> security guys break the Mac every single day. Every single day, they come out > with a total exploit, your machine can be taken over totally. I dare anybody > to do that once a month on the Windows machine.
You know what, Bill? Maybe if you get *last* month's exploit patched, and the one from three months before that, and the other one from two months before that, maybe then the 'security guys', as you call them, will start working on a new one for next month, alright?
That's what happened to WinFS: Jim Allchin killed it, or talked someone into killing it. If you read that "losing our way" email carefully, that's what he's talking about. LH means Longhorn, i.e., what they were calling Vista at the time (early 2004). "We need a simple fast storage system" in this context means "We need to ditch WinFS".
The "scenario" stuff is probably related to this topic also, but I don't know enough about the culture inside of Microsoft to say how.
People lock their doors and feel safe. The should merely feel safer.
That's what I was talking about.
Oh.
To be perfectly honest, we practically never lock the doors at my house, and I do feel safe. Not that I am not aware of various possible crimes which potentially could be committed -- on the contrary, I am fully aware that those things could happen, or for that matter that the house could burn down, or any number of other dire potentialities. Nonetheless, I feel safe. Nothing has ever happened to me worse than junior high phys ed class, and while there are all manner of things that potentially *could* happen, any given one of them probably won't, and I'm not really worried about it.
Of course, we'd probably lock the doors if we lived in a bigger city, or if we didn't have Puff.
> Why do people trust complex programs with colorful symbols and logos more > than a simple linux command, where you know what is going on?
Because end users *don't* know what's going on.
It's not a question of trusting something complex and inscrutable (proprietary security software) versus something simple and straightforward (open-source command-line software), but more a case of trusting something complex and inscrutable that looks well put-together and comes from a well-known maker, versus something complex and inscrutable that looks arcane and comes from nobody in particular.
Spend some time around end users, trying to understand their problems. It won't enable you to solve the problems, but it will help you understand what we're up against.
Locks on glass doors are not entirely without value.
In a home setting, breaking the glass will make a significant racket. That's not good protection (except insofar as it makes your case with the insurance company more straightforward) against theft that occurs while you're away on vacation for three weeks, or even at work during the day, but it *is* useful against petty break-ins when you sleep at night. Indeed, if the thief is thinking (which, granted, is not always the case) he would probably pick a lock rather than break the glass in that scenario.
In a corporate setting, I wouldn't try to protect anything really sensitive with locked glass doors, but if you have non-glass internal doors that lock at night, you can reasonably protect something non-critical, such as a lobby area, with locked glass doors. Indeed, the high visibility from the street created by the glass might in some cases be more valuable than the locks, but you still want the locks, for several reasons: to protect against thieves too stupid to think of the idea of breaking the glass (yes, there are some), to protect against those too smart to break the glass for small gain (just make sure getting into the lobby *is* small gain), to increase prosecutability of anyone who gets caught while trying to break into the rest of the building, and to make your case with the insurance company more straightforward. Locks are fairly cheap, so even small benefits can justify them.
But yes, when you have glass doors, you have to be aware of the fact that they're made out of glass, and plan your security precautions appropriately.
The other poster is merely confused, not deliberately making that kind of extraordinary claim. The figure he presumably *intended* to quote is that 1 in 100 prisoners was convicted improperly -- a figure I have seen numerous times before (usually in conjunction with poorly constructed arguments against capital punishment, of the kind often seen in high school "persuasive" English papers and on usenet). While the figure is probably exaggerated, it is conceivable, at least vaguely plausible, and not nearly so extraordinary as the way he stated it. It's also totally irrelevant to what Schneier is talking about, but this is slashdot, so you expect a certain amount of that.
> although maybe the geophysicists involved somehow know that the pressure won't > build up to the point where an eruption will be possible.
I had that in the back of my head, too, but the article doesn't mention it. All it does say is that the milk jug analogy is what the scientists used to sell their idea to the suits. It doesn't say they understood their analogy was inherently flawed, but then, it's possible that they simply wouldn't mention that to a layman reporter, for fear it would get back to the suits.
Which is why I qualified my statement about the probable efficacy of their plan with the "if the article accurately explains" clause.
I think it'd be funny to watch him try to pull back his chair to sit down at the table, and realize that it's bolted down. Then give him a pained, helpless look and apologize: "Terribly sorry about that. My chief of security can be so over-protective sometimes. Then again, we haven't had a break-in since the Johnson administration, so he must be doing something right."
