Slashdot Mirror


User: SanityInAnarchy

SanityInAnarchy's activity in the archive.

Stories
0
Comments
12,413
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 12,413

  1. Re:ok, sure .. .this is somehow news because on How Microsoft Fights Off 100,000 Attacks A Month · · Score: 1

    Do the security keys interoperate, or do you have to now have four seperate tokens?

    Ideally, I now have one token: A private key. Each institution now has my public key and my social security number. If I ever have to generate a new public key, I can use the social security number and whatever other means they now use if I walk into the bank. Short of that, they trust anyone who has a matching private key.

    Your spouse wishes to log in as well, can (s)he use the same tokens, or does (s)he have to have their own?

    Presumably, everyone has their own key. However, nothing is stopping the bank from allowing multiple keys, each with their own level of access. Bonus is if one key is compromised, we can use the other key to revoke access from the first, without actually having to walk into the bank.

    Spend a lot of time on the road? Want to check your account(s) from your hotel room? Take all your tokens.

    Roger, I take my one token. Probably some sort of USB device I can plug into my laptop. Boo hoo, I lost some pocket space.

    You know what? I think I'll stop locking my car. I'll leave the key in the ignition to save pocket space.

    Which, BTW, means that the spouse cannot check while you are away unless each account issues one token per spouse or other authorized account user

    Ok, but remember, it's not the bank that issues tokens in this case. It's the bank that accepts tokens.

    (which, BTW, adds cost for the institution).

    In what way?

    Set some sane limit, like five tokens per account. Allow fully trusted users to admin the tokens. Assume ridiculously secure tokens by today's standards -- let's say 4096-bit RSA keys. Hmm, 5 * 4096 = 20480 bits, or 2560 bytes -- 2.56 kilobytes.

    Now, most free email services, even five years ago, gave us several megabytes of storage, and this is less than ten kilobytes of storage. And really, who am I going to trust with my account other than my spouse? Allow a megabyte and I can allow hundreds of people access...

    Remember, I can do this all myself -- all the institution has to do is install some software and accept my single public key the first time, when I set up the account.

    You have an emergency of some sort and must have access to your account, but forgot/lost your token, the battery died, whatever. Is there a secondary mechanism that will allow you to access your account which does not rely on the use of the security token? If so, you've just doubled the institution's cost of doing business with no net benefit to the institution.

    Oh! Is that so?

    Sorry, Paypal, the party's over, your business isn't profitable. You can go home now.

    Really -- suppose you forget/lose your token. There are mechanisms in place for this all the fuck over. If you forget your bank account number, they can look it up, given your name and social security number. Lose your social security card, you can get a new one, given a sufficient number of alternate methods of authentication.

    Shit, if it costs so much, have them charge the users some small fee for the arduous labor of resetting someone's key when they ask for it.

    It doesn't have to be instantaneously automagic. In fact, it isn't with my bank -- I forget my password, I have to call the bank and ask them (politely) to reset it, or walk in, and I have to provide my account number, my name, my birthday... But it works, and it eliminates the problem of remembering stuff.

    Essentially, we're already here, although it's really one-factor authentication. But two-factor authentication really isn't any harder -- the only difference is that "something you have" is really "something your mysterious USB device knows", rather than "something you know". And personally, I'd be willing to pay for the hardware to make it work.

  2. What he got wrong. on Servers, Hackers, and Code In the Movies · · Score: 2, Interesting

    I'm hearing a lot of people pointing out where they've seen this list in action, where they (surprisingly) haven't, and what TFA missed -- but I don't see anyone disagreeing. I do.


    6. Code cannot be cracked by an 8 year old kid in a matter of seconds

    Depends what it is. If said 8 year old is looking at binary, hex, or moving random text, then no. But if said 8 year old is looking at a Windows 98 login screen, he might try the unthinkable and hit "cancel". Or even the esc key. I did this, and I was maybe 12 or 14 or something.


    9. People who write code use mice

    While it's true that our environments could be a little more realistic -- maybe a web browser with some documentation -- I actually don't use the mouse much while coding.


