This is the best advice so far. On stage one, if this works for you, try thinking about the people who will use the code once it's written. Picture them benefiting from it. Picture them not benefiting from it if you don't write it. Sounds goofy, but it sometimes works for me. If they don't really seem to care one way or the other, maybe you should write different code.
Dude, I want *your* computer. Or your glasses. Or something.
You have illustrated the point nicely. However, the fact is that there is a problem here. The average naive user thinks that when they type a password in, and it's hidden, that means that it's secure. They equate the dots with end-to-end security. And of course there is no end-to-end security. So actually the dots are a usability problem - just not the one Mr. Nielsen suggests.
Fundamentally, the problem is that there is no security in the way passwords are done on the net. By this I mean that even though we do have security protocols like SSL, and we do have mechanisms for signing certs, the current security model assumes that the user will discriminate between situations where there is security, and situations where there is not. And nearly every single user of web services is incapable of discriminating in that way. There are maybe one or two thousand people in the world who really understand the security model well enough and are anal enough to actually validate the security of what they are doing when they enter passwords into web forms.
So essentially Mr. Nielsen is right - you might as well not bother with the dots. Because they just give you a false sense of security.
Hunh, joining a Dharma group certainly improved my social life. I have a genuinely frightening number of friends, and I've been married for seven years. So this trick works even if you're afraid of Jesus - just join a group that's more attractive to you.
Another argument on the child porn thing is to ask the question, what percentage of all child abuse has to do with child porn? Last time I checked into it, the most generous number I could come up with was a tenth of a percent. A hundred million children in the world live on the streets. Child prostitution is common in developing countries. Child labor exploitation is common. Trafficking in enslaved children is common.
If what is being done to cure child porn is one tenth of one percent of all the money and effort and compromise being put into solving the other 99.9% of suffering experienced by children, then we could say that what is being done is rational. So check it out. Is that the case? No, not even remotely. Much *more* money is being spent combating child porn than any of the other ills that befall children in the world.
So then it's clear that the new and draconian crackdown on child porn actually has nothing to do with protecting children.
And everybody does. And most of it is crap. And sorting through the crap is hard work. Which we used to pay book acquisition editors, newspaper editors, and the like, to do. The Internet is the best example yet extant of Sturgeon's Law: 99% of everything is crap. Only Sturgeon was an optimist.
It's not good enough for something to be out there. It's necessary also that you have a way to find it.
BTW, I disagree with Bradbury - I think the internet is really great, and it's a dream realized for me, since I was working on it when it was still a wee baby that couldn't do much. But I think it's healthy to think critically about the Internet, and not romanticize it.
The internet is indeed a great gestational pool for new work. It's also a huge distraction, and a difficult place to concentrate. And once the new work is done, it's a dangerous place for it to live, both because it might be vandalized, and because the place where it is stored might go away. Sure, if everybody makes a copy it might work out, but people only copy what's popular and what's known. A system that depends on repeated copying over millennia to preserve a work for millennia is very vulnerable. Can you imagine getting something like the dead sea scrolls off of a two-thousand-year-old hard drive?
Laugh if you want, but keeping digital data is hard. Really hard. Once you've printed a book on acid-free paper with good quality ink, you can pretty much assume it'll still be readable in a hundred years. The lifetime of most computer media is measured in years, not decades. And most printouts fade quickly, because they're done on laser paper, which doesn't last very long.
So I wouldn't accuse Mr. Bradbury of being senile just yet. I agree he's a curmudgeon, but we need curmudgeons to keep us honest.
I don't know. If I were a taxpayer in Bozeman, I think I'd still be pretty worried about potential liability issues. The mere fact that the policy was withdrawn doesn't entirely address that. From the summary, it sounds as if the person who instituted the policy in the first place thinks they went a little too far. I would want them to realize and internalize the understanding that what they did was not an error of degree, but of kind. Otherwise, they'll just make the same mistake again in some other situation.
