What if Kennedy had chosen the latter option? How would the world have evolved since then? An abundance of water and food in Africa but no internet and supercomputer in everybody’s pocket?
That's not very likely. The Internet came from an ARPA project that was unrelated to the space program. The space program contributed a little to the development of computers, but it was just a single customer for computers - the DoE was a much larger one, even just counting US government spending. The main outcomes of the space program that are relevant for smartphone / Internet development were in satellite technology, in terms of GPS and communication satellites and could still have been developed with a much smaller budget and without the Moon mission. The main transferable outcomes from the space programme were in materials science.
Windows 2000 was a lot more expensive than ME and only had Pro, Server, and Advanced Server variants, no Home edition. The XP Home Edition was the same price as 95/98/ME had been. A few higher-end machines and motherboards came with 2K Pro OEM edition, which was a bit cheaper than retail.
The majority of home users of 2000 were likely to have been students. Microsoft's student licensing had a single price for an OS, which bought you either Windows 95 or NT, later Windows 2K or ME. Given the choice between 2K or ME for the same price, anyone sane would have picked 2K.
The problem is that the term 'designer' has been subverted to mean 'failed artist', rather than 'person who has studied human-machine interaction and has a solid background in cognitive psychology'. It's often easy to spot the bad ones, because they self-identify as UX people, rather than HCI people. They're far more concerned about making something distinctive than making something useful. Part of the problem is that users rarely notice when they're using a good UI, but they immediately notice a bad one.
I think I'd rather pay them a $2/month subscription for security updates, so that they have a revenue stream for keeping the old version supported, rather than requiring them to push new stuff out to keep their income.
The Thirteenth Floor tells that story a lot better. Sorry for the spoiler, but its signposted throughout the movie and I found it really frustrating the first time I watched it that the ending was obvious. Knowing (not guessing) the ending the second time made the film a lot more enjoyable.
In 3, super-intelligent AI killing machines had the battle strategy of 'form an orderly queue and advance into bullets'. That seemed to be the only way that they could come up with to make the battle last long enough, which was hardly a great example of special effects: they need to be credible as well as large.
My memory of the sequels is foggy, but did Neo actually manipulate reality outside of the Matrix at the end of two? I thought he just killed some machines, which really just implies that he has a wireless link to the Matrix, as he was able to alter programming while plugged in already.
From what I see doing undergraduate admissions, schools in the UK do a really good job at putting women off anything to do with computers. If a boy shows some aptitude, they'll devote a lot of time to helping him. If a girl does, she'll be considered weird by her teachers and ignored. They'll send boys to university-run masterclasses, but won't send girls unless forced to do so (and when they do, you find that they had girls who were at least as competent as the boys that they sent, they just didn't think they were worth sending). This seems to be very locale-depenedent though. Romania and Lithuania, for example, are much better at encouraging girls to succeed in these areas, as are India, China, and even much of the Middle East. If we want to compete with countries that are using all of their available talent effectively by using only half of ours, I don't see it ending well for us.
Typically this matters for offline attacks (i.e. when an attacker has copied the password database, which happens surprisingly frequently). If the site is really stupid, then this is stored in plain text and it's game over already at this point, irrespective of how strong the password is. Hopefully, most people aren't that stupid.
The first step away from that is to store a cryptographic hash of the password. To check the password, you apply the same hash function and compare the output. The hash function gives a fixed-size output for any input. Because it's a hash, there are an infinite number of possible inputs for any given hash, but because it's a cryptographically strong hash these are close to uniformly distributed so the probability of finding two random inputs with the same hash is vanishingly small. For a secure 128-bit hash (which MD5 was thought to be, until it was shown that it wasn't), you have a 1/2^128 chance of two arbitrary inputs giving the same output and any password-length (i.e. short enough for a human to type) inputs are going to map to different values. This means that, while you can't easily compute an input value for every possible 128-bit hash (for one thing, there isn't enough storage space on the planet for all of them), you can compute a hash for every relatively-short input and store those in a table (known as a rainbow table), or you can simply iterate through the entire set of short inputs and compute a hash of them.
The next step is to add a salt. If you prepend the same string to every password before hashing it, then a rainbow table won't work. If your password is 'password' then one person's salted password file might store it as the hash of 'foopassword' and another's as the hash of 'barpassword' and so you need a different rainbow table for each one. You can compute the rainbow table in the same amount of time though, so this doesn't buy you much. If you prepend a different random string to each password before hashing it, and store that value along with the hash, then an attacker can't even construct a rainbow table for your password database, they need a separate one per password (at which point it's just as easy to brute force it).
