> I was trying to figure out why payola bothers Americans.
It bothers people who would like to listen to the radio, because they're frustrated with the level of (ostensible) quality of the music played on most of the available stations. Those of us who gave up on radio decades ago don't care so much.
> for those (like me) who didn't know what payola was/me boggles. That's a fairly common word.
BTW, I find it interesting that the first definition on dictionary.com specifically mentions the music industry's payment of DJs to promote records as an example. I would have thought bribing judges to influence verdicts would be a better-known example, but perhaps not.
> Except that someone might have noticed their Windows 95 system > being rebooted... oh *wait*:-)
Exactly. They might notice, but nobody's going to bat an eye. Frankly, most folks wouldn't bat an eye if they saw WinXP being rebooted either, not because it's necessary nearly as often but because people do it constantly anyway, because they've been conditioned that way. About half the population instinctively reboots at the first sign of abnormality, e.g., if the website they're trying to visit doesn't resolve because they mistyped the URI. It's likely to take a very long time for this expectation to change.
> This is similar to an early security flaw in windows though I forget > precisely which Windows versions it was, 95 and earlier I suspect. It was > possible to write a program that would autorun from an inserted CD and copy > the screen saver password file to a floppy from where it could be later > cracked at leisure.
If you're physically at the computer, you can reboot it and hit escape at the login prompt (or any number of other possibilities). Windows XP makes this rather harder than it was in Win9x, because it has filesystem permissions, so that if you don't log in you may not be able to access various files -- unless you boot from a Knoppix CD or the equivalent, of course, but that can be disabled at the BIOS level. This is why the USB exploit is significant -- there are many situations in which an attacker might have physical access but not totally *unobserved* physical access, and so taking the cover off the case is problematic, but inserting a USB keychain fob is possible. With Windows 95 that wouldn't have even been significant, because there were much easier ways to get at things.
> Spammers claim that single opt-in is when your address is on a list that > they bought (you "opted in" by appearing on the list), and double opt-in > is when you actually asked for the mail.
Close. Single opt-in is when you appear on a list, and double opt-in is when you respond to a message that you got as a result, e.g., by visiting the website it was advertising.
A legitimate advertiser should have nothing to do with these things, of course; the only people you should send bulk email to are people who either A) actually did business with you or B) actually signed up to receive the mail.
In case A), you send one message, thanking them for their business and *offering* the chance to sign up for more mail (which you can hype however you like -- exciting special offers, blah, blah, blah). The same message can also ask for feedback if you like, or contain "special offers", but if they don't sign up for more mail, they only get the one message or, at least, only the one for each time they do business with you. (Exception: if you are sending a message anyway to notify them that you have received their check, have shipped their order, or something along those lines, you can tag an additional message on the end of it if you like.)
In the case of B, where they actually signed up for the mail, you need to offer them the ability to opt back out, and you need to adhere to your stated privacy policy, whatever that is -- not distributing their address outside your organization is a good one. Also, if you want anyone to read these things, you've got to limit their frequency, and it helps to make them interesting as well, if possible. Hiring a good writer with an entertaining style to do product reviews or somesuch for your advertainment "newsletter" will generally not hurt anything. Bonus points if you work in a one-panel comic strip somehow that's at least a little bit funny. Make people want to read the thing.
It gets better. At the time of this writing, the top result on Google for Windows Vista is a document at umn.edu referring to a visual statistics system. The second and third results are for a company that sells the kind of windows that are made of glass; the fifth result goes to another such company. The fourth is for some kind of 3D rendering product, and the sixth result has to do with a UMAX scanner...
> How about WinVi? Then the next version can be WinEmacs.
No, no, the next version (codenamed Blackcomb) will be WinVim, because it will add features that should have been there in the first place (e.g., Monad and WinFS).
> > Vista = Wear something > > Vista = Eyes > > Vista = Pay with Money > I'm sure Micro$oft was talking about the latter.
I realize you were joking, but in all seriousness, the second meaning listed there is the one that's related to the Latin root that also gives us the English word Microsoft intended. It makes sense, etymologically if you think about it.
> Please show me the statistics that prove there's all these "bogus > malpractice claims". Sure, it's gonna happen on occasion but from what > I've read on the subject this argument is blown way out of proportion.
In the small community where I live (about ten thousand people, perhaps a hundred doctors of various kinds including general practice, obstetricians, specialists, dentists, everything), at least three doctors that I know about have closed their practices in the last five years, citing rising malpractice insurance costs as the main reason. The only remaining obstetrician in town will be forced to close his practice if he is hit with another malpractice claim. None of the claims against him so far would reasonably be considered legitimate; they were the standard
It can be a real problem. The degree of the problem varies significantly from state to state, and from one subfield in medicine to another.
Statistics? How big is the problem? I don't know. But it can be a real problem in some places, I know that.
> I enable the "ask for each cookie" option in mozilla,
I tried that once. It was unbelievable how tedious browsing the web became. I had to turn it back off wihin a few minutes; otherwise, I'd have gone insane.
What I do now is just limit the max lifetime of cookies. That seems to keep things pretty well under control. Things like forum logins and shopping carts still work, but I don't accumulate hundreds of thousands of worthless cookies from sites I'm probably never going to visit again.
