Yeah that makes sense. You can always design in a workaround if you forsee the problem and the (probability of the problem) X (severity of the problem) X (effectiveness of the workaround) is high enough to justify the cost. The potential losses with the store-and-forward solution are small, like when a retailer's credit card verification system is down and they have to write transactions on paper slips. A few might be bad, but the business stays open.
Ha! So the problem is in NoScript's FAQ but I can't solve it from the options GUI? I have to muck about in about:config after reading the scary warning about breaking my warranty? Hmmm, laugh or cry... I can't decide.
More broadly though, this needs to be default-off for NoScript *and* all other add-ons. The only way to achieve that is for Mozilla to give that guideline to anyone who wants code distributed through Firefox's add-ons site.
You're not getting it. I can want to trust the code for the add-on, and still not want to trust the website. You say the website is just as secure as and equivalent to the add-on code. As a coder with a website myself, I know better than to say that. Because I'm a software coder, not a web guy. If the world depended on the security of my web skills, heaven help us.
[And really, after the Kaminsky DNS flaw I can't believe we're even having this discussion.]
Stored value cards are foolish. They should only ever be used for identification and authentication. The value being managed must always be stored and administered on the billing system itself.
OK, but if you have RFID and a weak key, an id/auth-only system still has the problem where you can effectively copy someone's card with an antenna, and then use it until $0. You just can't refill it for free as in the stored value case.
I haven't thought about this much, but while the auth/central billing approach seems more secure (if you fix the key problem), it's got a single point of failure that brings down your entire transit system, where the lower security value-store approach does not. Maybe in the real world that's not a big deal, I don't know.
I trust Firefox (and Linux, etc.) yet I _know_ they will have security bugs from time to time. Security is as good as the weakest link in the chain. Why add an unnecessary third-party website to that chain?
To make that risk worse, when any Firefox add-on gets updated, the browser opens that add-on's project page. For example, after updating NoScript, FF will show you a page like this so you can see the "release notes" for the latest version of the add-on. What a *perfect* place to insert a browser exploit, where everyone is forced to go.
So now you depend not only on the security of FF code, the add-on code, but the add-on's external *website* as well.
Anyone know what they were thinking, and how to turn off this feature? I trust NoScript, but I don't want to visit their website after after every update.
At a minimum, viewing the add-on's website after an update should be a *default-off* option for every Firefox add-on.
Not to worry. As a result of the nuclear launches following the panic resulting from the 2038 Unix date rollover, the remaining cockroach hordes will not evolve sentience until at least 2105, thus avoiding the 2099 crisis completely. So it's all good.
Not all versions of major browsers behave the way you expect them to when you try to disable third-party cookies. Check out Steve Gibson's cookie forensics page. Here's a neat browser stats page showing graphically how GRC visitors have their 3rd party cookies configured by browser.
I did use myrealbox until Novel dropped them. Last I checked they were being run by some mysterious operation across the border in Canada (with who knows what legal ramifications). That was a while back.
GMail is great so long as you feel you can trust Google. They aren't quite at the point where I distrust them, but they're heading that way, and it's just a matter of time anyway. (And once you no longer trust them, it's too late because they own your old mail.)
So what are some decent alternatives to gmail? I want something independent of my ISP, and it's going to have to be a pay service since I don't want ads. They have to have a decent privacy policy, secure IMAP, and be likely to exist for 5+ years without being bought by MSyahoo, etc. Does this exist?
I admin for someone with a Dell that has a Foxconn GM33 variant in it (and I believe this BIOS fix is related to the GM33). It has worked fine in Ubuntu until upgrading to Hardy. With Hardy the kernel issues SATA errors and fails to boot completely.
There's a workaround involving either tweaking a BIOS setting or adding kernel options, but this is utterly lame from a user-centered point of view -- which is what both Ubuntu's and Dell's strength is supposed to be.
If Grandma upgrades from Gutsy to Hardy her PC shouldn't fail to boot. And I shouldn't have to tell Grandma over the phone to hit Delete quickly enough to get into the BIOS, and then try to guide her through screens that are gibberish to her. I can't believe this bug was foisted on users and then not rapidly nailed.
I should note that this particular model is *not* one that Dell offers with an Ubuntu pre-install -- in other words, Dell hasn't given any promises that it should work with Linux. But if this BIOS update does fix the problem, I hope Dell steps up and offers it officially.
I looked through each of TFA's linked in the story, and I don't see any technical details on this system. Whereas when the FASTRA people at Univ. of Antwerp put together their 4 9800-GX2 system for CUDA, they published all the nitty gritty down to specific parts, etc. The pictures are interesting but not enough.