When you speak of people as a class, I think it really seriously confuses the issue. That's not to say that noticing the mistreatment of a class of people and doing something about it is wrong, but when you are trying to isolate what is right and what is wrong, I think it's pretty easy to wind up dividing by zero proving that 1==2 if you do this.
The Declaration of Independence says "we hold these truths to be self-evident: that all men are created equal..." And when I was coming up, I heard those words and believed them, and couldn't understand all the inequalities that I saw. I wasn't thrilled about the sexist language either, but that's another story.
But here we're talking about ideals, not about what is inherent. Really, when you say something is self-evident, you're contradicting yourself - if it were truly self-evident, you would not need to hold it to be true, or say that it was true, because, since it's self-evident, everybody would already agree that it was true.
So the facts on the ground 50 years ago were that enough people didn't believe people should be treated equally regardless of skin color that they *weren't* treated equally. And this is a situation that appears to persist to this day, despite the great strides that were taken in the sixties, and despite the fact that we managed to elect an african-american president.
So did they have an *inherent* right to be treated equally? The facts would suggest otherwise. That's why our parents had to work for it, and that's why there is still work for us to do. That's a crying shame, and we should work to correct the situation, but the fact that it sucks and that it shouldn't be that way doesn't change the fact that it is that way at the moment.
This is nothing new - it used to be that serfs couldn't leave the land, and were inherited by the lord of the land. It used to be that you could capture and keep slaves in much of the "civilized" world. And never in all of history has it been the case that people actually did have equal rights. The fact that we would create and aspire to an ideal like that is a truly wonderful thing, and not to be disparaged by talk of "inherent" and "natural" rights that nobody ever actually enjoyed.
They obviously don't have an "inherent" right, because if they did, we wouldn't be having this discussion. That's what an inherent right is - one that exists already. In order for it to be inherent, it would have to be the case, at a minimum, that it was broadly-enough recognized that you didn't have to fight against the average person's natural inclination. But peoples' natural inclinations are pretty clear - while people generally do seem to think that artists should be compensated, they do not agree that artists have a completely unrestricted copyright. You can see this simply by observing how people generally behave.
Copyright is a created right. It exists for a purpose: to encourage people to create new works of art. And it comes at a cost: peoples' right to copy these new works is restricted. Furthermore, peoples' right to speak about these works is restricted, and this does indeed get into the arena of freedom of speech, whether you want it to or not.
When you attempt to claim all rights to your work, in perpetuity, you are taking something away from the rest of the world. It may not be something that you consider important, but it is something that we consider important. So you have two choices: kill everyone who does not agree with you, or come to a compromise.
And that is precisely the purpose of this debate, which you seem to be arguing does not exist.
The address is usually made up of the prefix and the interface identifier, so technically the addresses aren't random - the interface identifier is derived from the MAC address of the interface, typically. But you'd have to know the ethernet address of the device you're trying to reach, *and* its prefix, at the same time, in order to be able to attack it. Since this particular attack is valuable precisely because you don't need to know those things, IPv6 would in fact render it useless.
Having said that, I think CGA (cryptographically generated addresses) are going to get popular, and if that's so, then even knowing the MAC address won't be able to help you.
Yes, IPv6 would help here, and in a lot of other instances. With IPv6, unless you're already communicating with a host, or it has a public identity because it's a server, the chances of you guessing its IP address are vanishingly small. So this attack wouldn't work, and also the typical attack that internet worms do where they just randomly try ports on various IP addresses en masse also wouldn't work, because the statistics are no longer in their favor.
...but it's a drop in the bucket in a senate election. So while I am just as annoyed at Senator Hatch as the next geek, I think accusing him of being bought is probably tactically stupid. First, because it's probably not true. Second, because there's probably another reason he holds this particular position. And third, because he probably actually believes what he's saying.
