is so urgent.
I would never accept a candidate without at least an informal knowledge test -- It doesn't need to be a sit down written exam or a coding problem, I just need to know that you'll know what to do when the shit hits the fan without having me standing over your shoulder.
All the paper certs in the world and all the years of experience can't make up for talking to your applicant and determining that they're prone to panic when all the red lights are flashing.
As an iPhone guy I've got one nagging question -- When will we see a mobile browser that passes ACID 3 (and is it even possible with today's mobile hardware?)
Currently Mobile Safari chokes on ACID 3, and I think this is as much a deficiency of the hardware (not enough CPU power/RAM?) as it is of the rendering engine. Any mobile platform experts care to weigh in on this one? I know at least one of the ACID 3 tests is a "performance" test, so do you think it's possible to get acceptable performance out of mobile hardware?
Webkit (Safari's engine) has hit the 100% mark, but as they themselves point out the animation "smoothness" ain't there just yet. I don't consider the smoothness to be a critical thing personally, but the test designers do (and it's something I can understand -- you don't want one browser rendering beautiful and smooth while another is jerking and jumping all over the place).
Ignoring the whole debate over whether Opera's "100%" is valid and what it means to be a "released browser" that hits 100%, I'm still waiting for a pass that meets the full spirit of the test - Full rendering compliance & full animation smoothness - THAT (imho) is what is going to decide who won the race to pass ACID 3.
"USERS OF THIS SYSTEM HAVE NO REASONABLE EXPECTATION OF PRIVACY IN THE USE OF THIS SYSTEM. Unauthorized use may subject violators to criminal, civil, and/or disciplinary action. All activities and data entered or contained on this system may be monitored, intercepted, recorded, or captured in any manner and disclosed in any manner. Potential evidence of crime found on this computer system may be provided to law enforcement officials."
That is from a (US)government system, used (or at least intended to be used) exclusively by adults. All my systems banner something very similar, and being that I'm a child-hater I know there are no minors logging on. It is a time-honored right of the sysadmin to monitor that which they manage for any use they may deem improper. If you are using a system you don't own end-to-end, you may as well chuck your expectation of privacy out the nearest window.
While I am 1000% against crapware like NetNanny and its ilk, even I - a bleeding heart pinko commie libertarian unamerican son of a bitch - have to say I agree wholeheartedly with thynk. His/Her attitude seems (at least to me) to be the right balance between trusting your kids and keeping them safe without draconian restrictions.
Above all it is the parents' responsibility to proactively monitor their children and protect them from the big-bad-world to the best of their abilities while simultaneously preparing them to deal with that same world (eg. "write me a paper on avoiding internet stalkers and I'll let you have a Myspace account.").
A parent has every right, and every duty, to violate their children's privacy in the course of meeting those two objectives - Although it's best to exercise some discretion in the process:)
I believe the federal law in cases like this states that once a transaction begins the merchant is required to accept any form of legal tender not excluded PRIOR to the beginning of the transaction.
What does that mean? It means that if you walk into starbucks and order a latte and want to pay for your $10 coffee with a $100 bill they have to take it UNLESS they told you BEFORE beginning the transaction that they don't take $100 bills (usually via a tiny sign on the register saying "Nothing bigger than a $20")
IANAL, and this is something that we covered very briefly in a law class back in freshman year, so someone with better credentials than 6 credits 7 years ago should probably verify this:)
For those of you not familiar with it, the article in question describes a similar virtual "rape" on LambdaMOO (If you dont know, Google it.)
As to my opinion, I believe Virtual Rape should be dealt with by the Virtual Society as they see fit. It's just pixels on a screen folks, if you don't like it turn it off.
If you are [C]hiefly handling [T]echnical matters, it makes more sense for you to take the title of CTO (Chief Technical Officer). This is from the standpoint of someone who has run a corporation with outside investments.
Your friend, with business experience & the business degree is best suited for CFO or CEO, and will likely be able to converse with investors & potential clients on a financial level that people would expect someone with that title to be able to.