I get what this article is going for (not that I read it, or anything), and I wish it could be better, but unfortunately the world of business never comes up with anything that is perfect...
In my area, HD channels really did look much improved, like your customers find. But over time, the cable company (Comcast) has decided to increase the compression on some channels (lowering their bitrate) so they can squeeze more channels in their bandwidth. So HD quality *has* degraded here, not through any fault of the HD technology, but through the choices that the cable company has made.
If your local pizza company sells you melted plastic because it's cheaper than cheese, do you just say "oh don't bitch about it, a good pizza would cost too much"?
And despite the inexcusably top-heavy driver installs that come with their printers (or did last I had one with Windows)....
And despite their inexcusable spying on employees and journalists...
I still give HP mad props for their efforts at e-waste recycling. They put together that thing a couple years ago where you could drop off just about anything electronic at Office Despot, and damn if I didn't fill half a container with museum qualified crap going back to 10MB MFM drives. (I'm keeping my 8" floppies and my S100 bus CP/M boat anchor, those you'll have to pry from my cold dead hands. But anything PCjr or later you can take, and you did, HP, didn't you.)
And for that, I will continue to give HP some slack, and I still go a bit out of my way to hit OD for supplies. (But HP: please fix the ridiculous over-packaging problem, and please try not to spy on reporters.)
But for something that will run distributed across a huge number of home configurations like "@home" distributed computing, adding an API which will bring additional architectures and is more abstract makes sense. Going for a single API roughly restrict the code to running on only half of gamers population's machines.
If something like Brook could come *near enough* to generating optimal code for both NVIDIA and ATI cards, I'd agree with you whole-heartedly. I strongly suspect that this isn't the case.
Imagine if BOINC restricted you to writing i386 code because it will run on everything, but wasted the capabilities of i686 and SSE2 etc.
I would think it would be better to write a CUDA-optimized client of your algo and a CAL-optimized client and let BOINC feed work appropriately. I believe that's what F@H did w.r.t. various hardware architectures.
In the longer run I hope for the same utopia you do, where the strengths of each approach inform the final iteration of Brook or whatever succeeds it, and the back-end compilers do the hard work of optimizing for each architecture that programmers have to do today.
Brook could have been also a nice candidate. It has already been used by other distributed computing project (Folding@home), it supports multiple back-end (including a multi-CPU one which actually works(*), an OpenGL which works with most hardware, and AMD/ATI's CAL backend featured in their Brook+ fork)
Does Brook provide access like CUDA does to fast shared memory and registers vs. device memory vs. host memory?
(*) : unlike CUDA's device emulation mode which is just a ridiculous joke performance-wise.
Just to pick a nit, I'm pretty sure that the point of device emulation mode is ease of debugging, not performance.
On the whole I think we agree that it would be nice for programmers to have a non-proprietary and non-vendor-specific language to express parallel programs in. But at this early stage, with things still emerging, using CUDA directly seems to have some advantages.
Can a GPU like one from Nvidia or ATI potentially work together *with* the cell processor to increase the GPU's capabilities? (I'd guess that would probably depend on the drivers having support for the Cell, and I'm guessing that current generation drivers probably wouldn't take any advantage of the Cell?)
Not likely, since they are competing with each other for the same markets (acceleration of graphics and computation, including all the examples you gave like encryption, etc.). They are two approaches to the same end, so no sense in mixing them.
An OS could use either or both if they exist. Individual apps would probably be written for one or the other but not both. And nobody is going to produce a graphics/compute card that mixes the two.
TFA doesn't address Windows much. In the FAQ they say something like "since the vendor controls the repos for Windows and OSX, they are less vulnerable".
True, I can't set up a bogus mirror for Windows -- except in a corporate environment, where I believe MS has some facility to allow a local cache of patches to reduce external bandwidth usage.
But the authors keep talking about man-in-the-middle attacks on FOSS repos. Couldn't someone just as easily do that for Windows? And then use it to only offer outdated (known-vulnerable) versions of patches?
It's axiomatic that any person who does what is necessary to become a viable Presidential candidate will not be worth voting for.
True enough, but how is voting for this pile of dogshit even necessary to get elected? I mean, it's not like the Republicans won't club Obama as soft-on-terror no matter what he does.
Last night I went to watch something on Netflix (on my desktop) and got a "sorry, maintenance downtime" message. This was like 11pm pacific. It made me wonder if the Roku would have been affected.
