I don't see what people find interesting or exciting about.NET Core -- it's just a rebranding of the compact framework with some additional supported platforms. Honestly, the entire point of it seems to be to try and entice people to use Azure for hosted stuff and only use small parts of the framework for desktop apps (pushing them towards the "Universal" appy-store apps and away from full Win32 style desktop).
(there's a undetectable fault error rate, something along the lines of 1 in 10^20 bytes read or so will have an undetected error)
I just want to call this out because it's so important. That number, 10^20, sounds big, but considering the size of modern drives it's really not.
Randomly picking the WD 8TB Red NAS drive (WD60EFRX), which is designed for consume RAID as an example:
The spec sheet says the URE (unrecoverable read error) rate is at worst 1 x 10^14 per bits read. However, that drive holds 8 x 10^12 bytes! If you were to read every single byte there is about a 64% chance that at least 1 bit is read incorrectly.
(8 x 8 (bits per byte) x 10^12) / (1 x 10^14) = 64,000,000,000,000 / 100,000,000,000,000 = 0.64
Correct my math if I'm wrong, but this should make anyone think twice about using any kind of RAID as a "backup" solution. If you have a disk fail you have a better than 50/50 chance of introducing corrupt data during the rebuild process!
Frankly, ZFS-style checksumming is the future of files systems. It has to be for any data you care about.
When did Google, Facebook, and Twitter become ISPs?
This is the current excuse the right is parroting in talking points.
"Google can censor and sell customer data, therefore isn't not fair if Comcast can't!"
It's just another giant non-sequitur man being used to muddy the waters and disguise the real issues. Content providers are completely different than ISPs, especially when said ISPs get all sorts of special treatment under common carrier law.
Cloudflare provides proxying, caching, and DDoS protection (plus other things) for a huge number of websites. This means that instead of connecting directly to a website's servers, you're instead connecting to a Cloudflare server which inspects and routes the traffic to the real website.
A bug in Cloudflare's system would occasionally result in random memory contents from the Cloudflare server incorrectly getting sent back to clients in the HTTP response stream. This memory could contain anything -- random parts of a webpage, a picture, or a username and password that was recently passed through the system.
Since these memory dumps can be (and were) captured by caching systems such as Google's cached pages, Internet Archive, etc, it's not enough that Cloudflare fix the bug -- all the cached pages must also be deleted or somehow cleared of any memory dump contents. Until this happens (and frankly, it's likely an impossible goal given the size and scope), there is the potential that your username and password for some website could be saved out in a cached copy of a Cloudflare site, there just waiting for someone to find it. Attackers can, and are, scanning all of this cached data looking for such valuable leaked memory contents.
Overall it's a major bug and huge error on Cloudflare's part, but the likelihood of it impacting you seems astronomically small.
What it does do, however, is raise questions about whether or not we should have a single company acting as a back-end gatekeeper to vast swaths of the web. It also raises the question of the responsibility of sites like the Internet Archive. Should they be required to mass-delete archived sites going back years due to this bug? There is no way to recover those past cached sites. Finally, who is responsible if this breach does get exploited? Is it Cloudflare, or the website that chose to use them?
I've never been a fan of Cloudflare from a privacy and security standpoint, and this failure on their part more or less cemented my opinion.
You realize this is a nonsense phrase without meaning, right? And that you sound like a mindless dolt undermining any other points you might be making when you repeatedly parrot it? Okay.
Agreed. This is a sad first turn -- Trump's FCC may as well have sent a letter to the major ISPs saying "Hunting season on American Internet consumers is open! No tag limit!"
I was very skeptical when Wheeler was appointed to chair the FCC, given his corporate background, but he ended up being one of the most consumer-focused and practically progressive people in Obama's government.
And now? May as well say goodbye to net neutrality.
found that the number of websites listed in Alexa's top one million websites that have adopted to HTTPS has more than doubled
Why do people still use Alexa? There can't be more than a tiny handful of people who still use their crappy browser toolbar and that measuring metric has always had significant selection bias. Do they have a newer, better data source, or is there just nothing better so people fall back to a name that's familiar?
It would be nice if the major ISPs would aggregate and share all that data they save for the NSA anyway with some nonprofit org for this kind of thing.
wouldn't shit the bed when they tried to parse a URI like moz://a in a chunk of text.
