But you did the initial setup over the phone line. Up until this software release, you could not plug a brand new TiVo into a wireless network card, choose your zipcode, and bring up your TiVo.
There was just no way to choose the wireless network and enter the WEP key during initial setup.
There are some good reasons to upgrade to the new TiVo software even if it does not let you record content with the broadcast flag. The biggest reason for me is that now you can do the complete setup process without a telephone line. The entire setup from system reset can be done with wireless internet.
I just bought a new TiVo and was upset that it shipped with the last software rather than the most recent. I had to take it to a neighbors house to have it use the phone line since I only have a cell phone.
While, I wouldn't give just anybody a copy of my credit card, giving others my credit card information encoded on a hotel key is not quite the same. In the case of it being encoded on a hotel key, it is not easy for them to use the hotel key to go to the store and make purchases. I wouldn't expect my family or coworkers to rip the credit card info off the key, make a credit card, and use it.
Others that have pointed out that folks don't treat their room keys like credit card when they are at the beach make me more worried about having credit card info on there than giving that info out to people I trust to get into my room.
Your credit card contains your name and credit card number on it in an unencrypted form. If your key card does as well, you should treat it like a credit card.
It certainly would be nice for the hotel to tell you what they put on the card
They should tell you to report your credit card as stolen if you lose your key card.
They should securely erase or destroy key cards when you check out
I generally trust the hotel staff with my credit card number, and I generally acknoledge that there is info about me on the magnetic stripes in my wallet. Is this anything to get upset about?
That is a very good point. Taking steps to ensure that no similar problems exist is very important and certainly effects security. If a hacker can look at past vulnerabilities and find others that are similar, that is a bad weakness. Plugging similar weaknesses when fixing current weaknesses would be great for security.
I heard that samething similar happens for crashes in the software for the space shuttle. Anything found that could cause a crash causes a review of the entire codebase for similar cases. There was a case about the tangent function returning zero in some case causing a divide by zero error. Other places the tangent function is used were looked at and they found a couple other places that returning a tangent of zero could theoretically cause a divide by zero error.
It would be nice if security were taken as seriously for all applications as crash prevention is for the space shuttle software.
In this case, I believe that remotely exploitable vulnerabilities that allow the attacker to completely control the user account were found in both browsers. When both browsers have severe vulnerabilities it kinda falls out of the equation.
A browser that has 5 reported vulnerabilities is not more secure than a browser that has 30. All it takes in one vulnerability to make your browser insecure
Once any vulnerability is discovered, relative security depends upon is how many users are exposed, and for how long.
Given that vulnerabilities have been found in both, security comparisons should compare the steps taken to reduce the window of vulnerability.
How quickly a patch is issued
How quickly are users notified
How easy it is to apply the patch or upgrade
What percentage of users actually apply the patch
A simple comparison of the number of vulnerabilities does not give much indication about how long the average user was exposed. Nor does it give an indication of how many hackers are taking advantage of the vulnerability to give you a useful security indicator: "How likely is that any given user was hacked via the product".
Asa is great. He replies to critism and does it well. He makes open source software appealing.
The tab thing seems to be the most contentious issue between them. Personally, I don't understand why anybody would want to see the same page in a newly created tab when they user ctrl-t. Scott is suggesting just that. I like a nice blank page that loads in milliseconds and doesn't steal the focus from the URL bar.
IE's "new window" behavior is just braindead to me. Why would I want a copy of the same window I was just on? I want to create a new window so I can do something new. It isn't called "same window" and shouldn't act like it. When something has to be loaded into the new window it often takes a lot of CPU and the page can then steal the focus from the url bar so I can't copy something into it.
Exception: Could not handle error: an additonal exception was encountered
at com.example.util.BaseExceptionHandler() Line 450 ...
Root Cause:
OutOfMemoryError: Out of memory during exception construction
at Exception() Line 5 ...
Root Cause:
IOException: Could not connect to exceptionollection.com
at com.ExceptionCollection.reportException() Line 127 ...
Root Cause:
ApplicationException: HelloWorld program is too simple
at com.example.webapp.HelloWorld.print() Line 907 ...
AnandTech not very search optimization saavy
on
The Google Search Server
·
· Score: 5, Informative
The Mini considers any unique URL string to be a unique document, which makes sense (but is a bit surprising the first time that you run an index). After four hours of indexing, the Mini had managed to reach its document limit and we had to improvise.
Anybody who doesn't know that search engines consider each url to contain a unique document does't know much about getting their site to be properly represented in search engines.