As you say, for online attacks the limiting factor is the rate at which login attempts are permitted and even a small delay - for example, one attempt every 10 seconds - makes brute force attacks infeasible. The danger there comes from people reusing passwords: if I get a password db from one site and crack the passwords in it, then I can try them on a huge number of other site automatically. This is even worse when people use email addresses as usernames, because it makes it easy to tie attempts together.
Begins? This sounds exactly like the sort of issue from that start of the industrial revolution, where people were routinely mauled by machinery with inadequate safety standards. About 200 years too late for 'and so it begins'.
Typical web development languages don't have unsigned integers, so they're quite easily able to represent up to 2^31 seconds (around 68 years) before the epoch date.
1956 is 61 years in the past. If you were particularly precocious, then you might have attended university from age 15, so if you can't enter your university dates then you're at least 76 here. That's well past mandatory retirement age in pretty much any locale that has such a thing.
If you use something like the iTunes store, you can fill up space with movies / TV shows quite quickly. The same if you use the video record feature on your smartphone a lot - modern phones can record at least 720p H.264. Modern games are often around 10GB, so if you play games a lot then you'll easily burn through 1TB.
Hopefully this story has a happy ending, because you'd configured Time Machine to automatically back up and so after she learned that, yes, drives do fail, you were able to restore all of her data and she only lost at most a few hours of recent work. Or did you intentionally leave her in a configuration that you knew would fail so that you could look smug and superior later (and, if this is the kind of thing that you do, why is she still married to you)?
Usually the difference is in the firmware, not the reliability of the drives (though some older, primarily SCSI, server drives had lower capacity because they stored more error correcting information). Server drives are usually configured to report errors rather than remapping sectors, because they expect something at a higher level to handle the problems. This is especially true for drives expected to be used in a RAID configuration, where if there's a bad sector you'd rather mark the same sector unused on all drives than have them doing different head movements (your performance is limited by the slowest drive, so variation will make things slower).
There were a lot of problems with XMPP. Running off to overengineered solutions for complex problems before solving simple ones was one: things like file transfer went through countless iterations before eventually converging on Jingle, which is far more complex by itself than the entire core XMPP protocol.
The real problem with XMPP though was the lack of a single good reference implementation of both the client and server portions. The Foundation backed jabberd, then jabberd2 then ejabberd, now something else for the server as the official recommended implementation. They never put effort into producing a single client library that supported all of the core features and so it's really hard to find two clients for different platforms that support even the same image sharing protocol, let alone voice or video chat. Tox is doing better in this regard, ensuring that there is a single reference implementation that supports every feature in the spec. Unfortunately, they've decided to release it under GPLv3, which limits its adoption quite a lot.
They didn't really think about security in the original design and tried to retrofit it. They have TLS support, but all of the end-to-end encryption standards are non-core parts of the protocol and clients all seem to implement different ones, making it very hard to get interoperable security. End-to-end security is hard if you have multiple endpoints per person.
XMPP also doesn't give true decentralised operation. It uses the same model as email, where you talk to a single mail server, which talks to other people's servers. This makes it quite difficult to load balance for large deployments. Again, newer fully distributed IM systems have addressed some of these problems.
I invested a lot of effort in XMPP (wrote a client library and a client), but it's not a good solution and in many ways it's a solution for the wrong problem.
They still do support federation (the Google Talk people on my XMPP Roster still show up), but I believe that they now block contact invitations from flowing between their own network and others, so you can still talk to external XMPP users if you set them up in the past, but you can't add new ones. At some point the number of people doing this will drop to such a small number that they'll stop caring about them and turn off federation entirely.
So it can set the clock automatically when the power goes out? So that you can leave something in it and turn it on when you're nearly home? Because you're a moron? I suspect the third reason is probably the most common, but the other two are more likely to appear in marketing literature.
Individually, maybe not very. But do you visit any news sites? The data about which ones gives people who harvest it a first approximation of your political leanings. The stories that you read tell them the issues that are important to you. The location data and your Google Maps history tell them where you live, where you work, and which places you visit frequently. That's enough to tell if you're in a marginal constituency and what lies are likely to make you vote for a particular candidate (or if you've already made your mind up and so aren't worth targeting). Whoever has access to that information can wield a disproportionate amount of influence over elections.
But right vs left is such a good way of distracting the people! After all, both sides of the political establishment are very different in who they want to give the things that they steal from you to.
Being spied on by a TV or microwave is depressingly plausible given the trend to give these things microphones and network connections because 'oooh, shiny IoT!'.
The concept of actual CI is flawed in our branch and merge git-world
I've seen a couple of projects integrate CI with the GitHub pull request mechanism very well by ensuring that the CI system is the only thing that has push access to the master branch. Pull requests are tagged by a project member as ready to merge and the CI system then performs the merge to head. This ensures that you never end up with a race where a pull request passes tests, but then another commit introduces something that causes the code in the pull request to fail tests, even though it merges cleanly.