You on the other hand, since you came up with the original concept, should have stewardship over the implementation and management of the projects that will form the foundation of your business. You will also be responsible for speaking to investors & potential clients on the technical aspects of your business, plans for scalability, redundancy, etc. and essentially convincing them that it's a "Good Idea"
In terms of getting "Ripped Off", make sure that your stock is split evenly when you incorporate, and you're fine.
A lot of people are talking a lot of shit, but the truth is Apple DID do something innovative here.
Two buttons: Not innovative, though using capacitive touch sensors is something new and interesting.
Vertical scroll w/ 3rd button: Not innovative. I've had 3-Button mice damn near forever, and scroll wheels have been foisted upon me since they became fashionable.
"4th Button" (side squeeze): Not original, but kinda innovative. The idea of 4 (5,6,7,8,9,10,11,...) button mice is getting old, but Apple has a good point for adding this (bring up the application switcher and scroll through your open apps, bring up Expose and scroll through your windows).
Horizontal & Diagonal scrolling: Innovative, and new (at least to me). I haven't seen ANY mice yet with the ability to scroll horizontally and diagonally yet. Maybe not the most useful feature in the world for everyday users, but the principal BUSINESS USERS of macs are PUBLISHING SHOPS. You have to do quite a lot of panning around when piecing together a layout for publication, and I think this feature will be popular with publishers.
Simple: The batteries in the mouse die, and then it's useless.
Let's look at this logically:
Bluetooth mouse with commodity (AAA, AA, 9V) battery: Battery gets weak, cursor tracks erratically, customer calls Apple support and whines, Apple has to remind them that Batteries Aren't Forever. Customer goes ApeShit trying to find a battery (never have one when you need one!) and has a generally lousy User Experience.
Bluetooth mouse with Li-Ion (or LI-Poly) battery: Battery gets weak, cursor tracks erratically, customer has to leave mouse in chargey-cradle-thing until it recharges. Eventually the battery stops accepting a charge (ala iPod) & customer pitches a fit about having to replace a $50 mouse and has a generally lousy User Experience (and a legitemate complaint IMHO).
USB Mouse with a few feet of cord: Plugs into keyboard (either Left or Right USB port so no handedness issue), cord is long enough to allow quite a bit of free movement (and much improved since the early G4 days with the kinky cord judging by the current mice), and the damn thing never needs recharging. Since the cord doesn't really get in the way, the User Experience is Good overall, Apple has fewer complaints/support calls to deal with, and everybody wins.
Wireless mice are a great curiosity (LOOK! I can click on this icon from across the room!), but in practical terms they don't quite work out. USB Mice are a better choice for the average desktop user.
The drag from rolling down your windows does not kill your fuel efficency as much as turning an AC compressor.
Don't believe me? Take your car to a track and run it until it stops - first with your windows down, then with the windows up and the AC on. See which runs longer.
As I understand it, you're wrong: > You still have a trusted list that will redirect straight to the inbox.
According to the SenderID docs from Microsoft, your "trusted list" will NEVER BE CONSULTED -- the INBOUND SMTP SERVER will reject the message if there is no SPF record published, or if the originating mail server is not in the SPF record.
Ergo your filters never run - the message is never delivered to them because it is assumed that the message is spam.
> Bahh... Let us suppose you're digging into the kernel in order > to fix a specific bug. So you isolate the section of code > relevant to your work and read through it until you > understand how it works.
> During that process you note that if a portion of the kernel > was organized differently (ala refactoring) bugs like the one > you are dealing with would either not occur or be trivially easy > to find/fix. Maybe there are reasons for the current > organization you arn't aware of. Maybe you lack the > knowledge or time required to do the refactor yourself.
> So you fix 'your' bug, tack in a comment to nudge others (or > remind yourself) into considering refactoring a few versions > down the line.
