Re:Javascript is insecure - AJAX is security hole
on
Ruby On Rails Goes 1.1
·
· Score: 1
Safe versions of scripting would be just fine. Java's generally fine, but all the JavaScriptKiddies go whining about how overweight and clunky it is:-) Gosling et al. went to a lot of work making sure it had a security model that would make it safe to use, even if that sacrificed a bit of functionality in the process. Would it have been powerful enough to do the same things AJAX does?
And no, I don't whine about PDFs, I bitch about them, like I do about people using Flash for navigation when hyperlinks or imagemaps would work just as well. Acrobat does seem to work better these days, at least when I'm running it on a 2 GHz PC with adequate amounts of memory, and has some basic cut&paste features for text, and the annoying limitations of deploying text as PDF-flavored Postscript are deliberate choices by the people who use them, so it's malice, not incompetence...
Re:Javascript is insecure - AJAX is security hole
on
Ruby On Rails Goes 1.1
·
· Score: 1
> Do you wear a football helmet when I drive?
No, though I do sometimes wear a baseball hat. But I *do* close the car doors, hood, and trunk lid when I drive, with occasional rare exceptions when I'm hauling bulky objects, and occasionally a door doesn't get latched successfully and comes open by itself. .
Unfortunately, the big phishing targets don't appear to be running SPF - eBay, PayPal, Chase Manhattan, e-Gold, etc., and unless they do, it won't have a lot of influence on spam. SPF can't stop all the possible abuses - somebody can still register names similar to the real ones (remember paypa1.com, with a digit 1 instead of lower-case L in the name?), and even give them SPF records - but at least it would be possible to block a lot of the junk. But if *they* don't adopt SPF, or DKIM, or PGP signatures, or S/MIME signatures, then they're not much help. Any ideas on how to reach clueful people at those companies to get them on board?
SPF doesn't assume that mail is spam by default - it's a forgery-reduction tool, and assumes that forged mail is probably spam or otherwise unwanted.
More specifically, it assumes that mail from specific domains comes from specific IP addresses, and gives the owners of the domain ways to communicate those addresses.
If mail purporting to be from a given SPF-using domain comes from the wrong IP address, you can presume that it's forged and reject it.
You *could* decide to reject all email from domains that don't use SPF, but that'd be pretty foolish, given the low takeup of SPF so far.
Many spammers started advertising SPF information for their domains - that lets you be sure that email claiming to be from Nigerian-Herbal-Viagra.com is the genuine article!
The reason to make laws telling ISPs to fix the problem is because laws telling spammers not to spam at best would only stop domestic spammers, not foreign spammers. So if Australia actually wrote an effective anti-spammer law, it would push Aussie spammers offshore (or get them to spam Americans and leave spamming Aussies to us and the Chinese.) Of course, the politicians haven't written an effective anti-spam law, and it's not clear that such a thing is possible, so they're dealing with their previous failures by telling somebody else to fix the problems, and the ISPs are the other people who've got some ability to do it.
If they write laws that are too draconian, they'll break all the Aussie email providers and ISPs, and you'll will be stuck using Telstra to reach email providers in the US or Hong Kong - and Linux users probably won't be able to run their own email at home unless UUCP slides by the rules...
There are serious problems with AOL's use of GoodMail, but "paid spam" isn't one of them. Goodmail has fairly reasonable anti-spamming policies, and charges enough per message as well as their big upfront deposit. They're designed for commercial email senders that people actually do want to subscribe to - customer support mail for products, banks emailing customers, and that sort of thing. Some of it's junky mail, but it's junky mail you subscribe to, and unsubscribe have to work or the sender gets spanked.
The big problem is a combination of three things:
Goodmail is only useful for commercial mailing lists - it's not useful for people who aren't making money, whether that's non-profits or open-source developer lists or political grass-roots organizing or groups of friends or whatever, and
by whitelisting Goodmail customers, AOL can turn up the screws on other high-volume email, which is bad for spammers but also causes collateral more damage to other legitimate mailing lists.
AOL isn't providing a mechanism for people to choose whether to reject more of the non-GoodMail or not - they're just saying that the Goodmail is good.
From a social standpoint, the collateral damage is focused on non-commercial groups. I remember the days when almost any civic or recreational group typically charged a membership fee of $20-30/year, which covered printing and postage on a dead-tree newsletter. It'd be really annoying to have to go back to those days - for $20/year you can get yourself a real email provider instead of AOL:-) (You can also get free email from Yahoo, Gmail, etc., but of course the Goodmail folks and their competitors are trying to sell to them too...)