Slashdot Mirror
What if Kennedy had chosen the latter option? How would the world have evolved since then? An abundance of water and food in Africa but no internet and supercomputer in everybody’s pocket?
That's not very likely. The Internet came from an ARPA project that was unrelated to the space program. The space program contributed a little to the development of computers, but it was just a single customer for computers - the DoE was a much larger one, even just counting US government spending. The main outcomes of the space program that are relevant for smartphone / Internet development were in satellite technology, in terms of GPS and communication satellites and could still have been developed with a much smaller budget and without the Moon mission. The main transferable outcomes from the space programme were in materials science.
Windows 2000 was a lot more expensive than ME and only had Pro, Server, and Advanced Server variants, no Home edition. The XP Home Edition was the same price as 95/98/ME had been. A few higher-end machines and motherboards came with 2K Pro OEM edition, which was a bit cheaper than retail.
The majority of home users of 2000 were likely to have been students. Microsoft's student licensing had a single price for an OS, which bought you either Windows 95 or NT, later Windows 2K or ME. Given the choice between 2K or ME for the same price, anyone sane would have picked 2K.
The problem is that the term 'designer' has been subverted to mean 'failed artist', rather than 'person who has studied human-machine interaction and has a solid background in cognitive psychology'. It's often easy to spot the bad ones, because they self-identify as UX people, rather than HCI people. They're far more concerned about making something distinctive than making something useful. Part of the problem is that users rarely notice when they're using a good UI, but they immediately notice a bad one.
I think I'd rather pay them a $2/month subscription for security updates, so that they have a revenue stream for keeping the old version supported, rather than requiring them to push new stuff out to keep their income.
The Thirteenth Floor tells that story a lot better. Sorry for the spoiler, but its signposted throughout the movie and I found it really frustrating the first time I watched it that the ending was obvious. Knowing (not guessing) the ending the second time made the film a lot more enjoyable.
In 3, super-intelligent AI killing machines had the battle strategy of 'form an orderly queue and advance into bullets'. That seemed to be the only way that they could come up with to make the battle last long enough, which was hardly a great example of special effects: they need to be credible as well as large.
My memory of the sequels is foggy, but did Neo actually manipulate reality outside of the Matrix at the end of two? I thought he just killed some machines, which really just implies that he has a wireless link to the Matrix, as he was able to alter programming while plugged in already.
From what I see doing undergraduate admissions, schools in the UK do a really good job at putting women off anything to do with computers. If a boy shows some aptitude, they'll devote a lot of time to helping him. If a girl does, she'll be considered weird by her teachers and ignored. They'll send boys to university-run masterclasses, but won't send girls unless forced to do so (and when they do, you find that they had girls who were at least as competent as the boys that they sent, they just didn't think they were worth sending). This seems to be very locale-depenedent though. Romania and Lithuania, for example, are much better at encouraging girls to succeed in these areas, as are India, China, and even much of the Middle East. If we want to compete with countries that are using all of their available talent effectively by using only half of ours, I don't see it ending well for us.
The first step away from that is to store a cryptographic hash of the password. To check the password, you apply the same hash function and compare the output. The hash function gives a fixed-size output for any input. Because it's a hash, there are an infinite number of possible inputs for any given hash, but because it's a cryptographically strong hash these are close to uniformly distributed so the probability of finding two random inputs with the same hash is vanishingly small. For a secure 128-bit hash (which MD5 was thought to be, until it was shown that it wasn't), you have a 1/2^128 chance of two arbitrary inputs giving the same output and any password-length (i.e. short enough for a human to type) inputs are going to map to different values. This means that, while you can't easily compute an input value for every possible 128-bit hash (for one thing, there isn't enough storage space on the planet for all of them), you can compute a hash for every relatively-short input and store those in a table (known as a rainbow table), or you can simply iterate through the entire set of short inputs and compute a hash of them.
The next step is to add a salt. If you prepend the same string to every password before hashing it, then a rainbow table won't work. If your password is 'password' then one person's salted password file might store it as the hash of 'foopassword' and another's as the hash of 'barpassword' and so you need a different rainbow table for each one. You can compute the rainbow table in the same amount of time though, so this doesn't buy you much. If you prepend a different random string to each password before hashing it, and store that value along with the hash, then an attacker can't even construct a rainbow table for your password database, they need a separate one per password (at which point it's just as easy to brute force it).
As you say, for online attacks the limiting factor is the rate at which login attempts are permitted and even a small delay - for example, one attempt every 10 seconds - makes brute force attacks infeasible. The danger there comes from people reusing passwords: if I get a password db from one site and crack the passwords in it, then I can try them on a huge number of other site automatically. This is even worse when people use email addresses as usernames, because it makes it easy to tie attempts together.