    I mean, I'm on a Mac at work, and it is kind of unusual to see a real OS in a movie, but I mostly am ssh'd in to a Linux box writing the actual code, and the Mac has a wonderful keyboard shortcut of command+left/right to switch between open terminal windows. It's not the same thing as tabs -- I can fit four 80x24 terminals (all green text on translucent black background, because I like it that way) on my screen at once. On my Linux, I have to twitch my mouse, which is annoying, even with sloppy focus.


    But yeah, as I learn more about vim, I'm learning that the keyboard is pretty much all I use when editing and testing most of my code. And it actually does look kind of like the movies -- between my vim setup, and my typing commands in, and my seeming to type insanely fast (due to tab completion), and my kernel compiles and whatever scrolling past (which I do understand some of, enough to ctrl+z it sometimes if I'm curious)...


    Which brings us to:


    1. Code does not move

    Yes and no. Code does not move, but output does. I watch logfiles with tail -f, I watch compiles (kernel and otherwise) and actually get an idea of the gist of what they're doing, I watch IRC discussions, and I watch the debugging output of my programs to get an idea of their progress.


    It's not the same as Hollywood, where code is 3D and flying all over the screen, and I'm using VR gloves to put stuff together. Snow crash had the right idea -- even when the primary computer interface is 3D, we still go to Flatland for some things, including source code.


    But, many of his points are weak, and most we've seen before. The #1 mistake I see is them dumbing down the computer stuff -- can you name a single hack that's actually been explained to you that made any real sense, without you inventing huge amounts of crap to fill the gaps?


    I mean, even classic stuff, like that grabbing-the-fractions-of-a-penny stuff? Come on, what's stopping you from just doing a debit from one account and a credit to another -- shit, what's stopping you from simply making up a bunch of deposits from cash, and claim you got it from an unnamed Swiss bank account? Or how about the "Send Spike" of Goldeneye: "It jams their modem so they can't hang up" -- well gee, if it can do that, you've already 0wned them, why not just have their box traceroute one or two hops and give you that IP, then let them hang up and trace some random server that no one cares about?

  3. Matrix still annoys me... on Servers, Hackers, and Code In the Movies · · Score: 1

    ...because they get so close, and then they just have stupid things. Things like ignoring conservation of energy (human batteries with the sun gone). Things like the Matrix being run on dialup (they talk about a "Carrier signal"), networked between DOS clones (Enter the Matrix had a "hacking" mode with a DOS prompt, only worse -- no USB keyboard support on the Playstation 2, you HAD to use the soft keyboard with a joystick. Ugh.).... Things like being unable to unplug people, or to figure out how Neo did what he did -- not to mention that it is, once again, hacking through "focus your chi" or some shit rather than "Oh, he found an exploit -- wasn't hard, since the Matrix runs on Windows 95."

    Anyway, sorry for the rant, it's nice that they got that piece right, but seriously, the idea of such an advanced videogame in which someone obviously made some stupid ass mistake -- I mean, Neo can fly. That shouldn't happen unless sv_cheats = 1...

  4. Thanks for this. on How Microsoft Fights Off 100,000 Attacks A Month · · Score: 1

    This is actually some details and things I'd like to know, and wouldn't have thought of.

    TFA fails the non-obvious test. Great: They VPN in to a sandbox, which is something I thought about a long time ago, only for another reason than remote attestation. It's also nice that they've figured out how to use SSL instead of a VPN 100% of the time, and to let people set up LANs. Two-factor authentication -- wow, revolutionary. NOT.

    But it's nice to hear about things like you actually eating your own dogfood -- something that I'm guessing is recent, considering what I remember of Windows 98 and 2k, as well as early XP.

    I would be happy to argue with you all day about whether Microsoft should be using Linux, but of course they're not. I imagine any departments doing so would have to fear The Chair and his "Linux infringes on our IP" claims.

  5. Re:Episodes is fine if they are often enough on Future of Ritual, Sin Episodes In Question · · Score: 1
    What we really need is something that can randomly generate new levels and story elements, with the developers tossing in new content elements from time to time in updates. Infinately playablity.

    So you're still playing Diablo, right?