Speech control is on by default? That shouldn't be. Quite aside from any internet-related remote exploit issue, it's going to create problems if there's more than one person in the room with the computer. Granted, most computers don't have a mic, so for them it won't be an issue, but still.
There's also the question of why we would want our web browsers to play sounds, but I think we've lost that batte.
Sounds like a good way to turn a shield volcano into a stratovolcano.
The milk jug analogy is flawed. With holes in the bottom of a milk jug, it's just gravity that lets the water pour out under the force of its own weight, so yes, plugging one hole, or plugging the hole halfway, reduces the rate of flow and doesn't change the pressure -- because there's no pressure in the first place.
Hook up a garden hose to the milk jug and then try it, though, and you've got an entirely different situation. Now you can turn the jug _over_, so that the holes are on the top, and you'll still get water squirting out, just like mud flowing *up* out of a volcano, against gravity. Plug one of the holes in the jug then, and you will indeed get more flow out the other hole.
If the article accurately describes their strategy, they're only going to make matters worse, not better.
Re:Something doesn't add up...
on
Water From Wind
·
· Score: 1
> You might have noticed that the Amazon is drying up...
Wow. The Amazon drying up. Now there's a concept that's just, like,... wow.
> When I inspected a section of clear blue sky on a bright, sunny day (which I've > long believed to be relatively good reference of uniform color and brightness)
Wow, this internet thing is great. I love the fact that we're able to communicate with one another, despite the fact that we apparently inhabit completely different worlds, if not alternate universes.
On Earth, the sky is nothing if not variegated.
If you want uniform color and brightness, photograph a natural cavern several levels down from the surface. Don't use a flash.
> anybody heard "soft link"? Me (after 10 years of using Linux) never...
In the Linux world, they're generally called symlinks (symbolic links), but it's the same principle, and they're still the other kind of links from hard links.
I use ebay as a source for hard-to-find items that aren't in high demand, e.g., out of print books that I want for some reason. A fair percentage of the time I'm the only bidder. (When I'm not, I usually let the other guy have it if I'm not in a hurry, and wait for another copy to come up for auction in a few weeks. Think of this as weaponized patience, if you like.)
> The typical ebay user would feel cheated if they paid their full proxy bid > (say $10) rather than significantly less than that (say the next lower real > bid was $5) simply because the seller bid up their own auction.
A lot of poker players feel cheated when they lose a significant hand because someone successfully bluffs. Feeling cheated is not the issue here. The difference is that in Poker, bluffing is sanctioned, intended behavior, and in fact is the whole point of the game, really. It's like breaking an aliance in Diplomacy: you know going into the game that the players are going to do this, that they're *supposed* to do it, that it's part of the game. If you can't deal with that, you don't play. You may still feel cheated when your ally betrays you, but that's neither here nor there.
Shill bidding in auctions isn't like that. It's widely considered illegal fraud in real auctions, and it's officially against ebay policy in their auctions. It is *not* a designed-in part of the "game".
With that said, I don't avoid ebay altogether. Sometimes it's the best source for something, especially something that can be hard to find elsewise (e.g., out of print books). But I try to be careful, and besides the usual precautions (e.g., reading the seller's negative and neutral feedback) I budget what I'm willing to spend ahead of time, and I subtract shipping from that when I bid.
> So the blurring doesn't do anything except alert terrorists that there's > something that probably should be bombed here.
Actually, it's not even a good selection. If you want to create real terror, in the United States, bombing "strategic" sites isn't the way to go. We're Westerners. We think like Westerners. We'd be much more effectively terrorized if they bombed regular everyday, non-sensitive, non-strategic, insecure places, e.g., grocery stores. And grocery stores are only a mediocre choice -- as a Westerner yourself, if you think about it for five minutes, you know what kinds of sites they could bomb that would *really* frighten us. They won't think of it, though, because they don't have the same values we do and aren't scared of the same kinds of threats.
Fortunately, Middle-Eastern terrorists think like Easterners, so the grocery stores and [censored]s are probably safe.
Heck, they didn't even understand what they were doing at the WTC. They thought they were striking at a symbol of our economy and prosperity and whatnot, and all we could see was the thousands of human lives that happened to be in the same location. Totally different mindset.
Now, a domestic home-grown terrorist is another thing. That's what was so scary about the unibomber -- he had some idea what would scare us. Fortunately, he was just one guy acting alone, so he had to protect his ability to strike repeatedly by doing something that wouldn't get him caught. If we ever had a domestic home-grown terrorist, who knew what would really scare us, and who somehow got the _ear_ of a nice group of Middle-Eastern suicidal terrorists, we'd be in a bad way then.