You realise, I trust, that the only reason that companies don't send armed goons to harass you any more is that the Government-paid goons stop them?
Happy 15th birthday!
Begins? This sounds exactly like the sort of issue from that start of the industrial revolution, where people were routinely mauled by machinery with inadequate safety standards. About 200 years too late for 'and so it begins'.
roman_mir believes strongly that oppression should be handled by the private sector, who can do it far more efficiently.
Typical web development languages don't have unsigned integers, so they're quite easily able to represent up to 2^31 seconds (around 68 years) before the epoch date.
1956 is 61 years in the past. If you were particularly precocious, then you might have attended university from age 15, so if you can't enter your university dates then you're at least 76 here. That's well past mandatory retirement age in pretty much any locale that has such a thing.
If you use something like the iTunes store, you can fill up space with movies / TV shows quite quickly. The same if you use the video record feature on your smartphone a lot - modern phones can record at least 720p H.264. Modern games are often around 10GB, so if you play games a lot then you'll easily burn through 1TB.
Hopefully this story has a happy ending, because you'd configured Time Machine to automatically back up and so after she learned that, yes, drives do fail, you were able to restore all of her data and she only lost at most a few hours of recent work. Or did you intentionally leave her in a configuration that you knew would fail so that you could look smug and superior later (and, if this is the kind of thing that you do, why is she still married to you)?
Usually the difference is in the firmware, not the reliability of the drives (though some older, primarily SCSI, server drives had lower capacity because they stored more error correcting information). Server drives are usually configured to report errors rather than remapping sectors, because they expect something at a higher level to handle the problems. This is especially true for drives expected to be used in a RAID configuration, where if there's a bad sector you'd rather mark the same sector unused on all drives than have them doing different head movements (your performance is limited by the slowest drive, so variation will make things slower).
The real problem with XMPP though was the lack of a single good reference implementation of both the client and server portions. The Foundation backed jabberd, then jabberd2 then ejabberd, now something else for the server as the official recommended implementation. They never put effort into producing a single client library that supported all of the core features and so it's really hard to find two clients for different platforms that support even the same image sharing protocol, let alone voice or video chat. Tox is doing better in this regard, ensuring that there is a single reference implementation that supports every feature in the spec. Unfortunately, they've decided to release it under GPLv3, which limits its adoption quite a lot.
They didn't really think about security in the original design and tried to retrofit it. They have TLS support, but all of the end-to-end encryption standards are non-core parts of the protocol and clients all seem to implement different ones, making it very hard to get interoperable security. End-to-end security is hard if you have multiple endpoints per person.
XMPP also doesn't give true decentralised operation. It uses the same model as email, where you talk to a single mail server, which talks to other people's servers. This makes it quite difficult to load balance for large deployments. Again, newer fully distributed IM systems have addressed some of these problems.
I invested a lot of effort in XMPP (wrote a client library and a client), but it's not a good solution and in many ways it's a solution for the wrong problem.
They still do support federation (the Google Talk people on my XMPP Roster still show up), but I believe that they now block contact invitations from flowing between their own network and others, so you can still talk to external XMPP users if you set them up in the past, but you can't add new ones. At some point the number of people doing this will drop to such a small number that they'll stop caring about them and turn off federation entirely.
So it can set the clock automatically when the power goes out? So that you can leave something in it and turn it on when you're nearly home? Because you're a moron? I suspect the third reason is probably the most common, but the other two are more likely to appear in marketing literature.
Individually, maybe not very. But do you visit any news sites? The data about which ones gives people who harvest it a first approximation of your political leanings. The stories that you read tell them the issues that are important to you. The location data and your Google Maps history tell them where you live, where you work, and which places you visit frequently. That's enough to tell if you're in a marginal constituency and what lies are likely to make you vote for a particular candidate (or if you've already made your mind up and so aren't worth targeting). Whoever has access to that information can wield a disproportionate amount of influence over elections.
But right vs left is such a good way of distracting the people! After all, both sides of the political establishment are very different in who they want to give the things that they steal from you to.
Being spied on by a TV or microwave is depressingly plausible given the trend to give these things microphones and network connections because 'oooh, shiny IoT!'.
The concept of actual CI is flawed in our branch and merge git-world
I've seen a couple of projects integrate CI with the GitHub pull request mechanism very well by ensuring that the CI system is the only thing that has push access to the master branch. Pull requests are tagged by a project member as ready to merge and the CI system then performs the merge to head. This ensures that you never end up with a race where a pull request passes tests, but then another commit introduces something that causes the code in the pull request to fail tests, even though it merges cleanly.