    What we need is not random content. What we need is better ways of generating non-random content. That's procedural generation, that's better dev tools, tighter dev practices, and better software overall. Then we get the same kind of thing -- developers toss in new content from time to time -- and whole generated worlds in insane levels of detail, with developer attention to detail all over the place -- but it's not random.

    Doesn't even have to be infinite, just easier to manage. That's why we have things like forest generators right now -- it has an idea how to make a tree, and how to place them, so you hilight an area and it grows a forest. What we need is more tools like that that suck less -- it doesn't have to generate the whole world, but it would be nice to have it generate stuff that doesn't matter, like, say, every building in the Matrix that doesn't have that cool lobby in it.

  6. Re:6,000 pages (in what format?) on Microsoft Wins Industry Standard Status for Office · · Score: 2, Informative
    Seems like both must be quite verbose, but I'd opt for mastering 700 pages.

    So would I, but I don't even have to go that far.

    Fact is: Ever crack open a WordML document? I thought it'd be easy for a work project to do some specialized convert-Word-to-XML -- just a quick XSLT, or maybe I'd actually have to write a quick Perl script...

    Took one look at it and gave the fuck up. Ok, I Googled it, found nothing, took another long, long look, still couldn't even figure out where to start.

    Remember: Saying you use an XML file format is like me saying I use an ASCII-based programming language. Now, I still hate Java, but I'd rather program in Java than Brainfuck -- and you'll notice, both are "ASCII-based" and "open standards".

    So, end of my story, I not only found OpenDocument easy to read, I found a Ruby OpenDocument-to-XHTML conversion tool already written and LGPL'd, and I've been able to adapt it to our needs fairly easily. It's not a one-liner or even one page, but everything in there makes perfect sense, and where it doesn't, the OpenDocument XML does. It was worth the extra processing time to simply run the original .doc through AbiWord to generate ODT, then through a Ruby script (slowest language I know) to generate the HTML, and finally run it through a quick Perl script to upload it -- and all of that took less time than it would take me to figure out whatever the fuck Word was doing.

    OfficeXML is NOT an open format. It is essentially an XML serialization of Office data structures. It makes it only slightly easier to decypher than it would be to decypher the .doc format -- and if they were really opening up, why not give us the actual .doc as well? We need that just as badly -- right now, the theoretical "best" way to switch to another format is to buy the latest version of Office, use it to convert all your files to Microsoft's XML, then use OpenOffice (or whatever) to convert MS's XML to OpenDocument. Since MS obviously isn't going to hand out upgrades for free, we need specs so OpenOffice can do what we already pretty much do -- read Word files directly and save them as ODT.

  7. Re:Reality bites. on The True Cost of One Laptop Per Child · · Score: 2, Insightful

    While the laptop may cost just $100 to make they are of now use to anyone if the intended users don't know what to do with them. That will take time and training

    These are kids who can barely afford food. Cover the cost of the laptop, and they'll put in the hours.

    And if you really think it takes training, sit any 6-year-old down at a computer. They may not know what they're doing, but they'll do something. Take an older kid, teach them about pagedown, put some docs in front of them, and you're good.

    I know it is passe to ridicule and even scorn the words of businessmen on slashdot.

    Except this isn't a business. What you're doing is kind of like telling me that Linux is costing me more than Windows because of all the time I put into it. Actually, I like my kernel hacks, I like my bash scripts, and I do it for fun -- as far as I'm concerned, it's a benefit, not a liability. As far as I'm concerned, if Linux cost twice as much as Windows, it'd still be a steal because of all I can do with it, and trying to count "training" time for me is like factoring in "time to eat" into the cost of an ice cream bar.

    In short: Businessmen have their place. I respect that. Really, I do -- without businessmen, I don't get paid. But this is not your place.

    What the real issue is, is this the best investment of the money that will be required? Are the associated costs going to be so great that the money would not be better spent elsewhere? Say for instance, regular education, health, and sanitation needs.

    You're the businessman, you tell us.

    But let me remind you of a few this. First, the laptop costs $100. Maybe $200 if you figure it'll have to be replaced, but remember: Some kid will figure out how to do the maintenance, will figure out how to use it. And you can count Internet all you want, it's not $700 worth of Internet if the mesh wireless works the way it's supposed to -- hell, they might do alright without Internet for awhile, just having wireless from village to village.

