Here's a novel idea: why don't they just use a STANDARD VIDEO FORMAT? These can be played on pretty much any computer. No need to complicate things by adding Flash/Silverlight/ActiveX/gremlins to the mix.
Zeroing probably isn't the best idea. There will likely still be residues left over that allow you to distinguish what used to be a one and what used to be a zero.
I've read other pages that provide information on reading the distance the chip can be read from; official government publications claiming it's a few cm, and researchers reading the chips from a few meters. I have to go now; if you want, I can look these up later.
``I think the risk of misappropriation of bio-information is worth it, weighed up against the risk of terrorist or criminal activities which it seeks to mitigate.''
Now this is how we should look at it. In most discussions, all I ever hear is "X is bad, because of Y" or "X is good, because of Z". Usually, both sides are right. But that's not what we want to know. We want to know, considering all the benefits and all the drawbacks, if we'd be better of with or without X.
With the current generation of passports issued in the Netherlands, I am down on the "X is bad" side. This is because the government haven't done their homework (or they have and are trying to mislead us all). The chip that's on them allows anybody who wants to to read the information on it, and this can be done from a few meters away without us knowing about it, let alone consenting to it. Government publications say this is not the case, which I take to mean "that's not how we intended it". That's why I say, even if you are in favor of the government collecting the data that is on those chips, you should still be against the current generation of chips.
Given that the government is lying about these chips, I think much closer scrutiny is warranted. What do they _really_ want to achieve, and what is _really_ being achieved? Also, I want my money back, because all of my money that has gone into implementing the current system has gone into a system that is, at best, dangerously flawed, and at worst intentionally dangerous. Both of which aren't something I want to pay for, nor even get for free.
Underneath all this, however, is the important question of "suppose the system were implemented the government would have you believe it is, would it then be a Good Thing?" It will never be perfectly secure, but it can be a lot better than it is now. And I am convinced we can do better checking of people against passports with additional data stored on the passport than without it. My question is: how cost effective is it all? How much would it cost to implement a decent biometric identification system, and how much would that save us?
I think you overestimate the value E.U. citizens put on their privacy, and their resistance to governments collecting data about everyone. There is virtually none.
``Or better yet, face prints, also known by insiders as "photographs". Presents the advantage of being easily identifiable by anyone.''
We (Netherlands, an EU country) have those, too. And we're not allowed to smile on them anymore. The reason? The photographs are analyzed by computers, and the result of this analysis is stored on a chip on the passport. Then, when they want to identify you, they can do another face print, and match the result with what's on the chip. I'm told the process has a 5 to 10 percent error rate. I leave it up to you to calculate how many false positives and false negatives that yields.
The chip also stores a bunch of other information, of course. And it's readable from a distance. The government would have you believe that the distance is very short (a few cm) and that the information is encrypted securely and cannot be used by malicious third parties, nor can it be used by the government to track your every move (you are required to carry id everywhere you go). None of these claims hold up to scrutiny; the chips are readable from at least a few meters away and, though there is encryption, it is weak and has been defeated.
I believe all the above is due to incompetence and not malice, but that doesn't leave me a lot less concerned.
I think that's more than I use in a whole _year_. And that's with my computer on 24/7. I guess all these power-saving measures I've implemented go a long way.
I just want to say one thing: I am glad they finally got rid of the wide taskbar buttons. They worked fine if you never had more than 5 windows open at a time, but they really didn't scale far beyond that. The new design (like the one in NEXTSTEP) should solve that problem.
Here's to hoping that the leading open source desktop environments will follow suit in the near future.
Congratulations to the developers on getting this working, and a big thank you to all of them for all the hard work that has been put into this. I don't have any of these devices anymore, but I remember what a pain they were to get working back in the day. And, obviously, those are the models in next to every computer with Broadcom WLAN. Thanks again to the devlopers; this will make a lot of people happy.
``Blah Blah Blah. Look, Microsoft. This is easy. You give us a link, and we download it. Why do you have to drown something AS SIMPLE AS DOWNLOADING A FILE UNDER TONNES OF YOUR INSECURE ACTIVEX RUBBISH or even Java?''
