I feel bad and perhaps it is because I feel ripped off by the "you have to buy 20 diferent calculators during your schooling monopoly" (i.e. Class A requires TI-83 Class B requires TI-84, ect.. and no they will not let you substitute a diferent model number)
I never had that problem. My calc. class in HS wanted everyone to have a TI-83, but no one ever actually CARED that mine wasn't. I'd say just buy and 89 (that's the best you get without being banned fron standardized tests) and tell them you'll figure out how to use it on their own.
When I went to college, calculators were either banned (in the case of math classes) or they didn't care (in the case of engineering classes).
The only thing you people who rip off songs manage to do is give the RIAA FUD material.
The RIAA can make the same claims whether you download or not.
I have not purchased more than 2 full price CDs per year for the last three years so don't give me crap about when I'll stop sending them money.
You're still giving them money. If everyone in the country buys a CD per year, they'll still have plenty on money to keep buying new laws, suing college professors, etc.
Did it never occur to you that if there wasn't a crime occurring, it would be that much harder to manufacture court "victories" to legitamize their position in the eyes of John Q. Public?
Did it ever occur to you the it would be much hard to start a war if it weren't for all those WMDs in Iraq?.....oh wait THERE WEREN'T ANY!
Money talks and bullshit walks. As long as they have the cash, they'll get whatever they want.
The FBI cannot make any person provide testimony which would be self-incriminating. If person A has been trading kiddie porn on Kazaa, they cannot make person B turn over the encryption key to the ZIP file that contains all of the kiddie porn he downloaded from person A.
Can you cite any relevant laws or cases?
The cryptonomicon FAQ states that this issue is still undecided. (see 10.3.4) Although I believe that page is quite old.
There seem to be a lot of issues here. My current understanding is that you should not expect to keep you encryption key secret.
This is mainly because a judge might hold you in contemp of court indefinately, until you gave them your key.
There seems to be a discussion of this very subject in Risks digest as well.
So far the only info I've ever heard on the subject is mere speculation.
Here's another discussion of the topic on the Rubberhose website (an encryotion scheme which offers deniable encryption). It's by far the best discussion of the subject I've seen, but even this (with its 159 footnotes) refuses to make a conclusive judgement on the topic. It states what the courts "should" do, but wouldn't do me much good in a jail cell. It's seems like the privacy of your crypto key is quite debatable.
IANAL, but I am quite interested in this topic, and AFAIK the issue is still up in the air.
And just how many people do that? If you want a clue, look at the adoption of Opera, and especially Mozilla (which doesn't have the cost barrier Opera hase) against IE. Despite the fact that IE is a security-hole-ridden pile of outdated junk and Opera and Mozilla beat it hands-down on features and standards compliance, huge numbers of people still use IE. Why? Because it came with the computer and they either don't know there are alternatives, don't want to know or aren't allowed to use them because they "aren't supported".
Here's the simple solution to a complex problem: SOMEBODY ELSE DOES THE BUNDLING OTHER THAN MICROSOFT!
I don't know why any antitrust verdicts haven't demanded this yet, but there should be 2 versions of windows:
-The version we have today
-A stripped down version with just the OS
The stripped down version should be priced in such a way that its price reflects on the cost of the bare OS, and therefore should be much cheaper that full-blown windows.
OEMs, third parties, etc should be able to buy liscense for this stripped-down OS bundle what they want with it and re-sell it.
Nobody uses Mozilla because it doesn't come preinstalled. There's no good reason for this, it's just a result of MS bullying resellers about what they can include.
What needs to happen is for you to buy a PC that has mozilla, open office, etc preinstalled and working out of the box. It would result in a significant price difference in a $500 Walmart PC, so it could actually result in some suprising adoption numbers.
That's funny, I'd tend to think that if you were a true music lover, you wouldn't support the record labels that enslave the musicians that make the music you love so much.
Yeah, cause who cares about missing out on the last 100 years of our musical history, that is currently own by corporations. [/sarcasm]
don't start getting preachy about what 'true music lovers' do.
It's pretty safe to say that if you're willing to give up listening to the previous 100 years of music, music isn't an important part of your life.
That judgemental attitude is as much a part of the problem as the behavior you're trying to deplore.
Actually, the ability to make value judgements is quite important. Without it you're stuck with moral relitivism and you get exactly nowhere.
If you actually believe that people are justified in ripping off songs, you're just an idiot, plain and simple.
If you think it's that black an white, you're the idiot.
You can't steal things just because you personally think that price is too high. Do you steal Gucci off the racks? Do you steal Porsches from dealerships? Do you steal Nikes from department stores?