    Second, this contributes to education -- even without a dime spent on a teacher. Like I said: Spend ten minutes showing them how to figure stuff out, and the rest is on the machine. Hell, beam an audio tutorial around the village if you want. It can be done.

    Third, health and sanitation have to be considered, but consider also that I have pretty damned good health and sanitation, primarily because I grew up with a computer and had a decent education. In fact, with what the kids could learn from these laptops, they would be better equiped to build their own infrastructure to cover the necessities.

    We will need people to train, to show uses which apply to the users in question, and we need people who can fix or replace the systems when they fail.

    Remember, the primary use of these things is for kids to explore them on their own. The "users" are like your six year old who grabs your mouse and learns to play Solitaire, only they'll be starting with Linux.

    We can't ignore fixing or replacing them, but we also can't ignore the ability of the kids to keep them working, and to fix or replace them by themselves. It'd be an experiment, sure, but the biggest concern would probably be theft, and if it really is one laptop per child, what's the point of theft? Why would you steal your friend's laptop when you've got one of your own? It's not like there's anyone around you can sell it to; they all have their own laptops. So theft is only an issue before we actually uncrate them and hand them out.

    the training cannot be underestimated. We have to prove, and yes prove is the word, to the users why spending time with these machines will better their lives. Why it would be better to spend an hour on this machine, even across a whole week, than to toil in a shop, field, or factory. The results of their manual labor are immediately understood to them.

  8. Wow, this could be good... on Vista's 'Next Gen' TCP/IP Stack · · Score: 1

    Not for Vista, but for net neutrality.

    Think about it: You no longer need special software, you no longer need to mess with your router, you just get a "Vista-ready" router, or an ISP that cooperates, and you have the QoS built in to the OS, probably in an easy enough way that there's no longer a question of your ISP having to enforce some draconian policy over your own Internet usage.

  9. Horrible title. on Vista's 'Next Gen' TCP/IP Stack · · Score: 1

    I think the main reason for the negative reaction is the title:

    Vista's 'Next Gen' TCP/IP Stack

    If MS really was claiming it was 'Next Gen', we'd have a problem. Of course, they haven't, because everyone else has been supporting this for ages. So, as usual, MS is the last to implement it, while somehow pretending they invented it.

    Only this time, it wasn't MS pretending that, it was whatever moron thought up the Slashdot title.

  10. Re:Win Win scenario on Sony Adds PS3 Support to Linux Kernel · · Score: 1

    Damn, there I go again. Damn "HTML formatted" button. Reposting:

    Let me add some more checkboxes:

    [_] Fix the partitioning scheme (let me partition it however I want, not just 50/10 or 10/50)
    [_] Blu-ray support

    Problem is, Blu-ray support won't be where I want it, which is, of course, the ability to write completely open source software that can play Blu-ray media. People mention the PS3 as a MythTV box. What they're missing is that Sony will never let us just rip a Blu-ray disc into MythTV -- and that's ignoring the challenge of getting it to record from a high-def source.

    In fact, if I may:

    [_] Remove this "hypervisor" bullshit.

    If anything, they should be implementing a hypervisor underneath a solid open source OS like Linux. Obviously the rationale for doing it this way is that they can deny Linux direct access to things like video and the optical drive, because if it had unlimited access to those, Linux could be used to rip Blu-ray discs (meaning the PS3 could be the first device blacklisted from Blu-ray), and Linux games could compete directly with PS3 games, meaning people wouldn't have to pay for a Sony license to sell a PS3 game -- they'd just sell a PS3/Linux game.

    Which, ultimately, would be better for the end-user. With only a single box to target, software suspend would be easy, and you could probably get a PS3 Linux to boot in 5-10 seconds -- so just use that time to display the Sony/PS3 logos. Use swap space properly, and people could "boot" a PS3/Linux game, which would probably make the game easier to develop, and would also make it possible to flip between that game and other programs (like Gaim or Firefox) the way you do on Windows -- only if they ran the game on one virtual desktop, it would be much faster than alt+tab on Windows.