There are two ways to get him to stop being such a powerful advocate for copyright interests. One is to get him replaced. The other is to get him to change his mind. Getting him replaced is going to be really, really hard. But by all means, go for it. Only I really doubt the average Utahn is going to vote him out on the basis of his position on copyright, even if they disagree with him. So that's a really big job.
The other possibility is that you could get him to come around to seeing how much economic damage the RIAA and MPAA positions are doing to our economy. I think that's pretty hard too. But maybe not impossible. But one thing that is impossible is that you will get him to even listen to you if you start talking about how he's blowing the MPAA to get campaign contributions. The electoral system works the way it works. I want it to change as much as you do. But it's not going to change because you make nasty accusations. It's going to change because you work for it, or not at all.
What does this have to do with the article? Are you proposing that people commute by airplane instead?
Sprawl gets built because for a variety of reasons it makes short-term economic sense. In fact most modern wood-frame houses are only good for a relatively short time, so it's a problem that will ultimately take care of itself. Just because you are "forced" to live in sprawl right now does not mean that when your house has to be rebuilt because of shoddy construction, the right thing for you to do will be to rebuild on site. Indeed, there are many examples of sprawl development right now that simply can't be sold because no-one wants to live in them. Some of this housing stock is being bulldozed because it's cheaper than keeping it around.
So the idea that you must always commute by car simply isn't true. What is more true is that if the cost of commuting by car rises enough, it will make sense to run a rail line out to your suburb.
That truism is widely disputed at this point, of course - just because a weather pattern is unusual doesn't mean that it has a causal relationship to an event that precedes it.
Get a pilot's license. Then you can really fly. It'll cost you some scratch, but you won't regret it. Well, unless you're a dumbass and fly when you shouldn't, or where you shouldn't. Which is ultimately why flying cars will never be mainstream.
This article misses a couple of important points. First of all, our amazing future *is* here. Diseases that killed you if you got them in Jules Verne's time are curable. Everybody has a car, and while we may think they pollute terribly, to someone who lived through the coal age they would seem amazingly clean. The TGV? Get out of here! Jaws would drop. Poor people living in houses with indoor plumbing? That works? Miraculous. Ubiquitous electric lights?
We do live in the amazing future. We're just used to it.
Heh. Anyway, I think the key statement from the summary is this:
...and GTK not being a very compelling toolkit
When you're developing something and trying to get it to work, best is the enemy of good enough. And you can argue that GTK is good enough. But there's a huge distance between where GTK is now and "best."
So in fact I would argue that what is needed at this point is the pursuit of a new "best," not consolidation. GTK is what you get with consolidation. The toolkit that is to come won't be GTK, and it won't be KDE. That is the toolkit the google guys are asking for.
The flatscreen can't move with your head. More to the point, though, it's just not portable. I can't use a 50" flatscreen in the car, or on the bus, or on an airplane, or in my friend's house when I'm out of town. I spend a lot more hours in front of my laptop screen than in front of my HDTV. I would *love* to have a wearable display I could use to get work done when I'm traveling, with as much resolution as my screen at home.
However, I think that by and large, people don't really know if there is a market for high resolution displays of this type, and the cost to build them, and to get the ergonomics right, can be expected to be high. If you think about what has to go into one of these devices, it's kind of daunting.
It has to have a variable focus, so that it doesn't cause you to get nearsighted from using it too much and then sue the manufacturer.
It has to be bright.
It has to have a power source and a video source that are comfortable to wear
It has to not weigh enough to put prints on your nose
It has to be affordable
When you put all this together, it's a nontrivial problem. I'd love it if something like this were available, and I think eventually it will be, but when people talk about it as if it's really pretty easy to do, I think they're not thinking it through.
You didn't understand the point in the comment you're replying to. Suppose you have a VPN setup. Starting from not being connected to the VPN, you plug your laptop into an internet connection somewhere. You get an IP address and DNS server IP addresses from DHCP. The DHCP client configures your host to resolve DNS using that IP address.