> Bad practice? Clear evidence of inexperience? Broken > development process?... And the correct answer is #2 and #3. Clear evidence of inexperience - Things like this should be discussed with other developers, and the comment placed in the code should be something more informative than "Should this be here?" (perhaps "Could be avoided by XXXXX"),
Broken development process - As noted above, this should be discussed out of band to facilitate actually DOING THE RIGHT THING (as opposed to just patching over a bug and hoping the underlying cause doesn't cause any computers to catch fire).
Theo may be a fucking ass . . . let me rephrase that: Theo *IS* a fucking ass, but sometimes even the assholes are right.
Well as of right now, I thnk Apple's recall site is overwhelmed/slashdotted/whatever -- I submit my recall form but I don't get any confirmation page (in fact the page I get is blank & full of things that didn't load ("connection reset by peer").
I'd reccomend calling Apple tomorrow morning (certainly what I'll be doing) to be sure your request went through and your replacement battery is on the way if you didn't get a confirmation page.
The prompt should take the form "user@host:path % " - this is particularly important in environments with multiple machines, and a good idea anyway.
The shell should be set up for command-line editing (BASH comes this way IIRC, in KSH set -o emacs. If you have any *NIX users (probably not or you wouldn't be submitting this particular question) they can set -o vi if they prefer that.), and the backspace key should work properly (if you need to stty for this do it).
Shell aliases - forgive my bluntness but fuck the cutesy color shit on ls and any other utilities that wish to make things ugly. If ls comes aliased to "ls -color" or whatever, unalias it. ls should be ls, unadulterated. Same for rm (none of that crappy "rm -i" shit that some linux distros tend to use in the root shell. If I wanted to be bothered I'd add the flag myself, and "protecting users from themselves" will just piss them off).
What you should add are USEFUL aliases. My personal favorites: ll -> ls -al la ->ls -a lf -> ls -af j -> jobs h -> history
You should also take care to set a USEFUL default search path (/bin,/sbin,/usr/bin,/usr/sbin,/usr/local/bin,/usr/local/sbin). Generally I discourage adding., ~ and ~/bin to the search path, but doing so may make things easier for your users.
Consider which editor you drop your users into. Pico is a good choice for real newbies, EMACS is the next step up the ladder. vi is probably too different from the windows paradigm for most of your users,
Also take the time to explain other commands (apropos, man, whatis, whereis, which) that can make life easier.
I'm sure others have made additional suggestions, but hopefully this is somewhat helpful.
Slashdot Mirror
Ooh - EXCELLENT point!
This actually makes my "do it like the iPhone" idea untenable since the entire room would see your password one letter at a time...
What TFA is suggesting is probably one of the dumbest ideas I've heard since... EVER. That said, the dots are a usability issue -- I've got plenty of otherwise very smart users who screw up passwords constantly.
As a compromise measure I propose stealing something from Apple's playbook: The iPhone password entry interface. The last character typed is visible for 2-3 seconds, everything else is masked (and backspacing doesn't reveal characters, just makes the dots go away). The design doesn't suck, and the security compromise isn't as bad as "leave the password on-screen for everyone to see" like the article is suggesting.
I use multiple OSX, Linux and FreeBSD machines daily - The Mac is in my office, the rest are about 45 miles away in our datacenter. I spend 80% of the day logged into various machines remotely and spend a substantial chunk of time copying files from host to host. There's also the headache when dotfiles get out of sync and machines behave differently for what should be identical commands (beyond the usual BSD-vs-SysV crap)
:)
All by way of saying "Gee, wouldn't it be swell if I didn't have to manually sync these or painfully suffer through git merges?"
I'd be interested in answers for this from the "I want the same homedir contents everywhere, but NFS makes me vomit" standpoint :)
For managing the default profiles around the office we use git - the dotfiles & such are managed, and the rest is left as an exercise for the user.
It's not ideal (I hate it), but it's what we've got...
OK, your bank screwed the pooch and you should complain - LOUDLY - until it's fixed. You should also look for a bank that understands basic internet/web concepts like "SSL cert's CN must match DNS hostname" -- I fear for the rest of their infrastructure.
