- It doesn't resolve the issue raised by your parent. If you execute your distribution's 'upgrade all new packages' function, after it has updated its repositories, you will get the new package. The problem is that the distributions don't update their repositories in a useful or regular way, and it's often difficult to execute this function.
- What if the new code has serious flaws that make it worse to use than the old? You would prefer to regress. Especially if the security flaw is something minor like "local user is allowed to use the cd-burner even though he's not supposed to" -- if the new version comes out with all sorts of other features that break it, you would much rather use the old one that didn't have a flaw that you cared about, than many that you do.
- What authority do you have to say 'nobody should ever install an insecure program again'? I'll admin my own system, and install what I want, thanks.
- Infeasible to implement on such a scale as you suggest.
- It's against some of the principles of Open Source software development, where you can always look at the past versions of software.
Argh, mod you down, please. That makes no sense, I'm sorry. Are you being serious?
An Internet License would hurt much of what makes the Internet the Internet (anonymity, free speech, etc.) And how would you enforce it? Would you have somebody watching over your Internet usage, and, if it seems erratic, "pull you over" and ask for your Internet License and Registration? I'm sure everyone here will love that idea.
Sorry, that's not going to fly. It is written as what it is, a set of PRINCIPLES -- not laws. Principles belong nowhere in the law -- they're extremely broad declarations of what is Good and Bad but not what is legal and illegal. It would be so broad as to be useless against large but subtle infringers (the ones you want to hurt the most) and it would probably affect normal users in negative ways.
It is useful to note that the Constitution does specify some broad principles. However, they are stated in ways that declare what the GOVERNMENT can and cannot do, not what individual people or software can or cannot do.
The school hands out external IP's to everyone! It's ridiculous. All these folks who drag their Windows laptops from home where they had a wireless router/NAT are now exposed on the open Internet.
The school tells them to patch, but it's too late -- the half-life of an unpatched Windows box on the open 'net is about six minutes.
Now, I brought two computers, Linux and Mac OS X, and I _STILL_ NAT them for security! (There are enough ports in my dorm room so that I wouldn't need to, but I do.)
I'm pretty much the only one who wants or needs an external IP. I serve web, ssh, and files. So I'm really happy. But all the Windows boxes on the network are crying.
Generally, limited distribution of copyrighted material to your friends is considered fair use. See the Fair Use Checklist -- favoring fair use, it lists "restricted access", "one or few copies made", "no significant effect on the market."
Make it wireless, 40GB, the size of an ipod, with a good battery. Allow me to plug it into external power too (AC 110/solar panel/turbine/car battery/etc). Always encrypt files when storing and transferring. Also add some facility to signal the device to turn off its wireless signal quickly so that it cannot be found using signal-locating devices.
The last element of security is a thermite detonator with a separate trigger circuit and antenna frequency. Ship the product with a 'kill button' that transmits the detonator signal when you activate it.
When you build it, I will come! I plan to bury one in my backyard and make the most secure file server evar. The USA PATRIOTS will never read my data!
Well, I recommend signing up for the mailing list (I've been on it since it was slashdotted a while back), but they really do not welcome much actual help yet. They are doing some stuff that can only be done by a few developers at once -- refactoring a lot of the underlying code. So a lot of people with good ideas have been pretty much blown off. I am sure they will solicit more help when the time is right.
I think documentation in general is hugely important. Not just for people who are not programmers but who are sysadmins, like the author, but for any programmers who want to contribute to the code.
I actually haven't run across major usage documentation problems like the author of the article did -- I have been able to install and run many of the programs I want to, without significant trouble. The problems I run into are when I actually want to dig into the code to change something. I am usually bewildered by the size of the project and I don't know where to start.
Documentation is good. I like writing documentation for my code (and I feel like I'm somewhat rare). But it's something that I naturally do at this point. I don't consider it a 'chore' or anything like that -- in fact, I enjoy writing docs for my code that I understand, in order to communicate this understanding to others.
I think that code documentation, not just usage docs, is a core part of the open source development model. If you are the only one who can understand your code, then chances are that your project will die if you stop maintaining it. The mental model is very important in programming, and others' capability to replicate your model in their minds will help them write integrated, less buggy code for your project.