Now you turn on the VPN. This does not (necessarily, and clearly does not in the case we're discussions at the moment) change the IP addresses your laptop is configured to use for name resolution. So if you run all DNS queries down the tunnel, they're still going to go to your ISP's DNS server.
The only thing that's changed is how they get there. Instead of going out your internet connection to your ISP's DNS server, they're going to go across your VPN tunnel, to your work network, out your work network's internet connection, across the internet to your ISP. The response will retrace that path.
In order to use your work DNS servers to resolve names, your VPN has to be configured to change the IP addresses to which it sends DNS queries when the VPN is set up, and put things back when the VPN is torn down. If it's able to do this reliably, this isn't a bad solution, but it sounds like the VPN software we're talking about at the moment doesn't do this, because if it did, the person who posed the original question wouldn't be having this problem.
I'm not sure what your threat model is, but I suspect you are claiming one of two things: either that the VPN node might act as a router, forwarding packets around your firewall, or that the VPN node might be compromised and used as a stepping-stone onto your network.
In the case of the router vulnerability, this is something that you can control on the corporate side of things by simply not accepting packets down the VPN tunnel that don't come from the IP address that's the far endpoint of that tunnel. I'm not a VPN expert, but I would be surprised if this isn't how your VPN is configured by default.
In the case of the stepping stone, this is a fairly weak threat model, for two reasons. First, if your machine has been rooted, there's a good chance that it will phone home out through your firewall even if you route all internet access through the VPN. So it will be a stepping stone to your network anyway.
Second, if your machine has been rooted, and is running any sort of virus platform, it's going to try to infect machines on your network even if it doesn't have a link to the outside world. If you are genuinely concerned about threats originating on employee laptops, you shouldn't allow them to VPN into your network at all.
So the point is that forcing the VPN'd node to access the internet through your site is probably going to be a big inconvenience for your users (the kind of inconvenience they will hack around, possibly making you even more vulnerable) and it's not going to buy you any meaningful security.
Firewalls are great for slowing the spread of infection, and raising the cost of attacking you, but you really do need to secure every node as well, and if someone really wants to get past your firewall, and is willing to expend substantial effort to do so, you probably won't stop them without much sterner measures than the one you're advocating.
What's the benefit of blocking your internal DNS? You're firewalled off, or they wouldn't need the VPN. What's going on here is that you're doing something broken - you must have some kind of NXDOMAIN redirector running on the remote machine, and the ISP is doing something wrong, because its NXDOMAIN redirector is fooling your NXDOMAIN redirector. If you just follow the standards, the fact that they have a broken NXDOMAIN redirector wouldn't affect you.
Another option is to set up a DNS resolver that's reachable from outside your network, and also inside your network, but only answers for your internal names if the query comes from inside. Then configure all your VPN machines to always use that nameserver, and not use your ISP's nameserver.
Even if your ISP filters DNS and answers in place of your nameserver, you're okay, because as soon as the VPN is set up, all the queries will go across the VPN (since this server is on your local network). At that point you'll start getting answers for local domains because now the query is coming from a local (VPN) IP address.
This second solution is a bit more work, and of course being a DNS geek I'm biased toward just doing the right thing in the first place, so I recommend just opening up your DNS, but either way ought to work.
I think you will find that while a lot of people feel no compunction about pirating books, they don't feel so strongly about it that they're willing to do what it would take to amend the constitution. So realistically, your bombastic challenge here is just posturing.
Ms. Leguin's problem here is not that she's wrong to be disappointed at people for doing this, but rather that it *matters*. If in fact most people don't think they should pay for books, she's screwed whether the constitution gets amended or not. But in fact that's now how people work.
Generally speaking, people have a sense of fairness that means that even if some people take advantage, plenty won't. Trying to force people into compliance not only makes you look like an asshole, there's no evidence that it works. What works, frankly, is propaganda - actively appealing to peoples' sense of fairness.
This is why iTunes works. It's why a service *like* iTunes could work for books.
