There are very few instances when I actually need to rdesktop in and use a Windows machine.
One of those is when I've actually got to visit one of my online banking sites, which requires some obscure activex "security" extension to work. For someone who uses FF, noscript and occasional peeks at firebug, it really pisses me off when I have to disable all my own security checks to enable a site to "secure" itself.
This is just another instance where I'd have been hit if I had been a user of the said bank (and had to use IE to browse it).
My first impression of the book review was - "Oh gawd, a math book went 'OMG Ponies !!111'".
But I've sort of realized that form follows emotion and in a world where Math is not consider
cool (not in India though), something like this which stands away from the boring beige world
of mathematics would get more eyeballs into the basic subject. Not that I'd consider some
of it boring, by any stretch of imagination. And who
hasn't rewritten math problems into "real" problems ?
(xkcd has become lame of late - I suspect after his visit to MIT).
But such wedges into the insular cracks of things could be nice - to let people burn
through the "Thou Suckest"
phase of learning anything new. Especially when the field is full of elitist fifty year olds ("elite" is good, "elitist" is bad).
So if it makes a bunch of girls pick up math, good - just the same way Asterix&Obelix makes me want to learn French... we all just need a reason, to make whatever we're doing cool (ah, the tyranny of cool).
A distro is not a fork. It is not a fork if the patches flow upstream.
I know there are exceptions to this rule (iceweasel, icedove) but in general, all distros contribute back to the same pool.
The only issue here is consumer choice, not wasted developer power (unlike real forks). And the Novell fiasco shows the problems with having a single "one true way" distro - even if it is a community project (in which case its death comes from group think and dragging its feet on decisions).
I've sort of gazed for a few seconds at the CFS articles and the following phrase caught my attention the most
it uses a time-ordered rbtree to build a 'timeline' of future task execution
But more importantly, I think the factor which'll probably sway me the most is/proc/sys/kernel/sched_granularity_ns. Except I've been salting my config options with one true test... that kind of thing makes you paranoid about random tune-ups:)
> What is most showing is how fast it will be till Yahoo fixes this vunerability as a sign of their metal.
It is already fixed. And probably the security testing team added a new test-case to prevent recurrences.
What went on here is a pure case of ASWing.
Nearly every non-trivial application has a fair share of holes, some are just more high-rewards than others. We've found
XSS issues in Orkut, during random exploration. But having grown past sixteen, I've sent an email to the orkut feedback black hole and
next morning found the bug to be fixed without even a thank-you in reply (it sucks, but that's how nearly everyone treats
security bug reporters).
I'd have settled for a free Google t-shirt, but the guy in TFA doesn't deserve anything but censure for his fear-mongering.
Dexter's laboratory, Samurai Jack and Powerpuff Girls are enough to establish his genius. But he managed to turn around my
opinion about Star Wars (as someone born in
the eighties and having got a TV in the nineties) - while reinforcing my low opinion of George Lucas's later work.
Samurai Jack is really another example of a long epic saga, minimalistically drawn, yet full of life, twists and
curve balls.
Hopefully, they borrow the good parts from his work and not go all CG centric over the story telling part.
The feedback factor for SQL Injection is very low. It is very hard to generically detect the after-effects of a successful sql-injection attack.
In comparison,
something like XSS is easy because if you inject a string, the string re-appears in the HTML returned (HTML injection). The XSRF and XSS
attacks dominate the internet attacks because they are really easy to scan for - though technically that should be an excellent reason
they shouldn't exist:)
Rasmus Lerdorf has this awesome test-tool for XSS he keeps demo'ing (thankfully not released). You can see the tool in action in the background. But there's still
no real easy way to reliably scan for Sql injection.
If I remember correctly, Yahoo's oneSearch already did this ? Except it doesn't seem to be available for regular search.
On the other hand, I've been playing around with the Alpha (Beta) search, which seems to be much cooler.
But only available for australia (the cool interface must be due to their uber-cool
office).
Douglas Adams had talked a lot about technology guiding our life. His posthumous book Salmon of Doubt talks about the intermediate phase between the current world of dumb electronics and the time when we have truly intelligent machines. The brief period when the machines are dumber than the average human, yet the human has too much confidence in the machine to trust his/her own judgment will be really bad.
I'm afraid that is the world of Today. We trust our inanimate companions over humans because they are bereft of intent (and malice). But I suspect people are less likely to change than machines are likely to become more reliable. So... ++CARRIER ERROR
But before we panic and look at the bandwidth bills, let me congratulate the perverted genius of Mr spo0nman (and KingDiamond, indirectly).