Your 'keyword' system falls to the same problem that people above you have articulated -- not only does it need to be anonymous, you actually need to PREVENT people from being able to access their own voting record. Otherwise you can get people saying 'prove you voted for X and I won't give you this punishment/will give you this reward.' That hurts the voting system immensely, so it should be impossible to walk out and prove that you voted for X.
The best you can do is allow them to inspect their own vote as it goes into a counting box, but then have them lose accountability for it beyond that point.
(As for your 'keyword' system, you don't need to have people pick unique keywords if you use a 'salt' or initialization vector in the encryption.)
Well, possibly, but if someone is trying to communicate with you, it may be the best way anyway. Think about it. Would you rather they flash the lights, honk the horn or wave? You will spend more brain cycles trying to parse these messages. Generally, an interface that uses ingrained brain 'hardware' to communicate is usually better than teaching everyone that signal X means Y.
You may remember that we had that article on Facetop last week, where you can use your existing hand-eye coordination 'hardware' to drive the pointer. That sounds like really stellar UI. This is similar in that it would use humanlike social cues to communicate. (Then again... social cues? I must be new here.)
The only problem I'm seeing is that the facial expressions that a car can make are probably nothing like actual social cues, and that they would not be similar enough to trigger expression recognition code in your brain. Who knows.
Yes. It is starting to really bug me. They could save a lot of bandwidth and make their page far more viewable with stylesheets if they moved the code into proper CSS and XHTML.
Yah, it's a dialog with a bunch of updates listed with checkboxes, plus a "get them all" button. (I'm not sure exactly, I've only seen it once when I first got this machine, but it does that).
Apples have mutated their protein structure recently (they're now based on Unix) -- are you sure you're still allergic?
I don't believe you. Where does the energy go? Does it generate voltage _AND_ cool its surroundings? Sign me up for that!
There are solid state devices that move heat, though -- a Peltier cooler is one. People have been using these for overclocking their computers and they seem quite useful. I've never used one, though.
you're telling me you searched Google for the name of the executable trojan that comes with their own product? And you think they would reveal this information why?
One of Maxwell's Laws says that current is proportional to the rate of change of magnetic flux through a loop. If the earth's magnetic field is always changing, can we generate electricity from this effect by putting a loop of wire around the Equator? I realize that it changes rather slowly, but it is still quite a sizeable field...
I like the jumping from cell to cell -- but I would be worried that any open connections I had would be broken every time the train switched cells.
I don't know too much about network design, but would it be possible to design the system so that you wouldn't lose AIM connections if the thing switched cells? If you put all the cells along a given line behind one NAT gateway and hand out 10.x.x.x/8 addresses, that should be easily enough for everyone who rides the train to get a unique IP for the duration of the trip. So at least you're not changing IPs, either externally or internally. But you still have routing -- and here's where my knowledge breaks down. Would it be possible/easy to route packets to the right place so I could keep a persistent connection the whole trip (or at least while you're not going through a tunnel)?
I am looking at the map and it is hard to read the cost of Internet off of it -- I mean, the numbers are right there, but they're just numbers, not graphical in any way. It sort of defeats the purpose. I have to go searching for the highest and lowest numbers.
More specifically, I was interested to see which countries had the most affordable Internet in comparison to their costs of living. But there's no way to pick the highest and lowest numbers out, and it is especially hard to observe the particular piece of data I was interested in (although, to be fair, a scatter plot would be more useful for that). Still, I feel like the most important data is not plotted in a graphical way, and it's lacking.
Well, people have always been using tricks to get you to go to pages like "http://www.paypal-secure-transfer.com" and type in your password by making the page look just like PayPal's. The whole point of SSL is that the pubkey you're encrypting with is supposed to be signed by a trusted CA so that you know there ISN'T a man-in-the-middle attack.
There's no difference between the scenario the parent describes, and somebody simply mirroring PayPal's front-end while stealing your info on the backend. If the URL doesn't say https://www.paypal.com and you don't have SSL encryption (usually with the little lock icon in the corner) then you have no business entering any info.