>>> Knowing that "John Smith" visited our site 3 times a week >>> isn't really any more insightful that knowing that "User >>> #5233258" visited us 3 times a week.
>> Then why isn't user 123.456.789.012 good enough?
> user 17.123.23.5 might be 30,000 computers, that's why
Much more likely, User #5233258 is a computer used by more than one person. Despite the term "Personal Computer", the overwhelming majority of them are used by multiple people (usually at least three) and no, they don't generally bother with multiple profiles or accounts at either the OS or browser level.
At the library where I work, each of our computers is used by numerous people in any given day and potentially hundreds of people in a year. How is it, then, that a cookie is any better or fundamentally different from an IP address in terms of identifying a specific user? All it does is identify a specific web browser on a specific computer, which is *not* the same.
If you really want to confirm it's the same user, you're going to have to make them register and log in every time. But users don't like that. Perhaps it's best to just forget about tracking the percentage of repeat visitors.
Brick and mortor stores don't operate under the illusion that they can track the number of repeat visitors; they know that's impossible, or at least very impractical. It's just as impractical for a website, but for some reason a lot of webmasters think they can do anything, and that physical realities don't apply to them.
There's nothing wrong with the kind of analysis you're talking about doing. Of course, most of it doesn't require the cookie to persist beyond one browser session. That won't give you percentage of return visitors, but I'm not sure that particular stat really helps you serve the customer better in the way you describe, either.
Anyway, sites that use cookies in the way you describe aren't the reason why people delete cookies or limit their lifetime.
Let me tell you my side of the story: I'm The Computer Guy at a public library. Each browser in the library may be used by fifteen or twenty different people in a given day, fifty or sixty people in a given week, and hundreds of people in a given year. People -- a *lot* of people -- use computers like this to access your site. Now, at our library, I've been careful to set Firefox to limit the max lifetime of all cookies to the current session, but I'm pretty sure that the overwhelming majority of libraries, internet cafes, and similar sites don't do that. Think about the implications of *that* for your precious stats. If I were you, I wouldn't trust any of the stats that require a cookie to persist beyond the current browser session.
> The worst part of the tragedy of Microsoft's domination is the illusion > that components like IE are actually free. I hate to break it to you, but > you know the plastic toys inside cereal boxes that said "Free Whiz Bang > Balloon Racer", well it wasn't free, and neither is Internet Explorer.
Economists have a term for this sort of thing. They call it a "sunk cost". What that means is, although it's not free in real terms, the money for it has already been spent or would be spent anyway, so soaking up the benefit doesn't actively take any additional money out of your pocket. Common examples of sunk costs include "complementary" items, "free shipping", and anything financed by taxes. It is widely understood that most people perceive anything that's a sunk cost as being free, even though the distinction between the two is important if you're doing economic analysis.
Of course, IE is only a sunk cost if you have Windows, i.e., either if you buy Windows on purpose, or, much more likely, if Windows is a sunk cost because you buy your computer off the shelf rather than building it from parts.
Microsoft does have economists on staff, I'm sure, who are intimately familiar with the various nuances of sunk costs. Whether they planned specifically to get to the point where their OS[1] was a sunk cost for most people, or whether that just fell in their laps due to complete market dominance, I'm not sure, but I'm quite sure they are none too upset about it either way.
The only thing about this that really perturbs me is that recently the sunk-cost copy of Windows you get with most new hardware is difficult or impossible to use in a VirtualPC environment, because you don't get an install CD, just a "restore CD" that refuses to work if it doesn't detect the original hardware. This means in practice that if you buy a new PC that comes with Windows as a sunk cost, but you want to run something else as your primary OS and yet keep Windows around, you either have to dual-boot, or else you have to buy another copy of Windows, at which point it's not a sunk cost anymore. I didn't used to mind dual-booting when I used Windows 95 as my primary desktop OS, but lately I find that I don't want to close all my windows and lose my place in everything -- I don't even like restarting my browser[2], much less the whole computer. I guess that's what comes from using software that's actually stable for a few years.
As far as the Firefox release, how does a changed version number end up as "Scrapped" in the headline?
--- [1] No, not Windows; DOS at the time. A Microsoft OS has been a sunk
cost for most computer buyers since roughly the days of DOS 5.0. [2] I am starting to wish I could install and upgrade extension without
restarting Firefox. The old Windows complaint, "Why should I have
to restart every single time I install anything?" now applies to
the web browser.
> They'd have probably worked a dinosaur in there, too, if someone hadn't > pointed out that it'd then be sexist, and appeal to boys more than girls
Dinosaurs appeal more to boys than to girls, but a galaxy motif doesn't? Every nine-year-old boy on the planet wants to be an astronaut. If you want it to appeal to girls, put teddy bears on it, and hearts, and flowers.
> I honestly wish you could do a "block sender" in newsgroups.
Umm, that's called a killfile feature, and surely Thunderbird must have it; *all* newsreaders, including even the really lame ones, have had that feature since circa 1970.