All in all, I think Yahoo! deserves the most credit for boring the hell out of us "cheap indian labour" to make things like
this worth our time;)
A lot of people are replacing client-server apps with browser based apps, with zero install hassles -
which this particular example doesn't really have. But learning to build html apps in CGI mode is
easier than re-learning event loops for GTK land (even in perl).
Of course, debugging in-browser apps is getting easier with firebug
and other developer oriented firefox bits. Now, whether the app is built using perl-CGI, mod_perl,
php, ruby on rails, even servlets doesn't matter - the UI can actually work very well. For instance
my sudoku, in fact looks better in HTML
than if I (let me repeat, if *I*) had done it with GTK or MFC.
And CGI still hasn't lost its edge totally. There are places when you *have* to use CGI to do what you want.
I ran into one case when I couldn't
use php when I wanted to server pushes
on a live connection. Instead of firing multiple requests to the server, I hold the connection and push data when it comes available - sort of stateful connections reinvented for HTTP. Which has definite promise when you're building mashups, which fetch data from elsewhere without cross-user leakage (heh, if he can hijack TCP, I don't know what...) - flockr for instance uses such a script in the backend to feed it data (except I'll be an idiot to post a live CGI script to slashdot).
As an Indian from a relatively unconnected neck of woods, I love the OLPC project and what it might do to the future students of this world - and I've even played around with an OLPC for thirty minutes. But this particular feature annoys me a bit. I quote from the article.
the system allows countries to optionally establish a "license" period for the laptops, such as 21 days. When laptops are connected to the Internet, they will synchronize with an NTP server to obtain the correct time and date, and then obtain a license which must be renewed in the time specified. Laptops which are not renewed within the timeframe will lock.
As I mentioned before, the whole concept of an unconnected laptop or one with minimal internet access (i.e wireless mesh) goes for a toss with this feature. The worst of the activation features which windows has, negating the real advantage of having a laptop you could take literally anywhere. Locking out someone just because they couldn't hook their PC into the network for twenty days is no way to make OLPC work. The real way to keep them off the black market is to reward those who keep their machines intact - just like the way to get kids to come to school has been a free lunch programme (and I sit in an Indian state with 99% literacy rates).
Or if you're really interested in reducing the utility of the machines, send an access code to the school master every month - for the laptops to get on the internet.
You need to go pick up the coupon to get back on the internet and just kick the ones which are reported missing in audits - rather than go in for an active licensing scheme as mentioned in the document.
But in general, technical solutions for social (as well as economic) problems hardly work out, by themselves.
The technology center that gave birth to so many of the corner stones of modern computing... the mouse GUI, the laser printer (yeah, xerox...), ethernet and if I may say so - object oriented programming.
I'm not sure what it proves, but it does prove that when you're not thinking about immediate profit, there's so much you can do - but if you don't somebody'll pull the funding on you (and kick themselves years later).
I assume a lot of people just click through the terms and conditions, but as a perpetual cynic (and coming from a family of legal folk), I generally have a quick read through. Here's an interesting excerpt from youtube terms
For clarity, you retain all of your ownership rights in your User Submissions.
However, by submitting the User Submissions to YouTube, you hereby grant YouTube
a worldwide, non-exclusive, royalty-free, sublicenseable and transferable license
to use, reproduce, distribute, prepare derivative works of, display, and
perform the User Submissions in connection with the YouTube Website and YouTube's
(and its successor's) business,
So, big surprise ! They've got a derievative work with an ad all over it. And I
asked a lawyer. She said that that's pretty standard boilerplate, except hardly
anyone modifies your content to include ads. The delivery of ads has been
traditionally out of band of the content stream, but this makes sense.
From what I can gather, the basic issue that most religious folk have to do with stem cell research is that we're mucking around with human lives. Unless you can make this process look as simple as a cheek scraping for human cells (allergy research, for instance) the objections will not abate.
The argument that this cell couldn't have become a baby doesn't quite hold good and has been answered
before about harvesting eggs from fertility clinics.
So are these cells are still human, but without a potential human, doomed to die when the aminotic fluid drains. Some facts which might not matter to those who have decided all of this to be Playing God.
Kerala was the first state to do this - slashdot story (and the oblig. dupe).
But those stories paint Kerala as some hippie commune full of comrades - I've been following the developments in Kerala
for a while and in general all that makes sense.
Of course, most of these states are picking F/OSS for economic reasons - but not exactly about freedom and stuff. I've heard whispers from the gubment that it is the support contracts which are deal killers for F/OSS in general, but of late the government has started taking a socialist approach of doing it in-house rather than contracting it out to vendors (well, it doesn't sound socialist when a company does I.T, right).