Heh, Telus. Indeed. If I remember correctly, at h2k2 in new york two years ago, the speaker at the Caller ID Spoofing panel called a Telus operator. He was like "Hi, I'm a Telus technician calling from . Can you please place a test call to ?" and the operator would be like "Sure"
XML in text is ridiculously bloated, yes, but as soon as you gzip it (or use pretty much any compression scheme), it barely has any overhead above the data, and retains its extensibility. That is, I am assuming that data overhead IS what you were referring to by "bloat." And the eXtensible part of XML makes it great whenever you might have to change something in the future, which is "always." And since XML is so easy for anyone, programmer or no, to write in plain text and then gzip, I think it's really great as a tool.
Transparency. We can do it today with various 2d windowing environments. But I was trying to figure out today what it allows you to do. I have no idea.
I agree that transparent windows look cool -- but how does this translate into usability? It doesn't seem to; at least, not that I can think of.
When I have a transparent window, it enables me to place it over another window and see both at once. Except that, from experience, you can't really see both at once -- if there's information on both of the windows, they are confused together, and you can't really read either one. The only way you get transparency to be useful is if one of the windows has a significant amount of open space in a section of it so that the other window can be read with a bland background. But if this is true then the application has been designed incorrectly -- it wastes a lot of space. Any situation I can think of where transparent windows would be useful, I realize that one application or another had a misdesigned UI instead. I challenge a counterexample.
Okay, what else do you get from a 3D desktop? Fast and precise scaling of individual windows and other widgets. Well, Mac OS X does this already, and it looks really great, in 2d with hardware. This isn't really a 3d thing, but it is incredibly useful, and a convenient side benefit.
Window flipping, rotating, etc.: It depends on how many things you can do with this. I doubt that most people will actually want/need to rotate their windows under normal circumstances. Rotating something to minimize it by its title is pretty much exactly the same as simply minimizing it to a taskbar or shading it, in whatever WM you are using. I don't know about taking notes on the back of a window, considering that you just hid the information you wanted to take notes about! But putting a "sticky" on a window, writing on it, and having it actually MOVE with the window would be a great feature -- if you shrink the window, the sticky shrinks with it, and if you rotate it, you can see that it has a note hanging off it - in 3D, so you can more easily identify windows when their sides are facing you. Also, the thickness of the windows in the screenshots bugs me -- I always visualized windows as paper-thin.:-)
Perspective -- if the user is simply a camera in a world, should there be "sticky" icons that rotate and move with you? What about window maximization? I think Tog and the Mac people have made it sufficiently clear that the edges and corners of a screen are extremely easy to acquire for mouse users. Simply taking the "camera in a world" perspective is probably wrong, then. IMO, it is very important to have some sort of sticky widgets around the edges. Where do you draw the line? Do you have maximization? What happens when you try to pan while a window is maximized? Does a user have to learn about the fact that the environment is 3D to be able to use it? (can you still be a 2d environment). Is it possible to get "lost" in a 3d world?
I think people often have trouble visualizing a 3d interface. Can you interact with something which is "behind" the frontmost window? Is it a regular mouse cursor or some other "manipulator"? If you can move the cursor in threespace, how do you do that (maybe a different hardware sensor on the mouse)? How do you indicate to the user what "layer" his cursor is at?
I have more concerns right now but I should get back to work.:-) I get the feeling that the threedee interface is a marketing tool rather than a tool to improve productivity. But maybe I just haven't thought of it yet -- what's the killer app for an interface like this?
Now, I haven't used Gmail, but what makes searching your email through Gmail any better than a grep? (or any old indexed search if you prefer). The POINT of the Google search algorithm is to rely on cross-references between items in the search space to determine which items are the most likely to be important.
There are no cross-references between emails.
(well, besides In-Reply-To, which is not too tough -- finding the first email in a thread is not particularly hard).
I usually search the _web_ for something I don't know a lot about in order to find out more about it. But when I search my email, it is because I am trying to remember a specific detail of a certain conversation. I have to know a word or two in the email in both cases in order to find it anyway.
Slashdot Mirror
Bad, and for several reasons:
- It doesn't resolve the issue raised by your parent. If you execute your distribution's 'upgrade all new packages' function, after it has updated its repositories, you will get the new package. The problem is that the distributions don't update their repositories in a useful or regular way, and it's often difficult to execute this function.