*Good* newsreaders have a more complete scoring mechanism that can take into account the sender, newsgroups the message was crossposted to, subject line tokens, the scores that were assigned to other messages further back in the thread, and other factors, assign a score, and then take actions (e.g., mark as read, mark for immediate attention, flag with a certain color, copy to a different virtual group or folder,...) if the score falls above or below a certain value. I don't expect Thunderbird to have that level of functionality available because, frankly, Netscape and Mozilla have never been very poweruser-oriented in the mail and usenet departments. Thunderbird doesn't *attempt* to compete in features with the likes of Gnus, for instance; that's not its target market. It's more along the lines of trying to compete with Outlook and Evolution and their ilk, featureless pieces of junk that make you micromanage every single message by hand.
Still, I'm sure Thunderbird has a killfile feature. Every newsreader has that. You must be overlooking it.
It was when Be did it. Very worthwile. BeOS introduced a lot of really interesting concepts. However, the rest of the world has now had about a decade to catch up...
> It's the most respnsive desktop OS I know
The Linux kernel is a *LOT* more responsive than it used to be, even on a single-core system, and, starting now, by the time YellowTab could even optimistically hope to get anywhere, dual-core will be VERY common. Practically the only remaining think that will make a Linux system unresponsive these days is when it's IO-bound (the ultimate example being when you're using an smbmounted filesystem and somebody shuts down the computer that hosts it; that sucks). Yes, the BeOS is responsive, but the difference is not what it used to be, and there are so many other things lacking, such as a multiuser security model for running untrusted code with reduced privileges. (This is important from a security perspective, even for systems with only one user, including desktops. If the BeOS were anywhere near as popular as Windows, it would have serious security issues because of this. YellowTab can fix that, but by the time they do, Linux will have fully caught up on the responsiveness issue.)
> I have heard and read arguments like yours, and without a single > exception, they came from people who did not use BeOS
I have used BeOS, significantly more than just booting it up. I never used it as my primary desktop OS long-term, but I used it for almost two weeks solid at one point (while I was reading the BeOS Bible from cover to cover) with only the occasional reboot into something else to check my email. (I get too much email to use a web interface to get it, and the POP3 client I used at the time is Win32-only; I've since switched to Gnus, so if I were experimenting with BeOS today I could get my email from there, but there's little reason to experiment with the BeOS today, unless you haven't already done so in the past, because little has changed.) As recently as two weeks ago I used BeOS to copy some stuff from a FAT32 partition on a SATA drive over to an ext2 partition on an IDE drive, because, for arcane reasons involving among other things some issues with the BIOS on that system, none of my other OSes could see both partitions. That was BeOS 5 PE, which if I'm not mistaken is older than SATA, but it worked fine, and that didn't surprise me at all, because I understand some of its strengths. BeOS had a lot of potential, and there are still some things we can learn from it. (Heck, there are still some things we can learn from VMS. I *want* filesystem-level file versioning, for instance; that's the Coolest Filesystem Feature Ever, and despite having less "Wow" value, it's way more useful in practice than the BFS extended attributes. But I wouldn't select VMS over other systems available today on the strength of that.) The way BeOS Just Works with a lot of hardware it doesn't have specific drivers for, for instance, is instructive. (MS-DOS 6 also works with SATA drives, no problem whatsoever. You're limited to FAT16, though, so 2GB per partition...)
But saying "This feature and that feature of BeOS were cool, modern systems should learn from that" is one thing, and saying "BeOS was so cool, it's worth making into a modern system today" is something else. It's, to be blunt, far too late for that. Too much time has been lost. What YellowTab has today is just enough of a foundation that they could now seriously *start* the process of modernizing BeOS, a process that will take 5-10 years. By then, Reiser4 will be stable; WinFS will be on the horizon; dual-core will be on every geek's desk; the 2.8 Linux kernel will be old news.
If YellowTab could have started about the time Be, Inc. starting focusing on BeIA and started letting BeOS 6 development lag, BeOS would be a modern OS *today*, with a full multiuser security model, a complete networking stack (and, probably, firewalling), and other goodies. But it isn't and it doesn't. The milk has been spilt.
> Greasemonkey 0.3.5 is a "neutered" version of Greasemonkey, lacking any of > the GM* APIs which make Greasemonkey scripts more powerful than regular HTML.
If Platypus still works with it, I'm fine with that. The whole point of Greasemonkey isn't to make HTML more powerful, but just to allow the user to *alter* what it does with its power, e.g., to move those silly sidebars that so many sites insist on having out of the way (down to the bottom of the page is a good place...) and make some room for, you know, the content. Or, more generally, to fix the little HTML-related things that bug you about sites you frequent: stupid layouts, stupid choices of font/color/whatever, stupid animations you'd rather do without, anything along those lines.
> I really like Debian, and I'd prefer not to wait a couple years for the > next release.:-)
Umm, I thought the primary reason to like Debian Stable was if you didn't *mind* going several years between releases and didn't *want* to upgrade very often, where "very often" is defined as "while any of the software on your computer is still recent enough that reciting the version numbers doesn't cause people to wince in pain".
If you don't want to wait even two years for a release, perhaps you should look into some distro besides Debian Stable.
> Well, you're wrong, because once they finish rolling out their Treacherous > Computing crap the "USB" on the DRM box will only work with "Trusted" > "USB" keys.