Their solution was to create a list of urls for the appliance to crawl. If they had to do that for the search appliance, there is no way that googlebot, msnbot, or yahoo slurp is going to be able to properly index their site.
Your public accessable urls need to managed and canonicalized through judicious use of robots.txt, 302 redirects, site wide linking, and just plain thinking out the layout of your site.
I did my resume in HTML the last two times I did a job search. There are several advantages: It is rendered well be a variety of web browser and email clients. I can stick it directly in the body of an HTML email rather than have it be an attachemnt. I can put it on my web site. It looks good when it is printed (you can even control where the page breaks will be using css).
If you are looking for a tech job and have not considered HTML format for your resume, you must be living in 1988.
Re:"Always trust code from Microsoft"
on
Do You Code Sign?
·
· Score: 1
You want to trust Microsoft code to run windows and do a windows update. You don't trust anything every signed by Microsoft to be download and run from just any idiots web site.
"Always trust code from Microsoft"
on
Do You Code Sign?
·
· Score: 5, Insightful
The best example of why code signing as it is currently implemented is broken is Windows Update. During the windows update process you are asked to accept signed code and you may "Always trust code from Microsoft". In the context of Windows update, that sounds perfectly legit to most users. They want to update their computers. They don't want to be bothered by the dialog again to do so in the future.
By agreeing to always trust Microsoft you are agreeing to several things you may not realize:
You are trusting all code by Microsoft, not just Windows update (obvious to most people)
You are trusing Microsoft code that folks other that Microsoft give you to run.
The second one is the kicker. If there is a bug in some signed code by microsoft that allows JavaScript to call it and write to any file, then anybody can give you that signed code and some JavaScript and take over your computer. This will be done without any further notification at all to you as the end user.
You are trusting microsoft to:
Write perfect code
Envision every possible use of code they write
Even if you believe that code can be bug free, there is no way anybody who write code really locks it down so it can't be used for anything other than what it was intended. There was a security vulnerability that took advantage of just this. I bug in some signed Microsoft code. I'm not sure how it was fixed.
As a webmaster, I don't want to rely on Google for 80% of my traffic. I'd like to be able to count on each of three search engines for about 30% of my traffic. Google has been known to throw sites out of their index accidentally.
As a user, I feel that Google knows too much about me already. They have a ton of information about what I search for. With gmail, they have a list of who I know, with maps they have a list of places I go, with froogle they have a list of what I buy.
I would prefer that some of the other players in search got their act together and improved to the point to be able to challenge Google. I'd prefer if some of the other maps, email, and shopping sites got their act together and became as good as Google.
Its hard to hate a company that usually has the far superior product, but Google is getting huge and a little scary.
File extensions determine the application that handles the file and the icon it gets though. So although it can be figured out, double clicking on the file may do the wrong thing, and it may get an media file icon despite the fact that you don't have the codec installed and you can't actually play the file.
Would it really be so hard to have a.vorbis and.theora extension? They can both have the same Ogg file structure. I don't care about file structure. I care about whether I can play it on the given machine, what the icon looks like, and if I see a foo.vorbis file on the internet I know it is that song that I'm looking for.
The method that slashdot uses to post dupes is so good that it shouldn't be patented. It is a trade secret that competitors might spend 20 years and millions of dollars to discover, but still not figure out how slashdot editors are able to post so many dupes. Filing a patent just make their secrets public and competitors would be able to post dupes just as well in fifteen years when the patent expires.
sh is certainly more powerful than csh, and perl almost infinitely so. We have a group of devs that use csh when they get away with it because they are more comfortable with the syntax. This includes the most senior dev who is in all other respects a most excellent coder.
The job descriptions do get a bit weird, but looking for people with arcane experience is something a lot of companies do.
In addition to knowing Java and having a CS degree, the ideal job candidate for my employer would know XSLT (xml transform language), m4 (braindead unix template language), and three scripting languages (csh, bash, and perl).
Incidentally, if you know this stuff and you are looking for a job in the Boston area, send me a note. We'd like to hire 7 to 10 of you.
Only 10% of US households use analog broadcast TV, but a heck of a lot of us use analog cable.
I refuse to downgrade to digital because it takes so long to change the channel on digital, I would need a cable box, and wouldn't be able to plug the cable directly into the back of my TiVo.
One of my coworkers says that he just got a second newer digital cable box and they seem to have fixed the channel flipping speed problem on it, but his original cable box still takes almost a second per channel. I'll probably go to digital if I can get one of those newer boxes and once TiVo can decode the digital signals directly with a cable card, so that I don't need a separate box.