Nope, but they don't have a monopoly on the last 100 years of clothing, car and shoe production. And of course, downloading an album that you would never have bought doesn't deprive the RIAA of money, unlike stealing a Porsche.
You don't like the business, or you don't like the music, you don't buy the product.
Yep, and just miss out on the last 100 years of our musical history. That's a GREAT idea. Especially since a lot of those Vietnam-era protest songs are becoming quite relevant given our current military situation. Why would andbody ever want to listen to "American Woman" or "Fortunate Son"? Who cares if music that was an intergral part of the social the movement of the 60's could teach Americans about the previous generation's mishaps, it's copyrighted and there's no way you can listen to it without supporting and illegal corporate cartel.
so don't talk to me about "when" I'll stop sending them money.
And why the hell shouldn't I do that? Maybe if you you don't want to talk about it, you shouldn't come on slashdot and be an arrogant asshole. Nobody asked you for your opinion.
You're essentially trying to dismiss one of my arguments by saying "I don wanna talk about it."
Cry me a river. God forbid you acutally think about what that money goes for once it changes hands.
First, there are all the people who go snag copies of music because they're too a) lazy, b) stupid, c) cheap, or d) all of the above to either go buy a copy or just not buy it at all
Bullshit. There are three options:
Listen to RIAA music and pay
Listen to RIAA music and not pay
Don't listen to RIAA music
Now, if you're a true music lover, option 3 is just out of the question. I could happily go the rest of my life without ever listening the newest Backstreet Boys album, but there's no way in hell I'm going to not listen to say Led Zeppelin or Jimi Hendrix.
So now the choice is between #1 and #2. So, one might decide to think about the consequences of choice #1 vs. #2. Sure, you're supposed to pay, but some people actually care where that money goes. How out of control would the RIAA have to get before you stopped giving them money?
-Would they need to start physically assaulting artists who don't sign with them?
-Would $5 of every purchase need to go towards the clubbing of baby seals?
-What if they used 100% of their profits to sponsor domestic and international terrorism?
You see, there's the law, and then there's what's right. The RIAA's business model consists of creating artificial scarcity and monopolizing distribution channels as well as buying off politicians. They are criminals.
The only reason they're not in jail is because they stole a small amount of money from a large number of people, and corporate crime is not taken seriously here. No matter how much they've stolen from you via their actions, the most you're ever going to see is $20.
What would be interesting to see is a fair turnabout of that judgement, where the most they can ever get from some file-sharer is $20.
These blocks are too unreliable to make anything worthwhile, and the design will not last. The built-in batteries are unacceptable, and as other people already commented, the probability of failure grows fast with the number of components. Sooner or later the batteries will be failing, and while they are busy at that you will be busy frantically debugging the design. Let me tell you, power problems are highly unpleasant to debug even if you have a decent scope because failures at some marginal, barely working, Vcc will be intermittent and undetectable.
This right here is what I would call a huge load of bullshit.
While it is true that imtermittent power supply problems can be a bitch to debug. BATTERIES are a remarkably well-behaved power source, and it's fricken easy to tell if your batteries are dead. You don't need an oscilloscope to tell you your battery's dead. Just measure the voltage. If it's out of spec, replace.
But if you don't plan to become an engineer, but only want to make some IR-operated control for your house, don't try to use those "blocks", or bredboards, or wire wrap - that is nothing but waste of time. Begin with a design on paper. Then simulate it if you can (you can if you have a computer.) Then either etch the PCB, or order one (tools are free, job about $100) and assemble your new toy yourself.
Maybe if you suck at assembling things. Personally, the first internship I had, I spend a lot of time assembling prototypes of analog circuits on perfboard for engineers. Sure simulation is useful, but in the end you need to test the thing out in hardware. It's nice to be able to build that simple circuit on a $5 perfboard (as opposed to a $100 PCB) and try it out THE SAME DAY.
You don't want, in fact, study how to make a decent RF amplifier - you buy one from Minicircuits for less than a dollar.
Sure you do.
A) You need to understand what you're buying.
B) If you want to build a 1GHz 100W transmitter, it is not a $1 minicircuits part. You need to do all the biasing and matching yourself.
C) Who the hell is designing the amplifier for Mini Circuits? SOMEBODY needs to know how to do it.
What it comes down to is I think you don't understand the point:
People just getting started don't want to hunt down simulation software, PCB design tool, eval boards (how do they know what to buy?) and the like.
I started playing around with perfboards something around the middle school to junior high timeframe. I was NOT about to set up a whole goddammed end-to-end EE design flow system.
I built simple things using discrete IC's and components, many of the designs from Forrest Mims books.