So you shut down the Longhorn system, move its hard drive over to another, non-DRM system, mount it as another filesystem, and copy the data.
Fundamentally, DRM can only *really* work if the file format is sufficiently obscure that nobody can figure out how to read or convert it. Encryption can raise the barrier, but for something general-purpose like this, the key has to be stored on every computer that supports the DRM, which means it's going to be public knowledge.
Companies have been trying to make copy-protection work for decades, and throwing quite a lot of resources into it. They've inconvenienced a lot of legitimate users, but they have NEVER come up with a scheme that actually prevents people from copying the data. The reason they haven't come up with a way to do that is because there *isn't* a way to do that. It's impossible.
Oh, I still listen to music. Right now, I'm listening to Canon Alla Duodecima, from Art of Fugue. Good stuff.
Oh, you meant music composed in the modern era? Then no, I haven't listened to those horse leavings in years. All the really great music was written before the start of the Classical era (circa 1750). It's been all downhill since Bach died.
Most of what you say is basically correct, but this part...
>... Vietnam vets who hated the M16... because the round didn't have any > stopping power, that whole MV=MV thing again, it doesn't hurt you as much > when you fire your M16, guess what, that means it doesn't hurt the enemy > as much when it hits him. "Damn you Sir Isaac Newton!".
Umm, just because the round doesn't physically knock the target backward like in the movies doesn't mean it doesn't hurt. No, the M16 doesn't have a lot of stopping power (at least, not with a single round), but it definitely hurts the target a lot more than it hurts the guy pulling the trigger. The physics are a little more involved than you make out, in several ways. Among other things, the rifle butt is bigger around than the bullet. Momentum isn't the only meaningful piece of physics to consider when evaluating ammo. The M16 round is smaller than the rounds of earlier rifles, yes, and this gives it less momentum (and less stopping power), yes, but it also allows the round to travel faster, which enables it to (among other things) penetrate better than a heavier round with an equivalent charge.
Additionally, M16 rounds do tumble -- not in a magically fantastic way, but they do tumble.
Though, as you note, the real selling point of the M16 is the amount of ammo you can carry for it. Anyone who has ever played an FPS game can tell you that running out of ammo can put a real crimp in your style. In a real military situation ammo supply is something you care deeply about.
Oh, and...
> IF they had we probably would have won the Vietnam war
Maybe. I doubt it. Bullet technology didn't have anything to do with why we didn't win the Vietnam war. It was all about politics. In World War I and II, there wasn't any big and potentially hostile nation that was sitting out of the war but might jump in if we didn't watch our step, that we specifically wanted to avoid going to war with. In Vietnam there was China in that position, and potentially the USSR. That made it a whole different kind of war. In World War I and II, our allies were all for us and our enemies were all against us, and we didn't have to mess around with political light-stepping to keep people on the right sides. In every war since, including Vietnam, it's been different. We hadn't adapted very well to that situation yet, hadn't adapted our tactics to that kind of war, and *that* is why we didn't win in Vietnam. The military was still trying to fight as if it were WWII, only every time they came up with a decent battle plan (decent for the kind of war WWII was, I mean), the politicians nixed it, because it would have risked getting China more involved. The rifle ammo we were using had nothing to do with it.
There *are* weapons technologies that would have made a big difference, but it's more along the lines of night-vision systems, covert communications, and so forth, things that would have improved our ability to conduct low-profile, low-intensity combat, to take out more strategic targets with fewer civilian casualties. Because war had changed, and our military was only just beginning to realize the implications.
> Even though I use Linux, I made a note of making sure any Remote > Desktop feature was disabled.
Yes, that's good practice. You wouldn't have been impacted by this specific vulnerability, since the "Remote Desktop" feature in most Linux distros is based on VNC, not RDC, so it would not be subject to the same exploits. But there could be a VNC vulnerability next month. So, obviously, it's better to have this sort of thing (indeed, any network service) turned off if you don't use it. That's been the recommended best practice for years.
Did you also disable ssh? If not, you will want to make sure all the user accounts on your system have decent (non-dictionary-word) passwords. There was a story about that this weekend too, about people trying to brute-force passwords for ssh login. ssh isn't graphical like remote desktop, but that doesn't make it any less powerful, and power, if used by the wrong people, is always dangerous. I keep ssh turned on, because I use it (heavily), but I'm aware of the security implications and avoid weak passwords on systems that are exposed to the internet.
> Why would anyone turn Remote Desktop on unless they know specifically > that they're going to use it?
You hit the usual reason right on the head. People turn on Remote Desktop, and configure their firewalls to let it through, because they know specifically that they're going to use it. Same reason I keep ssh turned on. This is why vulnerabilities in these services are important tech news items, because we need to be aware of the risk so we can make an informed decision about whether to keep the service enabled or shut it off until we get the patch. In one instance a while back I moved ssh to non-standard ports on a couple of systems, until I got them patched. Sysadmins only know to do that sort of thing if they know about the vulnerabilities.
> I was trying to figure out why payola bothers Americans.
It bothers people who would like to listen to the radio, because they're frustrated with the level of (ostensible) quality of the music played on most of the available stations. Those of us who gave up on radio decades ago don't care so much.
> for those (like me) who didn't know what payola was /me boggles. That's a fairly common word.