If an application blows up when it encounters:// in free-form text, I have no sympathy and neither should Mozilla. Too many things try to be cute with minimal and poorly-defined markup these days and any pushback is welcome.
Must be a shitty ploy, my brand new HTC bolt came with wired headphones.
Pushing more expensive headphones might be a bonus short-term side effect, but the real victory here is the potential of closing the analog hole for mobile devices. I fully expect someone to introduce "end to end" DRM within a year or two which will require an authenticated and encrypted connection from the source (file or stream) through the mobile processor, to the headphones. Non-compliant headphones won't be able to authenticate with the host device and therefore won't be usable with certain DRM'd media.
Don't be surprised when Apple shows more "courage" and removes the analog audio connectors from their next lineup of desktops and laptops (if they haven't already). The desktop / laptop market will swiftly follow once people accept it on mobile.
Take a look at HDCP for an example of how this has already been done elsewhere.
What the hell does net neutrality have to do with the data limits on cellphone plans?
Moving away from unlimited and into more expensive and limited plans pushes people towards provider-sanctioned services for which the bandwidth does not count towards your monthly usage. This goes against network neutrality, even if the topic is bandwidth usage instead of transfer speed.
What the hell does Trump's winning the US Presidential election have to do with cellphone data plans?
Not to mention obscene contrast ratios (which is implied by your post, I guess) -- some claim 1,000,000:1, others seem to claim infinite.
Contrast ratios get silly and mostly pointless when you have a black that is fully non-emissive. It's the same as dividing by zero -- hence the claim for an infinite ratio.
With OLED panels, the important metrics will be brightness and color gamut.
Even if they've already got the library disk-cached, it's actually slower to access the disk cache, and check the cache age, and verify that there isn't a newer library version (did you know the browser often goes round-trip just to check?) than it does to simply serve the library in-line.
It depends on cache control headers originally sent by the CDN, but this is usually completely false. Google can set an Expires header a year in the future and the browser will NOT do a round trip to check. That only happens if the cache control is set to must-revalidate, and few good script CDNs will do that. Aside from that, disk will always be faster than network.
Benchmark it yourself. Serve 100KB of javascript in-line, in the middle of your html file. Compare that to a separate src= js file.
Modern browsers handle inline script very differently than those pulled in via an external file, so that confounds things somewhat. But even then, the only time it matters is the first time the user goes to any page with the jQuery (or whatever) that gets loaded from Google's CDN. After that it doesn't have to transfer it until the cache expires, so it's always going to be faster than putting it inline. Besides, putting libraries inline is 100% wrong, even if you host it yourself, because it makes client caching impossible.
Disagree. Software is not a washing machine nor a car. It does not break down over time, it is not susceptible to the elements, and it does not age in any notable way. There is literally no reason a program written and working in 1970 cannot continue to execute as well today as the day it was written. And it does! Industrial control systems, ancient government and finance mainframes, and primitive vehicle control systems all do it every day. Software doesn't rust and bit-rot is not a thing. Telling people that they need to keep their programs polished to prevent tarnish sounds like something a sketchy Geek Squad-esque computer shop might do to squeeze a hundred bucks out naive customers.
I update my software sparingly and with caution. Generally speaking, it's much more likely that usability to be lost or features broken than a serious security issue fixed. If it's a mobile app, it's much more likely that ads were added or made worse, or a feature I've used for 2 years was removed or horribly changed, or increased permissions are requested so that my personal info can be sent away to some third party than any features I actually want were added or bugs fixed.
Today's model of always-updated has some advantages but every single one is counterbalanced by the negatives. Auto-updating browsers help prevent the mire of zombies that was IE6, but it also means you're at the mercy of Microsoft, Mozilla, and Google when it comes to feature removal and their incessant need to screw around with the UI for no valid reason. Or that addon you really like and rely on suddenly stopped working because the author hasn't updated it yet.
Yes, updates to address security problems is an important topic, but all too often those updates are bundled up with all sorts of crap that few people want. It would be real nice if software companies would keep the two separate, and make it clear just what has changed between versions.
Having fun in Satnav's involuntary public beta testing program?
No worries, I'll just disable automatic updates until they sort it out.
Wait, I can't do that anymore? Oh.
Okay then, I'll just not install the optional KB3206632 update.