    Could cause problems for game performance, but worst case, you let the user logout of the majority of their X session, kill off anything by that user (and let the game run as a separate user), and watch as 99% of Linux swaps out -- and chances are, you wouldn't have to do that most of the time.

    You could deny them root (do everything through sudo), and give them a notice that if they become root (except through some dedicated tools, like an update manager), they void their warranty. Then give them a simple way to blow away their current user and create a new one, saving specific things (like gaim passwords and such) and anything else the user requests -- this makes it possible to "reset" the system in case they find they're having to log off too much.

    With features like that, you'd have the best of both worlds -- arguably better than a Windows machine. Impossible to infect with spyware, because you can always push the magical "reset" button -- could even be a hardware one somewhere. Open the source code to all of it, and you even solve the Slashdot anti-Sony drones (like me).

    Not going to happen, though. This is Sony we're talking about, but it's not like I know any other corporations that would give up that much control.

    Oh well, at least I can dream.

  11. Re:Win Win scenario on Sony Adds PS3 Support to Linux Kernel · · Score: 1

    Let me add some more checkboxes: [_] Fix the partitioning scheme (let me partition it however I want, not just 50/10 or 10/50) [_] Blu-ray support Problem is, Blu-ray support won't be where I want it, which is, of course, the ability to write completely open source software that can play Blu-ray media. People mention the PS3 as a MythTV box. What they're missing is that Sony will never let us just rip a Blu-ray disc into MythTV -- and that's ignoring the challenge of getting it to record from a high-def source. In fact, if I may: [_] Remove this "hypervisor" bullshit. If anything, they should be implementing a hypervisor underneath a solid open source OS like Linux. Obviously the rationale for doing it this way is that they can deny Linux direct access to things like video and the optical drive, because if it had unlimited access to those, Linux could be used to rip Blu-ray discs (meaning the PS3 could be the first device blacklisted from Blu-ray), and Linux games could compete directly with PS3 games, meaning people wouldn't have to pay for a Sony license to sell a PS3 game -- they'd just sell a PS3/Linux game. Which, ultimately, would be better for the end-user. With only a single box to target, software suspend would be easy, and you could probably get a PS3 Linux to boot in 5-10 seconds -- so just use that time to display the Sony/PS3 logos. Use swap space properly, and people could "boot" a PS3/Linux game, which would probably make the game easier to develop, and would also make it possible to flip between that game and other programs (like Gaim or Firefox) the way you do on Windows -- only if they ran the game on one virtual desktop, it would be much faster than alt+tab on Windows. Could cause problems for game performance, but worst case, you let the user logout of the majority of their X session, kill off anything by that user (and let the game run as a separate user), and watch as 99% of Linux swaps out -- and chances are, you wouldn't have to do that most of the time. You could deny them root (do everything through sudo), and give them a notice that if they become root (except through some dedicated tools, like an update manager), they void their warranty. Then give them a simple way to blow away their current user and create a new one, saving specific things (like gaim passwords and such) and anything else the user requests -- this makes it possible to "reset" the system in case they find they're having to log off too much. With features like that, you'd have the best of both worlds -- arguably better than a Windows machine. Impossible to infect with spyware, because you can always push the magical "reset" button -- could even be a hardware one somewhere. Open the source code to all of it, and you even solve the Slashdot anti-Sony drones (like me). Not going to happen, though. This is Sony we're talking about, but it's not like I know any other corporations that would give up that much control. Oh well, at least I can dream.

  12. Re:Lost e-mail? WHAT THE HECK? on EarthLink Is Losing a Lot of Email · · Score: 3, Interesting
    However, anti-spam and anti-virus checks happen after the message is accepted. If the result of the check is X, and policy rules say drop mail on the floor when X, then

    Then it's a horrible policy.

    Every single email service I've signed up for that does spam filtering has a "spam" or "bulk mail" or "junk mail" folder. I implemented my own when I deployed my own personal server.

    And virus scans should be able to remove the virus and tag the message as "WHOOPS THIS HAS A VIRUS", but shouuld not drop them on the floor.

    If this is causing undue stress, you could implement policies in the handshake. "Oh, I've gotten 100 emails from you in the past hour, and 90 of them were spam/viruses. REJECT." Or put it in some sort of tarpit.