As you pointed out, certain sites that you would think would be blurred, like Millstore, aren't, and there are some sites that are blurred, for no particularly apparent reason.
No kidding! This site near my home is very blurry, for example, and there's nothing sensitive about it. It's just a residential neighborhood in small-town Ohio.
As you pointed out, certain sites that you would think would be blurred, like Millstore, aren't, and there are some sites that are blurred, for no particularly apparent reason.
No kidding! This site near my home is very blurry, for example, and there's nothing sensitive about it. It's just a residential neighborhood in small-town Ohio.
When I was in school, you couldn't cite encyclopedias on research papers. Well, you could include them in your working bibliography, but you couldn't use them for specific citations. An encyclopedia is a tertiary source, useful for obtaining an overview, but for a research paper you're supposed to cite primary sources as much as possible, using secondary sources to fill in the gaps when you have to. I don't see how this has changed with Wikipedia.
After I accepted the offer and made plans to terminate my current job, the recruiter handed me off to their relocation department, where I was told that my relocation package is significantly less than what I was promised.
Write them a nice letter explaining about the importance of integrity and make it clear that they won't be hearing anything further from you, then sever contact. Assuming that your former job is now already irretrievable, consider that a mistake that you made due to inexperience and start distributing copies of your resume.
> The Koreans I work with were actually surprised that I couldn't open > the *.hwp files they kept sending me.
That part's not surprising. Practically all end users don't understand the concept of file formats very well and, in particular, don't understand the concept of application-specific proprietary formats. File formats that I've had users expect to be able to open on any random computer include, but are not limited to, the following, in no particular order:.wps (Microsoft Works), Word Perfect formats from version 5.1 up,.doc files that were neither MS Word format nor plain text,.wks (from Lotus 123),.rpd (from something called Rapid File; to boot, the files were too small to even theoretically contain the information they were supposed to contain), MS Publisher documents, Pagemaker documents, and a resume in the proprietary format of an unbranded "resume maker" program that was sold on a 720K floppy diskette in the twenty-first century.
> security guys break the Mac every single day. Every single day, they come out
> with a total exploit, your machine can be taken over totally. I dare anybody
> to do that once a month on the Windows machine.
You know what, Bill? Maybe if you get *last* month's exploit patched, and the one from three months before that, and the other one from two months before that, maybe then the 'security guys', as you call them, will start working on a new one for next month, alright?
That's what happened to WinFS: Jim Allchin killed it, or talked someone into killing it. If you read that "losing our way" email carefully, that's what he's talking about. LH means Longhorn, i.e., what they were calling Vista at the time (early 2004). "We need a simple fast storage system" in this context means "We need to ditch WinFS".
The "scenario" stuff is probably related to this topic also, but I don't know enough about the culture inside of Microsoft to say how.
Oh.
To be perfectly honest, we practically never lock the doors at my house, and I do feel safe. Not that I am not aware of various possible crimes which potentially could be committed -- on the contrary, I am fully aware that those things could happen, or for that matter that the house could burn down, or any number of other dire potentialities. Nonetheless, I feel safe. Nothing has ever happened to me worse than junior high phys ed class, and while there are all manner of things that potentially *could* happen, any given one of them probably won't, and I'm not really worried about it.
Of course, we'd probably lock the doors if we lived in a bigger city, or if we didn't have Puff.
> In soviet russia, You ask not what country do for you, but what you do for country!
Wouldn't that be, "In Soviet Russia, your country ask not what it can do for you!"?
> Why do people trust complex programs with colorful symbols and logos more
> than a simple linux command, where you know what is going on?
Because end users *don't* know what's going on.
It's not a question of trusting something complex and inscrutable (proprietary security software) versus something simple and straightforward (open-source command-line software), but more a case of trusting something complex and inscrutable that looks well put-together and comes from a well-known maker, versus something complex and inscrutable that looks arcane and comes from nobody in particular.
Spend some time around end users, trying to understand their problems. It won't enable you to solve the problems, but it will help you understand what we're up against.
Locks on glass doors are not entirely without value.
In a home setting, breaking the glass will make a significant racket. That's not good protection (except insofar as it makes your case with the insurance company more straightforward) against theft that occurs while you're away on vacation for three weeks, or even at work during the day, but it *is* useful against petty break-ins when you sleep at night. Indeed, if the thief is thinking (which, granted, is not always the case) he would probably pick a lock rather than break the glass in that scenario.