Wait, the only option is the December Rollup Update package? I can't disable single updates anymore? Oh.
Okay then, I'll just look for my Windows 7 installation DVD and abandon this Windows 10 shit.
Wait, they forced the same update model onto Windows 7 users? Oh.
Okay then, so Microsoft changed their update model to take away all customer control, fired most of their QA department, and now releases update after update with bugs and problems?
GPG is pretty solid right? Why not have every vehicle sign every message it sends with its private key?
PGP doesn't really help when you're dealing with transient anonymous actors. Sure they can sign the message, but where do you get the public key to verify, and how do you know the car in front of you was the originator of the message? Short range radio could be anyone within hundreds of feet -- or farther if someone's using a directed or high power transmitter.
And if a hacker starts using multiple disposable generated signatures, the vehicles could use a web of trust to exclude signals from rogue actors, or at least take them with a progressively larger grain of salt.
How do you build a web of trust from vehicles which come and go? It's not like you can have a signing party with everyone in your major metropolitan area -- not to mention people traveling through the area. And what kind of grain of salt can you take in a binary situation like this? When an EMERGENCY_BRAKE message is received the only options are to act on it or not.
PGP just doesn't really work with nothing but a big web of anonymous actors. Even a big signed vehicle database wouldn't help because new VINs hit the road every day and cars are privately bought and sold for cash.
This clearly isn't true, since the entire point of the article is that the Federal government is enacting legislation which requires V2V features on new cars. Sure, that doesn't mean that everyone must immediately go out and buy a new car, but it does mean that over time as cars wear out you will eventually be forced into a vehicle with one of these devices.
When you disagree with a law you don't wait until it's too late to change it before protesting. If you don't agree with a proposed Soylent Green law requiring mandatory euthanasia at age 60, you probably should fight against it while in your 20s and not wait until you hit 59.
Agreed. I know they've set up Hammond as "the American" on the team, what with his penchant for muscle cars and dislike of snails, but this was going way too far into absurdity. It was a harsh caricature lacking any sincerity and was just unnecessary and embarrassing.
I really hope they hit their stride, but so far I'm not sure they will. The celebrity killing bit should have ended after the first episode and the new Stig who is definitely not the Stig is neither funny nor clever. Most of the show comes across as trying too hard to be Top Gear while also being very clear that they are not Top Gear. They should have kept the format, changed names were required, and carried on.
My only hope is, that Amazon doesn't ever open a distribution or other brick and mortar physical presence in my state, and force me to start paying sales tax for purchases from them.
With $29 million unpaid sales taxes for Amazon sales to Utah in 2015, that's $400,000 of free money for Amazon. This kind of deal will spread like wildfire to other states.
"Freedom" is a loose concept that's made up of a collection of personal and collective rights. Among many, included are the right to privacy, the right to anonymous speech, and the protection against the unwarranted search of your effects. These are protected by law and legal precedent in the US because they are all critical to creating and maintaining a free society.
Mass government surveillance is a crack in the larger edifice of freedom and the chilling effects it causes will tend to make those cracks spread and get larger. And to make it all worse, the return on investment -- freedoms for promised security -- is a joke.
As others point out, we are orders of magnitude more likely to die in a car crash than an act of terror and yet people complain every day about seat belt laws. A rational re-evaluation of priorities is desperately needed today.
Well said. The only thing I would add is research shows that willpower is a limited resource and is depleted and replenished over time. A successful diet requires managing that resource and not starving yourself of willpower because that's when you fall off the wagon and the diet breaks or fails completely.
Finding ways to make yourself feel good about the diet and the progress you're making, along with normal day to day happiness is crucial for a successful diet. This is 10 times more important for people who use food as a form of comfort, which is a fair number of overweight folks.
Slashdot Mirror
I don't see what people find interesting or exciting about .NET Core -- it's just a rebranding of the compact framework with some additional supported platforms. Honestly, the entire point of it seems to be to try and entice people to use Azure for hosted stuff and only use small parts of the framework for desktop apps (pushing them towards the "Universal" appy-store apps and away from full Win32 style desktop).
(there's a undetectable fault error rate, something along the lines of 1 in 10^20 bytes read or so will have an undetected error)
I just want to call this out because it's so important. That number, 10^20, sounds big, but considering the size of modern drives it's really not.