I wonder the same thing about a great many website. These days, especially Youtube, Last.fm, and the like. Multimedia in web pages has worked for ages; there are tags that let you embed sound and video in pages that Just Work. But no, they have to do it through Flash, and it's taking people years to implement enough of Flash so that it works. And, in the end, what you get is some media that you _could_ have played in MPlayer, if only you had been able to get at it. Why make simple things so complicated???
``I didn't see this explained on that web page. Why should my web site use OpenID?
As a user of websites, I also see this as a big problem. How do I get all those various username/password pairs I already have on a few hundred websites tied into OpenID?''
From my point of view, the great potential advantage op OpenID is that it solves the problem of having to create an account for every other entity you deal with.
As a user, this means fewer username/password combinations to manage (if you would otherwise have a unique combination per site) and/or less chance of having your accounts compromised (if you use the same credentials on multiple sites).
It means the sign-up procedure for sites can be simpler. Where the current procedure is something along the lines of "fill out several form fields, at least including login name and email address, and possibly a password field; receive confirmation email; follow instructions in email", it can now be "enter nickname and OpenId".
It means signing in to a site that you have previously signed up for can be simpler. Instead of "remember username and password, or go through reset procedure (involving email and following instructions); enter username and password", it can be "enter OpenID".
Now, you asked about why your website should use OpenID. The answer is: because it makes it easier for your users. Making things easier for your users means more users. Especially if you run a site that isn't very important to people. If you run a webmail service, you'll have little trouble getting people to follow a complex sign up procedure. If you run a small personal website, people may well not want to bother. If you run an e-commerce site, people might decide to go with a competitor they've already signed up with, rather than jump through hoops to get signed up to your site. This is why you should make signing up to your site as easy as possible.
The question is: is OpenID the best way to do this?
``The key is having the discipline to pay back the debt once the increased earnings are realized, which so far very few incarnations of government have had the discipline to do.''
This is, of course, compounded by the fact that it will typically be a different government by that time. But, at least, in the case above, the new government would be inheriting a debt and a _good_ economy.
``If a black hole with a positive electric charge comes near another black hole with a positive electric charge, the two will, IMHO, repel each other because the electrostatic forces are larger even than the gravitational forces that can pull everything up to and including light into the black hole.''
That would depend on the strength of the charges, of course. A few million electrons of difference in charge isn't going to do much to stop two black holes of a couple million kilos each from gravitating to one another.
``Probably the biggest problem I see with open source is the lack of critical review. Without this someone that turns out garbage code will continue to do so forever. Unless they stumble upon their own code and have to maintain it for years.''
I don't see how this is more of a problem with open source software than with closed source software. If anything, I would say it is exactly the other way around. When you work on, and especially when you start, an open source project, you are likely to be working with the code for a long time. Moreover, the source code is out there, and people can look at it and try it out on a wide range of different configurations for any purpose imaginable. It seems to me that this is a huge motivation to put in the effort to create good code. And if you don't, you'll notice soon enough, when you are performing maintenance on that code you wrote.
By contrast, most other software I have seen is developed on a budget, runs only on one or a few configurations, and doesn't have anyone outside the project looking at the source code. Much of it is also ship and forget: once the project is over, programmers move on to the next project. There is a chance that you will have to perform maintenance work on your own code, but it's much less than the almost certainty you would have in an open source project, and the maintenance work is likely to be of the sort where you do the quickest thing to fix a bug or hack on a feature; nothing so labor intensive as redesigning or refactoring. In general, quality takes a back seat to cost and time to market, and code quality in particular is something that everybody agrees is a great idea, but nobody has time for. And when management notices you have been churning out far fewer lines than your colleague, it's time for you to stop worrying about code quality, too.
``The problem with Stallman's approach is the assumption that most people want the free software ideal.''