In a corporate setting, I wouldn't try to protect anything really sensitive with locked glass doors, but if you have non-glass internal doors that lock at night, you can reasonably protect something non-critical, such as a lobby area, with locked glass doors. Indeed, the high visibility from the street created by the glass might in some cases be more valuable than the locks, but you still want the locks, for several reasons: to protect against thieves too stupid to think of the idea of breaking the glass (yes, there are some), to protect against those too smart to break the glass for small gain (just make sure getting into the lobby *is* small gain), to increase prosecutability of anyone who gets caught while trying to break into the rest of the building, and to make your case with the insurance company more straightforward. Locks are fairly cheap, so even small benefits can justify them.
But yes, when you have glass doors, you have to be aware of the fact that they're made out of glass, and plan your security precautions appropriately.
Either that, or you could let your android science officer make the decision.
The other poster is merely confused, not deliberately making that kind of extraordinary claim. The figure he presumably *intended* to quote is that 1 in 100 prisoners was convicted improperly -- a figure I have seen numerous times before (usually in conjunction with poorly constructed arguments against capital punishment, of the kind often seen in high school "persuasive" English papers and on usenet). While the figure is probably exaggerated, it is conceivable, at least vaguely plausible, and not nearly so extraordinary as the way he stated it. It's also totally irrelevant to what Schneier is talking about, but this is slashdot, so you expect a certain amount of that.
> Speech control is off by default and has to be explicitly activated.
Oh. Good. That's as it should be. The article summary seemed to imply otherwise.
I still don't want my web browser playing sounds, but I seem to be in the minority on that one.
> although maybe the geophysicists involved somehow know that the pressure won't
> build up to the point where an eruption will be possible.
I had that in the back of my head, too, but the article doesn't mention it. All it does say is that the milk jug analogy is what the scientists used to sell their idea to the suits. It doesn't say they understood their analogy was inherently flawed, but then, it's possible that they simply wouldn't mention that to a layman reporter, for fear it would get back to the suits.
Which is why I qualified my statement about the probable efficacy of their plan with the "if the article accurately explains" clause.
I think it'd be funny to watch him try to pull back his chair to sit down at the table, and realize that it's bolted down. Then give him a pained, helpless look and apologize: "Terribly sorry about that. My chief of security can be so over-protective sometimes. Then again, we haven't had a break-in since the Johnson administration, so he must be doing something right."
Speech control is on by default? That shouldn't be. Quite aside from any internet-related remote exploit issue, it's going to create problems if there's more than one person in the room with the computer. Granted, most computers don't have a mic, so for them it won't be an issue, but still.
There's also the question of why we would want our web browsers to play sounds, but I think we've lost that batte.
Sounds like a good way to turn a shield volcano into a stratovolcano.
The milk jug analogy is flawed. With holes in the bottom of a milk jug, it's just gravity that lets the water pour out under the force of its own weight, so yes, plugging one hole, or plugging the hole halfway, reduces the rate of flow and doesn't change the pressure -- because there's no pressure in the first place.
Hook up a garden hose to the milk jug and then try it, though, and you've got an entirely different situation. Now you can turn the jug _over_, so that the holes are on the top, and you'll still get water squirting out, just like mud flowing *up* out of a volcano, against gravity. Plug one of the holes in the jug then, and you will indeed get more flow out the other hole.
If the article accurately describes their strategy, they're only going to make matters worse, not better.
> You might have noticed that the Amazon is drying up...
... wow.
Wow. The Amazon drying up. Now there's a concept that's just, like,
> When I inspected a section of clear blue sky on a bright, sunny day (which I've
> long believed to be relatively good reference of uniform color and brightness)
Wow, this internet thing is great. I love the fact that we're able to communicate with one another, despite the fact that we apparently inhabit completely different worlds, if not alternate universes.
On Earth, the sky is nothing if not variegated.
If you want uniform color and brightness, photograph a natural cavern several levels down from the surface. Don't use a flash.
> anybody heard "soft link"? Me (after 10 years of using Linux) never...
In the Linux world, they're generally called symlinks (symbolic links), but it's the same principle, and they're still the other kind of links from hard links.
I use ebay as a source for hard-to-find items that aren't in high demand, e.g., out of print books that I want for some reason. A fair percentage of the time I'm the only bidder. (When I'm not, I usually let the other guy have it if I'm not in a hurry, and wait for another copy to come up for auction in a few weeks. Think of this as weaponized patience, if you like.)