TiVo is not only limited by hard drive space, but also by processing power. Without the help of a special mpeg chip it wouldn't be able to encode even one stream to disk as fast as it came in.
Just having the disk isn't enough. You need a multi tuner to be able to break the spectrum in to n streams and you need enough processing power to be able to encode all of those streams at once.
Although, in theory I suppose it is possible that you could compress the entire spectrum in one block, but I think that the channels that have nothing but static would kill your compression ratio.
It also might work for satelite where you are getting all the channels already compressed. Then it might just be a simple matter of saving them all.
Some digital cable works by only sending you one stream at any given time (and when you switch channels the office starts sending you a different stream). With that kind of setup, you can only save what you can get.
Slashdot Mirror
There was just no way to choose the wireless network and enter the WEP key during initial setup.
You've never been able to do it over wireless until now though. I don't have a wired USB adapter.
There are some good reasons to upgrade to the new TiVo software even if it does not let you record content with the broadcast flag. The biggest reason for me is that now you can do the complete setup process without a telephone line. The entire setup from system reset can be done with wireless internet.
I just bought a new TiVo and was upset that it shipped with the last software rather than the most recent. I had to take it to a neighbors house to have it use the phone line since I only have a cell phone.
In any case you can read my review of the Humax TiVo with DVD burner. I review it as a TiVo, as DVD player, and as a DVD burner.
Others that have pointed out that folks don't treat their room keys like credit card when they are at the beach make me more worried about having credit card info on there than giving that info out to people I trust to get into my room.
- It certainly would be nice for the hotel to tell you what they put on the card
- They should tell you to report your credit card as stolen if you lose your key card.
- They should securely erase or destroy key cards when you check out
I generally trust the hotel staff with my credit card number, and I generally acknoledge that there is info about me on the magnetic stripes in my wallet. Is this anything to get upset about?That is a very good point. Taking steps to ensure that no similar problems exist is very important and certainly effects security. If a hacker can look at past vulnerabilities and find others that are similar, that is a bad weakness. Plugging similar weaknesses when fixing current weaknesses would be great for security.
I heard that samething similar happens for crashes in the software for the space shuttle. Anything found that could cause a crash causes a review of the entire codebase for similar cases. There was a case about the tangent function returning zero in some case causing a divide by zero error. Other places the tangent function is used were looked at and they found a couple other places that returning a tangent of zero could theoretically cause a divide by zero error.
It would be nice if security were taken as seriously for all applications as crash prevention is for the space shuttle software.
In this case, I believe that remotely exploitable vulnerabilities that allow the attacker to completely control the user account were found in both browsers. When both browsers have severe vulnerabilities it kinda falls out of the equation.
Security is a process not a state.
A browser that has 5 reported vulnerabilities is not more secure than a browser that has 30. All it takes in one vulnerability to make your browser insecure
Once any vulnerability is discovered, relative security depends upon is how many users are exposed, and for how long.
Given that vulnerabilities have been found in both, security comparisons should compare the steps taken to reduce the window of vulnerability.
A simple comparison of the number of vulnerabilities does not give much indication about how long the average user was exposed. Nor does it give an indication of how many hackers are taking advantage of the vulnerability to give you a useful security indicator: "How likely is that any given user was hacked via the product".
Currency calculator that accepts free form input such as "23 canadian dollars --> rupees"
The tab thing seems to be the most contentious issue between them. Personally, I don't understand why anybody would want to see the same page in a newly created tab when they user ctrl-t. Scott is suggesting just that. I like a nice blank page that loads in milliseconds and doesn't steal the focus from the URL bar.
IE's "new window" behavior is just braindead to me. Why would I want a copy of the same window I was just on? I want to create a new window so I can do something new. It isn't called "same window" and shouldn't act like it. When something has to be loaded into the new window it often takes a lot of CPU and the page can then steal the focus from the url bar so I can't copy something into it.
1,532 results
"not insane"
4,653 results
Exception: Could not handle error: an additonal exception was encountered
...
...
...
...
at com.example.util.BaseExceptionHandler() Line 450
Root Cause:
OutOfMemoryError: Out of memory during exception construction
at Exception() Line 5
Root Cause:
IOException: Could not connect to exceptionollection.com
at com.ExceptionCollection.reportException() Line 127
Root Cause:
ApplicationException: HelloWorld program is too simple
at com.example.webapp.HelloWorld.print() Line 907
Their solution was to create a list of urls for the appliance to crawl. If they had to do that for the search appliance, there is no way that googlebot, msnbot, or yahoo slurp is going to be able to properly index their site.