Not at all. It's not about what people want. It's about establishing users' rights. Copyright reserves certain rights to the copyright holder of the software. It forbids you, as a user, from doing certain things without obtaining prior permission from the rights holder. Free software is software where you do get permission to do four things: run the software for any purpose, study how the software works and adapt it to your needs, redistribute the software, and improve the software and share your improvements.
Clearly, the four freedoms of Free software benefit you, as a user. How much you value these benefits is, of course, your consideration to make. If you, for whatever reason, prefer software that doesn't give you those freedoms, that is your choice. The Free Software Foundation is there to give you the other choice: to use software that gives you the four freedoms. And, in the end, that's what it's all about to me: your and my ability to choose the software we prefer, for whatever our reasons are.
Now, the thing to remember about Stallman and Free software is that this all started in an era when people were used to sharing, adapting and improving software, but with companies aggressively using intellectual property laws to restrict people's freedom, so that the companies could profit. Software was turning from something that came with computers and something that students and professors wrote as part of their research to a product and a multi-million dollar business. And the multi-million dollar businesses weren't afraid to flex their legal muscle if you did something they didn't like, or to take code that you had written, make it their own, and _then_ flex their legal muscle at you.
Users' rights weren't just second to profit, they actually got in the way of it, and so they were crushed. This is where pieces such as The Right to Read and the idea that all software on your system must be Free come from. If there is any software on your computer that you cannot study, your computer is doing things without you knowing it. If there is any software on your computer that you cannot change, you are powerless to stop this. Companies and governments alike can and do use software on your computer to monitor you and restrict your actions. Many people are ok with this. But if you are not, you can thank Stallman et al. that you have an alternative. They saw it coming and made sure there was a way out: Free software.
``Our biggest worry isn't necessarily that we don't know how to customize, but rather that we won't have the resources to maintain customized code going forward; it's quite simple to update Rails as it matures versus the alternative.''
As Alan Kay said, the best way to predict the future is to invent it. If you are worried about your useful code being broken by a future version of Rails, contribute it to Rails so that that future version will include it. Or, if you can't get it into the framework, make it available as a separate plugin.
Assuming that it's ok to share the code and that the code is useful outside your project, this will allow open source to work for you and ease your maintenance burden. If it's not ok to share the code or it isn't useful outside your project, then it's part of the project and the project will have to carry the cost.
I was thinking about on-screen keyboards just yesterday. I usually avoid them, preferring real keyboards, but I was thinking, if your only choice is on screen, how would you want it to work?
My real keyboard is optimized to minimize hand and finger movement, by placing the keys I use most commonly near where my hands are supposed to be. However, it is limited by the medium: the keys have to be in the same place all the time. An on-screen keyboard doesn't have this limitation: you can put the "keys" wherever you want them to be at any time you like. Does anyone have experience with on-screen keyboards that do this (I know there are some)?
I was thinking that what you could do is have some kind of frequency table, and arrange symbols in order of frequency, taking into account the symbols that have already been typed. Then, symbols that are more likely to be the next symbol you want to enter would receive preferential treatment, in that they would be closer to the current position of the stylus and/or larger. This would speed up and reduce the effort for entering common combinations, at the expense of uncommon ones. It's sort of like Huffmann coding, and I think it might produce good results. On the other hand, I can imagine that symbols shifting around like that would be really, really annoying.
Slashdot Mirror
``Also, isn't it kind of cool that the Presidential Inaugural Committee went to all that trouble to support Linux?''
I think it's dumb that they have to "support" any particular platform. If they had just used standards, any decent platform would have worked.
``I am not sure why they just didn't use Flash.''
Here's a novel idea: why don't they just use a STANDARD VIDEO FORMAT? These can be played on pretty much any computer. No need to complicate things by adding Flash/Silverlight/ActiveX/gremlins to the mix.
``"This provides a life expectancy of over four years, which is reasonable for a hard disk."
the target is only four years? Am I missing something here?''
Yes. The word "over".
Zeroing probably isn't the best idea. There will likely still be residues left over that allow you to distinguish what used to be a one and what used to be a zero.
Actually, scrambling the whole RAM sounds like a good idea. The encryption key is probably not the only thing you want to keep a secret.