Maybe you don't think this would be useful for YOU, but don't go pissing in everyone else's Cheerios. This stuff is not meant for someone who knows how to decide which FPGA demo board to buy, program it, simulate it, and hook up all your own driver and sensor circuitry.
This stuff is meant for someone who's just getting started
This is meant to be like legos for electronics.
What you're saying is like "Don't waste all that time messing around with legos. They're unreliable. Get a 3D design package and simulate it then, send a machine shop the files, they can make a small part for you out of aluminum for just a few hundred dollars."
A lot of the strength of kevlar comes from its weave; bulletproof applications and such have very fine weaves to prevent particles from getting between the threads. I assure you, it is VERY difficult to damage the kevlar weave badly enough that it is rendered useless. I did a university research project that involved kevlar, and I would definitely trust a battered and beaten kevlar helmet over a steel one any day.
I think you're forgetting a KEY factor here. A kevlar helmet would be useless. The bullet would just push the kevlar into your skull.
Kevlar is mixed with epoxy when put into actualy use, resulting in a composite material like fiberglass. Like fiberglass, it doesn't not hold up well if you put a dent in it. The dent causes the material to flex and concetrates stresses at particular points.
You can beat a dent out of steel, but you can't do the same with kevlar. It's structure's been comprimised.
If I got a choice of new helmets, I'd take the kevlar, but if I had to pick between a damaged steel helmet and a damaged kevlar helmet, I'd take the steel in a heartbeat.
There's a fundamental difference between your scenario and the traditional vulnerability discovery: the existance of an attack in the wild. In your case, you are not so much writing up the discovery a vulnerability as you are writing up a report on an attack that just in your scenario exploits a previously unknown vulnerability.
But here's the tricky thing:
What if I notice a successful attack, but only report it to the vendor, because I don't think it's "widespread" and then 500 people do the exact same thing?
The cat is clearly out of the bag and the info needs to be disclosed ASAP, but the vendor will probably sit on it until they get around to fixing it and then downplay it because they don't want bad PR.
The only way to really know if something is actually being exploited is full-disclosure. Telling a trusted third party might be a possible solution, but a consensus on a trusted third party would never be reached. Organizing hackers is like herding cats.
If the company has a long record of being useless, of course, that would suggest that giving them time to fix the problem is wasted time, in which case full disclosure is probably the best option. That's probably also the case in the situation you describe, where you know for sure that a vulnerability is being exploited in a potentially serious or widespread way; in that case there isn't time for the niceties of advance warning and obviously admins need to be warned ASAP. But it's still good form to get word to the company first, or at least at the same time, so that they can try to fix the problem as soon as possible.
I can understand that viewpoint, but the are some key flaws in the whole "notify the vendor only" approach. Personally I wish things in the security business went this way:
Flaw is discovered and vendor is notified immediately
Flaw is posted to a weekly full-disclosure list
Admins pull affected software off the net until a fix is released
Admins wait for a fix or put the service back up using different software
Another possibility would be to have a trusted third party that gets notified at the same time as the vendor. The resaon for this:
In my example I theoretically found out there were thousands of zombies. Let's say I didn't do all that research. What if an exploit is rampant in the wild, but people are only reporting it to the vendor?
I think that's a key failing of the "only tell the vendor" method. You could have 500 people complaining to the vendor, and vendor probably wouldn't warn anyone else because they don't want the bad PR.
Yea, the same users who don't install well known years old patches are going to search out and early adopt a patch from 'some guy'. Puhleeze.
Those are the users who are going to ge hosed no matter what. It doesn't matter if you choose A or B they're still going to get owned.
Since you can't do anything about them, you should be worried about they people who are actually going to do something once they hear the announcement.
I think name recognition is one of the key things here: I wonder how well the ipod mini would be doing if it was exactly the same as the ipod except for being covered in sharp, prickly spikes.
Some people buy $100 sunglasses. It's marketing. How many Apple press releases^W^W^W news stories have you seen about the ipod mini?
So? What are you saying? Because for some people the sound will still be off, it shouldn't be sync'd for everybody else?
Since you aren't the only one having trouble, I'll explain this guy's post.
"Action" video games rely on a low latency in the following control loop:
game system=>video display=>eyes=>brain=>hands=>controller=>gam e system
If the time delay in this loop gets too big, certain games become impossible, and certain other games become extremely unrealistic.
An example would be Grand Turismo. It would royally piss me off if what the game system thought I was seeing and what I was acutally seeing was off by 100msec. That's enough to royally fuck you up when you're trying to brake as late as possible for that hairpin corner.
Sure it's possible to deal with audio delay fairly easily on a non-interactive medium like a DVD, but when you, the TV, and the game system are forming a control loop, delay can be very important.
You can maybe dodge a missile. You can't dodge a zero flight time laser.