    An email service losing email is somewhat like anyone losing data these days. There is absolutely no situation where email should completely disappear into an email server and never come out.

  13. Re:deservedly on Microsoft Research Fights Critics · · Score: 1
    That does not preclude, however, the reality that MS research does actually turn out good and interesting work - which they do.

    I'm just pointing out that this isn't special. I imagine Microsoft and Google both have brilliant, insightful people working for them, but Microsoft's brilliant people are worth less than nothing to me because as a consumer, I get only their most twisted and evil designs, whereas Google actually gives me useful products -- mostly as free services.

    Microsoft could easily lose their critics and become a legal monopoly and the best thing that ever happened to the software world -- it would just take massive restructuring, including instantaneous firing (without pension) of Steve "The Chair" Ballmer.

  14. Re:deservedly on Microsoft Research Fights Critics · · Score: 1
    it should be noted that [insert feature here] has never appeared in mainstream programming

    Pretty much the story of Microsoft's business model. Find something really cool that's also basically unknown, buy it or steal it, and sell it back to us as "mainstream".

    And for all your claims that "There's interesting stuff here," yeah, there's bound to be interesting stuff anywhere. The difference is, what happens to Microsoft's interesting stuff is dictated by asshats like Steve Ballmer, and while Microsoft products are occasionally better than the competition (C# seems better than Java, at first glance), they also tend to be decades late and significantly more restricted. The only reason C# is even an issue is it's coming from Microsoft and the programs end in .exe -- otherwise, why not use Java?

  15. Re:I've always liked the IDEA of OpenID on The Case for OpenID · · Score: 1

    Download link?

    I want to set up my own server, not sign up for someone else's...

  16. Re:No way! on The Case for OpenID · · Score: 1
    Do you really want your registration for eBay, Amazon, the communist party website, your Christian youth club forum and this bondage fetish site that you frequent to be tied together?

    Well, if I was that hypocritical (Christian youth club and bondage fetish?), I'd still want them tied together -- on my server.

    True, if they got together, they could figure out that I was the same person coming from this server -- but then, I could easily randomly generate passwords.

    What's more, and I'm not sure everyone gets this: With OpenID, I never send a single password over the network, except to my own server -- that's assuming I even use passwords. It's like logging in with ssh -- just distribute a public key to all the servers you have to login to. If one of them is 0wned, no matter what kind of keyloggers they use, they'll never be able to get any kind of access to the other servers you're connecting to, because they only have a public key.

    So, OpenID is actually more secure that way, and as people have been saying, there's nothing stopping you from using a public OpenID server -- or several public OpenID servers -- to compartmentalize your life. And I would much rather have ebay, Amazon, and the Christian youth club in one area -- that still cuts down on the number of passwords I need.

  17. Re:No way! on The Case for OpenID · · Score: 1
    Get a decent browser that remembers passwords, was that sooooo tricky?

    In short, yes.

    Because half the sites don't even use SSL, and a tenth of them are things I need to be ridiculously secure. That means the best way would be to randomly generate them all, which means if my Firefox profile dies (has happened before) I'll have to re-register them all.

  18. It's not the children. on Warner CEO Admits His Kids Stole Music · · Score: 1

    Point is that he admits they are guilty, but he gave them a stern talking-to, instead of suing their little asses off.

    Hypocritical fuck deserves a few years in a federal pound-me-in-the-ass prison. I honestly don't know what else would solve this problem, other than perhaps a tactical nuke.

  19. Re:Fair enough on Yahoo Pushing IE7 On Firefox Users · · Score: 1
    It should NOT be the browser's responsibility to debug our sites. Browsers are END USER tools

    Which means lazy developers and PHBs will only require the site to work in one browser. You want the browser to fail intentionally, or at least display a gigantic fucking warning, otherwise developers will continue to say "Who cares that it breaks the standards in 15 different ways and will set back web standards for years to come? It works in IE!"

    The development tools are where we should focus our anger about allowing crap they shouldn't or at least warning developers about crap tags.

    Do you have any specific tools in mind?

    If the users of a website aren't complaining, the site won't change. If the developers of a site don't care that their software is putting out crap, the software won't change. Or do you really expect Adobe to change GoLive because two guys on Slashdot say so? And even if they do, do you expect everyone to pay money to upgrade just because two guys on Slashdot say so?