That said, you were logging into your bank, which presumably holds a large percentage of your cash assets, you received a SSL error and you continued the transaction?
You deserve to have your account cleaned out for reckless disregard for the security of your financial information. Go to a brick-and-mortar bank, or call them on the telephone (*gasp*) if your banking is so urgent.
I would never accept a candidate without at least an informal knowledge test -- It doesn't need to be a sit down written exam or a coding problem, I just need to know that you'll know what to do when the shit hits the fan without having me standing over your shoulder.
All the paper certs in the world and all the years of experience can't make up for talking to your applicant and determining that they're prone to panic when all the red lights are flashing.
As an iPhone guy I've got one nagging question -- When will we see a mobile browser that passes ACID 3 (and is it even possible with today's mobile hardware?)
Currently Mobile Safari chokes on ACID 3, and I think this is as much a deficiency of the hardware (not enough CPU power/RAM?) as it is of the rendering engine.
Any mobile platform experts care to weigh in on this one? I know at least one of the ACID 3 tests is a "performance" test, so do you think it's possible to get acceptable performance out of mobile hardware?
Webkit (Safari's engine) has hit the 100% mark, but as they themselves point out the animation "smoothness" ain't there just yet.
I don't consider the smoothness to be a critical thing personally, but the test designers do (and it's something I can understand -- you don't want one browser rendering beautiful and smooth while another is jerking and jumping all over the place).
Ignoring the whole debate over whether Opera's "100%" is valid and what it means to be a "released browser" that hits 100%, I'm still waiting for a pass that meets the full spirit of the test - Full rendering compliance & full animation smoothness - THAT (imho) is what is going to decide who won the race to pass ACID 3.
"USERS OF THIS SYSTEM HAVE NO REASONABLE EXPECTATION OF PRIVACY IN THE USE OF THIS SYSTEM. Unauthorized use may subject violators to criminal, civil, and/or disciplinary action. All activities and data entered or contained on this system may be monitored, intercepted, recorded, or captured in any manner and disclosed in any manner. Potential evidence of crime found on this computer system may be provided to law enforcement officials."
:)
That is from a (US)government system, used (or at least intended to be used) exclusively by adults. All my systems banner something very similar, and being that I'm a child-hater I know there are no minors logging on. It is a time-honored right of the sysadmin to monitor that which they manage for any use they may deem improper. If you are using a system you don't own end-to-end, you may as well chuck your expectation of privacy out the nearest window.
While I am 1000% against crapware like NetNanny and its ilk, even I - a bleeding heart pinko commie libertarian unamerican son of a bitch - have to say I agree wholeheartedly with thynk. His/Her attitude seems (at least to me) to be the right balance between trusting your kids and keeping them safe without draconian restrictions.
Above all it is the parents' responsibility to proactively monitor their children and protect them from the big-bad-world to the best of their abilities while simultaneously preparing them to deal with that same world (eg. "write me a paper on avoiding internet stalkers and I'll let you have a Myspace account.").
A parent has every right, and every duty, to violate their children's privacy in the course of meeting those two objectives - Although it's best to exercise some discretion in the process
I believe the federal law in cases like this states that once a transaction begins the merchant is required to accept any form of legal tender not excluded PRIOR to the beginning of the transaction.
:)
What does that mean? It means that if you walk into starbucks and order a latte and want to pay for your $10 coffee with a $100 bill they have to take it UNLESS they told you BEFORE beginning the transaction that they don't take $100 bills (usually via a tiny sign on the register saying "Nothing bigger than a $20")
IANAL, and this is something that we covered very briefly in a law class back in freshman year, so someone with better credentials than 6 credits 7 years ago should probably verify this
"Check those URLs" it says... so of course I post without checking what I pasted.
That first URL should link to Wikipedia -- http://en.wikipedia.org/wiki/A_Rape_in_Cyberspace
Grr...