Slashdot Mirror
This is the best advice so far. On stage one, if this works for you, try thinking about the people who will use the code once it's written. Picture them benefiting from it. Picture them not benefiting from it if you don't write it. Sounds goofy, but it sometimes works for me. If they don't really seem to care one way or the other, maybe you should write different code.
Maybe we should print up some bumper stickers that say "Don't blame me - I run Linux!"
Dude, I want *your* computer. Or your glasses. Or something.
You have illustrated the point nicely. However, the fact is that there is a problem here. The average naive user thinks that when they type a password in, and it's hidden, that means that it's secure. They equate the dots with end-to-end security. And of course there is no end-to-end security. So actually the dots are a usability problem - just not the one Mr. Nielsen suggests.
Fundamentally, the problem is that there is no security in the way passwords are done on the net. By this I mean that even though we do have security protocols like SSL, and we do have mechanisms for signing certs, the current security model assumes that the user will discriminate between situations where there is security, and situations where there is not. And nearly every single user of web services is incapable of discriminating in that way. There are maybe one or two thousand people in the world who really understand the security model well enough and are anal enough to actually validate the security of what they are doing when they enter passwords into web forms.
So essentially Mr. Nielsen is right - you might as well not bother with the dots. Because they just give you a false sense of security.
Excellent. That leaves more for us...
Hunh, joining a Dharma group certainly improved my social life. I have a genuinely frightening number of friends, and I've been married for seven years. So this trick works even if you're afraid of Jesus - just join a group that's more attractive to you.
Another argument on the child porn thing is to ask the question, what percentage of all child abuse has to do with child porn? Last time I checked into it, the most generous number I could come up with was a tenth of a percent. A hundred million children in the world live on the streets. Child prostitution is common in developing countries. Child labor exploitation is common. Trafficking in enslaved children is common.
If what is being done to cure child porn is one tenth of one percent of all the money and effort and compromise being put into solving the other 99.9% of suffering experienced by children, then we could say that what is being done is rational. So check it out. Is that the case? No, not even remotely. Much *more* money is being spent combating child porn than any of the other ills that befall children in the world.
So then it's clear that the new and draconian crackdown on child porn actually has nothing to do with protecting children.
And everybody does. And most of it is crap. And sorting through the crap is hard work. Which we used to pay book acquisition editors, newspaper editors, and the like, to do. The Internet is the best example yet extant of Sturgeon's Law: 99% of everything is crap. Only Sturgeon was an optimist.
It's not good enough for something to be out there. It's necessary also that you have a way to find it.
BTW, I disagree with Bradbury - I think the internet is really great, and it's a dream realized for me, since I was working on it when it was still a wee baby that couldn't do much. But I think it's healthy to think critically about the Internet, and not romanticize it.
The internet is indeed a great gestational pool for new work. It's also a huge distraction, and a difficult place to concentrate. And once the new work is done, it's a dangerous place for it to live, both because it might be vandalized, and because the place where it is stored might go away. Sure, if everybody makes a copy it might work out, but people only copy what's popular and what's known. A system that depends on repeated copying over millennia to preserve a work for millennia is very vulnerable. Can you imagine getting something like the dead sea scrolls off of a two-thousand-year-old hard drive?
Laugh if you want, but keeping digital data is hard. Really hard. Once you've printed a book on acid-free paper with good quality ink, you can pretty much assume it'll still be readable in a hundred years. The lifetime of most computer media is measured in years, not decades. And most printouts fade quickly, because they're done on laser paper, which doesn't last very long.
So I wouldn't accuse Mr. Bradbury of being senile just yet. I agree he's a curmudgeon, but we need curmudgeons to keep us honest.
OBTW... Get off my lawn!