BTW, I find it interesting that the first definition on dictionary.com specifically mentions the music industry's payment of DJs to promote records as an example. I would have thought bribing judges to influence verdicts would be a better-known example, but perhaps not.
> Except that someone might have noticed their Windows 95 system :-)
> being rebooted... oh *wait*
Exactly. They might notice, but nobody's going to bat an eye. Frankly, most folks wouldn't bat an eye if they saw WinXP being rebooted either, not because it's necessary nearly as often but because people do it constantly anyway, because they've been conditioned that way. About half the population instinctively reboots at the first sign of abnormality, e.g., if the website they're trying to visit doesn't resolve because they mistyped the URI. It's likely to take a very long time for this expectation to change.
> This is similar to an early security flaw in windows though I forget
> precisely which Windows versions it was, 95 and earlier I suspect. It was
> possible to write a program that would autorun from an inserted CD and copy
> the screen saver password file to a floppy from where it could be later
> cracked at leisure.
If you're physically at the computer, you can reboot it and hit escape at the login prompt (or any number of other possibilities). Windows XP makes this rather harder than it was in Win9x, because it has filesystem permissions, so that if you don't log in you may not be able to access various files -- unless you boot from a Knoppix CD or the equivalent, of course, but that can be disabled at the BIOS level. This is why the USB exploit is significant -- there are many situations in which an attacker might have physical access but not totally *unobserved* physical access, and so taking the cover off the case is problematic, but inserting a USB keychain fob is possible. With Windows 95 that wouldn't have even been significant, because there were much easier ways to get at things.
> Spammers claim that single opt-in is when your address is on a list that
> they bought (you "opted in" by appearing on the list), and double opt-in
> is when you actually asked for the mail.
Close. Single opt-in is when you appear on a list, and double opt-in is when you respond to a message that you got as a result, e.g., by visiting the website it was advertising.
A legitimate advertiser should have nothing to do with these things, of course; the only people you should send bulk email to are people who either A) actually did business with you or B) actually signed up to receive the mail.
In case A), you send one message, thanking them for their business and *offering* the chance to sign up for more mail (which you can hype however you like -- exciting special offers, blah, blah, blah). The same message can also ask for feedback if you like, or contain "special offers", but if they don't sign up for more mail, they only get the one message or, at least, only the one for each time they do business with you. (Exception: if you are sending a message anyway to notify them that you have received their check, have shipped their order, or something along those lines, you can tag an additional message on the end of it if you like.)
In the case of B, where they actually signed up for the mail, you need to offer them the ability to opt back out, and you need to adhere to your stated privacy policy, whatever that is -- not distributing their address outside your organization is a good one. Also, if you want anyone to read these things, you've got to limit their frequency, and it helps to make them interesting as well, if possible. Hiring a good writer with an entertaining style to do product reviews or somesuch for your advertainment "newsletter" will generally not hurt anything. Bonus points if you work in a one-panel comic strip somehow that's at least a little bit funny. Make people want to read the thing.
It gets better. At the time of this writing, the top result on Google for Windows Vista is a document at umn.edu referring to a visual statistics system. The second and third results are for a company that sells the kind of windows that are made of glass; the fifth result goes to another such company. The fourth is for some kind of 3D rendering product, and the sixth result has to do with a UMAX scanner...
> How about WinVi? Then the next version can be WinEmacs.
No, no, the next version (codenamed Blackcomb) will be WinVim, because it will add features that should have been there in the first place (e.g., Monad and WinFS).
> > Vista = Wear something
> > Vista = Eyes
> > Vista = Pay with Money
> I'm sure Micro$oft was talking about the latter.
I realize you were joking, but in all seriousness, the second meaning listed there is the one that's related to the Latin root that also gives us the English word Microsoft intended. It makes sense, etymologically if you think about it.
> Rather, more cities should take the stand Philadelphia
And what happens when you're not in one of those cities? I'd be happy if my city just got DSL available, or phone service from anyone besides Verizon.
> Please show me the statistics that prove there's all these "bogus
> malpractice claims". Sure, it's gonna happen on occasion but from what
> I've read on the subject this argument is blown way out of proportion.
In the small community where I live (about ten thousand people, perhaps a hundred doctors of various kinds including general practice, obstetricians, specialists, dentists, everything), at least three doctors that I know about have closed their practices in the last five years, citing rising malpractice insurance costs as the main reason. The only remaining obstetrician in town will be forced to close his practice if he is hit with another malpractice claim. None of the claims against him so far would reasonably be considered legitimate; they were the standard
It can be a real problem. The degree of the problem varies significantly from state to state, and from one subfield in medicine to another.
Statistics? How big is the problem? I don't know. But it can be a real problem in some places, I know that.
> I enable the "ask for each cookie" option in mozilla,
I tried that once. It was unbelievable how tedious browsing the web became. I had to turn it back off wihin a few minutes; otherwise, I'd have gone insane.
What I do now is just limit the max lifetime of cookies. That seems to keep things pretty well under control. Things like forum logins and shopping carts still work, but I don't accumulate hundreds of thousands of worthless cookies from sites I'm probably never going to visit again.
> I like to toy with the cookies...