But it may be relevant - http://www.overheardinnewyork.com/archives/010031. htmlp eincyberspace.html
And the original article (lots of other places, but this one works) http://loki.stockton.edu/~kinsellt/stuff/dibbelra
For those of you not familiar with it, the article in question describes a similar virtual "rape" on LambdaMOO (If you dont know, Google it.)
As to my opinion, I believe Virtual Rape should be dealt with by the Virtual Society as they see fit. It's just pixels on a screen folks, if you don't like it turn it off.
If you are [C]hiefly handling [T]echnical matters, it makes more sense for you to take the title of CTO (Chief Technical Officer). This is from the standpoint of someone who has run a corporation with outside investments.
Your friend, with business experience & the business degree is best suited for CFO or CEO, and will likely be able to converse with investors & potential clients on a financial level that people would expect someone with that title to be able to.
You on the other hand, since you came up with the original concept, should have stewardship over the implementation and management of the projects that will form the foundation of your business. You will also be responsible for speaking to investors & potential clients on the technical aspects of your business, plans for scalability, redundancy, etc. and essentially convincing them that it's a "Good Idea"
In terms of getting "Ripped Off", make sure that your stock is split evenly when you incorporate, and you're fine.
I thought DAP made silicone sealants.....
*shrug*
I have, in my basement, a Sun 4/670MP.
Engraved on the side of the power supply: 975W
Date on the manufacturing plate: 1983
'bout time PCs caught up.
Seriously... Normally I don't comment on the editorial process here, but WTFF?
Grandparent was referring to this Slashdot story with the typo in the title.
Know from whence ye speak.
A lot of people are talking a lot of shit, but the truth is Apple DID do something innovative here.
Two buttons: Not innovative, though using capacitive touch sensors is something new and interesting.
Vertical scroll w/ 3rd button: Not innovative. I've had 3-Button mice damn near forever, and scroll wheels have been foisted upon me since they became fashionable.
"4th Button" (side squeeze): Not original, but kinda innovative. The idea of 4 (5,6,7,8,9,10,11,...) button mice is getting old, but Apple has a good point for adding this (bring up the application switcher and scroll through your open apps, bring up Expose and scroll through your windows).
Horizontal & Diagonal scrolling: Innovative, and new (at least to me).
I haven't seen ANY mice yet with the ability to scroll horizontally and diagonally yet. Maybe not the most useful feature in the world for everyday users, but the principal BUSINESS USERS of macs are PUBLISHING SHOPS. You have to do quite a lot of panning around when piecing together a layout for publication, and I think this feature will be popular with publishers.
Simple: The batteries in the mouse die, and then it's useless.
Let's look at this logically:
Bluetooth mouse with commodity (AAA, AA, 9V) battery:
Battery gets weak, cursor tracks erratically, customer calls Apple support and whines, Apple has to remind them that Batteries Aren't Forever. Customer goes ApeShit trying to find a battery (never have one when you need one!) and has a generally lousy User Experience.
Bluetooth mouse with Li-Ion (or LI-Poly) battery:
Battery gets weak, cursor tracks erratically, customer has to leave mouse in chargey-cradle-thing until it recharges.
Eventually the battery stops accepting a charge (ala iPod) & customer pitches a fit about having to replace a $50 mouse and has a generally lousy User Experience (and a legitemate complaint IMHO).
USB Mouse with a few feet of cord:
Plugs into keyboard (either Left or Right USB port so no handedness issue), cord is long enough to allow quite a bit of free movement (and much improved since the early G4 days with the kinky cord judging by the current mice), and the damn thing never needs recharging. Since the cord doesn't really get in the way, the User Experience is Good overall, Apple has fewer complaints/support calls to deal with, and everybody wins.
Wireless mice are a great curiosity (LOOK! I can click on this icon from across the room!), but in practical terms they don't quite work out. USB Mice are a better choice for the average desktop user.
Apple. Eye. Book.
