My toenail is human tissue, but it is not a human. And what is the distinguishing feature of a human as opposed to human tissue? Sentience, self-awareness. Until a fetus becomes sentient or self-aware, then it is merely human, and not yet a human.
Your toenail is not self-aware, and it never will be. It is not even other-aware or observant in any way. Other than purely biochemical reactions, it does not react to its environment. Hence, not sentient.
Your fetus (as you were once) was not self-aware initially, but seems to be now. It was observant and other-aware at birth, likely having developed this in utero, responding to parent's voices, etc. Hence, it (you) became sentient in the womb, and self-aware afterwards.
I tried Drivesavers once in the distant past. $1200 later, they hadn't recovered more than a megabyte of data off of an 40gb server drive -- and it was all OS files, none of the actual data files we wanted. They claimed the files were too fragmented on the drive, and the failure was too extreme, that nothing else could be recovered. I doubted this because the server ran a defragging routine during downtime.
But it taught me a lesson. I had been on vacation for a couple of weeks, leaving the tape backup system in the hands of someone else. They dutifully swapped tapes on schedule, but never checked the console to determine that the tapes were full and needed to be replaced with new (or newly-erased) tapes. So for six days, no tape backups occurred -- and of course, that department just happened to do a lot of valuable work during that time because it was approaching a deadline. That team valued the work at over $50K. *sigh* After that, I overhauled that server to include RAID, plus a secondary server which cloned all the data from the first server nightly, plus put an autoloader on the tape drive.
Next up: USAID -- the United States Agency for International Development -- will begin funding for Internet cafes in developing countries. "Really, we are only trying to advance their economic and technological potential!"
It seems like the author wants to run a legal botnot from military computers around the world, as a way to respond to attacks. That's fine, but since criminal botnets are distributed among computers around the world, some of the attacking computers will be from allied countries. Heck, some of them may be the very same military computers that are part of our botnet. The author writes about attackers spoofing IPs to appear to come from friendlies, but what if the computer is actually a friendly that has been zombied? That's where other "intelligence" sources comes in, I suppose, but I am skeptical that the attacker could be accurately identified quickly enough.
...the risk of mail getting lost in someone's spam-folder or a company's misconfigured spamfilter...
This risk is not solved by C/R, unfortunately.
People who depend on receiving cold contacts or who just deal with a lot of mail regularly will (by my expirience) mostly agree that the spam problem couldn't get much worse than it is today.
I've been sending and receiving e-mails for nearly 30 years, I have more than a dozen e-mail accounts and hundreds more e-mail addresses (think Zoemail-style keyed addressing), and I work in a position that receives and sends "cold contact" e-mails on a daily basis. With filters and other ID-based solutions, my daily spam level is extremely low -- on the level of 2-3 spams delivered each day out of thousands sent to me. Deleting this level of spam is not a problem. So yeah, I agree it can't get worse, but now that we've had the problem for a long time, we have found ways of minimizing its impact to the point of acceptability. (Who actually gets 9 spams in their in-box for every 1 real message?)
Aside: even if all the mail apps adopted a common C/R mechanism right this minute, it would take a long time for people to upgrade to it, and accept it. And since it is not far from being a CAPTCHA for email, I expect it would be cracked relatively quickly.
Yes, C/R is annoying when you have to sift through your mailbox to separate spam from Challenges. When they look like any other E-Mail with not even a standard formatting to identify them. When the procedure varies between clicking a link, replying or even quoting some gibberish text from the mail (oh and don't get it wrong or it won't work), etc.
C/R is annoying because people want their messages to be delivered, without additional work. It's not even that I have to scan a spambox, or that they look like any other e-mail. It's that I have do to ONE MORE THING to have the message delivered. If this had been the way e-mail worked originally, then people might accept it; but now, everyone is used to sending e-mail and having it arrive without interruption (generally speaking).
C/R would be widely accepted if you think more of the way skype does it. A simple dialog box, one click, done. This is the kind of integration I'm thinking of and I'm pretty convinced that even people like Mr. Pogue would happily accept it if it reduces their spam input to zero.
Respectfully, I'm pretty convinced that it will not work unless the spam problem becomes so excessively bad that people are willing to change their e-mail habits. We are not yet to that point, thanks to all the other half-baked anti-spam solutions out there.
One trivial approach would be mandatory message signing (cryptographic identity) combined with challenge/response. Whenever someone wants to mail you for the first time your mail server would, depending on your preference, either ask them to solve a captcha or you to permit mail from that sender.