    However, if a thousand users of a website complain to the webmaster, the webmaster might just listen. If said webmaster listens, they might complain loudly to whoever writes their software, and those people might actually improve the software.

    We shouldn't be developing major sites in notepad anymore, those days should be as far gone as developing Halo3 in notepad and compiling from the command prompt.

    So how would you develop Halo3? I'd do it in vim and compile it from the command prompt. Maybe I just haven't found a decent, non-bloated IDE yet...

    I wouldn't mind some GUI tools to help me, but I'd still rather actually type raw code. The reason I mention vim is it does syntax hilighting and a few other nice things, but you really don't want to get too far removed from the code, especially for a website, where you'll often find doing it yourself will save half your bandwidth because of all the crap the automated tools can't help but include.

  20. Re:Not "pushing" until they block your user agent. on Yahoo Pushing IE7 On Firefox Users · · Score: 1

    So you're telling me they're so lazy that they'd actively work to block browsers other than IE, rather than just stick a "Works best with IE" notice at the bottom of the page?

  21. Re:Fair enough on Yahoo Pushing IE7 On Firefox Users · · Score: 2, Insightful
    However if you are web developer, just design the page with proper standards, watch for IE7 and not assume it renders like IE6 which sucked on several CSS abilities. Then just go for standards.

    This actually brings up a point against your whole argument.

    I mostly develop under Firefox, and I develop with XHTML. This is because if I forget a closing tag, Firefox will tell me about it. It won't just make the page look uglier, it'll tell me I have a problem. I also use the Web Development Toolbar, which tells me when I've enabled "quirks mode" -- if I haven't, then I know I'm not relying on any Firefox-specific intelligence.

    This means that by the time I'm done with a page, I'm pretty well guaranteed to have it work on any browser that supports the standards.

    Your suggestion about "smartness" is one of the most frustrating things for the web community. IE is "smart" in certain ways that other browsers aren't "smart" in, and in fact, ways that kind of break the standards. However, even if IE was fully standards-compliant, any additional "smartness" is harmful, because it means that lazy web developers will develop under IE, see it render fine, slap a "Best viewed in IE" notice, and call it a day -- leaving tons of crap in there that relies on a particular kind of "smartness" that may not be supported everywhere.

    I think having Safari (and others) actually fail on such asinine pages is a well-deserved slap in the face to lazy web developers. As long as developers continue to depend on certain types of "smartness", including the old "hide javascript code from older browsers" trick, we will be stuck with relatively large, bloated browsers. A particular type of "smartness" will become a defacto standard, and any browser that doesn't support that type of "smartness" will be called stupid by developers and users alike, even if it supports the standards to the letter.

    Hello? This is why we have standards. This is why we have w3.org. They are meant to make development and browsing easier, not harder. If your site doesn't validate, the Validator will tell you, and it'll look wrong on one of the major browsers. If most web developers did that, it would mean we could all use browsers like Safari, because so few sites would look wrong, and we'd be able to complain loudly to the few that still did.

    It's a chicken and egg problem, yes, but I work at it from both ends. I pick Firefox for other reasons, but I'd rather have strict web compliance both in my browser and on my websites. I would much rather be part of the solution than part of the old problems, still dragging along things that were considered "smart" back in the days of dialup.

  22. Re:How can Game Currency be taxable? on Taxing Virtual Gaming Assets · · Score: 1

    Correction: World of Warcraft is easy for people to compare to Second Life because it's so huge.

    Man, I really should be using the "preview" button.

  23. Re:How can Game Currency be taxable? on Taxing Virtual Gaming Assets · · Score: 1
    After all, if I have a million Linden dollars in Second Life and the Linden would go out of business (not saying that this is likely, but just as an example), then my million Linden dollars would be a valuable as Enron stock.

    VERY GOOD POINT. And that's just for Second Life.

    Consider: World of Warcraft is easy for people to compare to Second Life because it's so tiny. But then, isn't a Counter-Strike game effectively a "Massively Multiplayer" game? If not, how do you define what's massive and what's just multiplayer?