When we first got a TV (1988), the TV had a power switch, five channels and definitely no remote. So, whenever we didn't need the TV, we just switched off the power and turned it on when we needed it.
When 1999 dawned, the TV was a flat screen 25" with a remote. And lo, we would turn off the power for the TV only when we left the house (locked up) or at night. And that was just because my house was on the very top of a hill and power lines were often hit by lightning (yeah, I had my modem explode once).
And finally, now in 2006 (in a different city), I have six things plugged in - from DVD player to the TV itself. And it is such a big mess that nobody ever unplugs anything at all - just use the remote to turn it on & off. That sleep mode does take a fair bit of power (well, tens of watts) which is just going to an absolute waste (well, heating the room).
It is these un-noticed devices which suck a constant, but econonomically neglible drain - which could be avoided. The things you can fix aren't always the biggest consumers (water heaters, refrigerator) but small things like these - in a global level.
It is not just such permanently on stuff that you have - the average geek still has more connectors than you'd think.
I realized this when I was in the high himalayas - and we were charging stuff before we left human habitation. (Oh, took the laptop to 18,000 feet).
I see some sort of strategy here - something very similar to what MSFT adopted against Apple, very succesfully - Building something that is cheaper, virtually the same - almost.
But the same rules may not apply in the world of online tools. Where GOOG is actually borrowing content to attract their actual product (i.e the users) whom them can then sell to customers (i,e advertisers) - Microsoft doesn't seem to have such a clear cut monetization plan from the looks of it. Seems to be more a case of dump enough money to smother the competitor approach, which I doubt will work with Google today.
I for one, would be more scared of Amazon and other publishers rather than such a half-hearted (peanut butter) effort by MSFT.
I used to see e ^ i theta as the essential conjoining point of geometry (i.e angles and trignometry) into the imaginary plane (which is really another co-ordinate system). Some inner beauty of the system where all math is connected, rather than divided into chapters in a textbook.
But cheap indian labour has little use for abstract math:(
Slashdot Mirror
There are very few instances when I actually need to rdesktop in and use a Windows machine.
One of those is when I've actually got to visit one of my online banking sites, which requires some obscure activex "security" extension to work. For someone who uses FF, noscript and occasional peeks at firebug, it really pisses me off when I have to disable all my own security checks to enable a site to "secure" itself.
This is just another instance where I'd have been hit if I had been a user of the said bank (and had to use IE to browse it).
James Morris has put up an analysis of the same vulnerabilities.
And pushing the system code down into lower echelons of execution (i.e kernel), the way SELinux does it, is a valid fix.
My first impression of the book review was - "Oh gawd, a math book went 'OMG Ponies !!111'".
But I've sort of realized that form follows emotion and in a world where Math is not consider cool (not in India though), something like this which stands away from the boring beige world of mathematics would get more eyeballs into the basic subject. Not that I'd consider some of it boring, by any stretch of imagination. And who hasn't rewritten math problems into "real" problems ? (xkcd has become lame of late - I suspect after his visit to MIT).
But such wedges into the insular cracks of things could be nice - to let people burn through the "Thou Suckest" phase of learning anything new. Especially when the field is full of elitist fifty year olds ("elite" is good, "elitist" is bad).
So if it makes a bunch of girls pick up math, good - just the same way Asterix&Obelix makes me want to learn French ... we all just need a reason, to make whatever we're doing cool (ah, the tyranny of cool).
A distro is not a fork. It is not a fork if the patches flow upstream.
...
I know there are exceptions to this rule (iceweasel, icedove) but in general, all distros contribute back to the same pool.
The only issue here is consumer choice, not wasted developer power (unlike real forks). And the Novell fiasco shows the problems
with having a single "one true way" distro - even if it is a community project (in which case its death comes from group
think and dragging its feet on decisions).
A distro, 'taint a fork
I've sort of gazed for a few seconds at the CFS articles and the following phrase caught my attention the most
But more importantly, I think the factor which'll probably sway me the most is /proc/sys/kernel/sched_granularity_ns. Except I've been salting my config options with one true test ... that kind of thing makes you paranoid about random tune-ups :)
> What is most showing is how fast it will be till Yahoo fixes this vunerability as a sign of their metal.
It is already fixed. And probably the security testing team added a new test-case to prevent recurrences.