Except that lasers acutually move pretty slow. Haven't you seen Star Wars?*
* (Seriously though, there's no such thing as "zero flight time". Light moves fast, but it does take time to get there. The trick is that there's no way for the knowledge that the beam has been fired to get there BEFORE the beam itself gets there so you can't even attempt to dodge it. If there was a way for you to know when the laser was fired, you have roughly 1 nanosecond of time for every foot of distance the laser had to travel. You might acutally be able to dodge it, but the acceleration required to do so would destroy whatever you were trying to protect in the first place.)
You could always release it to the company whose product is affected and give them $suitable_time to fix the vulnerability before you post on Bugtraq. That way it isn't just you that's working on a fix, and you look like you've tried to be a responsible netizen when, having failed to fix the problem in $reasonable_time, their shit gets cracked to pieces. That has always been the responsible way of announcing vulnerabilities; I don't see that this changes the situation.
Well, let me give you a hypothetical situation where this is NOT the reasonable solution:
You discover an OS vulnerability, not by chance, but because someone exploited it to steal your online banking information. With a little reseach, you find out that the work is being done by some zombie net with thousands of nodes that will take forever to shut down.
The OS vendor has a piss-poor security record and you KNOW that they will take forever to release a patch, but you've found a temporary fix that while removing certain functionality, prevents the exploit.
Should you:
A) A post full-disclosure immediately, allowing users to quick-fix their systems and preventing countless acts of information theft.
B) Send an email to the vendor and wait when they tell you it's going to take 6 weeks to fix.
The problem with your approach is that it assumes no one but the vendor can do anything about the problem. The user always has the choice to quit using the affected product.
My major concern is that some terror group (you know, those guys that hate us and are willing to die for their cause) gets ahold of a warhead and drives it someplace interesting. Not sure how a missile defense shield would help that.
Sure that's my major concern too.
A less major concern of mine is that someone like Osama uses his millions of dollars to pay off the right person in Russia/Chechnya to get his hands on a missle.
I think it's worth realizing that today, we don't really have a good defense against some of these missles, and perhaps we should fix that. Right now, our plan is "Nuke the hell out of whoever sent the missles". I for one, would like to see a better plan. "Shoot down the missles before they hit us" seems like a much better idea.
Unfortunately, that turns out not to be the case. Think of any random business requirement that can be addressed by software - say, "Capital Depreciation Analysis". Google for a set of products to evaluate.
Something like that is highly business and user dependent. There's always going to be SOMEONE in the company that needs something special, this doesn't mean it isn't feasible to move the standard corporate desktop to a different platform.
Anyways, in my field (EE) I'm beginning to notice a push towards Linux versions of many packages. This kind of harkens back to the old days, when much of the serious, specialized engineering software ran on things like Sun workstations.
We're talking about SWITCHING cost. There is ALWAYS a cost to switching platforms/software, etc. You're talking about operating costs. Completely different.
It's always easy to play with numbers to make them say anything you want unless you look at the bottom line. In the case, the bottom line is the cost difference between setting up and running the two systems. That's the number that matters.
We don't spend any time with "typical MS problems like Outlook viruses and the like". We don't use Outlook for anything,
Then it sounds like you aren't typical.
Our computers are zero maintenance,
Then your computers must be from some magical fairy land where patches never come out, new versions of XXX are never released and users never break anything.
Sure, there's no switching cost as long as you get your ass over here and show my company how to use this damn Linux thing, and you find, install, and train us on business apps that are as good as the ones we have now.
Simple solution, fire a MSCE and hire a RHCE. And if your company doesn't have support now, why are you expecting it for free for Linux? In order for there to be cost here, you'd have to claim that Linux is MORE expensive to install and maintain, not just that it costs money to install and maintian.
Sure, there's no switching cost as long as you get your ass over here and show my company how to use this damn Linux thing, and you find, install, and train us on business apps that are as good as the ones we have now.
There's only a cost if that time exceeds the amount of time users waste dealing with typical MS problems like Outlook viruses and the like. I expect you might actually see a cost here, but for a large organization, it could probably be offset by the cost savings in maintenance.
I thought I was the only one who used English measurements for measurements longer than 1 inch, and Metric (millimeters, centimeters) for smaller than 1 inch of length.
Slashdot Mirror
I feel bad and perhaps it is because I feel ripped off by the "you have to buy 20 diferent calculators during your schooling monopoly" (i.e. Class A requires TI-83 Class B requires TI-84, ect.. and no they will not let you substitute a diferent model number)
I never had that problem. My calc. class in HS wanted everyone to have a TI-83, but no one ever actually CARED that mine wasn't. I'd say just buy and 89 (that's the best you get without being banned fron standardized tests) and tell them you'll figure out how to use it on their own.