While challenge/response is a sure-fire solution to spam technologically, it utterly fails on the social level. Most people HATE challenge/response. Many web sites specifically state that their operators will not process mail challenges. (For example, this guy, who is not exactly technologically inept -- you may disagree with him, but he's not inept.) I've worked on anti-spam development teams that have tackled this on several angles, and there is simply no way of getting people to accept challenge/response on a wide scale. It's too irritating.
It is freedom, in a way, that binds you with some responsibility. And how difficult it is for many people to understand.
People often want to have authority without responsibility: let me do what I want, without having to pay attention to other people's terms, short- and long-term impact, etc. But if you want freedom from this responsibility, you must also give up the authority that requires it. You can try to fight it, but this always comes back in the end.
"To all those who don't like the license: you don't have to use it. Just write your own code. But if you want to use GPL code, the license comes with it. It's a package deal. Thanks."
Creating fonts is fun. I remember getting my hands on Fontographer when it first came out... now that was cool. Heck, creating bitmap fonts in ResEdit was fun at times. At times, I've had to customize a typeface for a client, when a specific letter just seemed off (typically in a logotype, or for a very niche purpose like recreating a Renaissance manuscript style in a brochure, but still trying to keep it legible). Or just playing practical jokes on people (like flipping all of the characters in Chicago upside down, back when the System 6 used it for the UI).
A bad graphic designer puts the shiny above the usable. A good graphic designer recognizes when a bit of shiny actually enhances the results -- and for a designer and fonts, it may be that too many other people are using a font, so it no longer stands out. When WIRED Magazine launched, they made the then-fresh Myriad typeface popular, and Apple adopted it not long afterwards. Now it's everywhere (and is even the default chosen typeface in many Adobe apps). So what was fresh before, is boring and mundane now.
This reminds me of the 80/20 rule that generally still applies to graphic design, web design, game design... most creative pursuits, actually. In short: The first 20% of the effort creates the first 80% of the result, and the last 80% of the effort goes into the remaining 20% of the result.
In other words, the core ideas come quick, and all the fine details take much longer.
"Please sniff your cell phone, then choose the correct answer from the following list: (a) cinnamon; (b) roses; (c) french fries; (d) fart; (e) toe jam. If you have a cold or other scent-challenging medical condition, click here to hear an audio version of your sound."
With all due respect, I wasn't looking for guesswork, I was looking for a quote from some Google engineer.
Fair enough. I did e-mail a couple of programmers at Google, but have not received a quotable response about this; thankfully another Slashdotter made some comments.
We'll disagree about the definition of apathy. You are referring to things done "for no good reason" when in fact they have a good reason (in their opinion).
Regarding Google... OK, I'll bite. Looking at Google's deviations from spec, I note mostly deliberate omissions: no DOCTYPE declaration; style and script tags don't include TYPE attributes; most tag attributes do not have quotes around them (e.g. bgcolor=#ffffff and width=25% and onclick=gbar.qs(this)) which, in turn, causes a lot of additional errors in the validator (since # and % are not valid except when quoted); and ampersands in linked URLs are flagged as errors.
So, since it is so easy to change this to spec, I copied the home page source, corrected the errors, and ran it back through the validator. That resulted in 9 errors (down from 63), and almost all of them involve nonstandard attributes used by old nonstandard browsers -- so, in theory, we might forgive their presence for the sake of backward compatability. In any case, the home page footprint increased by 466 bytes (6990 bytes before, versus 7456 bytes after). I can't immediately find hard numbers about how many visitors Google gets, but I'll make a guesstimate at 200 million per day, which would translate to a savings of roughly 90gb of data a day.***
Is that worth it? I don't know. If saving bandwidth and improving data transmission efficiency are your top priorities, then yes, it's worth it. Perhaps Google thinks those are more important than meeting formal HTML specifications.
*** My back-of-the-napkin math may be totally flawed. Feel free to correct it.
Not at all; I included that in the comment about insulting them. To a good programmer, being called apathetic is as much an insult as being called ignorant.
I don't believe they have even attempted to make their code valid.
If so, it is not because of apathy: they simply made the decision that it was not important. Google, in particular, has stripped down their web code to the bare minimum that will still render correctly, regardless of formal standards.
If you are going to insist that "apathy" is the same thing as "making a choice to ignore deviations from a specification which result in no noticeable effects", then I have to disagree. Apathy is being indifferent; this is an intentional decision.