Randomly picking the WD 8TB Red NAS drive (WD60EFRX), which is designed for consume RAID as an example:
The spec sheet says the URE (unrecoverable read error) rate is at worst 1 x 10^14 per bits read. However, that drive holds 8 x 10^12 bytes! If you were to read every single byte there is about a 64% chance that at least 1 bit is read incorrectly.
(8 x 8 (bits per byte) x 10^12) / (1 x 10^14) = 64,000,000,000,000 / 100,000,000,000,000 = 0.64
Correct my math if I'm wrong, but this should make anyone think twice about using any kind of RAID as a "backup" solution. If you have a disk fail you have a better than 50/50 chance of introducing corrupt data during the rebuild process!
Frankly, ZFS-style checksumming is the future of files systems. It has to be for any data you care about.
When did Google, Facebook, and Twitter become ISPs?
This is the current excuse the right is parroting in talking points.
"Google can censor and sell customer data, therefore isn't not fair if Comcast can't!"
It's just another giant non-sequitur man being used to muddy the waters and disguise the real issues. Content providers are completely different than ISPs, especially when said ISPs get all sorts of special treatment under common carrier law.
Game over, man :(
I'm still not sure how this affects me
Here's a very short version:
Cloudflare provides proxying, caching, and DDoS protection (plus other things) for a huge number of websites. This means that instead of connecting directly to a website's servers, you're instead connecting to a Cloudflare server which inspects and routes the traffic to the real website.
A bug in Cloudflare's system would occasionally result in random memory contents from the Cloudflare server incorrectly getting sent back to clients in the HTTP response stream. This memory could contain anything -- random parts of a webpage, a picture, or a username and password that was recently passed through the system.
Since these memory dumps can be (and were) captured by caching systems such as Google's cached pages, Internet Archive, etc, it's not enough that Cloudflare fix the bug -- all the cached pages must also be deleted or somehow cleared of any memory dump contents. Until this happens (and frankly, it's likely an impossible goal given the size and scope), there is the potential that your username and password for some website could be saved out in a cached copy of a Cloudflare site, there just waiting for someone to find it. Attackers can, and are, scanning all of this cached data looking for such valuable leaked memory contents.
Overall it's a major bug and huge error on Cloudflare's part, but the likelihood of it impacting you seems astronomically small.
What it does do, however, is raise questions about whether or not we should have a single company acting as a back-end gatekeeper to vast swaths of the web. It also raises the question of the responsibility of sites like the Internet Archive. Should they be required to mass-delete archived sites going back years due to this bug? There is no way to recover those past cached sites. Finally, who is responsible if this breach does get exploited? Is it Cloudflare, or the website that chose to use them?
I've never been a fan of Cloudflare from a privacy and security standpoint, and this failure on their part more or less cemented my opinion.
media-industrial complex
You realize this is a nonsense phrase without meaning, right? And that you sound like a mindless dolt undermining any other points you might be making when you repeatedly parrot it? Okay.
Are you that afraid of there appearing a Trump-class of ships some day?
Weapons on any Trump class ships will probably be unable to aim properly, inflicting equal damage on friend, foe, and crew.
Probably because the guns are so tiny.
Agreed. This is a sad first turn -- Trump's FCC may as well have sent a letter to the major ISPs saying "Hunting season on American Internet consumers is open! No tag limit!"
I was very skeptical when Wheeler was appointed to chair the FCC, given his corporate background, but he ended up being one of the most consumer-focused and practically progressive people in Obama's government.
And now? May as well say goodbye to net neutrality.
found that the number of websites listed in Alexa's top one million websites that have adopted to HTTPS has more than doubled
Why do people still use Alexa? There can't be more than a tiny handful of people who still use their crappy browser toolbar and that measuring metric has always had significant selection bias. Do they have a newer, better data source, or is there just nothing better so people fall back to a name that's familiar?
It would be nice if the major ISPs would aggregate and share all that data they save for the NSA anyway with some nonprofit org for this kind of thing.
wouldn't shit the bed when they tried to parse a URI like moz://a in a chunk of text.
If an application blows up when it encounters :// in free-form text, I have no sympathy and neither should Mozilla. Too many things try to be cute with minimal and poorly-defined markup these days and any pushback is welcome.