You never had those "rights". Old technology just did not prevent you from recording/copying shows, music etc. That did not mean that you were allowed to do it, but many turned a blind eye to infringements.
The US Supreme Court disagreed with you when it decided in the Betamax ruling that
the making of individual copies of complete television shows for purposes of time-shifting does not constitute copyright infringement, but is fair use.
Slashdot Mirror
Yeah that makes sense. You can always design in a workaround if you forsee the problem and the (probability of the problem) X (severity of the problem) X (effectiveness of the workaround) is high enough to justify the cost. The potential losses with the store-and-forward solution are small, like when a retailer's credit card verification system is down and they have to write transactions on paper slips. A few might be bad, but the business stays open.
That's funny. When I went to addons.mozilla.org I got a download link that was not on noscript's website: https://addons.mozilla.org/en-US/firefox/downloads/file/35871/noscript-1.7.9-fx+mz+sm.xpi
Just because you don't think like a cracker doesn't mean you're not a honky.
Ha! So the problem is in NoScript's FAQ but I can't solve it from the options GUI? I have to muck about in about:config after reading the scary warning about breaking my warranty? Hmmm, laugh or cry... I can't decide.
More broadly though, this needs to be default-off for NoScript *and* all other add-ons. The only way to achieve that is for Mozilla to give that guideline to anyone who wants code distributed through Firefox's add-ons site.
You're not getting it. I can want to trust the code for the add-on, and still not want to trust the website. You say the website is just as secure as and equivalent to the add-on code. As a coder with a website myself, I know better than to say that. Because I'm a software coder, not a web guy. If the world depended on the security of my web skills, heaven help us.
[And really, after the Kaminsky DNS flaw I can't believe we're even having this discussion.]
OK, but if you have RFID and a weak key, an id/auth-only system still has the problem where you can effectively copy someone's card with an antenna, and then use it until $0. You just can't refill it for free as in the stored value case.
I haven't thought about this much, but while the auth/central billing approach seems more secure (if you fix the key problem), it's got a single point of failure that brings down your entire transit system, where the lower security value-store approach does not. Maybe in the real world that's not a big deal, I don't know.
I trust Firefox (and Linux, etc.) yet I _know_ they will have security bugs from time to time.
Security is as good as the weakest link in the chain. Why add an unnecessary third-party website to that chain?
And I'm saying Firefox should have a guideline to handle this, since they distribute the code through addons.mozilla.org.
To make that risk worse, when any Firefox add-on gets updated, the browser opens that add-on's project page. For example, after updating NoScript, FF will show you a page like this so you can see the "release notes" for the latest version of the add-on. What a *perfect* place to insert a browser exploit, where everyone is forced to go.
So now you depend not only on the security of FF code, the add-on code, but the add-on's external *website* as well.
Anyone know what they were thinking, and how to turn off this feature? I trust NoScript, but I don't want to visit their website after after every update.
At a minimum, viewing the add-on's website after an update should be a *default-off* option for every Firefox add-on.
Not to worry. As a result of the nuclear launches following the panic resulting from the 2038 Unix date rollover, the remaining cockroach hordes will not evolve sentience until at least 2105, thus avoiding the 2099 crisis completely. So it's all good.
Oh thanks. Now there's Tandoori chicken all over my monitor.
Not all versions of major browsers behave the way you expect them to when you try to disable third-party cookies.
Check out Steve Gibson's cookie forensics page.
Here's a neat browser stats page showing graphically how GRC visitors have their 3rd party cookies configured by browser.
I did use myrealbox until Novel dropped them. Last I checked they were being run by some mysterious operation across the border in Canada (with who knows what legal ramifications). That was a while back.
GMail is great so long as you feel you can trust Google. They aren't quite at the point where I distrust them, but they're heading that way, and it's just a matter of time anyway. (And once you no longer trust them, it's too late because they own your old mail.)
So what are some decent alternatives to gmail? I want something independent of my ISP, and it's going to have to be a pay service since I don't want ads. They have to have a decent privacy policy, secure IMAP, and be likely to exist for 5+ years without being bought by MSyahoo, etc. Does this exist?
Damn, gmail was so seductive.
I admin for someone with a Dell that has a Foxconn GM33 variant in it (and I believe this BIOS fix is related to the GM33). It has worked fine in Ubuntu until upgrading to Hardy. With Hardy the kernel issues SATA errors and fails to boot completely.