``I don't see how the government is lying about these passports by the way.''
They've said the security of the chips is good, they cannot be read from a distance, and the encryption has not been cracked. None of these are true:
http://www.theregister.co.uk/2006/01/30/dutch_biometric_passport_crack/
That's from 2005. Here's a more recent report, in Dutch: http://www.elsevier.nl/web/nederland/beveiligingschipvanpaspoortengekraakt.htm.
And here is what the government has to say about it, also in Dutch: http://www.minbzk.nl/onderwerpen/persoonsgegevens-en/114876/chip-in-paspoort.
I've read other pages that provide information on reading the distance the chip can be read from; official government publications claiming it's a few cm, and researchers reading the chips from a few meters. I have to go now; if you want, I can look these up later.
How much crime does a better passport stop, anyway?
``I thought fingerprinting was reserved for people in jail?''
The question is not if it is, but if it should be. Should fingerprinting be done for everyone, for noone, or for certain groups of people?
``I think the risk of misappropriation of bio-information is worth it, weighed up against the risk of terrorist or criminal activities which it seeks to mitigate.''
Now this is how we should look at it. In most discussions, all I ever hear is "X is bad, because of Y" or "X is good, because of Z". Usually, both sides are right. But that's not what we want to know. We want to know, considering all the benefits and all the drawbacks, if we'd be better of with or without X.
With the current generation of passports issued in the Netherlands, I am down on the "X is bad" side. This is because the government haven't done their homework (or they have and are trying to mislead us all). The chip that's on them allows anybody who wants to to read the information on it, and this can be done from a few meters away without us knowing about it, let alone consenting to it. Government publications say this is not the case, which I take to mean "that's not how we intended it". That's why I say, even if you are in favor of the government collecting the data that is on those chips, you should still be against the current generation of chips.
Given that the government is lying about these chips, I think much closer scrutiny is warranted. What do they _really_ want to achieve, and what is _really_ being achieved? Also, I want my money back, because all of my money that has gone into implementing the current system has gone into a system that is, at best, dangerously flawed, and at worst intentionally dangerous. Both of which aren't something I want to pay for, nor even get for free.
Underneath all this, however, is the important question of "suppose the system were implemented the government would have you believe it is, would it then be a Good Thing?" It will never be perfectly secure, but it can be a lot better than it is now. And I am convinced we can do better checking of people against passports with additional data stored on the passport than without it. My question is: how cost effective is it all? How much would it cost to implement a decent biometric identification system, and how much would that save us?
I think you overestimate the value E.U. citizens put on their privacy, and their resistance to governments collecting data about everyone. There is virtually none.
``Or better yet, face prints, also known by insiders as "photographs". Presents the advantage of being easily identifiable by anyone.''
We (Netherlands, an EU country) have those, too. And we're not allowed to smile on them anymore. The reason? The photographs are analyzed by computers, and the result of this analysis is stored on a chip on the passport. Then, when they want to identify you, they can do another face print, and match the result with what's on the chip. I'm told the process has a 5 to 10 percent error rate. I leave it up to you to calculate how many false positives and false negatives that yields.
The chip also stores a bunch of other information, of course. And it's readable from a distance. The government would have you believe that the distance is very short (a few cm) and that the information is encrypted securely and cannot be used by malicious third parties, nor can it be used by the government to track your every move (you are required to carry id everywhere you go). None of these claims hold up to scrutiny; the chips are readable from at least a few meters away and, though there is encryption, it is weak and has been defeated.
I believe all the above is due to incompetence and not malice, but that doesn't leave me a lot less concerned.
``But really... 1,635kWh?''
I think that's more than I use in a whole _year_. And that's with my computer on 24/7. I guess all these power-saving measures I've implemented go a long way.
I just want to say one thing: I am glad they finally got rid of the wide taskbar buttons. They worked fine if you never had more than 5 windows open at a time, but they really didn't scale far beyond that. The new design (like the one in NEXTSTEP) should solve that problem.
Here's to hoping that the leading open source desktop environments will follow suit in the near future.