Some people have too much free time on their hands. I just set the preference that limits the maximum lifespan of cookies and let that be that.
>>> Knowing that "John Smith" visited our site 3 times a week
>>> isn't really any more insightful that knowing that "User
>>> #5233258" visited us 3 times a week.
>> Then why isn't user 123.456.789.012 good enough?
> user 17.123.23.5 might be 30,000 computers, that's why
Much more likely, User #5233258 is a computer used by more than one person. Despite the term "Personal Computer", the overwhelming majority of them are used by multiple people (usually at least three) and no, they don't generally bother with multiple profiles or accounts at either the OS or browser level.
At the library where I work, each of our computers is used by numerous people in any given day and potentially hundreds of people in a year. How is it, then, that a cookie is any better or fundamentally different from an IP address in terms of identifying a specific user? All it does is identify a specific web browser on a specific computer, which is *not* the same.
If you really want to confirm it's the same user, you're going to have to make them register and log in every time. But users don't like that. Perhaps it's best to just forget about tracking the percentage of repeat visitors.
Brick and mortor stores don't operate under the illusion that they can track the number of repeat visitors; they know that's impossible, or at least very impractical. It's just as impractical for a website, but for some reason a lot of webmasters think they can do anything, and that physical realities don't apply to them.
There's nothing wrong with the kind of analysis you're talking about doing. Of course, most of it doesn't require the cookie to persist beyond one browser session. That won't give you percentage of return visitors, but I'm not sure that particular stat really helps you serve the customer better in the way you describe, either.
Anyway, sites that use cookies in the way you describe aren't the reason why people delete cookies or limit their lifetime.
Let me tell you my side of the story: I'm The Computer Guy at a public library. Each browser in the library may be used by fifteen or twenty different people in a given day, fifty or sixty people in a given week, and hundreds of people in a given year. People -- a *lot* of people -- use computers like this to access your site. Now, at our library, I've been careful to set Firefox to limit the max lifetime of all cookies to the current session, but I'm pretty sure that the overwhelming majority of libraries, internet cafes, and similar sites don't do that. Think about the implications of *that* for your precious stats. If I were you, I wouldn't trust any of the stats that require a cookie to persist beyond the current browser session.
> The worst part of the tragedy of Microsoft's domination is the illusion
> that components like IE are actually free. I hate to break it to you, but
> you know the plastic toys inside cereal boxes that said "Free Whiz Bang
> Balloon Racer", well it wasn't free, and neither is Internet Explorer.
Economists have a term for this sort of thing. They call it a "sunk cost". What that means is, although it's not free in real terms, the money for it has already been spent or would be spent anyway, so soaking up the benefit doesn't actively take any additional money out of your pocket. Common examples of sunk costs include "complementary" items, "free shipping", and anything financed by taxes. It is widely understood that most people perceive anything that's a sunk cost as being free, even though the distinction between the two is important if you're doing economic analysis.
Of course, IE is only a sunk cost if you have Windows, i.e., either if you buy Windows on purpose, or, much more likely, if Windows is a sunk cost because you buy your computer off the shelf rather than building it from parts.
Microsoft does have economists on staff, I'm sure, who are intimately familiar with the various nuances of sunk costs. Whether they planned specifically to get to the point where their OS[1] was a sunk cost for most people, or whether that just fell in their laps due to complete market dominance, I'm not sure, but I'm quite sure they are none too upset about it either way.
The only thing about this that really perturbs me is that recently the sunk-cost copy of Windows you get with most new hardware is difficult or impossible to use in a VirtualPC environment, because you don't get an install CD, just a "restore CD" that refuses to work if it doesn't detect the original hardware. This means in practice that if you buy a new PC that comes with Windows as a sunk cost, but you want to run something else as your primary OS and yet keep Windows around, you either have to dual-boot, or else you have to buy another copy of Windows, at which point it's not a sunk cost anymore. I didn't used to mind dual-booting when I used Windows 95 as my primary desktop OS, but lately I find that I don't want to close all my windows and lose my place in everything -- I don't even like restarting my browser[2], much less the whole computer. I guess that's what comes from using software that's actually stable for a few years.
As far as the Firefox release, how does a changed version number end up as "Scrapped" in the headline?
---
[1] No, not Windows; DOS at the time. A Microsoft OS has been a sunk
cost for most computer buyers since roughly the days of DOS 5.0.
[2] I am starting to wish I could install and upgrade extension without
restarting Firefox. The old Windows complaint, "Why should I have
to restart every single time I install anything?" now applies to
the web browser.
> They'd have probably worked a dinosaur in there, too, if someone hadn't
> pointed out that it'd then be sexist, and appeal to boys more than girls
Dinosaurs appeal more to boys than to girls, but a galaxy motif doesn't? Every nine-year-old boy on the planet wants to be an astronaut. If you want it to appeal to girls, put teddy bears on it, and hearts, and flowers.
> I honestly wish you could do a "block sender" in newsgroups.
...) if the score falls above or below a certain value. I don't expect Thunderbird to have that level of functionality available because, frankly, Netscape and Mozilla have never been very poweruser-oriented in the mail and usenet departments. Thunderbird doesn't *attempt* to compete in features with the likes of Gnus, for instance; that's not its target market. It's more along the lines of trying to compete with Outlook and Evolution and their ilk, featureless pieces of junk that make you micromanage every single message by hand.