There's a workaround involving either tweaking a BIOS setting or adding kernel options, but this is utterly lame from a user-centered point of view -- which is what both Ubuntu's and Dell's strength is supposed to be.
If Grandma upgrades from Gutsy to Hardy her PC shouldn't fail to boot. And I shouldn't have to tell Grandma over the phone to hit Delete quickly enough to get into the BIOS, and then try to guide her through screens that are gibberish to her. I can't believe this bug was foisted on users and then not rapidly nailed.
I should note that this particular model is *not* one that Dell offers with an Ubuntu pre-install -- in other words, Dell hasn't given any promises that it should work with Linux. But if this BIOS update does fix the problem, I hope Dell steps up and offers it officially.
I looked through each of TFA's linked in the story, and I don't see any technical details on this system. Whereas when the FASTRA people at Univ. of Antwerp put together their 4 9800-GX2 system for CUDA, they published all the nitty gritty down to specific parts, etc. The pictures are interesting but not enough.
In my area, HD channels really did look much improved, like your customers find. But over time, the cable company (Comcast) has decided to increase the compression on some channels (lowering their bitrate) so they can squeeze more channels in their bandwidth. So HD quality *has* degraded here, not through any fault of the HD technology, but through the choices that the cable company has made.
If your local pizza company sells you melted plastic because it's cheaper than cheese, do you just say "oh don't bitch about it, a good pizza would cost too much"?
And despite the inexcusably top-heavy driver installs that come with their printers (or did last I had one with Windows)....
And despite their inexcusable spying on employees and journalists...
I still give HP mad props for their efforts at e-waste recycling. They put together that thing a couple years ago where you could drop off just about anything electronic at Office Despot, and damn if I didn't fill half a container with museum qualified crap going back to 10MB MFM drives. (I'm keeping my 8" floppies and my S100 bus CP/M boat anchor, those you'll have to pry from my cold dead hands. But anything PCjr or later you can take, and you did, HP, didn't you.)
And for that, I will continue to give HP some slack, and I still go a bit out of my way to hit OD for supplies. (But HP: please fix the ridiculous over-packaging problem, and please try not to spy on reporters.)
If something like Brook could come *near enough* to generating optimal code for both NVIDIA and ATI cards, I'd agree with you whole-heartedly. I strongly suspect that this isn't the case.
Imagine if BOINC restricted you to writing i386 code because it will run on everything, but wasted the capabilities of i686 and SSE2 etc.
I would think it would be better to write a CUDA-optimized client of your algo and a CAL-optimized client and let BOINC feed work appropriately. I believe that's what F@H did w.r.t. various hardware architectures.
In the longer run I hope for the same utopia you do, where the strengths of each approach inform the final iteration of Brook or whatever succeeds it, and the back-end compilers do the hard work of optimizing for each architecture that programmers have to do today.
Does Brook provide access like CUDA does to fast shared memory and registers vs. device memory vs. host memory?
Just to pick a nit, I'm pretty sure that the point of device emulation mode is ease of debugging, not performance.
On the whole I think we agree that it would be nice for programmers to have a non-proprietary and non-vendor-specific language to express parallel programs in. But at this early stage, with things still emerging, using CUDA directly seems to have some advantages.
Not likely, since they are competing with each other for the same markets (acceleration of graphics and computation, including all the examples you gave like encryption, etc.). They are two approaches to the same end, so no sense in mixing them.
An OS could use either or both if they exist. Individual apps would probably be written for one or the other but not both. And nobody is going to produce a graphics/compute card that mixes the two.
TFA doesn't address Windows much. In the FAQ they say something like "since the vendor controls the repos for Windows and OSX, they are less vulnerable".
True, I can't set up a bogus mirror for Windows -- except in a corporate environment, where I believe MS has some facility to allow a local cache of patches to reduce external bandwidth usage.
But the authors keep talking about man-in-the-middle attacks on FOSS repos. Couldn't someone just as easily do that for Windows? And then use it to only offer outdated (known-vulnerable) versions of patches?
It's axiomatic that any person who does what is necessary to become a viable Presidential candidate will not be worth voting for.
True enough, but how is voting for this pile of dogshit even necessary to get elected? I mean, it's not like the Republicans won't club Obama as soft-on-terror no matter what he does.
So WHAT THE HOLY FUCK???
Wait were you trying to reply to this thread?
Last night I went to watch something on Netflix (on my desktop) and got a "sorry, maintenance downtime" message. This was like 11pm pacific. It made me wonder if the Roku would have been affected.
The US Supreme Court disagreed with you when it decided in the Betamax ruling that