What went on here is a pure case of ASWing. Nearly every non-trivial application has a fair share of holes, some are just more high-rewards than others. We've found XSS issues in Orkut, during random exploration. But having grown past sixteen, I've sent an email to the orkut feedback black hole and next morning found the bug to be fixed without even a thank-you in reply (it sucks, but that's how nearly everyone treats security bug reporters).
I'd have settled for a free Google t-shirt, but the guy in TFA doesn't deserve anything but censure for his fear-mongering.
Dexter's laboratory, Samurai Jack and Powerpuff Girls are enough to establish his genius. But he managed to turn around my opinion about Star Wars (as someone born in the eighties and having got a TV in the nineties) - while reinforcing my low opinion of George Lucas's later work. Samurai Jack is really another example of a long epic saga, minimalistically drawn, yet full of life, twists and curve balls.
Hopefully, they borrow the good parts from his work and not go all CG centric over the story telling part.
The feedback factor for SQL Injection is very low. It is very hard to generically detect the after-effects of a successful sql-injection attack.
In comparison, something like XSS is easy because if you inject a string, the string re-appears in the HTML returned (HTML injection). The XSRF and XSS attacks dominate the internet attacks because they are really easy to scan for - though technically that should be an excellent reason they shouldn't exist :)
Rasmus Lerdorf has this awesome test-tool for XSS he keeps demo'ing (thankfully not released). You can see the tool in action in the background. But there's still no real easy way to reliably scan for Sql injection.
If I remember correctly, Yahoo's oneSearch already did this ? Except it doesn't seem to be available for regular search.
On the other hand, I've been playing around with the Alpha (Beta) search, which seems to be much cooler. But only available for australia (the cool interface must be due to their uber-cool office).
Heh, to put it mildlyDouglas Adams had talked a lot about technology guiding our life. His posthumous book Salmon of Doubt talks about the intermediate phase between the current world of dumb electronics and the time when we have truly intelligent machines. The brief period when the machines are dumber than the average human, yet the human has too much confidence in the machine to trust his/her own judgment will be really bad.
I'm afraid that is the world of Today. We trust our inanimate companions over humans because they are bereft of intent (and malice). But I suspect people are less likely to change than machines are likely to become more reliable. So ... ++CARRIER ERROR
I'm afraid I can't let you do that, Mr AndersonOmg this stuff hit slashdot ? OMG OMG !
But before we panic and look at the bandwidth bills, let me congratulate the perverted genius of Mr spo0nman (and KingDiamond, indirectly). All in all, I think Yahoo! deserves the most credit for boring the hell out of us "cheap indian labour" to make things like this worth our time ;)
A lot of people are replacing client-server apps with browser based apps, with zero install hassles - which this particular example doesn't really have. But learning to build html apps in CGI mode is easier than re-learning event loops for GTK land (even in perl).
Of course, debugging in-browser apps is getting easier with firebug and other developer oriented firefox bits. Now, whether the app is built using perl-CGI, mod_perl, php, ruby on rails, even servlets doesn't matter - the UI can actually work very well. For instance my sudoku, in fact looks better in HTML than if I (let me repeat, if *I*) had done it with GTK or MFC.
And CGI still hasn't lost its edge totally. There are places when you *have* to use CGI to do what you want. I ran into one case when I couldn't use php when I wanted to server pushes on a live connection. Instead of firing multiple requests to the server, I hold the connection and push data when it comes available - sort of stateful connections reinvented for HTTP. Which has definite promise when you're building mashups, which fetch data from elsewhere without cross-user leakage (heh, if he can hijack TCP, I don't know what...) - flockr for instance uses such a script in the backend to feed it data (except I'll be an idiot to post a live CGI script to slashdot).
CGI ain't quite dead yet ...
As I mentioned before, the whole concept of an unconnected laptop or one with minimal internet access (i.e wireless mesh) goes for a toss with this feature. The worst of the activation features which windows has, negating the real advantage of having a laptop you could take literally anywhere. Locking out someone just because they couldn't hook their PC into the network for twenty days is no way to make OLPC work. The real way to keep them off the black market is to reward those who keep their machines intact - just like the way to get kids to come to school has been a free lunch programme (and I sit in an Indian state with 99% literacy rates).
Or if you're really interested in reducing the utility of the machines, send an access code to the school master every month - for the laptops to get on the internet. You need to go pick up the coupon to get back on the internet and just kick the ones which are reported missing in audits - rather than go in for an active licensing scheme as mentioned in the document.
But in general, technical solutions for social (as well as economic) problems hardly work out, by themselves.
The technology center that gave birth to so many of the corner stones of modern computing ... the mouse GUI, the laser printer (yeah, xerox ...), ethernet and if I may say so - object oriented programming.