    Furthermore, I don't think developers should be responsible for their game currency as if it were real currency unless they really want to do that. Linden really wants to do that. I imagine that Blizzard doesn't, even though they can. But what about me and my Counter-Strike server? What about someone's DopeWars game? What about someone's college project that happens to be capable of being massively multiplayer, even though it doesn't scale to more than 100 people?

    Any bank worth it's brick'n'mortar has insane amounts of security and redundancy built-in. Games, on the other hand, can have glitches all the time. A game I play, probably 6 or 7 years ago, had a bug which allowed players to gain infinite amounts of money. Even though the bug was quickly fixed, the economy was so screwed up they had to reset it -- everyone went back to 5000 gold (think maybe 5 gold in WoW) and had their items reset to a date some weeks before the bug.

    Now the real question: Am I entitled to, using the rates found on some questionable websites, sue the developers for in-game money lost? What if it's not even a bug, but an event -- the developers implement a new creature which steals gold?

    There is a reason most game developers actively try to maintain a separation of real-world money and in-game assets.

    Starting to tax that fictional money... Slippery slope doesn't even begin to cover it. More like frictionless wall.

  24. Re:Pile of FUD on Vista Designed to Make Malware Easy · · Score: 1
    So you can customise the install disc yourself and slipstream software into it? Surely that's been possible with every single distro of Linux for the last few years or so now?

    Frankly, that's possible with just about any OS that boots from CD.

    It's not even an issue of whether it's harmful or not. The article blatantly lies in its implication that Microsoft is intentionally making it easy -- it already is pretty damned easy, unless they were to actually actively try to prevent people from slipstreaming. Have a checksum for the whole CD, that kind of thing.

    But, no one does that because, as you said, it's really not likely to happen. About all they could've done more is have a Linux-like boot option to check the md5 of the CD...

    More to the point, unless you download your version of Vista from some obscure warez site, it's very unlikely to have malware slipstreamed into it; UNLESS YOU PUT IT IN YOURSELF.

    Actually not relevant to the point, but it really pisses me off every time I see someone claim something like "unless you did it yourself". Yes, if I download my Vista on my Linux box and burn it, or get it in a nice shrink-wrapped package, I'm pretty much guaranteed that it's not infected. However, I could download it on my brother's XP and have the very distinct possibility that malware on his computer got into the image before I burned it. Again, you need some sort of additional measure intended to counteract this -- like md5 checks.

    At any rate, even if I were to accept TFA as completely factutal, the fact is that claiming Microsoft is intentionally making it easy for spyware is like claiming that a site that doesn't offer SSL for logins is intentionally trying to have someone intercept your password. No they're not -- they just haven't taken the extra steps necessary to get the security you want. Only in this case, Microsoft does seem to have taken those steps (md5s on MSDN sites).

  25. Re:Apple had to know this was coming on Universal Wants a Slice of Apple's iPod Pie · · Score: 1
    As they say, 'you sleep with dogs, you get fleas.'

    Assuming the dogs don't have any sort of venereal diseases.

    If Apple didn't have iTMS, they could more easily tell Universal to suck a fat dick.

    And why can't they currently tell Universal to suck a fat dick?

    Of all the people I know who have iPods, if I were to add up the number of songs they've purchased off iTMS, it would probably add up to less than $10. Some of them pirate, some of the music comes from actual CDs that they own, some of it comes from online sources other than iTMS, and some of it comes from free, yet legitimate, music sources.

    If iTMS were to disappear tomorrow -- or simply to drop the Universal songs -- it would be Universal's loss. Apple wouldn't lose a single iPod sale -- the worst that would happen is iPod customers would be pissed off, but if Apple played it right, those customers would be pissed off at Universal. (Imagine: You click on a song that you want to purchase, and you get an "Error: Universal won't sell you this song because they want us to charge all iPod users for piracy. Click here for Universal's contact information, including email, fax, and telephone numbers of their corporate headquarters.")

    The only reason Apple can't tell Universal to suck a fat dick is it doesn't fit their corporate image. They could, however, tell Universal to suck a small, sleek, shiny plastic vibrator, but not too hard, lest they damage the ergonomic touchscreen.