When I went to college, calculators were either banned (in the case of math classes) or they didn't care (in the case of engineering classes).
Wow.. Iraq... yes, I equate wars to getting ripped off at The Wall all the time. You really are a dumbass after all.
Wow! What a classy way to totally miss the point of my example. I was obviously claiming the the RIAA is violating UN resolutions.[/sarcasm]
Nobody held a gun to anyone's head to sign contracts. Stupid bands did that of their own volition.
Yes, I'm sure all those bands in the 60's could have easily bought their own presses. Do you have absolutely no concept of history?
Nobody is forcing it to continue.
Maybe you should actually read something about the subject before opening your mouth.....
Miss out on WHAT?
.....oh wait THERE WEREN'T ANY!
100 years of musical history.
The only thing you people who rip off songs manage to do is give the RIAA FUD material.
The RIAA can make the same claims whether you download or not.
I have not purchased more than 2 full price CDs per year for the last three years so don't give me crap about when I'll stop sending them money.
You're still giving them money. If everyone in the country buys a CD per year, they'll still have plenty on money to keep buying new laws, suing college professors, etc.
Did it never occur to you that if there wasn't a crime occurring, it would be that much harder to manufacture court "victories" to legitamize their position in the eyes of John Q. Public?
Did it ever occur to you the it would be much hard to start a war if it weren't for all those WMDs in Iraq?
Money talks and bullshit walks. As long as they have the cash, they'll get whatever they want.
The FBI cannot make any person provide testimony which would be self-incriminating. If person A has been trading kiddie porn on Kazaa, they cannot make person B turn over the encryption key to the ZIP file that contains all of the kiddie porn he downloaded from person A.
Can you cite any relevant laws or cases?
The cryptonomicon FAQ states that this issue is still undecided. (see 10.3.4) Although I believe that page is quite old.
There seem to be a lot of issues here. My current understanding is that you should not expect to keep you encryption key secret.
This is mainly because a judge might hold you in contemp of court indefinately, until you gave them your key.
There seems to be a discussion of this very subject in Risks digest as well.
So far the only info I've ever heard on the subject is mere speculation.
Here's another discussion of the topic on the Rubberhose website (an encryotion scheme which offers deniable encryption).
It's by far the best discussion of the subject I've seen, but even this (with its 159 footnotes) refuses to make a conclusive judgement on the topic. It states what the courts "should" do, but wouldn't do me much good in a jail cell. It's seems like the privacy of your crypto key is quite debatable.
IANAL, but I am quite interested in this topic, and AFAIK the issue is still up in the air.
And just how many people do that? If you want a clue, look at the adoption of Opera, and especially Mozilla (which doesn't have the cost barrier Opera hase) against IE. Despite the fact that IE is a security-hole-ridden pile of outdated junk and Opera and Mozilla beat it hands-down on features and standards compliance, huge numbers of people still use IE. Why? Because it came with the computer and they either don't know there are alternatives, don't want to know or aren't allowed to use them because they "aren't supported".
Here's the simple solution to a complex problem:
SOMEBODY ELSE DOES THE BUNDLING OTHER THAN MICROSOFT!
I don't know why any antitrust verdicts haven't demanded this yet, but there should be 2 versions of windows:
-The version we have today
-A stripped down version with just the OS
The stripped down version should be priced in such a way that its price reflects on the cost of the bare OS, and therefore should be much cheaper that full-blown windows.
OEMs, third parties, etc should be able to buy liscense for this stripped-down OS bundle what they want with it and re-sell it.
Nobody uses Mozilla because it doesn't come preinstalled. There's no good reason for this, it's just a result of MS bullying resellers about what they can include.
What needs to happen is for you to buy a PC that has mozilla, open office, etc preinstalled and working out of the box. It would result in a significant price difference in a $500 Walmart PC, so it could actually result in some suprising adoption numbers.
That's funny, I'd tend to think that if you were a true music lover, you wouldn't support the record labels that enslave the musicians that make the music you love so much.
Yeah, cause who cares about missing out on the last 100 years of our musical history, that is currently own by corporations. [/sarcasm]
don't start getting preachy about what 'true music lovers' do.
It's pretty safe to say that if you're willing to give up listening to the previous 100 years of music, music isn't an important part of your life.
That judgemental attitude is as much a part of the problem as the behavior you're trying to deplore.
Actually, the ability to make value judgements is quite important. Without it you're stuck with moral relitivism and you get exactly nowhere.
If you actually believe that people are justified in ripping off songs, you're just an idiot, plain and simple.
If you think it's that black an white, you're the idiot.