Punk. :')
I don't know. If I were a taxpayer in Bozeman, I think I'd still be pretty worried about potential liability issues. The mere fact that the policy was withdrawn doesn't entirely address that. From the summary, it sounds as if the person who instituted the policy in the first place thinks they went a little too far. I would want them to realize and internalize the understanding that what they did was not an error of degree, but of kind. Otherwise, they'll just make the same mistake again in some other situation.
When you speak of people as a class, I think it really seriously confuses the issue. That's not to say that noticing the mistreatment of a class of people and doing something about it is wrong, but when you are trying to isolate what is right and what is wrong, I think it's pretty easy to wind up dividing by zero proving that 1==2 if you do this.
The Declaration of Independence says "we hold these truths to be self-evident: that all men are created equal..." And when I was coming up, I heard those words and believed them, and couldn't understand all the inequalities that I saw. I wasn't thrilled about the sexist language either, but that's another story.
But here we're talking about ideals, not about what is inherent. Really, when you say something is self-evident, you're contradicting yourself - if it were truly self-evident, you would not need to hold it to be true, or say that it was true, because, since it's self-evident, everybody would already agree that it was true.
So the facts on the ground 50 years ago were that enough people didn't believe people should be treated equally regardless of skin color that they *weren't* treated equally. And this is a situation that appears to persist to this day, despite the great strides that were taken in the sixties, and despite the fact that we managed to elect an african-american president.
So did they have an *inherent* right to be treated equally? The facts would suggest otherwise. That's why our parents had to work for it, and that's why there is still work for us to do. That's a crying shame, and we should work to correct the situation, but the fact that it sucks and that it shouldn't be that way doesn't change the fact that it is that way at the moment.
This is nothing new - it used to be that serfs couldn't leave the land, and were inherited by the lord of the land. It used to be that you could capture and keep slaves in much of the "civilized" world. And never in all of history has it been the case that people actually did have equal rights. The fact that we would create and aspire to an ideal like that is a truly wonderful thing, and not to be disparaged by talk of "inherent" and "natural" rights that nobody ever actually enjoyed.
They obviously don't have an "inherent" right, because if they did, we wouldn't be having this discussion. That's what an inherent right is - one that exists already. In order for it to be inherent, it would have to be the case, at a minimum, that it was broadly-enough recognized that you didn't have to fight against the average person's natural inclination. But peoples' natural inclinations are pretty clear - while people generally do seem to think that artists should be compensated, they do not agree that artists have a completely unrestricted copyright. You can see this simply by observing how people generally behave.
Copyright is a created right. It exists for a purpose: to encourage people to create new works of art. And it comes at a cost: peoples' right to copy these new works is restricted. Furthermore, peoples' right to speak about these works is restricted, and this does indeed get into the arena of freedom of speech, whether you want it to or not.
When you attempt to claim all rights to your work, in perpetuity, you are taking something away from the rest of the world. It may not be something that you consider important, but it is something that we consider important. So you have two choices: kill everyone who does not agree with you, or come to a compromise.
And that is precisely the purpose of this debate, which you seem to be arguing does not exist.
64 bits, actually.
The address is usually made up of the prefix and the interface identifier, so technically the addresses aren't random - the interface identifier is derived from the MAC address of the interface, typically. But you'd have to know the ethernet address of the device you're trying to reach, *and* its prefix, at the same time, in order to be able to attack it. Since this particular attack is valuable precisely because you don't need to know those things, IPv6 would in fact render it useless.
Having said that, I think CGA (cryptographically generated addresses) are going to get popular, and if that's so, then even knowing the MAC address won't be able to help you.
Yes, IPv6 would help here, and in a lot of other instances. With IPv6, unless you're already communicating with a host, or it has a public identity because it's a server, the chances of you guessing its IP address are vanishingly small. So this attack wouldn't work, and also the typical attack that internet worms do where they just randomly try ports on various IP addresses en masse also wouldn't work, because the statistics are no longer in their favor.
...but it's a drop in the bucket in a senate election. So while I am just as annoyed at Senator Hatch as the next geek, I think accusing him of being bought is probably tactically stupid. First, because it's probably not true. Second, because there's probably another reason he holds this particular position. And third, because he probably actually believes what he's saying.