You might say that browsers change, thus breaking these non-fully-standard sites, but it's a spurious argument: everyone *will* make the changes, it won't them take very long, and they *still* won't care about the deviations from the new spec. They have different goals than you do.
they are invalid due to apathy and ignorance. In practically every case, you could take a mildly competent developer, throw the code at him, and have it valid in next to no time.
he two are not mutually exclusive. It's perfectly possible to make even the most beautiful sites render accurately across all the major browsers and still contain perfectly valid markup. It smacks of being lazy, or just not knowing the importance of validating code.
I agree that it is possible. I disagree that lacking 100% valid markup is somehow "lazy" or "not knowing the importance" of it. I've worked on several very large dynamic sites (thousands of pages), leading teams of programmers and designers. Simply put, you must balance the level of effort and the user experience with pure markup validation -- "This looks and works as we want it to, in all the browsers we support, and the code is fast, optimized, and bug-free. It's only 95% valid HTML according to the strict specs, but it is sufficient for now." It is not laziness to say this. It's common sense, and a good business practice. There are better things on which we should spend our time.
Well, to quote from the Hackademix FAQ on this issue... "Crackers put together a clever SQL procedure capable of polluting any Microsoft SQL Server database in a generic way, with no need of knowing the specific table and fields layouts. There's no Microsoft-specific vulnerability involved: SQL injections can happpen (and do happen) on LAMP and other web application stacks as well. SQL injections, and therefore these infections, are caused by poor coding practices during web site development. Nonetheless, this mass automated epidemic is due to specific features of Microsoft databases, allowing the exploit code to be generic, rather than tailored for each single web site."
The article suggests that the speed was not bad. (The sample Tetris clone loaded very quickly for me.) And the article's commenters note that this runs on an iPhone. In other words, Orto could be a route to port Java apps to be iPhone aps.
The G5 series had a lot of loud fan problems, where a problem caused the variable-speed fans to all run at full blast. It was nearly as loud as the Psystar effect.
Couldn't you just maintain multiple accounts on your hard drive? When they ask, boot into your special "Nothing To See Here" account that has pictures of cuddly kittens and amber waves of grain. Meanwhile, hidden behind the scenes in your FileVault or TrueCrypt partition, you have your "I Know This Is Wrong" account where you have all your real files and pictures of someone cuddly named Amber.
Now, if they were technologically adept, they'd all have USB drives for you to boot from, loading drive-scanning software to locate either (a) incriminating files or (b) encrypted partitions that they will then ask you to unlock.
Slashdot Mirror
My toenail is human tissue, but it is not a human. And what is the distinguishing feature of a human as opposed to human tissue? Sentience, self-awareness. Until a fetus becomes sentient or self-aware, then it is merely human, and not yet a human.
Your toenail is not self-aware, and it never will be. It is not even other-aware or observant in any way. Other than purely biochemical reactions, it does not react to its environment. Hence, not sentient.
Your fetus (as you were once) was not self-aware initially, but seems to be now. It was observant and other-aware at birth, likely having developed this in utero, responding to parent's voices, etc. Hence, it (you) became sentient in the womb, and self-aware afterwards.
Children are being killed, eaten and abused of all types of species, is that ethical?
I'll answer you after breakfast -- eggs, scrambled, with a side of sausage.
I tried Drivesavers once in the distant past. $1200 later, they hadn't recovered more than a megabyte of data off of an 40gb server drive -- and it was all OS files, none of the actual data files we wanted. They claimed the files were too fragmented on the drive, and the failure was too extreme, that nothing else could be recovered. I doubted this because the server ran a defragging routine during downtime.
But it taught me a lesson. I had been on vacation for a couple of weeks, leaving the tape backup system in the hands of someone else. They dutifully swapped tapes on schedule, but never checked the console to determine that the tapes were full and needed to be replaced with new (or newly-erased) tapes. So for six days, no tape backups occurred -- and of course, that department just happened to do a lot of valuable work during that time because it was approaching a deadline. That team valued the work at over $50K. *sigh* After that, I overhauled that server to include RAID, plus a secondary server which cloned all the data from the first server nightly, plus put an autoloader on the tape drive.
Next up: USAID -- the United States Agency for International Development -- will begin funding for Internet cafes in developing countries. "Really, we are only trying to advance their economic and technological potential!"
Hmm... can you install a bot zombie on an OLPC?
It seems like the author wants to run a legal botnot from military computers around the world, as a way to respond to attacks. That's fine, but since criminal botnets are distributed among computers around the world, some of the attacking computers will be from allied countries. Heck, some of them may be the very same military computers that are part of our botnet. The author writes about attackers spoofing IPs to appear to come from friendlies, but what if the computer is actually a friendly that has been zombied? That's where other "intelligence" sources comes in, I suppose, but I am skeptical that the attacker could be accurately identified quickly enough.