You can't steal things just because you personally think that price is too high. Do you steal Gucci off the racks? Do you steal Porsches from dealerships? Do you steal Nikes from department stores?
Nope, but they don't have a monopoly on the last 100 years of clothing, car and shoe production. And of course, downloading an album that you would never have bought doesn't deprive the RIAA of money, unlike stealing a Porsche.
You don't like the business, or you don't like the music, you don't buy the product.
Yep, and just miss out on the last 100 years of our musical history. That's a GREAT idea. Especially since a lot of those Vietnam-era protest songs are becoming quite relevant given our current military situation. Why would andbody ever want to listen to "American Woman" or "Fortunate Son"? Who cares if music that was an intergral part of the social the movement of the 60's could teach Americans about the previous generation's mishaps, it's copyrighted and there's no way you can listen to it without supporting and illegal corporate cartel.
so don't talk to me about "when" I'll stop sending them money.
And why the hell shouldn't I do that? Maybe if you you don't want to talk about it, you shouldn't come on slashdot and be an arrogant asshole. Nobody asked you for your opinion.
You're essentially trying to dismiss one of my arguments by saying "I don wanna talk about it."
Cry me a river. God forbid you acutally think about what that money goes for once it changes hands.
Bullshit. There are three options:
Now, if you're a true music lover, option 3 is just out of the question. I could happily go the rest of my life without ever listening the newest Backstreet Boys album, but there's no way in hell I'm going to not listen to say Led Zeppelin or Jimi Hendrix.
So now the choice is between #1 and #2. So, one might decide to think about the consequences of choice #1 vs. #2. Sure, you're supposed to pay, but some people actually care where that money goes. How out of control would the RIAA have to get before you stopped giving them money?
-Would they need to start physically assaulting artists who don't sign with them?
-Would $5 of every purchase need to go towards the clubbing of baby seals?
-What if they used 100% of their profits to sponsor domestic and international terrorism?
You see, there's the law, and then there's what's right. The RIAA's business model consists of creating artificial scarcity and monopolizing distribution channels as well as buying off politicians.
They are criminals.
The only reason they're not in jail is because they stole a small amount of money from a large number of people, and corporate crime is not taken seriously here.
No matter how much they've stolen from you via their actions, the most you're ever going to see is $20.
What would be interesting to see is a fair turnabout of that judgement, where the most they can ever get from some file-sharer is $20.
These blocks are too unreliable to make anything worthwhile, and the design will not last. The built-in batteries are unacceptable, and as other people already commented, the probability of failure grows fast with the number of components. Sooner or later the batteries will be failing, and while they are busy at that you will be busy frantically debugging the design. Let me tell you, power problems are highly unpleasant to debug even if you have a decent scope because failures at some marginal, barely working, Vcc will be intermittent and undetectable.
This right here is what I would call a huge load of bullshit.
While it is true that imtermittent power supply problems can be a bitch to debug. BATTERIES are a remarkably well-behaved power source, and it's fricken easy to tell if your batteries are dead. You don't need an oscilloscope to tell you your battery's dead. Just measure the voltage. If it's out of spec, replace.
But if you don't plan to become an engineer, but only want to make some IR-operated control for your house, don't try to use those "blocks", or bredboards, or wire wrap - that is nothing but waste of time. Begin with a design on paper. Then simulate it if you can (you can if you have a computer.) Then either etch the PCB, or order one (tools are free, job about $100) and assemble your new toy yourself.
Maybe if you suck at assembling things. Personally, the first internship I had, I spend a lot of time assembling prototypes of analog circuits on perfboard for engineers. Sure simulation is useful, but in the end you need to test the thing out in hardware. It's nice to be able to build that simple circuit on a $5 perfboard (as opposed to a $100 PCB) and try it out THE SAME DAY.
You don't want, in fact, study how to make a decent RF amplifier - you buy one from Minicircuits for less than a dollar.
Sure you do.
A) You need to understand what you're buying.
B) If you want to build a 1GHz 100W transmitter, it is not a $1 minicircuits part. You need to do all the biasing and matching yourself.
C) Who the hell is designing the amplifier for Mini Circuits? SOMEBODY needs to know how to do it.
What it comes down to is I think you don't understand the point:
People just getting started don't want to hunt down simulation software, PCB design tool, eval boards (how do they know what to buy?) and the like.
I started playing around with perfboards something around the middle school to junior high timeframe. I was NOT about to set up a whole goddammed end-to-end EE design flow system.
I built simple things using discrete IC's and components, many of the designs from Forrest Mims books.