There are two ways to get him to stop being such a powerful advocate for copyright interests. One is to get him replaced. The other is to get him to change his mind. Getting him replaced is going to be really, really hard. But by all means, go for it. Only I really doubt the average Utahn is going to vote him out on the basis of his position on copyright, even if they disagree with him. So that's a really big job.
The other possibility is that you could get him to come around to seeing how much economic damage the RIAA and MPAA positions are doing to our economy. I think that's pretty hard too. But maybe not impossible. But one thing that is impossible is that you will get him to even listen to you if you start talking about how he's blowing the MPAA to get campaign contributions. The electoral system works the way it works. I want it to change as much as you do. But it's not going to change because you make nasty accusations. It's going to change because you work for it, or not at all.
What does this have to do with the article? Are you proposing that people commute by airplane instead?
Sprawl gets built because for a variety of reasons it makes short-term economic sense. In fact most modern wood-frame houses are only good for a relatively short time, so it's a problem that will ultimately take care of itself. Just because you are "forced" to live in sprawl right now does not mean that when your house has to be rebuilt because of shoddy construction, the right thing for you to do will be to rebuild on site. Indeed, there are many examples of sprawl development right now that simply can't be sold because no-one wants to live in them. Some of this housing stock is being bulldozed because it's cheaper than keeping it around.
So the idea that you must always commute by car simply isn't true. What is more true is that if the cost of commuting by car rises enough, it will make sense to run a rail line out to your suburb.
That truism is widely disputed at this point, of course - just because a weather pattern is unusual doesn't mean that it has a causal relationship to an event that precedes it.
Get a pilot's license. Then you can really fly. It'll cost you some scratch, but you won't regret it. Well, unless you're a dumbass and fly when you shouldn't, or where you shouldn't. Which is ultimately why flying cars will never be mainstream.
This article misses a couple of important points. First of all, our amazing future *is* here. Diseases that killed you if you got them in Jules Verne's time are curable. Everybody has a car, and while we may think they pollute terribly, to someone who lived through the coal age they would seem amazingly clean. The TGV? Get out of here! Jaws would drop. Poor people living in houses with indoor plumbing? That works? Miraculous. Ubiquitous electric lights?
We do live in the amazing future. We're just used to it.
Heh. Anyway, I think the key statement from the summary is this:
When you're developing something and trying to get it to work, best is the enemy of good enough. And you can argue that GTK is good enough. But there's a huge distance between where GTK is now and "best."
So in fact I would argue that what is needed at this point is the pursuit of a new "best," not consolidation. GTK is what you get with consolidation. The toolkit that is to come won't be GTK, and it won't be KDE. That is the toolkit the google guys are asking for.
You're kidding, right? The competition is already long dead.
The flatscreen can't move with your head. More to the point, though, it's just not portable. I can't use a 50" flatscreen in the car, or on the bus, or on an airplane, or in my friend's house when I'm out of town. I spend a lot more hours in front of my laptop screen than in front of my HDTV. I would *love* to have a wearable display I could use to get work done when I'm traveling, with as much resolution as my screen at home.
However, I think that by and large, people don't really know if there is a market for high resolution displays of this type, and the cost to build them, and to get the ergonomics right, can be expected to be high. If you think about what has to go into one of these devices, it's kind of daunting.
When you put all this together, it's a nontrivial problem. I'd love it if something like this were available, and I think eventually it will be, but when people talk about it as if it's really pretty easy to do, I think they're not thinking it through.
You didn't understand the point in the comment you're replying to. Suppose you have a VPN setup. Starting from not being connected to the VPN, you plug your laptop into an internet connection somewhere. You get an IP address and DNS server IP addresses from DHCP. The DHCP client configures your host to resolve DNS using that IP address.