Javascript is insecure - AJAX is security hole
on
Ruby On Rails Goes 1.1
·
· Score: 3, Informative
Sigh. Rails is joining the list of things that encourage people to use Javascript applications, just as all the AJAX stuff does. So anybody who's using those applications has to toast their security.
The problem isn't that you can't write secure Javascript code - you can. The problem is that if anybody wants to *use* your nice secure AJAX/RAILS/etc. application, they need to turn Javascript ON in their browser, which means they're vulnerable to maliciously-written Javascript on any other web pages they visit.
There's no easy way around the problem if you want to run the new cool AJAX applications, and there's a lot you can do with a programming model that makes it easy to distribute functions between the client and the server. For Mozilla users, it's probably possible for somebody to implement per-site permissions for Javascript the way they do for cookies, images, etc. For IE, though, you're just toast.
My parents got their first Mac in about 1985, and gradually updated the hardware with things like a hard disk and an external fan. They get the Performa 630 some time in the early 90s, but kept the old Mac around because some third-party apps they liked never ported to 7.x. Last fall my mom finally decided she ought to upgrade to a new iMac, largely because she needed a bigger brighter screen and didn't want to burn the desk space that a large CRT would require. (Also her Mac support guy had retired and lives across town, and she doesn't drive any more.) As far as I can tell, anything she used to use on 7.x has newer versions or adequate replacements under 10.x, and she's dealt with the 6.x mailing-label program's non-portability by getting someone else to run the civic association mailing lists.
Wow - reading that NASA was going to cancel Dawn was scary - all this Daylight Savings stuff was really getting out of hand. I'm glad to know that we do get to have the sun come up again after all....
Sure, Saddam got kicked out and lots of stuff got blown up and Bush declared "Mission Accomplished". But the war's still going on, Iraqis are still getting shot and American troops are still getting shot and the US is still spending hundreds of billions of dollars a year on it and shows no sign of having an exit strategy. Your question that we might have won because of superior power or because of Saddam's incompetence or both might have been a reasonable discussion for Desert Storm - but Saddam's country has been under sanctions, no-fly-zones, and lightweight military attacks for a decade after his army was totally crushed.
Bamford's book "A Pretense for War" does some really good analysis of the events and decision-making processes that led up to 9/11 and to the Iraqi invasion, and even with the evidence available back when he wrote it, it's obvious that Rumsfeld and Wolfowitz and Bush and Cheney were all bleeding incompetents.
If the Bush Administration doesn't destroy their records of the decisions that led up to the war, it'll be real interesting to some future researchers to find out what really happened and when. There's so much evidence that they were planning for the war from the first few weeks after Bush took office, but it wasn't until after 9/11 that they had a story they could successfully sell to the public. They're doing the best they can to lock up records and intimidate leakers, but at least reasonable shards of the truth will gradually leak out.
You've got just about all of the pieces of the puzzle wrong, both economically and technically.
VOIP phones don't run media-stream bandwidth from the caller to the service provider unless they're going to an off-net gateway. A service provider typically runs a presence server, but the actual voice call goes between the two callers. Handshaking with a presence server uses very low bandwidth, a few kilobits every N seconds, while the media connection is typically 20-80 kbps for voice depending on compression and IP overhead. And yes, Google needs to buy bandwidth on their end. It's a lot cheaper per megabit for them, because they're buying gigabit quantities of the stuff, than it is for you, where the biggest cost is the wire to your house.
Telcos aren't losing a lot of customers to VOIP - they're losing them to cell phones, and especially losing second lines to cell phones (also to DSL replacing modems.)
Telcos make money selling voice service, usually charging $15-20/month for a combination of wire rental, old expensive telco switch connections, intra-LATA distribution, taxes, and detailed billing. They do get some revenue for delivering long-distance calls, or calls from competing local telcos, but since long-distance typically costs about 2 cents/minute, they're not getting subsidized they way they did when phone calls cost 25 cents/minute.
Telcos used to rent wire to CLECs for about $20/month, for lines with no phone service on them. I gather that price has gone down a lot since then, at least for shared lines, but the cost of the wire probably wouldn't go up by more than $10 if you didn't get a phone with it.