I'm not sure what it proves, but it does prove that when you're not thinking about immediate profit, there's so much you can do - but if you don't somebody'll pull the funding on you (and kick themselves years later).
What were they working in the nineties ? IPV6 ?
I assume a lot of people just click through the terms and conditions, but as a perpetual cynic (and coming from a family of legal folk), I generally have a quick read through. Here's an interesting excerpt from youtube terms
For clarity, you retain all of your ownership rights in your User Submissions. However, by submitting the User Submissions to YouTube, you hereby grant YouTube a worldwide, non-exclusive, royalty-free, sublicenseable and transferable license to use, reproduce, distribute, prepare derivative works of, display, and perform the User Submissions in connection with the YouTube Website and YouTube's (and its successor's) business,
So, big surprise ! They've got a derievative work with an ad all over it. And I asked a lawyer. She said that that's pretty standard boilerplate, except hardly anyone modifies your content to include ads. The delivery of ads has been traditionally out of band of the content stream, but this makes sense.
Userfriendly had predicted the fate of voice recognition six years ago - rm -rf / and yet again !.
Does the dec 12th story make this one a dupe or was just early warning ?
From what I can gather, the basic issue that most religious folk have to do with stem cell research is that we're mucking around with human lives. Unless you can make this process look as simple as a cheek scraping for human cells (allergy research, for instance) the objections will not abate.
The argument that this cell couldn't have become a baby doesn't quite hold good and has been answered before about harvesting eggs from fertility clinics.
So are these cells are still human, but without a potential human, doomed to die when the aminotic fluid drains. Some facts which might not matter to those who have decided all of this to be Playing God.
Kerala was the first state to do this - slashdot story (and the oblig. dupe).
But those stories paint Kerala as some hippie commune full of comrades - I've been following the developments in Kerala for a while and in general all that makes sense.
Of course, most of these states are picking F/OSS for economic reasons - but not exactly about freedom and stuff. I've heard whispers from the gubment that it is the support contracts which are deal killers for F/OSS in general, but of late the government has started taking a socialist approach of doing it in-house rather than contracting it out to vendors (well, it doesn't sound socialist when a company does I.T, right).
When we first got a TV (1988), the TV had a power switch, five channels and definitely no remote. So, whenever we didn't need the TV, we just switched off the power and turned it on when we needed it.
When 1999 dawned, the TV was a flat screen 25" with a remote. And lo, we would turn off the power for the TV only when we left the house (locked up) or at night. And that was just because my house was on the very top of a hill and power lines were often hit by lightning (yeah, I had my modem explode once).
And finally, now in 2006 (in a different city), I have six things plugged in - from DVD player to the TV itself. And it is such a big mess that nobody ever unplugs anything at all - just use the remote to turn it on & off. That sleep mode does take a fair bit of power (well, tens of watts) which is just going to an absolute waste (well, heating the room).
It is these un-noticed devices which suck a constant, but econonomically neglible drain - which could be avoided. The things you can fix aren't always the biggest consumers (water heaters, refrigerator) but small things like these - in a global level.
It is not just such permanently on stuff that you have - the average geek still has more connectors than you'd think. I realized this when I was in the high himalayas - and we were charging stuff before we left human habitation. (Oh, took the laptop to 18,000 feet).
(or as some would say, they're permanently lagged - making 25 hours of work a day)
Beta (hindi: ) means Son.
First there was KVM switches and then there was the Java KVM (kilobyte VM).
Now there's the linux KVM which has nothing to do with either those or the Kernel VM rewrites of the linux past.
Leave that acronym alone !
I see some sort of strategy here - something very similar to what MSFT adopted against Apple, very succesfully - Building something that is cheaper, virtually the same - almost.
But the same rules may not apply in the world of online tools. Where GOOG is actually borrowing content to attract their actual product (i.e the users) whom them can then sell to customers (i,e advertisers) - Microsoft doesn't seem to have such a clear cut monetization plan from the looks of it. Seems to be more a case of dump enough money to smother the competitor approach, which I doubt will work with Google today.
I for one, would be more scared of Amazon and other publishers rather than such a half-hearted (peanut butter) effort by MSFT.
Euler's Identity - 'nuff said.
I used to see e ^ i theta as the essential conjoining point of geometry (i.e angles and trignometry) into the imaginary plane (which is really another co-ordinate system). Some inner beauty of the system where all math is connected, rather than divided into chapters in a textbook.
But cheap indian labour has little use for abstract math :(