> The typical ebay user would feel cheated if they paid their full proxy bid
> (say $10) rather than significantly less than that (say the next lower real
> bid was $5) simply because the seller bid up their own auction.
A lot of poker players feel cheated when they lose a significant hand because someone successfully bluffs. Feeling cheated is not the issue here. The difference is that in Poker, bluffing is sanctioned, intended behavior, and in fact is the whole point of the game, really. It's like breaking an aliance in Diplomacy: you know going into the game that the players are going to do this, that they're *supposed* to do it, that it's part of the game. If you can't deal with that, you don't play. You may still feel cheated when your ally betrays you, but that's neither here nor there.
Shill bidding in auctions isn't like that. It's widely considered illegal fraud in real auctions, and it's officially against ebay policy in their auctions. It is *not* a designed-in part of the "game".
With that said, I don't avoid ebay altogether. Sometimes it's the best source for something, especially something that can be hard to find elsewise (e.g., out of print books). But I try to be careful, and besides the usual precautions (e.g., reading the seller's negative and neutral feedback) I budget what I'm willing to spend ahead of time, and I subtract shipping from that when I bid.
> So the blurring doesn't do anything except alert terrorists that there's
> something that probably should be bombed here.
Actually, it's not even a good selection. If you want to create real terror, in the United States, bombing "strategic" sites isn't the way to go. We're Westerners. We think like Westerners. We'd be much more effectively terrorized if they bombed regular everyday, non-sensitive, non-strategic, insecure places, e.g., grocery stores. And grocery stores are only a mediocre choice -- as a Westerner yourself, if you think about it for five minutes, you know what kinds of sites they could bomb that would *really* frighten us. They won't think of it, though, because they don't have the same values we do and aren't scared of the same kinds of threats.
Fortunately, Middle-Eastern terrorists think like Easterners, so the grocery stores and [censored]s are probably safe.
Heck, they didn't even understand what they were doing at the WTC. They thought they were striking at a symbol of our economy and prosperity and whatnot, and all we could see was the thousands of human lives that happened to be in the same location. Totally different mindset.
Now, a domestic home-grown terrorist is another thing. That's what was so scary about the unibomber -- he had some idea what would scare us. Fortunately, he was just one guy acting alone, so he had to protect his ability to strike repeatedly by doing something that wouldn't get him caught. If we ever had a domestic home-grown terrorist, who knew what would really scare us, and who somehow got the _ear_ of a nice group of Middle-Eastern suicidal terrorists, we'd be in a bad way then.
No kidding! This site near my home is very blurry, for example, and there's nothing sensitive about it. It's just a residential neighborhood in small-town Ohio.
No kidding! This site near my home is very blurry, for example, and there's nothing sensitive about it. It's just a residential neighborhood in small-town Ohio.
When I was in school, you couldn't cite encyclopedias on research papers. Well, you could include them in your working bibliography, but you couldn't use them for specific citations. An encyclopedia is a tertiary source, useful for obtaining an overview, but for a research paper you're supposed to cite primary sources as much as possible, using secondary sources to fill in the gaps when you have to. I don't see how this has changed with Wikipedia.
<p>That's reasonable. I can make a decision in a week.</p>
<blockquote>We can't make any changes to the language of the offer. That's dictated by the legal department.</blockquote>
<p>Well, if the language of the offer is acceptable, then that won't be a problem.
If it's not acceptable, then I'd decline the offer.
</p>
<blockquote>Would you like to be homeless instead?</blockquote>
<p>This attitude, however, would probably lead me to keep my current job and tell the prospective employer where to file the offer.</p>
> The Koreans I work with were actually surprised that I couldn't open
.wps (Microsoft Works), Word Perfect formats from version 5.1 up, .doc files that were neither MS Word format nor plain text, .wks (from Lotus 123), .rpd (from something called Rapid File; to boot, the files were too small to even theoretically contain the information they were supposed to contain), MS Publisher documents, Pagemaker documents, and a resume in the proprietary format of an unbranded "resume maker" program that was sold on a 720K floppy diskette in the twenty-first century.
> the *.hwp files they kept sending me.
That part's not surprising. Practically all end users don't understand the concept of file formats very well and, in particular, don't understand the concept of application-specific proprietary formats. File formats that I've had users expect to be able to open on any random computer include, but are not limited to, the following, in no particular order: