editorial authority: guise linux its...its just not ready for the desktop. its got graphics driver issues... community: the ones preventing nearly 200 steam games from running on it?
Yes, those. The open source drivers perform badly, and don't have fixes/workarounds for broken games. The proprietary drivers do, but often break against kernel and userland software versions. Neither is particularly pleasant with weird display setups (niche resolutions or refresh rates.)
That's ignoring that driver support often lags, there's tons of hardware out there that's either not supported yet, not supported well, or never will be supported.
editorial authority nonono guys its worse than that see theres audio problems too, the audio has problems community: you mean with the countless instructibles articles on home theater via the pi?
If you need to resort to "instructibles" [sic], you've already lost. Locked audio devices, 30 layers of abstraction with their own quirks (and latency, lol latency), and on and on.
editorial authority: guys i wish it were that simple but you see X has the issues too, its wayland isnt ready. community: you...you know those two things are completely different right? xorgs been stable for a decade....
I should never have to run xrandr myself. Or add a modeline. X can't even manage a locking screensaver.
editorial authority: the font is ugly. community:...pick...another one?
That's hardly the only problem. High DPI displays look like shit, default rendering settings (often) look like shit, and there's the mayhem of trying to get Qt, GTK, and misc window toolkit apps using the same widgets, fonts, font sizes, etc. Some distros do an *okay* job of that, but none comes anywhere close to OSX or Windows. There's a long way to go.
editorial authority: its fragmented...the desktops....theyre all fragmented. community:....what?
No, I suspect the community is pretty aware of this one. It comes up on Slashdot literally all the time. For example I could theoretically save a file to a remote site over SSH in Konqueror by saving it to a fish:// url. For Firefox (if this is even possible) I guess it would be smb:// because kioslaves and gnome-vfs are completely separate and incompatible. Or the completely different print/open dialogs between Qt apps and GTK ones. Or how I need basically two full desktop environments at all times, because neither ecosystem has a monopoly on good apps.
editorial authority: and i heard linux torval yelling at people too.
Hey, you're right: nobody cares.
Every one of these points is addressed (with links to bugs and sources) in TFA.
Since we're assuming MITM, what happens when I inject javascript into the page? Even assuming the browser prevents me from leaking the PROT header, I can still have it make arbitrary requests using your session.
What happens when I just block the original response, pretend your session died, and serve up a bogus login page that gives me your credentials?
It is to support old servers (ancient Cisco gear comes to mind) that can't properly negotiate newer TLS versions. Unfortunately those failed negotations don't fail, er, gracefully -- it just kills the connection. Browsers (Chrome, Firefox, probably others) retry using SSLv3. Why? There's a lot of old gear out there.
We used to have an entry in the preferences for that but people thought that “SSL 3.0” was a higher version than “TLS 1.0” and would mistakenly disable the latter.
"Chrome Users Dumbed Down" might have been a more apt title.
though it might be as simple as including a Micro-USB-to-Type-C adapter with every new smartphone
This is genius.
"This new connector, whose only value is that it's reversible, doesn't work on the billions of existing devices. Why don't we include a non-reversible adapter?"
Hell, for extra convenience, just leave the adapter on the cable all the time.
If you have a problem with 'hoppers' have you looked into why you're failing to retain people?
Small companies are especially bad for that: fewer employees means fewer paths for personal/professional advancement: there's nowhere 'up' to move, and wearing a half-dozen hats might seem like variety at first, but you'll be wearing those same hats forever. It's too bad that they have less room to take the hits from people leaving and new people coming up to speed, but it's also unreasonable to expect people to stick around past the point they gain anything from the exchange. People *should* be moving on when they feel they're stagnating.
I have an x230 that I put a Corsair SSD in. It's running Ubuntu 13.10, so I guess it's running a 3.11.something kernel. On resume I can see the kernel block for 10+s (by the timestamps in dmesg) waiting for my SSD to get its act together. Screen is on, lockscreen is displayed... but I can't enter a password because the entire system is waiting on the disk.
Less than 50 listed for all of North America, that's hardly a counter-argument.
Overstock.com, Amazon, CVS, Target, Victoria's Secret, Zappos, the list keeps growing.
Of course most of these stores actually use a payment processor that immediately converts the bitcoins to USD for them, but if more and more stores start accepting it, at some point the currency may become so practical that such conversions will no longer need to be made. If a company does business with another company that accepts bitcoin, they may as well take bitcoin from their clients and then use those bitcoins to pay their suppliers. Transaction fees are much lower than those for credit cards, you don't even need any middle men.
Yeah, and if enough people start trying to pay in tulip bulbs, and if they reeeeally believe...
I couldn't believe Victoria's Secret takes bitcoin, and sure enough they don't. They take gift cards.... that can be purchased with bitcoin. Which is exactly what the parent was arguing, "I can exchange BTC for my local currency and then go about my business, but that's about it."
Things get more interesting with the second category: "non-personal" information, which is any user data that isn't associated with a specific individual. We're talking about details like customers' jobs, real-time location, habits, and the like. That data, the company says, is collected anonymously. Apple has free reign to share, sell, or store it however it damn pleases.
Just because Apple hasn't explicitly tied a name to the information doesn't mean it's anonymous. Even a fragment of the location data is enough to identify most people.
The point is no longer "What $COMPANY does with the data it collects", though that might be unsettling on its own, it's what the NSA (or any other data aggregator) can do with it.
They're not providing any value, they're summarizing a release announcement -- and the only things they left out are three bullet points that are just version number bumps for major apps/libraries in base.
Surely the same criticism came up during the alpha? I know I gave almost the same complaint (minus the Digg threat) in the survey, and other than being a bit more feature complete, the layout looks almost the same.
The public-key algorithms are only used to auth servers/clients and during the negotiation of a session key for a symmetric algorithm. Thanks to the BEAST and CRIME attacks, and the dismal uptake of TLS 1.2, once you rule out the block ciphers in CBC mode the most secure symmetric cipher that clients/servers can be expected to support is RC4, which now accounts for some huge percentage of HTTPS traffic.
Nobody is suggesting that RSA is broken, but there is speculation that the NSA has broken RC4.
You CAN run your own identity-provider, but good luck using it anywhere. OpenID and OAuth are federated standards too, but most "relying parties" only accept a handful of major providers.
I just bought a new Thinkpad. I went with Intel hardware because I know they put effort into Linux driver support. Guess I should have looked a little closer.
I installed Ubuntu 13.04 and immediately ran into an ethernet bug (yes, fix released, but not actually available in the distro yet) and a wireless bug (looks like it might have been fixed, then unfixed, but it's hard to tell. It's broken now, anyway.)... And that's leaving aside how the touchpad behaves worse under Linux, or how I have to screw around with kernel boot options for decent power management (that will still be worse than Windows.)
The kicker is that these are the same problems I've been having for years, every time I try to run Linux on a laptop, despite the huge advances that have been made. It feels like one step forward, two steps back.
A lot of people (thought granted not everybody) find that after spending some time in a collaborative environment the background conversations move from being a distraction to an undercurrent of information. It becomes possible to tune it out but still hear keywords that might be relevant and allow for better teamwork.
Research doesn't bear that out. Multitasking reduces efficiency, interrupts and context switches hurt. If, for your specific workload, you find it's a net gain... well, more power to you. It's not one-size fits all.
That's true but your way has high latency. Conversations happen much faster.
That's the point. 'My way' allows my coworkers to decide when they can be interrupted. 'Your way' allows people to demand focus.
It probably varies by job and by person. I find it helpful to talk with my coworkers, but a distraction to overhear them.
A mailing list, irc channel, xmpp muc etc. allows me to collaborate on my terms. I can rethink and edit my response, and if I'm in the middle of something I can read it later and respond then. Conversations typically don't work like that.
Client support is a bit spotty (iOS Mail.app didn't support it, stock Android client doesn't either, alternatives like k9mail do), but that doesn't mean it's not there.
Since... iOS 5, I think it is, Apple maintains a signing window for devices. Assuming you never have any problems with your phone, you can keep using iOS 5 indefinitely. If you ever need to restore the phone though, I believe you will be forced to update to a current version of iOS.
Slashdot Mirror
editorial authority: guise linux its...its just not ready for the desktop. its got graphics driver issues...
community: the ones preventing nearly 200 steam games from running on it?
Yes, those. The open source drivers perform badly, and don't have fixes/workarounds for broken games. The proprietary drivers do, but often break against kernel and userland software versions. Neither is particularly pleasant with weird display setups (niche resolutions or refresh rates.)
That's ignoring that driver support often lags, there's tons of hardware out there that's either not supported yet, not supported well, or never will be supported.
editorial authority nonono guys its worse than that see theres audio problems too, the audio has problems
community: you mean with the countless instructibles articles on home theater via the pi?
If you need to resort to "instructibles" [sic], you've already lost. Locked audio devices, 30 layers of abstraction with their own quirks (and latency, lol latency), and on and on.
editorial authority: guys i wish it were that simple but you see X has the issues too, its wayland isnt ready.
community: you...you know those two things are completely different right? xorgs been stable for a decade....
I should never have to run xrandr myself. Or add a modeline. X can't even manage a locking screensaver.
editorial authority: the font is ugly.
community:...pick...another one?
That's hardly the only problem. High DPI displays look like shit, default rendering settings (often) look like shit, and there's the mayhem of trying to get Qt, GTK, and misc window toolkit apps using the same widgets, fonts, font sizes, etc. Some distros do an *okay* job of that, but none comes anywhere close to OSX or Windows. There's a long way to go.
editorial authority: its fragmented...the desktops....theyre all fragmented.
community:....what?
No, I suspect the community is pretty aware of this one. It comes up on Slashdot literally all the time. For example I could theoretically save a file to a remote site over SSH in Konqueror by saving it to a fish:// url. For Firefox (if this is even possible) I guess it would be smb:// because kioslaves and gnome-vfs are completely separate and incompatible. Or the completely different print/open dialogs between Qt apps and GTK ones. Or how I need basically two full desktop environments at all times, because neither ecosystem has a monopoly on good apps.
editorial authority: and i heard linux torval yelling at people too.
Hey, you're right: nobody cares.
Every one of these points is addressed (with links to bugs and sources) in TFA.
No, it costs ~$7/yr and takes a few minutes. Maybe 15 if you need to look up how to generate the signing request.
This is a dumb idea. A very dumb idea.
Since we're assuming MITM, what happens when I inject javascript into the page? Even assuming the browser prevents me from leaking the PROT header, I can still have it make arbitrary requests using your session.
What happens when I just block the original response, pretend your session died, and serve up a bogus login page that gives me your credentials?
We wouldn't have to slash school budgets if these employers paid taxes.
How's that for critical thinking?
The paper explains it.
It is to support old servers (ancient Cisco gear comes to mind) that can't properly negotiate newer TLS versions. Unfortunately those failed negotations don't fail, er, gracefully -- it just kills the connection. Browsers (Chrome, Firefox, probably others) retry using SSLv3. Why? There's a lot of old gear out there.
From agl:
"Chrome Users Dumbed Down" might have been a more apt title.
This is genius.
"This new connector, whose only value is that it's reversible, doesn't work on the billions of existing devices. Why don't we include a non-reversible adapter?"
Hell, for extra convenience, just leave the adapter on the cable all the time.
You're externalizing blame.
If you have a problem with 'hoppers' have you looked into why you're failing to retain people?
Small companies are especially bad for that: fewer employees means fewer paths for personal/professional advancement: there's nowhere 'up' to move, and wearing a half-dozen hats might seem like variety at first, but you'll be wearing those same hats forever. It's too bad that they have less room to take the hits from people leaving and new people coming up to speed, but it's also unreasonable to expect people to stick around past the point they gain anything from the exchange. People *should* be moving on when they feel they're stagnating.
I have an x230 that I put a Corsair SSD in. It's running Ubuntu 13.10, so I guess it's running a 3.11.something kernel. On resume I can see the kernel block for 10+s (by the timestamps in dmesg) waiting for my SSD to get its act together. Screen is on, lockscreen is displayed ... but I can't enter a password because the entire system is waiting on the disk.
It sounds like I will benefit from this.
Your theory has one fatal flaw.
Wrong. Whole Foods accepts bitcoin.
No Whole Foods here.
Wrong again
Less than 50 listed for all of North America, that's hardly a counter-argument.
Overstock.com, Amazon, CVS, Target, Victoria's Secret, Zappos, the list keeps growing.
Of course most of these stores actually use a payment processor that immediately converts the bitcoins to USD for them, but if more and more stores start accepting it, at some point the currency may become so practical that such conversions will no longer need to be made. If a company does business with another company that accepts bitcoin, they may as well take bitcoin from their clients and then use those bitcoins to pay their suppliers. Transaction fees are much lower than those for credit cards, you don't even need any middle men.
Yeah, and if enough people start trying to pay in tulip bulbs, and if they reeeeally believe...
I couldn't believe Victoria's Secret takes bitcoin, and sure enough they don't. They take gift cards.... that can be purchased with bitcoin. Which is exactly what the parent was arguing, "I can exchange BTC for my local currency and then go about my business, but that's about it."
Just because Apple hasn't explicitly tied a name to the information doesn't mean it's anonymous. Even a fragment of the location data is enough to identify most people.
The point is no longer "What $COMPANY does with the data it collects", though that might be unsettling on its own, it's what the NSA (or any other data aggregator) can do with it.
They're not providing any value, they're summarizing a release announcement -- and the only things they left out are three bullet points that are just version number bumps for major apps/libraries in base.
Surely the same criticism came up during the alpha? I know I gave almost the same complaint (minus the Digg threat) in the survey, and other than being a bit more feature complete, the layout looks almost the same.
You're looking in the wrong place.
The public-key algorithms are only used to auth servers/clients and during the negotiation of a session key for a symmetric algorithm. Thanks to the BEAST and CRIME attacks, and the dismal uptake of TLS 1.2, once you rule out the block ciphers in CBC mode the most secure symmetric cipher that clients/servers can be expected to support is RC4, which now accounts for some huge percentage of HTTPS traffic.
Nobody is suggesting that RSA is broken, but there is speculation that the NSA has broken RC4.
You CAN run your own identity-provider, but good luck using it anywhere. OpenID and OAuth are federated standards too, but most "relying parties" only accept a handful of major providers.
I just bought a new Thinkpad. I went with Intel hardware because I know they put effort into Linux driver support. Guess I should have looked a little closer.
I installed Ubuntu 13.04 and immediately ran into an ethernet bug (yes, fix released, but not actually available in the distro yet) and a wireless bug (looks like it might have been fixed, then unfixed, but it's hard to tell. It's broken now, anyway.) ... And that's leaving aside how the touchpad behaves worse under Linux, or how I have to screw around with kernel boot options for decent power management (that will still be worse than Windows.)
The kicker is that these are the same problems I've been having for years, every time I try to run Linux on a laptop, despite the huge advances that have been made. It feels like one step forward, two steps back.
Maybe next year...
Not to mention with access to a privileged account the malware becomes substantially harder to remove.
A lot of people (thought granted not everybody) find that after spending some time in a collaborative environment the background conversations move from being a distraction to an undercurrent of information. It becomes possible to tune it out but still hear keywords that might be relevant and allow for better teamwork.
Research doesn't bear that out. Multitasking reduces efficiency, interrupts and context switches hurt. If, for your specific workload, you find it's a net gain... well, more power to you. It's not one-size fits all.
That's true but your way has high latency. Conversations happen much faster.
That's the point. 'My way' allows my coworkers to decide when they can be interrupted. 'Your way' allows people to demand focus.
It probably varies by job and by person. I find it helpful to talk with my coworkers, but a distraction to overhear them.
A mailing list, irc channel, xmpp muc etc. allows me to collaborate on my terms. I can rethink and edit my response, and if I'm in the middle of something I can read it later and respond then. Conversations typically don't work like that.
Yes because IMAP doesn't have push.
It doesn't?
Client support is a bit spotty (iOS Mail.app didn't support it, stock Android client doesn't either, alternatives like k9mail do), but that doesn't mean it's not there.
I don't think that's entirely true.
Since... iOS 5, I think it is, Apple maintains a signing window for devices. Assuming you never have any problems with your phone, you can keep using iOS 5 indefinitely. If you ever need to restore the phone though, I believe you will be forced to update to a current version of iOS.
I hadn't thought of that, that seems much more likely.
If the infections are targeted, perhaps the font is dropped to allow found printed documents to be linked to one of the targets?
Not that they're total shit from a security POV? (warning: pdf)