Maybe you don't think this would be useful for YOU, but don't go pissing in everyone else's Cheerios. This stuff is not meant for someone who knows how to decide which FPGA demo board to buy, program it, simulate it, and hook up all your own driver and sensor circuitry.
This stuff is meant for someone who's just getting started
This is meant to be like legos for electronics.
What you're saying is like "Don't waste all that time messing around with legos. They're unreliable. Get a 3D design package and simulate it then, send a machine shop the files, they can make a small part for you out of aluminum for just a few hundred dollars."
A lot of the strength of kevlar comes from its weave; bulletproof applications and such have very fine weaves to prevent particles from getting between the threads. I assure you, it is VERY difficult to damage the kevlar weave badly enough that it is rendered useless. I did a university research project that involved kevlar, and I would definitely trust a battered and beaten kevlar helmet over a steel one any day.
I think you're forgetting a KEY factor here. A kevlar helmet would be useless. The bullet would just push the kevlar into your skull.
Kevlar is mixed with epoxy when put into actualy use, resulting in a composite material like fiberglass. Like fiberglass, it doesn't not hold up well if you put a dent in it. The dent causes the material to flex and concetrates stresses at particular points.
You can beat a dent out of steel, but you can't do the same with kevlar. It's structure's been comprimised.
If I got a choice of new helmets, I'd take the kevlar, but if I had to pick between a damaged steel helmet and a damaged kevlar helmet, I'd take the steel in a heartbeat.
There's a fundamental difference between your scenario and the traditional vulnerability discovery: the existance of an attack in the wild. In your case, you are not so much writing up the discovery a vulnerability as you are writing up a report on an attack that just in your scenario exploits a previously unknown vulnerability.
But here's the tricky thing:
What if I notice a successful attack, but only report it to the vendor, because I don't think it's "widespread" and then 500 people do the exact same thing?
The cat is clearly out of the bag and the info needs to be disclosed ASAP, but the vendor will probably sit on it until they get around to fixing it and then downplay it because they don't want bad PR.
The only way to really know if something is actually being exploited is full-disclosure. Telling a trusted third party might be a possible solution, but a consensus on a trusted third party would never be reached. Organizing hackers is like herding cats.
I can understand that viewpoint, but the are some key flaws in the whole "notify the vendor only" approach. Personally I wish things in the security business went this way:
Another possibility would be to have a trusted third party that gets notified at the same time as the vendor. The resaon for this:
In my example I theoretically found out there were thousands of zombies. Let's say I didn't do all that research. What if an exploit is rampant in the wild, but people are only reporting it to the vendor?
I think that's a key failing of the "only tell the vendor" method. You could have 500 people complaining to the vendor, and vendor probably wouldn't warn anyone else because they don't want the bad PR.
Yea, the same users who don't install well known years old patches are going to search out and early adopt a patch from 'some guy'. Puhleeze.
Those are the users who are going to ge hosed no matter what. It doesn't matter if you choose A or B they're still going to get owned.
Since you can't do anything about them, you should be worried about they people who are actually going to do something once they hear the announcement.
Umm, there is more to a product than technical specs.
1) Size
2) Design (!!!)
3) Target audience
4) marketing/brand recognition
5) Crappy headphone jack......wait that's not good!
I think name recognition is one of the key things here:
I wonder how well the ipod mini would be doing if it was exactly the same as the ipod except for being covered in sharp, prickly spikes.
Some people buy $100 sunglasses. It's marketing. How many Apple press releases^W^W^W news stories have you seen about the ipod mini?
For all practical purposes, 300 mile range in 0.0016 seconds is close enough to zero as to not make a difference...:)
Actually I bet they still have to "lead" the target just a little tiny bit.
A missle traveling at mach 2 is going to move a meter in that much time.
If you were shooting at anything but missles it wouldn't matter.
So? What are you saying? Because for some people the sound will still be off, it shouldn't be sync'd for everybody else?
Since you aren't the only one having trouble, I'll explain this guy's post.
"Action" video games rely on a low latency in the following control loop:
game system=>video display=>eyes=>brain=>hands=>controller=>gam e system
If the time delay in this loop gets too big, certain games become impossible, and certain other games become extremely unrealistic.
An example would be Grand Turismo. It would royally piss me off if what the game system thought I was seeing and what I was acutally seeing was off by 100msec. That's enough to royally fuck you up when you're trying to brake as late as possible for that hairpin corner.
Sure it's possible to deal with audio delay fairly easily on a non-interactive medium like a DVD, but when you, the TV, and the game system are forming a control loop, delay can be very important.
You can maybe dodge a missile. You can't dodge a zero flight time laser.