Long-haul bulk bandwidth is appallingly cheap, on a per-megabit basis - prices have been in free-fall for close to a decade, and it's a highly competitive market, and when players do go bankrupt, which used to happen pretty often, they sell off their fiber for pennies on the dollar to other carriers who cut their prices even faster. When it gets sold to consumers, it's heavily oversubscribed. Even bandwidth across oceans has become cheap. And while long-haul carriers do run cables across oceans, they don't dig tunnels under rivers, etc. - they mostly use railroad right-of-way, where all they need to do is trench, and the big problem with tunnelling under Interstates is that the highway departments are extremely uncooperative, so instead you build connections much farther apart than you'd like.
Are long-distance telcos doomed? Yes, of course, and while you probably didn't notice that most of them were making their money selling private and Internet data services to businesses rather than selling minutes to consumers, you probably have noticed that they're getting bought by local telcos (except Sprint, which is basically becoming a cellphone company after its Nextel merger.)
Local telcos probably aren't doomed - they're making money running wires to houses and office buildings, and if it gets connected to DSLAMs instead of #5ESS switches, that's not a huge deal for them. They're trying to find other revenue sources like TV, and they're buying ISPs and long-distance telcos and each other, but they'll probably stick around.
Fixed Wireless (WiMax, 802.11, etc.) is an interesting competitor - scalability turns out to be an extremely hard problem, and the long-distance telcos tried for years to get it to be an effective competitor to wireline telcos, without much success. It's making progress, but it's slow, and the Cable TV companies were always too clueless about anything except television to use it effectively.
Just speculating here, but the big market for this information is probably "tax refund loans" being sold to people who want their refund money in February and don't realize the interest rates are usually a rip-off. This change lets the tax preparation companies provide financial information to the loan companies instead of originating the loans themselves. And the people who want the loans usually aren't the most financially savvy, and therefore aren't as likely to go reading the fine print themselves - or the fine print's in the loan application, and they don't get the loan without the information permission slip.
Depending on what financial transactions you've made, some tax things can be extremely complex. We had some complex moving expenses after college, and took the taxes to H&R Block; my wife saw what they did and decided that it wasn't that bad and went into the tax preparation business for a few years. On the other hand, if your parent owns a business, sells it, and dies before the new owner has finished paying for it, and you're bright enough to follow the every-few-years changes in the tax code correctly, you end up correcting TurboTax results and having to correct IRS agents occasionally. The tax code during the 80s was only a couple of volumes long, though the relevant cases were about 10-15 volumes adding a new one every year, and it became obvious after following it for a couple of years that Congress had totally lost track of what they were doing around 1985.
TurboTax did a fine job of calculating Alternative Minimum Tax when one startup my wife worked for paid her options that were taxable and never went public - but she had to get the right basis information herself and let the software do the easy parts.
The Census Bureaucrats always claim they have never given out personal information and never will, and this is simply not true. During World War II, the US Army used Census data to identify Japanese-Americans and intern them.
US Law forbids the Census Bureau from giving out personal information, and that works just fine until either the Congress changes the laws or the Administration decides that those laws don't apply to it, for instance because the War on Terror lets them do Whatever It Takes with census data, just as they've decided that they can eavesdrop on anybody without warrants and arrest people without giving them any due process.
You've probably noticed that the Census asks for a lot of ethnic and national-origin data - especially about Hispanics; they didn't ask us Anglos to identify whether our ancestry were Brits or Scots or Irish or French or German, but they cared if you were Mexican or Cuban or Guatemalan etc. That's the kind of data that you really shouldn't trust a government with, especially when its immigration policies have demonstrable levels of racism. And while they do a reasonable level of obfuscation in the data, the number of Guatemalan-Mexican couples with two children ages seven and four living in three-bedroom 1.5-bath apartments in a given census tract is probably fairly small.
Sure, TFA talked about Google and Craigslist as being plain and ugly and homebuilt-looking, but he missed the value of the content and organization of the information.
Google's not ugly - it's plain and clean without extraneous decoration, and tries hard not to distract the user visually or slow the user down waiting for animated decorations and complex style-sheets to draw, but fundamentally the reason it wins is that it produces very good search results very fast. IMHO, the "I'm Feeling Lucky" button is extraneous decoration, though it does add some personal feel to it, but it's something that other search engines wouldn't have even considered because they didn't have good enough page ranking algorithms to make it likely that the first hit would be one you wanted.