Yes, we'll have to disagree. It is alright.
This risk is not solved by C/R, unfortunately.
I've been sending and receiving e-mails for nearly 30 years, I have more than a dozen e-mail accounts and hundreds more e-mail addresses (think Zoemail-style keyed addressing), and I work in a position that receives and sends "cold contact" e-mails on a daily basis. With filters and other ID-based solutions, my daily spam level is extremely low -- on the level of 2-3 spams delivered each day out of thousands sent to me. Deleting this level of spam is not a problem. So yeah, I agree it can't get worse, but now that we've had the problem for a long time, we have found ways of minimizing its impact to the point of acceptability. (Who actually gets 9 spams in their in-box for every 1 real message?)
Aside: even if all the mail apps adopted a common C/R mechanism right this minute, it would take a long time for people to upgrade to it, and accept it. And since it is not far from being a CAPTCHA for email, I expect it would be cracked relatively quickly.
C/R is annoying because people want their messages to be delivered, without additional work. It's not even that I have to scan a spambox, or that they look like any other e-mail. It's that I have do to ONE MORE THING to have the message delivered. If this had been the way e-mail worked originally, then people might accept it; but now, everyone is used to sending e-mail and having it arrive without interruption (generally speaking).
Respectfully, I'm pretty convinced that it will not work unless the spam problem becomes so excessively bad that people are willing to change their e-mail habits. We are not yet to that point, thanks to all the other half-baked anti-spam solutions out there.
One trivial approach would be mandatory message signing (cryptographic identity) combined with challenge/response. Whenever someone wants to mail you for the first time your mail server would, depending on your preference, either ask them to solve a captcha or you to permit mail from that sender.
While challenge/response is a sure-fire solution to spam technologically, it utterly fails on the social level. Most people HATE challenge/response. Many web sites specifically state that their operators will not process mail challenges. (For example, this guy, who is not exactly technologically inept -- you may disagree with him, but he's not inept.) I've worked on anti-spam development teams that have tackled this on several angles, and there is simply no way of getting people to accept challenge/response on a wide scale. It's too irritating.
It is freedom, in a way, that binds you with some responsibility. And how difficult it is for many people to understand.
People often want to have authority without responsibility: let me do what I want, without having to pay attention to other people's terms, short- and long-term impact, etc. But if you want freedom from this responsibility, you must also give up the authority that requires it. You can try to fight it, but this always comes back in the end.
"To all those who don't like the license: you don't have to use it. Just write your own code. But if you want to use GPL code, the license comes with it. It's a package deal. Thanks."
(which has been oft-said on /.)
Waite, let's see wate the article says... hmm, it's Welte. How svelte!
Creating fonts is fun. I remember getting my hands on Fontographer when it first came out... now that was cool. Heck, creating bitmap fonts in ResEdit was fun at times. At times, I've had to customize a typeface for a client, when a specific letter just seemed off (typically in a logotype, or for a very niche purpose like recreating a Renaissance manuscript style in a brochure, but still trying to keep it legible). Or just playing practical jokes on people (like flipping all of the characters in Chicago upside down, back when the System 6 used it for the UI).
There's a troll if I ever read one.
A bad graphic designer puts the shiny above the usable. A good graphic designer recognizes when a bit of shiny actually enhances the results -- and for a designer and fonts, it may be that too many other people are using a font, so it no longer stands out. When WIRED Magazine launched, they made the then-fresh Myriad typeface popular, and Apple adopted it not long afterwards. Now it's everywhere (and is even the default chosen typeface in many Adobe apps). So what was fresh before, is boring and mundane now.
This reminds me of the 80/20 rule that generally still applies to graphic design, web design, game design... most creative pursuits, actually. In short: The first 20% of the effort creates the first 80% of the result, and the last 80% of the effort goes into the remaining 20% of the result.
In other words, the core ideas come quick, and all the fine details take much longer.
"Please sniff your cell phone, then choose the correct answer from the following list: (a) cinnamon; (b) roses; (c) french fries; (d) fart; (e) toe jam. If you have a cold or other scent-challenging medical condition, click here to hear an audio version of your sound."
With all due respect, I wasn't looking for guesswork, I was looking for a quote from some Google engineer.
Fair enough. I did e-mail a couple of programmers at Google, but have not received a quotable response about this; thankfully another Slashdotter made some comments.
We'll disagree about the definition of apathy. You are referring to things done "for no good reason" when in fact they have a good reason (in their opinion).