I miss Mozilla the lizard.
With so much focus on irrelevant rubbish, I'm surprised they haven't removed about:mozilla.
Must be a shitty ploy, my brand new HTC bolt came with wired headphones.
Pushing more expensive headphones might be a bonus short-term side effect, but the real victory here is the potential of closing the analog hole for mobile devices. I fully expect someone to introduce "end to end" DRM within a year or two which will require an authenticated and encrypted connection from the source (file or stream) through the mobile processor, to the headphones. Non-compliant headphones won't be able to authenticate with the host device and therefore won't be usable with certain DRM'd media.
Don't be surprised when Apple shows more "courage" and removes the analog audio connectors from their next lineup of desktops and laptops (if they haven't already). The desktop / laptop market will swiftly follow once people accept it on mobile.
Take a look at HDCP for an example of how this has already been done elsewhere.
What the hell does net neutrality have to do with the data limits on cellphone plans?
Moving away from unlimited and into more expensive and limited plans pushes people towards provider-sanctioned services for which the bandwidth does not count towards your monthly usage. This goes against network neutrality, even if the topic is bandwidth usage instead of transfer speed.
What the hell does Trump's winning the US Presidential election have to do with cellphone data plans?
Trump is an opponent of net neutrality.
Not to mention obscene contrast ratios (which is implied by your post, I guess) -- some claim 1,000,000:1, others seem to claim infinite.
Contrast ratios get silly and mostly pointless when you have a black that is fully non-emissive. It's the same as dividing by zero -- hence the claim for an infinite ratio.
With OLED panels, the important metrics will be brightness and color gamut.
What's the addon that removes all the socials buttons? I need that one.
Ghostery
Or the Easy Privacy list for AdBlock, if you don't want to use a program written and owned by the very industry you're trying to block.
You're wrong.
Actually, you are.
Even if they've already got the library disk-cached, it's actually slower to access the disk cache, and check the cache age, and verify that there isn't a newer library version (did you know the browser often goes round-trip just to check?) than it does to simply serve the library in-line.
It depends on cache control headers originally sent by the CDN, but this is usually completely false. Google can set an Expires header a year in the future and the browser will NOT do a round trip to check. That only happens if the cache control is set to must-revalidate, and few good script CDNs will do that. Aside from that, disk will always be faster than network.
Benchmark it yourself. Serve 100KB of javascript in-line, in the middle of your html file. Compare that to a separate src= js file.
Modern browsers handle inline script very differently than those pulled in via an external file, so that confounds things somewhat. But even then, the only time it matters is the first time the user goes to any page with the jQuery (or whatever) that gets loaded from Google's CDN. After that it doesn't have to transfer it until the cache expires, so it's always going to be faster than putting it inline. Besides, putting libraries inline is 100% wrong, even if you host it yourself, because it makes client caching impossible.
And the first hit is always free.
Disagree. Software is not a washing machine nor a car. It does not break down over time, it is not susceptible to the elements, and it does not age in any notable way. There is literally no reason a program written and working in 1970 cannot continue to execute as well today as the day it was written. And it does! Industrial control systems, ancient government and finance mainframes, and primitive vehicle control systems all do it every day. Software doesn't rust and bit-rot is not a thing. Telling people that they need to keep their programs polished to prevent tarnish sounds like something a sketchy Geek Squad-esque computer shop might do to squeeze a hundred bucks out naive customers.
I update my software sparingly and with caution. Generally speaking, it's much more likely that usability to be lost or features broken than a serious security issue fixed. If it's a mobile app, it's much more likely that ads were added or made worse, or a feature I've used for 2 years was removed or horribly changed, or increased permissions are requested so that my personal info can be sent away to some third party than any features I actually want were added or bugs fixed.
Today's model of always-updated has some advantages but every single one is counterbalanced by the negatives. Auto-updating browsers help prevent the mire of zombies that was IE6, but it also means you're at the mercy of Microsoft, Mozilla, and Google when it comes to feature removal and their incessant need to screw around with the UI for no valid reason. Or that addon you really like and rely on suddenly stopped working because the author hasn't updated it yet.
Yes, updates to address security problems is an important topic, but all too often those updates are bundled up with all sorts of crap that few people want. It would be real nice if software companies would keep the two separate, and make it clear just what has changed between versions.