Congratulations to the developers on getting this working, and a big thank you to all of them for all the hard work that has been put into this. I don't have any of these devices anymore, but I remember what a pain they were to get working back in the day. And, obviously, those are the models in next to every computer with Broadcom WLAN. Thanks again to the devlopers; this will make a lot of people happy.
``Blah Blah Blah. Look, Microsoft. This is easy. You give us a link, and we download it. Why do you have to drown something AS SIMPLE AS DOWNLOADING A FILE UNDER TONNES OF YOUR INSECURE ACTIVEX RUBBISH or even Java?''
I wonder the same thing about a great many website. These days, especially Youtube, Last.fm, and the like. Multimedia in web pages has worked for ages; there are tags that let you embed sound and video in pages that Just Work. But no, they have to do it through Flash, and it's taking people years to implement enough of Flash so that it works. And, in the end, what you get is some media that you _could_ have played in MPlayer, if only you had been able to get at it. Why make simple things so complicated???
``I didn't see this explained on that web page. Why should my web site use OpenID?
As a user of websites, I also see this as a big problem. How do I get all those various username/password pairs I already have on a few hundred websites tied into OpenID?''
From my point of view, the great potential advantage op OpenID is that it solves the problem of having to create an account for every other entity you deal with.
As a user, this means fewer username/password combinations to manage (if you would otherwise have a unique combination per site) and/or less chance of having your accounts compromised (if you use the same credentials on multiple sites).
It means the sign-up procedure for sites can be simpler. Where the current procedure is something along the lines of "fill out several form fields, at least including login name and email address, and possibly a password field; receive confirmation email; follow instructions in email", it can now be "enter nickname and OpenId".
It means signing in to a site that you have previously signed up for can be simpler. Instead of "remember username and password, or go through reset procedure (involving email and following instructions); enter username and password", it can be "enter OpenID".
Now, you asked about why your website should use OpenID. The answer is: because it makes it easier for your users. Making things easier for your users means more users. Especially if you run a site that isn't very important to people. If you run a webmail service, you'll have little trouble getting people to follow a complex sign up procedure. If you run a small personal website, people may well not want to bother. If you run an e-commerce site, people might decide to go with a competitor they've already signed up with, rather than jump through hoops to get signed up to your site. This is why you should make signing up to your site as easy as possible.
The question is: is OpenID the best way to do this?
``The key is having the discipline to pay back the debt once the increased earnings are realized, which so far very few incarnations of government have had the discipline to do.''
This is, of course, compounded by the fact that it will typically be a different government by that time. But, at least, in the case above, the new government would be inheriting a debt and a _good_ economy.
``If a black hole with a positive electric charge comes near another black hole with a positive electric charge, the two will, IMHO, repel each other because the electrostatic forces are larger even than the gravitational forces that can pull everything up to and including light into the black hole.''
That would depend on the strength of the charges, of course. A few million electrons of difference in charge isn't going to do much to stop two black holes of a couple million kilos each from gravitating to one another.
Wow. Do you have a link to a description of that bug? I'm curious.
``Probably the biggest problem I see with open source is the lack of critical review. Without this someone that turns out garbage code will continue to do so forever. Unless they stumble upon their own code and have to maintain it for years.''
I don't see how this is more of a problem with open source software than with closed source software. If anything, I would say it is exactly the other way around. When you work on, and especially when you start, an open source project, you are likely to be working with the code for a long time. Moreover, the source code is out there, and people can look at it and try it out on a wide range of different configurations for any purpose imaginable. It seems to me that this is a huge motivation to put in the effort to create good code. And if you don't, you'll notice soon enough, when you are performing maintenance on that code you wrote.