- What if the new code has serious flaws that make it worse to use than the old? You would prefer to regress. Especially if the security flaw is something minor like "local user is allowed to use the cd-burner even though he's not supposed to" -- if the new version comes out with all sorts of other features that break it, you would much rather use the old one that didn't have a flaw that you cared about, than many that you do.
- What authority do you have to say 'nobody should ever install an insecure program again'? I'll admin my own system, and install what I want, thanks.
- Infeasible to implement on such a scale as you suggest.
- It's against some of the principles of Open Source software development, where you can always look at the past versions of software.
Argh, mod you down, please. That makes no sense, I'm sorry. Are you being serious?
An Internet License would hurt much of what makes the Internet the Internet (anonymity, free speech, etc.) And how would you enforce it? Would you have somebody watching over your Internet usage, and, if it seems erratic, "pull you over" and ask for your Internet License and Registration? I'm sure everyone here will love that idea.
Sorry, that's not going to fly. It is written as what it is, a set of PRINCIPLES -- not laws. Principles belong nowhere in the law -- they're extremely broad declarations of what is Good and Bad but not what is legal and illegal. It would be so broad as to be useless against large but subtle infringers (the ones you want to hurt the most) and it would probably affect normal users in negative ways.
It is useful to note that the Constitution does specify some broad principles. However, they are stated in ways that declare what the GOVERNMENT can and cannot do, not what individual people or software can or cannot do.
I just got to college a couple weeks ago.
The school hands out external IP's to everyone! It's ridiculous. All these folks who drag their Windows laptops from home where they had a wireless router/NAT are now exposed on the open Internet.
The school tells them to patch, but it's too late -- the half-life of an unpatched Windows box on the open 'net is about six minutes.
Now, I brought two computers, Linux and Mac OS X, and I _STILL_ NAT them for security! (There are enough ports in my dorm room so that I wouldn't need to, but I do.)
I'm pretty much the only one who wants or needs an external IP. I serve web, ssh, and files. So I'm really happy. But all the Windows boxes on the network are crying.
Well, of course, if you read the parent's Wikipedia link you notice that FireWire 800 exists, which is 786.432 mbps.
Yay.
It is intended to be a balance between thin and fat clients. So you have applications stored on the server, but copied and executed locally.
Seems like a good idea to me.
Generally, limited distribution of copyrighted material to your friends is considered fair use. See the Fair Use Checklist -- favoring fair use, it lists "restricted access", "one or few copies made", "no significant effect on the market."
Make it wireless, 40GB, the size of an ipod, with a good battery. Allow me to plug it into external power too (AC 110/solar panel/turbine/car battery/etc). Always encrypt files when storing and transferring. Also add some facility to signal the device to turn off its wireless signal quickly so that it cannot be found using signal-locating devices.
The last element of security is a thermite detonator with a separate trigger circuit and antenna frequency. Ship the product with a 'kill button' that transmits the detonator signal when you activate it.
When you build it, I will come! I plan to bury one in my backyard and make the most secure file server evar. The USA PATRIOTS will never read my data!
Well, I recommend signing up for the mailing list (I've been on it since it was slashdotted a while back), but they really do not welcome much actual help yet. They are doing some stuff that can only be done by a few developers at once -- refactoring a lot of the underlying code. So a lot of people with good ideas have been pretty much blown off. I am sure they will solicit more help when the time is right.
I think documentation in general is hugely important. Not just for people who are not programmers but who are sysadmins, like the author, but for any programmers who want to contribute to the code.
I actually haven't run across major usage documentation problems like the author of the article did -- I have been able to install and run many of the programs I want to, without significant trouble. The problems I run into are when I actually want to dig into the code to change something. I am usually bewildered by the size of the project and I don't know where to start.
Documentation is good. I like writing documentation for my code (and I feel like I'm somewhat rare). But it's something that I naturally do at this point. I don't consider it a 'chore' or anything like that -- in fact, I enjoy writing docs for my code that I understand, in order to communicate this understanding to others.
I think that code documentation, not just usage docs, is a core part of the open source development model. If you are the only one who can understand your code, then chances are that your project will die if you stop maintaining it. The mental model is very important in programming, and others' capability to replicate your model in their minds will help them write integrated, less buggy code for your project.