Umm, that's called a killfile feature, and surely Thunderbird must have it; *all* newsreaders, including even the really lame ones, have had that feature since circa 1970.
*Good* newsreaders have a more complete scoring mechanism that can take into account the sender, newsgroups the message was crossposted to, subject line tokens, the scores that were assigned to other messages further back in the thread, and other factors, assign a score, and then take actions (e.g., mark as read, mark for immediate attention, flag with a certain color, copy to a different virtual group or folder,
Still, I'm sure Thunderbird has a killfile feature. Every newsreader has that. You must be overlooking it.
> The effort invested in BeOS is worthwhile
It was when Be did it. Very worthwile. BeOS introduced a lot of really interesting concepts. However, the rest of the world has now had about a decade to catch up...
> It's the most respnsive desktop OS I know
The Linux kernel is a *LOT* more responsive than it used to be, even on a single-core system, and, starting now, by the time YellowTab could even optimistically hope to get anywhere, dual-core will be VERY common. Practically the only remaining think that will make a Linux system unresponsive these days is when it's IO-bound (the ultimate example being when you're using an smbmounted filesystem and somebody shuts down the computer that hosts it; that sucks). Yes, the BeOS is responsive, but the difference is not what it used to be, and there are so many other things lacking, such as a multiuser security model for running untrusted code with reduced privileges. (This is important from a security perspective, even for systems with only one user, including desktops. If the BeOS were anywhere near as popular as Windows, it would have serious security issues because of this. YellowTab can fix that, but by the time they do, Linux will have fully caught up on the responsiveness issue.)
> I have heard and read arguments like yours, and without a single
> exception, they came from people who did not use BeOS
I have used BeOS, significantly more than just booting it up. I never used it as my primary desktop OS long-term, but I used it for almost two weeks solid at one point (while I was reading the BeOS Bible from cover to cover) with only the occasional reboot into something else to check my email. (I get too much email to use a web interface to get it, and the POP3 client I used at the time is Win32-only; I've since switched to Gnus, so if I were experimenting with BeOS today I could get my email from there, but there's little reason to experiment with the BeOS today, unless you haven't already done so in the past, because little has changed.) As recently as two weeks ago I used BeOS to copy some stuff from a FAT32 partition on a SATA drive over to an ext2 partition on an IDE drive, because, for arcane reasons involving among other things some issues with the BIOS on that system, none of my other OSes could see both partitions. That was BeOS 5 PE, which if I'm not mistaken is older than SATA, but it worked fine, and that didn't surprise me at all, because I understand some of its strengths. BeOS had a lot of potential, and there are still some things we can learn from it. (Heck, there are still some things we can learn from VMS. I *want* filesystem-level file versioning, for instance; that's the Coolest Filesystem Feature Ever, and despite having less "Wow" value, it's way more useful in practice than the BFS extended attributes. But I wouldn't select VMS over other systems available today on the strength of that.) The way BeOS Just Works with a lot of hardware it doesn't have specific drivers for, for instance, is instructive. (MS-DOS 6 also works with SATA drives, no problem whatsoever. You're limited to FAT16, though, so 2GB per partition...)
But saying "This feature and that feature of BeOS were cool, modern systems should learn from that" is one thing, and saying "BeOS was so cool, it's worth making into a modern system today" is something else. It's, to be blunt, far too late for that. Too much time has been lost. What YellowTab has today is just enough of a foundation that they could now seriously *start* the process of modernizing BeOS, a process that will take 5-10 years. By then, Reiser4 will be stable; WinFS will be on the horizon; dual-core will be on every geek's desk; the 2.8 Linux kernel will be old news.
If YellowTab could have started about the time Be, Inc. starting focusing on BeIA and started letting BeOS 6 development lag, BeOS would be a modern OS *today*, with a full multiuser security model, a complete networking stack (and, probably, firewalling), and other goodies. But it isn't and it doesn't. The milk has been spilt.
> I can buy Windows XP Pro for $85 USD.
Where? Where I come from, XP Pro is $135.99.
> Greasemonkey 0.3.5 is a "neutered" version of Greasemonkey, lacking any of
> the GM* APIs which make Greasemonkey scripts more powerful than regular HTML.
If Platypus still works with it, I'm fine with that. The whole point of Greasemonkey isn't to make HTML more powerful, but just to allow the user to *alter* what it does with its power, e.g., to move those silly sidebars that so many sites insist on having out of the way (down to the bottom of the page is a good place...) and make some room for, you know, the content. Or, more generally, to fix the little HTML-related things that bug you about sites you frequent: stupid layouts, stupid choices of font/color/whatever, stupid animations you'd rather do without, anything along those lines.
> I really like Debian, and I'd prefer not to wait a couple years for the :-)
> next release.
Umm, I thought the primary reason to like Debian Stable was if you didn't *mind* going several years between releases and didn't *want* to upgrade very often, where "very often" is defined as "while any of the software on your computer is still recent enough that reciting the version numbers doesn't cause people to wince in pain".
If you don't want to wait even two years for a release, perhaps you should look into some distro besides Debian Stable.