Craigslist is also ugly - the front page hits you with every category they've got, and you can do a bit of narrowing by geography, and everything else is just date order or a search. But they've done enough community-building that there's so much content, and the interface is pretty much good enough to find what you need and a bit of extra random stuff for fun.
There are other things you can do with 2.5" USB2 enclosures besides just adding extra portable storage to your PC. For me the big issue was data recovery from a dying PC - previous generations, including IDE and SCSI in the PC world, were really inconvenient, but USB is so widely supported that the next time my laptop dies, I can pop the disk into my $29 enclosure and connect it to my other PC. (The price is real, but fortunately the laptop decided to stop overheating.)
So for me, an enclosure that comes with the drive built in and hard to access is going to be overpriced compared to a 3.5" high-capacity drive, it's not going to do what I need for recovery.
Of course, you Mac laptop people can just close the lid and tell the laptop to act like a Firewire enclosure and plug it into your other Mac, so you can avoid the problems the rest of us have:-)
I've seen a few devices out there that want multiple USB connections, not because they need more than 480Mbps of data, but because they want more power than a single USB cable provides.
I'm assuming you're in a department that does something recognized as mission-critical and that IT is supposed to be supporting you, and doing so badly, and that your departmental management understands this and is also frustrated.
Many other companies have been in this position - it's very very common as they grow.
You need to get yourself some basic storage infrastructure so you can get your work done, and somebody to manage it.
Doing this at a whole enterprise scale is hard and really does benefit a lot from high-end servers, but there's a lot you really _can_ do with basic desktop-quality equipment, whether that's PCs with big disks or Netapp-equivalent storage, and YOU need to help your boss train some clerks to install and maintain it (where "maintain" means "check the capacity and re-order pallets of blank DVD-Rs and DVD-storage cases" as opposed to "real sysadmin".) And you need to do it so your data doesn't vanish and you can get your work done.
You also need to decide whether to fix your IT department on a friendly basis or an unfriendly one. In the friendly approach, your departmental managers need to have a nice long talk with the IT managers about what you need, and together you need to go talk to upper management about getting you some professional support that can scale to a company your size. In the unfriendly approach, you ignore IT, and take a request to your bean-counters for several headcount of trained sysadmins and more equipment than you've already bought and a couple of pages of proposal about *why* you need to do it yourself instead of using the IT department.
You really don't *want* to do it yourself, so you shouldn't take the unfriendly approach, because you really want an IT department to do stuff for you rather than you having to do it all yourself, but corporate managers sometimes need to know to hit their bean-counters with 2x4s. So even if you prefer the unfriendly approach, help your departmental managers have that talk with IT first, and ask IT what extra equipment they want you to include in your requisition.
If this site is going to become something other than a me-too that gets left behind, it'll need to deal with scaling to handle millions of users, and doing so while generating enough cash flow to survive (i.e. to keep buying hardware.) This is very hard - if you fail at scalability, your system slows down enough that new users go away and use something else, and then you don't generate the millions of users you need to be really significant...
I find it highly credible that a bright 17-year-old can hack together a system that does good metadata stuff to make it more hackable and more user-friendly - but scalability is harder to learn. You also need to be able to do the kind of social engineering that gets lots of people interested in your system, and other than dumb luck, that's a very very hard thing to do by yourself.
Just about every year since the mid-90s Internet boom we hear that fuel cells will be available Real Soon Now. They're a really cool idea, you obviously want them, and I hear that they're packaging them with a free copy of Duke Nukem Forever....
Sure they had DRM in 1981 or soon after that - it was called "Copy Protection", and it was designed to keep people from stealing games and business software. It didn't work very well, got cracked, and got into an arms race of increasing annoyingness (put the specially mis-formatted floppy into the drive while tweaking the switch on the dongle and typing your password three times backwards to start the program, etc.) Eventually users told the software manufacturers to blow off and started buying usable software, though the PC games business kept at it a bit longer.
I used to commute by train, and I used to use a Palm 3 (later Palm 7), and I downloaded a number of free non-DRM ebooks to the Palm. Sure, I also carried a laptop, but that's a lot more awkward, especially if I got stuck in the more cramped seats as opposed to the less cramped seats, and I could read ebooks on the Palm while waiting for the train to arrive as well as on the train, which was a lot less trouble than the laptop. Once I got settled on the train, if I had work to do or enough news downloaded to read, I might switch to doing that, or else I might just keep reading the ebooks and/or playing DopeWars on Palm (until I'd learned the trick for reaching improbably high scores and gotten bored.)