Your 'keyword' system falls to the same problem that people above you have articulated -- not only does it need to be anonymous, you actually need to PREVENT people from being able to access their own voting record. Otherwise you can get people saying 'prove you voted for X and I won't give you this punishment/will give you this reward.' That hurts the voting system immensely, so it should be impossible to walk out and prove that you voted for X.
The best you can do is allow them to inspect their own vote as it goes into a counting box, but then have them lose accountability for it beyond that point.
(As for your 'keyword' system, you don't need to have people pick unique keywords if you use a 'salt' or initialization vector in the encryption.)
Doesn't this increase the danger?
Well, possibly, but if someone is trying to communicate with you, it may be the best way anyway. Think about it. Would you rather they flash the lights, honk the horn or wave? You will spend more brain cycles trying to parse these messages. Generally, an interface that uses ingrained brain 'hardware' to communicate is usually better than teaching everyone that signal X means Y.
You may remember that we had that article on Facetop last week, where you can use your existing hand-eye coordination 'hardware' to drive the pointer. That sounds like really stellar UI. This is similar in that it would use humanlike social cues to communicate. (Then again... social cues? I must be new here.)
The only problem I'm seeing is that the facial expressions that a car can make are probably nothing like actual social cues, and that they would not be similar enough to trigger expression recognition code in your brain. Who knows.
Yes. It is starting to really bug me. They could save a lot of bandwidth and make their page far more viewable with stylesheets if they moved the code into proper CSS and XHTML.
Grr.
Yah, it's a dialog with a bunch of updates listed with checkboxes, plus a "get them all" button. (I'm not sure exactly, I've only seen it once when I first got this machine, but it does that).
Apples have mutated their protein structure recently (they're now based on Unix) -- are you sure you're still allergic?
I don't believe you. Where does the energy go? Does it generate voltage _AND_ cool its surroundings? Sign me up for that!
There are solid state devices that move heat, though -- a Peltier cooler is one. People have been using these for overclocking their computers and they seem quite useful. I've never used one, though.
Wait...
you're telling me you searched Google for the name of the executable trojan that comes with their own product? And you think they would reveal this information why?
One of Maxwell's Laws says that current is proportional to the rate of change of magnetic flux through a loop. If the earth's magnetic field is always changing, can we generate electricity from this effect by putting a loop of wire around the Equator? I realize that it changes rather slowly, but it is still quite a sizeable field...
I like the jumping from cell to cell -- but I would be worried that any open connections I had would be broken every time the train switched cells.
I don't know too much about network design, but would it be possible to design the system so that you wouldn't lose AIM connections if the thing switched cells? If you put all the cells along a given line behind one NAT gateway and hand out 10.x.x.x/8 addresses, that should be easily enough for everyone who rides the train to get a unique IP for the duration of the trip. So at least you're not changing IPs, either externally or internally. But you still have routing -- and here's where my knowledge breaks down. Would it be possible/easy to route packets to the right place so I could keep a persistent connection the whole trip (or at least while you're not going through a tunnel)?
I am looking at the map and it is hard to read the cost of Internet off of it -- I mean, the numbers are right there, but they're just numbers, not graphical in any way. It sort of defeats the purpose. I have to go searching for the highest and lowest numbers.
More specifically, I was interested to see which countries had the most affordable Internet in comparison to their costs of living. But there's no way to pick the highest and lowest numbers out, and it is especially hard to observe the particular piece of data I was interested in (although, to be fair, a scatter plot would be more useful for that). Still, I feel like the most important data is not plotted in a graphical way, and it's lacking.
Well, people have always been using tricks to get you to go to pages like "http://www.paypal-secure-transfer.com" and type in your password by making the page look just like PayPal's. The whole point of SSL is that the pubkey you're encrypting with is supposed to be signed by a trusted CA so that you know there ISN'T a man-in-the-middle attack.
There's no difference between the scenario the parent describes, and somebody simply mirroring PayPal's front-end while stealing your info on the backend. If the URL doesn't say https://www.paypal.com and you don't have SSL encryption (usually with the little lock icon in the corner) then you have no business entering any info.
To me this is nothing at all.
Damn preview. The quote I meant was:
"Hi, I'm a Telus technician calling from [insert any number here]. Can you please place a test call to [wherever]?"