> Well, you're wrong, because once they finish rolling out their Treacherous
> Computing crap the "USB" on the DRM box will only work with "Trusted"
> "USB" keys.
So you shut down the Longhorn system, move its hard drive over to another, non-DRM system, mount it as another filesystem, and copy the data.
Fundamentally, DRM can only *really* work if the file format is sufficiently obscure that nobody can figure out how to read or convert it. Encryption can raise the barrier, but for something general-purpose like this, the key has to be stored on every computer that supports the DRM, which means it's going to be public knowledge.
Companies have been trying to make copy-protection work for decades, and throwing quite a lot of resources into it. They've inconvenienced a lot of legitimate users, but they have NEVER come up with a scheme that actually prevents people from copying the data. The reason they haven't come up with a way to do that is because there *isn't* a way to do that. It's impossible.
> (disclamer: I don't listen to music anymore.)
Oh, I still listen to music. Right now, I'm listening to Canon Alla Duodecima, from Art of Fugue. Good stuff.
Oh, you meant music composed in the modern era? Then no, I haven't listened to those horse leavings in years. All the really great music was written before the start of the Classical era (circa 1750). It's been all downhill since Bach died.
Most of what you say is basically correct, but this part...
... Vietnam vets who hated the M16 ... because the round didn't have any
>
> stopping power, that whole MV=MV thing again, it doesn't hurt you as much
> when you fire your M16, guess what, that means it doesn't hurt the enemy
> as much when it hits him. "Damn you Sir Isaac Newton!".
Umm, just because the round doesn't physically knock the target backward like in the movies doesn't mean it doesn't hurt. No, the M16 doesn't have a lot of stopping power (at least, not with a single round), but it definitely hurts the target a lot more than it hurts the guy pulling the trigger. The physics are a little more involved than you make out, in several ways. Among other things, the rifle butt is bigger around than the bullet. Momentum isn't the only meaningful piece of physics to consider when evaluating ammo. The M16 round is smaller than the rounds of earlier rifles, yes, and this gives it less momentum (and less stopping power), yes, but it also allows the round to travel faster, which enables it to (among other things) penetrate better than a heavier round with an equivalent charge.
Additionally, M16 rounds do tumble -- not in a magically fantastic way, but they do tumble.
Though, as you note, the real selling point of the M16 is the amount of ammo you can carry for it. Anyone who has ever played an FPS game can tell you that running out of ammo can put a real crimp in your style. In a real military situation ammo supply is something you care deeply about.
Oh, and...
> IF they had we probably would have won the Vietnam war
Maybe. I doubt it. Bullet technology didn't have anything to do with why we didn't win the Vietnam war. It was all about politics. In World War I and II, there wasn't any big and potentially hostile nation that was sitting out of the war but might jump in if we didn't watch our step, that we specifically wanted to avoid going to war with. In Vietnam there was China in that position, and potentially the USSR. That made it a whole different kind of war. In World War I and II, our allies were all for us and our enemies were all against us, and we didn't have to mess around with political light-stepping to keep people on the right sides. In every war since, including Vietnam, it's been different. We hadn't adapted very well to that situation yet, hadn't adapted our tactics to that kind of war, and *that* is why we didn't win in Vietnam. The military was still trying to fight as if it were WWII, only every time they came up with a decent battle plan (decent for the kind of war WWII was, I mean), the politicians nixed it, because it would have risked getting China more involved. The rifle ammo we were using had nothing to do with it.
There *are* weapons technologies that would have made a big difference, but it's more along the lines of night-vision systems, covert communications, and so forth, things that would have improved our ability to conduct low-profile, low-intensity combat, to take out more strategic targets with fewer civilian casualties. Because war had changed, and our military was only just beginning to realize the implications.
> Even though I use Linux, I made a note of making sure any Remote
> Desktop feature was disabled.
Yes, that's good practice. You wouldn't have been impacted by this specific vulnerability, since the "Remote Desktop" feature in most Linux distros is based on VNC, not RDC, so it would not be subject to the same exploits. But there could be a VNC vulnerability next month. So, obviously, it's better to have this sort of thing (indeed, any network service) turned off if you don't use it. That's been the recommended best practice for years.
Did you also disable ssh? If not, you will want to make sure all the user accounts on your system have decent (non-dictionary-word) passwords. There was a story about that this weekend too, about people trying to brute-force passwords for ssh login. ssh isn't graphical like remote desktop, but that doesn't make it any less powerful, and power, if used by the wrong people, is always dangerous. I keep ssh turned on, because I use it (heavily), but I'm aware of the security implications and avoid weak passwords on systems that are exposed to the internet.
> Why would anyone turn Remote Desktop on unless they know specifically
> that they're going to use it?
You hit the usual reason right on the head. People turn on Remote Desktop, and configure their firewalls to let it through, because they know specifically that they're going to use it. Same reason I keep ssh turned on. This is why vulnerabilities in these services are important tech news items, because we need to be aware of the risk so we can make an informed decision about whether to keep the service enabled or shut it off until we get the patch. In one instance a while back I moved ssh to non-standard ports on a couple of systems, until I got them patched. Sysadmins only know to do that sort of thing if they know about the vulnerabilities.