Having fun in Satnav's involuntary public beta testing program?
No worries, I'll just disable automatic updates until they sort it out.
Wait, I can't do that anymore? Oh.
Okay then, I'll just not install the optional KB3206632 update.
Wait, the only option is the December Rollup Update package? I can't disable single updates anymore? Oh.
Okay then, I'll just look for my Windows 7 installation DVD and abandon this Windows 10 shit.
Wait, they forced the same update model onto Windows 7 users? Oh.
Okay then, so Microsoft changed their update model to take away all customer control, fired most of their QA department, and now releases update after update with bugs and problems?
Well, fuck Microsoft.
GPG is pretty solid right? Why not have every vehicle sign every message it sends with its private key?
PGP doesn't really help when you're dealing with transient anonymous actors. Sure they can sign the message, but where do you get the public key to verify, and how do you know the car in front of you was the originator of the message? Short range radio could be anyone within hundreds of feet -- or farther if someone's using a directed or high power transmitter.
And if a hacker starts using multiple disposable generated signatures, the vehicles could use a web of trust to exclude signals from rogue actors, or at least take them with a progressively larger grain of salt.
How do you build a web of trust from vehicles which come and go? It's not like you can have a signing party with everyone in your major metropolitan area -- not to mention people traveling through the area. And what kind of grain of salt can you take in a binary situation like this? When an EMERGENCY_BRAKE message is received the only options are to act on it or not.
PGP just doesn't really work with nothing but a big web of anonymous actors. Even a big signed vehicle database wouldn't help because new VINs hit the road every day and cars are privately bought and sold for cash.
No one is forcing you to buy these cars.
This clearly isn't true, since the entire point of the article is that the Federal government is enacting legislation which requires V2V features on new cars. Sure, that doesn't mean that everyone must immediately go out and buy a new car, but it does mean that over time as cars wear out you will eventually be forced into a vehicle with one of these devices.
When you disagree with a law you don't wait until it's too late to change it before protesting. If you don't agree with a proposed Soylent Green law requiring mandatory euthanasia at age 60, you probably should fight against it while in your 20s and not wait until you hit 59.
Agreed. I know they've set up Hammond as "the American" on the team, what with his penchant for muscle cars and dislike of snails, but this was going way too far into absurdity. It was a harsh caricature lacking any sincerity and was just unnecessary and embarrassing.
I really hope they hit their stride, but so far I'm not sure they will. The celebrity killing bit should have ended after the first episode and the new Stig who is definitely not the Stig is neither funny nor clever. Most of the show comes across as trying too hard to be Top Gear while also being very clear that they are not Top Gear. They should have kept the format, changed names were required, and carried on.
My only hope is, that Amazon doesn't ever open a distribution or other brick and mortar physical presence in my state, and force me to start paying sales tax for purchases from them.
Don't hold your breath. Utah just negotiated a deal with Amazon to voluntarily collect sales taxes for the state even through Amazon does not have a physical presence in Utah. In return, Amazon gets to keep 1.31% of taxes collected (with allowances of up to 18% according to the law).
With $29 million unpaid sales taxes for Amazon sales to Utah in 2015, that's $400,000 of free money for Amazon. This kind of deal will spread like wildfire to other states.
We have freedom though.
"Freedom" is a loose concept that's made up of a collection of personal and collective rights. Among many, included are the right to privacy, the right to anonymous speech, and the protection against the unwarranted search of your effects. These are protected by law and legal precedent in the US because they are all critical to creating and maintaining a free society.
Mass government surveillance is a crack in the larger edifice of freedom and the chilling effects it causes will tend to make those cracks spread and get larger. And to make it all worse, the return on investment -- freedoms for promised security -- is a joke.
As others point out, we are orders of magnitude more likely to die in a car crash than an act of terror and yet people complain every day about seat belt laws. A rational re-evaluation of priorities is desperately needed today.
Well said. The only thing I would add is research shows that willpower is a limited resource and is depleted and replenished over time. A successful diet requires managing that resource and not starving yourself of willpower because that's when you fall off the wagon and the diet breaks or fails completely.
Finding ways to make yourself feel good about the diet and the progress you're making, along with normal day to day happiness is crucial for a successful diet. This is 10 times more important for people who use food as a form of comfort, which is a fair number of overweight folks.