(see, cuz I used angle brackets instead of square, and didn't escape them...)
Heh, Telus. Indeed. If I remember correctly, at h2k2 in new york two years ago, the speaker at the Caller ID Spoofing panel called a Telus operator. He was like "Hi, I'm a Telus technician calling from . Can you please place a test call to ?" and the operator would be like "Sure"
I don't *think* you're a troll. Well, I'll bite.
XML in text is ridiculously bloated, yes, but as soon as you gzip it (or use pretty much any compression scheme), it barely has any overhead above the data, and retains its extensibility. That is, I am assuming that data overhead IS what you were referring to by "bloat." And the eXtensible part of XML makes it great whenever you might have to change something in the future, which is "always." And since XML is so easy for anyone, programmer or no, to write in plain text and then gzip, I think it's really great as a tool.
Transparency. We can do it today with various 2d windowing environments. But I was trying to figure out today what it allows you to do. I have no idea.
:-)
:-) I get the feeling that the threedee interface is a marketing tool rather than a tool to improve productivity. But maybe I just haven't thought of it yet -- what's the killer app for an interface like this?
I agree that transparent windows look cool -- but how does this translate into usability? It doesn't seem to; at least, not that I can think of.
When I have a transparent window, it enables me to place it over another window and see both at once. Except that, from experience, you can't really see both at once -- if there's information on both of the windows, they are confused together, and you can't really read either one. The only way you get transparency to be useful is if one of the windows has a significant amount of open space in a section of it so that the other window can be read with a bland background. But if this is true then the application has been designed incorrectly -- it wastes a lot of space. Any situation I can think of where transparent windows would be useful, I realize that one application or another had a misdesigned UI instead. I challenge a counterexample.
Okay, what else do you get from a 3D desktop? Fast and precise scaling of individual windows and other widgets. Well, Mac OS X does this already, and it looks really great, in 2d with hardware. This isn't really a 3d thing, but it is incredibly useful, and a convenient side benefit.
Window flipping, rotating, etc.: It depends on how many things you can do with this. I doubt that most people will actually want/need to rotate their windows under normal circumstances. Rotating something to minimize it by its title is pretty much exactly the same as simply minimizing it to a taskbar or shading it, in whatever WM you are using. I don't know about taking notes on the back of a window, considering that you just hid the information you wanted to take notes about! But putting a "sticky" on a window, writing on it, and having it actually MOVE with the window would be a great feature -- if you shrink the window, the sticky shrinks with it, and if you rotate it, you can see that it has a note hanging off it - in 3D, so you can more easily identify windows when their sides are facing you. Also, the thickness of the windows in the screenshots bugs me -- I always visualized windows as paper-thin.
Perspective -- if the user is simply a camera in a world, should there be "sticky" icons that rotate and move with you? What about window maximization? I think Tog and the Mac people have made it sufficiently clear that the edges and corners of a screen are extremely easy to acquire for mouse users. Simply taking the "camera in a world" perspective is probably wrong, then. IMO, it is very important to have some sort of sticky widgets around the edges. Where do you draw the line? Do you have maximization? What happens when you try to pan while a window is maximized? Does a user have to learn about the fact that the environment is 3D to be able to use it? (can you still be a 2d environment). Is it possible to get "lost" in a 3d world?
I think people often have trouble visualizing a 3d interface. Can you interact with something which is "behind" the frontmost window? Is it a regular mouse cursor or some other "manipulator"? If you can move the cursor in threespace, how do you do that (maybe a different hardware sensor on the mouse)? How do you indicate to the user what "layer" his cursor is at?
I have more concerns right now but I should get back to work.
Bring it on,
Lincoln
Now, I haven't used Gmail, but what makes searching your email through Gmail any better than a grep? (or any old indexed search if you prefer). The POINT of the Google search algorithm is to rely on cross-references between items in the search space to determine which items are the most likely to be important.
There are no cross-references between emails.
(well, besides In-Reply-To, which is not too tough -- finding the first email in a thread is not particularly hard).
I usually search the _web_ for something I don't know a lot about in order to find out more about it. But when I search my email, it is because I am trying to remember a specific detail of a certain conversation. I have to know a word or two in the email in both cases in order to find it anyway.