Except that lasers acutually move pretty slow. Haven't you seen Star Wars?*
* (Seriously though, there's no such thing as "zero flight time". Light moves fast, but it does take time to get there. The trick is that there's no way for the knowledge that the beam has been fired to get there BEFORE the beam itself gets there so you can't even attempt to dodge it. If there was a way for you to know when the laser was fired, you have roughly 1 nanosecond of time for every foot of distance the laser had to travel. You might acutally be able to dodge it, but the acceleration required to do so would destroy whatever you were trying to protect in the first place.)
You could always release it to the company whose product is affected and give them $suitable_time to fix the vulnerability before you post on Bugtraq. That way it isn't just you that's working on a fix, and you look like you've tried to be a responsible netizen when, having failed to fix the problem in $reasonable_time, their shit gets cracked to pieces. That has always been the responsible way of announcing vulnerabilities; I don't see that this changes the situation.
Well, let me give you a hypothetical situation where this is NOT the reasonable solution:
You discover an OS vulnerability, not by chance, but because someone exploited it to steal your online banking information. With a little reseach, you find out that the work is being done by some zombie net with thousands of nodes that will take forever to shut down.
The OS vendor has a piss-poor security record and you KNOW that they will take forever to release a patch, but you've found a temporary fix that while removing certain functionality, prevents the exploit.
Should you:
A) A post full-disclosure immediately, allowing users to quick-fix their systems and preventing countless acts of information theft.
B) Send an email to the vendor and wait when they tell you it's going to take 6 weeks to fix.
The problem with your approach is that it assumes no one but the vendor can do anything about the problem. The user always has the choice to quit using the affected product.
My major concern is that some terror group (you know, those guys that hate us and are willing to die for their cause) gets ahold of a warhead and drives it someplace interesting. Not sure how a missile defense shield would help that.
Sure that's my major concern too.
A less major concern of mine is that someone like Osama uses his millions of dollars to pay off the right person in Russia/Chechnya to get his hands on a missle.
I think it's worth realizing that today, we don't really have a good defense against some of these missles, and perhaps we should fix that. Right now, our plan is "Nuke the hell out of whoever sent the missles". I for one, would like to see a better plan. "Shoot down the missles before they hit us" seems like a much better idea.
Unfortunately, that turns out not to be the case. Think of any random business requirement that can be addressed by software - say, "Capital Depreciation Analysis". Google for a set of products to evaluate.
Something like that is highly business and user dependent. There's always going to be SOMEONE in the company that needs something special, this doesn't mean it isn't feasible to move the standard corporate desktop to a different platform.
Anyways, in my field (EE) I'm beginning to notice a push towards Linux versions of many packages. This kind of harkens back to the old days, when much of the serious, specialized engineering software ran on things like Sun workstations.
We're talking about SWITCHING cost. There is ALWAYS a cost to switching platforms/software, etc. You're talking about operating costs. Completely different.
It's always easy to play with numbers to make them say anything you want unless you look at the bottom line. In the case, the bottom line is the cost difference between setting up and running the two systems. That's the number that matters.
We don't spend any time with "typical MS problems like Outlook viruses and the like". We don't use Outlook for anything,
Then it sounds like you aren't typical.
Our computers are zero maintenance,
Then your computers must be from some magical fairy land where patches never come out, new versions of XXX are never released and users never break anything.
Sure, there's no switching cost as long as you get your ass over here and show my company how to use this damn Linux thing, and you find, install, and train us on business apps that are as good as the ones we have now.
Simple solution, fire a MSCE and hire a RHCE. And if your company doesn't have support now, why are you expecting it for free for Linux? In order for there to be cost here, you'd have to claim that Linux is MORE expensive to install and maintain, not just that it costs money to install and maintian.
Sure, there's no switching cost as long as you get your ass over here and show my company how to use this damn Linux thing, and you find, install, and train us on business apps that are as good as the ones we have now.
There's only a cost if that time exceeds the amount of time users waste dealing with typical MS problems like Outlook viruses and the like. I expect you might actually see a cost here, but for a large organization, it could probably be offset by the cost savings in maintenance.
While a commander may give an "A" for sombody that isn't showing up, they will not code them a "P" and pay them when they aren't showing up.
You would think so, but that doesn't seem to apply when your father is a high ranking member of the gov't.
If you check the site I linked to, they point out a specfic weekend where he did not show up, yet the records indicate that he still got paid.
Something is definately fishy.
Now Bush is going to want to drill in Nevada for DRAM!?
Won't someone please think of the scorpions!
We need to break this country of it's dependence on foreign DRAM once and for all.
I thought I was the only one who used English measurements for measurements longer than 1 inch, and Metric (millimeters, centimeters) for smaller than 1 inch of length.
Nope, you're in good company even NASA does it.
oh... wait....