Your public accessable urls need to managed and canonicalized through judicious use of robots.txt, 302 redirects, site wide linking, and just plain thinking out the layout of your site.
I did my resume in HTML the last two times I did a job search. There are several advantages: It is rendered well be a variety of web browser and email clients. I can stick it directly in the body of an HTML email rather than have it be an attachemnt. I can put it on my web site. It looks good when it is printed (you can even control where the page breaks will be using css).
If you are looking for a tech job and have not considered HTML format for your resume, you must be living in 1988.
You want to trust Microsoft code to run windows and do a windows update. You don't trust anything every signed by Microsoft to be download and run from just any idiots web site.
By agreeing to always trust Microsoft you are agreeing to several things you may not realize:
The second one is the kicker. If there is a bug in some signed code by microsoft that allows JavaScript to call it and write to any file, then anybody can give you that signed code and some JavaScript and take over your computer. This will be done without any further notification at all to you as the end user.
You are trusting microsoft to:
Even if you believe that code can be bug free, there is no way anybody who write code really locks it down so it can't be used for anything other than what it was intended. There was a security vulnerability that took advantage of just this. I bug in some signed Microsoft code. I'm not sure how it was fixed.
Currency conversion with understands "convert 23 dollars to pounds"
- As a webmaster, I don't want to rely on Google for 80% of my traffic. I'd like to be able to count on each of three search engines for about 30% of my traffic. Google has been known to throw sites out of their index accidentally.
- As a user, I feel that Google knows too much about me already. They have a ton of information about what I search for. With gmail, they have a list of who I know, with maps they have a list of places I go, with froogle they have a list of what I buy.
I would prefer that some of the other players in search got their act together and improved to the point to be able to challenge Google. I'd prefer if some of the other maps, email, and shopping sites got their act together and became as good as Google.Its hard to hate a company that usually has the far superior product, but Google is getting huge and a little scary.
Would it really be so hard to have a .vorbis and .theora extension? They can both have the same Ogg file structure. I don't care about file structure. I care about whether I can play it on the given machine, what the icon looks like, and if I see a foo.vorbis file on the internet I know it is that song that I'm looking for.
I hate container formats. I wish that each codec had its own extension.
The method that slashdot uses to post dupes is so good that it shouldn't be patented. It is a trade secret that competitors might spend 20 years and millions of dollars to discover, but still not figure out how slashdot editors are able to post so many dupes. Filing a patent just make their secrets public and competitors would be able to post dupes just as well in fifteen years when the patent expires.
There a bunch of patents that slashdot should obtain:
These patents could then be used to selectivly procecute trolls and spammers.
Currency calculator that understands 'convert 100 euros to canadian dollars'
sh is certainly more powerful than csh, and perl almost infinitely so. We have a group of devs that use csh when they get away with it because they are more comfortable with the syntax. This includes the most senior dev who is in all other respects a most excellent coder.
No kidding. m4 can be a bear. Ever used it as a preprocessor for java, sh, bash, xsl and csh scripts? ;-)
The job descriptions do get a bit weird, but looking for people with arcane experience is something a lot of companies do.
In addition to knowing Java and having a CS degree, the ideal job candidate for my employer would know XSLT (xml transform language), m4 (braindead unix template language), and three scripting languages (csh, bash, and perl).
Incidentally, if you know this stuff and you are looking for a job in the Boston area, send me a note. We'd like to hire 7 to 10 of you.
Only 10% of US households use analog broadcast TV, but a heck of a lot of us use analog cable.
I refuse to downgrade to digital because it takes so long to change the channel on digital, I would need a cable box, and wouldn't be able to plug the cable directly into the back of my TiVo.
One of my coworkers says that he just got a second newer digital cable box and they seem to have fixed the channel flipping speed problem on it, but his original cable box still takes almost a second per channel. I'll probably go to digital if I can get one of those newer boxes and once TiVo can decode the digital signals directly with a cable card, so that I don't need a separate box.
Just having the disk isn't enough. You need a multi tuner to be able to break the spectrum in to n streams and you need enough processing power to be able to encode all of those streams at once.
Although, in theory I suppose it is possible that you could compress the entire spectrum in one block, but I think that the channels that have nothing but static would kill your compression ratio.
It also might work for satelite where you are getting all the channels already compressed. Then it might just be a simple matter of saving them all.
Some digital cable works by only sending you one stream at any given time (and when you switch channels the office starts sending you a different stream). With that kind of setup, you can only save what you can get.
Currency convertor where you can type "US dollars to rupees" and it knows what you mean