6. Hour. Battery. Life. . . . . BITCH!
(Okay it's more like 5, but still, long enough to make a nuisance of myself).
You. Are. Wrong.
The drag from rolling down your windows does not kill your fuel efficency as much as turning an AC compressor.
Don't believe me? Take your car to a track and run it until it stops - first with your windows down, then with the windows up and the AC on. See which runs longer.
As I understand it, you're wrong:
> You still have a trusted list that will redirect straight to the inbox.
According to the SenderID docs from Microsoft, your "trusted list" will NEVER BE CONSULTED -- the INBOUND SMTP SERVER will reject the message if there is no SPF record published, or if the originating mail server is not in the SPF record.
Ergo your filters never run - the message is never delivered to them because it is assumed that the message is spam.
Someone correct me if I'm wrong.
OK, I have to weigh in on this.
... And the correct answer is #2 and #3.
> Bahh... Let us suppose you're digging into the kernel in order
> to fix a specific bug. So you isolate the section of code
> relevant to your work and read through it until you
> understand how it works.
> During that process you note that if a portion of the kernel
> was organized differently (ala refactoring) bugs like the one
> you are dealing with would either not occur or be trivially easy
> to find/fix. Maybe there are reasons for the current
> organization you arn't aware of. Maybe you lack the
> knowledge or time required to do the refactor yourself.
> So you fix 'your' bug, tack in a comment to nudge others (or
> remind yourself) into considering refactoring a few versions
> down the line.
> Bad practice? Clear evidence of inexperience? Broken
> development process?
Clear evidence of inexperience - Things like this should be discussed with other developers, and the comment placed in the code should be something more informative than "Should this be here?" (perhaps "Could be avoided by XXXXX"),
Broken development process - As noted above, this should be discussed out of band to facilitate actually DOING THE RIGHT THING (as opposed to just patching over a bug and hoping the underlying cause doesn't cause any computers to catch fire).
Theo may be a fucking ass . . . let me rephrase that: Theo *IS* a fucking ass, but sometimes even the assholes are right.
Well as of right now, I thnk Apple's recall site is overwhelmed/slashdotted/whatever -- I submit my recall form but I don't get any confirmation page (in fact the page I get is blank & full of things that didn't load ("connection reset by peer").
I'd reccomend calling Apple tomorrow morning (certainly what I'll be doing) to be sure your request went through and your replacement battery is on the way if you didn't get a confirmation page.
This is actually a USEFUL Ask Slashdot...
r /local/sbin). Generally I discourage adding ., ~ and ~/bin to the search path, but doing so may make things easier for your users.
My two cents:
The prompt should take the form "user@host:path % " - this is particularly important in environments with multiple machines, and a good idea anyway.
The shell should be set up for command-line editing (BASH comes this way IIRC, in KSH set -o emacs. If you have any *NIX users (probably not or you wouldn't be submitting this particular question) they can set -o vi if they prefer that.), and the backspace key should work properly (if you need to stty for this do it).
Shell aliases - forgive my bluntness but fuck the cutesy color shit on ls and any other utilities that wish to make things ugly. If ls comes aliased to "ls -color" or whatever, unalias it. ls should be ls, unadulterated. Same for rm (none of that crappy "rm -i" shit that some linux distros tend to use in the root shell. If I wanted to be bothered I'd add the flag myself, and "protecting users from themselves" will just piss them off).
What you should add are USEFUL aliases. My personal favorites:
ll -> ls -al
la ->ls -a
lf -> ls -af
j -> jobs
h -> history
You should also take care to set a USEFUL default search path (/bin,/sbin,/usr/bin,/usr/sbin,/usr/local/bin,/us
Consider which editor you drop your users into. Pico is a good choice for real newbies, EMACS is the next step up the ladder. vi is probably too different from the windows paradigm for most of your users,
Also take the time to explain other commands (apropos, man, whatis, whereis, which) that can make life easier.
I'm sure others have made additional suggestions, but hopefully this is somewhat helpful.