Regarding Google... OK, I'll bite. Looking at Google's deviations from spec, I note mostly deliberate omissions: no DOCTYPE declaration; style and script tags don't include TYPE attributes; most tag attributes do not have quotes around them (e.g. bgcolor=#ffffff and width=25% and onclick=gbar.qs(this)) which, in turn, causes a lot of additional errors in the validator (since # and % are not valid except when quoted); and ampersands in linked URLs are flagged as errors.
So, since it is so easy to change this to spec, I copied the home page source, corrected the errors, and ran it back through the validator. That resulted in 9 errors (down from 63), and almost all of them involve nonstandard attributes used by old nonstandard browsers -- so, in theory, we might forgive their presence for the sake of backward compatability. In any case, the home page footprint increased by 466 bytes (6990 bytes before, versus 7456 bytes after). I can't immediately find hard numbers about how many visitors Google gets, but I'll make a guesstimate at 200 million per day, which would translate to a savings of roughly 90gb of data a day.***
Is that worth it? I don't know. If saving bandwidth and improving data transmission efficiency are your top priorities, then yes, it's worth it. Perhaps Google thinks those are more important than meeting formal HTML specifications.
*** My back-of-the-napkin math may be totally flawed. Feel free to correct it.
You missed the "apathy" part.
Not at all; I included that in the comment about insulting them. To a good programmer, being called apathetic is as much an insult as being called ignorant.
I don't believe they have even attempted to make their code valid.
If so, it is not because of apathy: they simply made the decision that it was not important. Google, in particular, has stripped down their web code to the bare minimum that will still render correctly, regardless of formal standards.
If you are going to insist that "apathy" is the same thing as "making a choice to ignore deviations from a specification which result in no noticeable effects", then I have to disagree. Apathy is being indifferent; this is an intentional decision.
You might say that browsers change, thus breaking these non-fully-standard sites, but it's a spurious argument: everyone *will* make the changes, it won't them take very long, and they *still* won't care about the deviations from the new spec. They have different goals than you do.
they are invalid due to apathy and ignorance. In practically every case, you could take a mildly competent developer, throw the code at him, and have it valid in next to no time.
So... you've just insulted all the web programmers at Google, Yahoo, Apple, YouTube, Windows Live, EBay, Amazon, etc.?
Well, at least MSN passes the validator. They must have competent programmers!
he two are not mutually exclusive. It's perfectly possible to make even the most beautiful sites render accurately across all the major browsers and still contain perfectly valid markup. It smacks of being lazy, or just not knowing the importance of validating code.
I agree that it is possible. I disagree that lacking 100% valid markup is somehow "lazy" or "not knowing the importance" of it. I've worked on several very large dynamic sites (thousands of pages), leading teams of programmers and designers. Simply put, you must balance the level of effort and the user experience with pure markup validation -- "This looks and works as we want it to, in all the browsers we support, and the code is fast, optimized, and bug-free. It's only 95% valid HTML according to the strict specs, but it is sufficient for now." It is not laziness to say this. It's common sense, and a good business practice. There are better things on which we should spend our time.
Well, to quote from the Hackademix FAQ on this issue... "Crackers put together a clever SQL procedure capable of polluting any Microsoft SQL Server database in a generic way, with no need of knowing the specific table and fields layouts. There's no Microsoft-specific vulnerability involved: SQL injections can happpen (and do happen) on LAMP and other web application stacks as well. SQL injections, and therefore these infections, are caused by poor coding practices during web site development. Nonetheless, this mass automated epidemic is due to specific features of Microsoft databases, allowing the exploit code to be generic, rather than tailored for each single web site."
The article suggests that the speed was not bad. (The sample Tetris clone loaded very quickly for me.) And the article's commenters note that this runs on an iPhone. In other words, Orto could be a route to port Java apps to be iPhone aps.
The G5 series had a lot of loud fan problems, where a problem caused the variable-speed fans to all run at full blast. It was nearly as loud as the Psystar effect.
1.2 trillion hours of MP3 songs... illegally
Hmm. When will the MPAA and RIAA sue Seagate for enabling piracy all these years?
Couldn't you just maintain multiple accounts on your hard drive? When they ask, boot into your special "Nothing To See Here" account that has pictures of cuddly kittens and amber waves of grain. Meanwhile, hidden behind the scenes in your FileVault or TrueCrypt partition, you have your "I Know This Is Wrong" account where you have all your real files and pictures of someone cuddly named Amber.
Now, if they were technologically adept, they'd all have USB drives for you to boot from, loading drive-scanning software to locate either (a) incriminating files or (b) encrypted partitions that they will then ask you to unlock.