By contrast, most other software I have seen is developed on a budget, runs only on one or a few configurations, and doesn't have anyone outside the project looking at the source code. Much of it is also ship and forget: once the project is over, programmers move on to the next project. There is a chance that you will have to perform maintenance work on your own code, but it's much less than the almost certainty you would have in an open source project, and the maintenance work is likely to be of the sort where you do the quickest thing to fix a bug or hack on a feature; nothing so labor intensive as redesigning or refactoring. In general, quality takes a back seat to cost and time to market, and code quality in particular is something that everybody agrees is a great idea, but nobody has time for. And when management notices you have been churning out far fewer lines than your colleague, it's time for you to stop worrying about code quality, too.
``The problem with Stallman's approach is the assumption that most people want the free software ideal.''
Not at all. It's not about what people want. It's about establishing users' rights. Copyright reserves certain rights to the copyright holder of the software. It forbids you, as a user, from doing certain things without obtaining prior permission from the rights holder. Free software is software where you do get permission to do four things: run the software for any purpose, study how the software works and adapt it to your needs, redistribute the software, and improve the software and share your improvements.
Clearly, the four freedoms of Free software benefit you, as a user. How much you value these benefits is, of course, your consideration to make. If you, for whatever reason, prefer software that doesn't give you those freedoms, that is your choice. The Free Software Foundation is there to give you the other choice: to use software that gives you the four freedoms. And, in the end, that's what it's all about to me: your and my ability to choose the software we prefer, for whatever our reasons are.
Now, the thing to remember about Stallman and Free software is that this all started in an era when people were used to sharing, adapting and improving software, but with companies aggressively using intellectual property laws to restrict people's freedom, so that the companies could profit. Software was turning from something that came with computers and something that students and professors wrote as part of their research to a product and a multi-million dollar business. And the multi-million dollar businesses weren't afraid to flex their legal muscle if you did something they didn't like, or to take code that you had written, make it their own, and _then_ flex their legal muscle at you.
Users' rights weren't just second to profit, they actually got in the way of it, and so they were crushed. This is where pieces such as The Right to Read and the idea that all software on your system must be Free come from. If there is any software on your computer that you cannot study, your computer is doing things without you knowing it. If there is any software on your computer that you cannot change, you are powerless to stop this. Companies and governments alike can and do use software on your computer to monitor you and restrict your actions. Many people are ok with this. But if you are not, you can thank Stallman et al. that you have an alternative. They saw it coming and made sure there was a way out: Free software.
``Our biggest worry isn't necessarily that we don't know how to customize, but rather that we won't have the resources to maintain customized code going forward; it's quite simple to update Rails as it matures versus the alternative.''
As Alan Kay said, the best way to predict the future is to invent it. If you are worried about your useful code being broken by a future version of Rails, contribute it to Rails so that that future version will include it. Or, if you can't get it into the framework, make it available as a separate plugin.
Assuming that it's ok to share the code and that the code is useful outside your project, this will allow open source to work for you and ease your maintenance burden. If it's not ok to share the code or it isn't useful outside your project, then it's part of the project and the project will have to carry the cost.
I was thinking about on-screen keyboards just yesterday. I usually avoid them, preferring real keyboards, but I was thinking, if your only choice is on screen, how would you want it to work?
My real keyboard is optimized to minimize hand and finger movement, by placing the keys I use most commonly near where my hands are supposed to be. However, it is limited by the medium: the keys have to be in the same place all the time. An on-screen keyboard doesn't have this limitation: you can put the "keys" wherever you want them to be at any time you like. Does anyone have experience with on-screen keyboards that do this (I know there are some)?
I was thinking that what you could do is have some kind of frequency table, and arrange symbols in order of frequency, taking into account the symbols that have already been typed. Then, symbols that are more likely to be the next symbol you want to enter would receive preferential treatment, in that they would be closer to the current position of the stylus and/or larger. This would speed up and reduce the effort for entering common combinations, at the expense of uncommon ones. It's sort of like Huffmann coding, and I think it might produce good results. On the other hand, I can imagine that symbols shifting around like that would be really, really annoying.
``And Motorola is probably still at 500MHz.''
Actually, they gave up on the desktop CPU market. They spun off their chip division into Freescale Semiconductor, which now makes embedded processors.
``The only advantage to low pressure lamps is colour''
Actually, I prefer the yellowish light over white light.