Now you turn on the VPN. This does not (necessarily, and clearly does not in the case we're discussions at the moment) change the IP addresses your laptop is configured to use for name resolution. So if you run all DNS queries down the tunnel, they're still going to go to your ISP's DNS server.
The only thing that's changed is how they get there. Instead of going out your internet connection to your ISP's DNS server, they're going to go across your VPN tunnel, to your work network, out your work network's internet connection, across the internet to your ISP. The response will retrace that path.
In order to use your work DNS servers to resolve names, your VPN has to be configured to change the IP addresses to which it sends DNS queries when the VPN is set up, and put things back when the VPN is torn down. If it's able to do this reliably, this isn't a bad solution, but it sounds like the VPN software we're talking about at the moment doesn't do this, because if it did, the person who posed the original question wouldn't be having this problem.
I'm not sure what your threat model is, but I suspect you are claiming one of two things: either that the VPN node might act as a router, forwarding packets around your firewall, or that the VPN node might be compromised and used as a stepping-stone onto your network.
In the case of the router vulnerability, this is something that you can control on the corporate side of things by simply not accepting packets down the VPN tunnel that don't come from the IP address that's the far endpoint of that tunnel. I'm not a VPN expert, but I would be surprised if this isn't how your VPN is configured by default.
In the case of the stepping stone, this is a fairly weak threat model, for two reasons. First, if your machine has been rooted, there's a good chance that it will phone home out through your firewall even if you route all internet access through the VPN. So it will be a stepping stone to your network anyway.
Second, if your machine has been rooted, and is running any sort of virus platform, it's going to try to infect machines on your network even if it doesn't have a link to the outside world. If you are genuinely concerned about threats originating on employee laptops, you shouldn't allow them to VPN into your network at all.
So the point is that forcing the VPN'd node to access the internet through your site is probably going to be a big inconvenience for your users (the kind of inconvenience they will hack around, possibly making you even more vulnerable) and it's not going to buy you any meaningful security.
Firewalls are great for slowing the spread of infection, and raising the cost of attacking you, but you really do need to secure every node as well, and if someone really wants to get past your firewall, and is willing to expend substantial effort to do so, you probably won't stop them without much sterner measures than the one you're advocating.
What's the benefit of blocking your internal DNS? You're firewalled off, or they wouldn't need the VPN. What's going on here is that you're doing something broken - you must have some kind of NXDOMAIN redirector running on the remote machine, and the ISP is doing something wrong, because its NXDOMAIN redirector is fooling your NXDOMAIN redirector. If you just follow the standards, the fact that they have a broken NXDOMAIN redirector wouldn't affect you.
Another option is to set up a DNS resolver that's reachable from outside your network, and also inside your network, but only answers for your internal names if the query comes from inside. Then configure all your VPN machines to always use that nameserver, and not use your ISP's nameserver.
Even if your ISP filters DNS and answers in place of your nameserver, you're okay, because as soon as the VPN is set up, all the queries will go across the VPN (since this server is on your local network). At that point you'll start getting answers for local domains because now the query is coming from a local (VPN) IP address.
This second solution is a bit more work, and of course being a DNS geek I'm biased toward just doing the right thing in the first place, so I recommend just opening up your DNS, but either way ought to work.
I think you will find that while a lot of people feel no compunction about pirating books, they don't feel so strongly about it that they're willing to do what it would take to amend the constitution. So realistically, your bombastic challenge here is just posturing.
Ms. Leguin's problem here is not that she's wrong to be disappointed at people for doing this, but rather that it *matters*. If in fact most people don't think they should pay for books, she's screwed whether the constitution gets amended or not. But in fact that's now how people work.
Generally speaking, people have a sense of fairness that means that even if some people take advantage, plenty won't. Trying to force people into compliance not only makes you look like an asshole, there's no evidence that it works. What works, frankly, is propaganda - actively appealing to peoples' sense of fairness.
This is why iTunes works. It's why a service *like* iTunes could work for books.