My wife gave me one of these back when they were new and about $500, maybe 5-6 years ago. Much geekier than the modern GPS watch in the article - it was a much bigger challenge fitting all of those parts into a wrist-sized package back then. It didn't have a lot of features, and wasn't blazingly fast, but it was high geek cred, and I was very happy about it.
You'd have job waiting for you in that IT department if they hadn't outsourced it...
Graphics cards have a finite amount of resources in them, such as memory, and they decided to spend the resources on more color depth per pixel instead of more pixels. 1024x768 is more resolution than 800x600. 800x600x24 is better than 800x600x8, but as a programmer, or writer, or diagram-drawer, or web-reader, I need more pixels a lot more than I need more colors. For looking at satellite imagery in the late 80s, it would have been nice to have more than 256 grey-scale (not that you could really see more than about 64 greys on the CRTs we had, but it would have given us more bits for overlays or false-color or let us avoid having the screen flash palettes as you switched between windows.)
And no, I don't whine about PDFs, I bitch about them, like I do about people using Flash for navigation when hyperlinks or imagemaps would work just as well. Acrobat does seem to work better these days, at least when I'm running it on a 2 GHz PC with adequate amounts of memory, and has some basic cut&paste features for text, and the annoying limitations of deploying text as PDF-flavored Postscript are deliberate choices by the people who use them, so it's malice, not incompetence...
No, though I do sometimes wear a baseball hat. But I *do* close the car doors, hood, and trunk lid when I drive, with occasional rare exceptions when I'm hauling bulky objects, and occasionally a door doesn't get latched successfully and comes open by itself. .
Unfortunately, the big phishing targets don't appear to be running SPF - eBay, PayPal, Chase Manhattan, e-Gold, etc., and unless they do, it won't have a lot of influence on spam. SPF can't stop all the possible abuses - somebody can still register names similar to the real ones (remember paypa1.com, with a digit 1 instead of lower-case L in the name?), and even give them SPF records - but at least it would be possible to block a lot of the junk. But if *they* don't adopt SPF, or DKIM, or PGP signatures, or S/MIME signatures, then they're not much help. Any ideas on how to reach clueful people at those companies to get them on board?
If they write laws that are too draconian, they'll break all the Aussie email providers and ISPs, and you'll will be stuck using Telstra to reach email providers in the US or Hong Kong - and Linux users probably won't be able to run their own email at home unless UUCP slides by the rules...
The big problem is a combination of three things:
- Goodmail is only useful for commercial mailing lists - it's not useful for people who aren't making money, whether that's non-profits or open-source developer lists or political grass-roots organizing or groups of friends or whatever, and
- by whitelisting Goodmail customers, AOL can turn up the screws on other high-volume email, which is bad for spammers but also causes collateral more damage to other legitimate mailing lists.
- AOL isn't providing a mechanism for people to choose whether to reject more of the non-GoodMail or not - they're just saying that the Goodmail is good.
From a social standpoint, the collateral damage is focused on non-commercial groups. I remember the days when almost any civic or recreational group typically charged a membership fee of $20-30/year, which covered printing and postage on a dead-tree newsletter. It'd be really annoying to have to go back to those days - for $20/year you can get yourself a real email provider instead of AOLThe problem isn't that you can't write secure Javascript code - you can. The problem is that if anybody wants to *use* your nice secure AJAX/RAILS/etc. application, they need to turn Javascript ON in their browser, which means they're vulnerable to maliciously-written Javascript on any other web pages they visit.
There's no easy way around the problem if you want to run the new cool AJAX applications, and there's a lot you can do with a programming model that makes it easy to distribute functions between the client and the server. For Mozilla users, it's probably possible for somebody to implement per-site permissions for Javascript the way they do for cookies, images, etc. For IE, though, you're just toast.
My parents got their first Mac in about 1985, and gradually updated the hardware with things like a hard disk and an external fan. They get the Performa 630 some time in the early 90s, but kept the old Mac around because some third-party apps they liked never ported to 7.x. Last fall my mom finally decided she ought to upgrade to a new iMac, largely because she needed a bigger brighter screen and didn't want to burn the desk space that a large CRT would require. (Also her Mac support guy had retired and lives across town, and she doesn't drive any more.) As far as I can tell, anything she used to use on 7.x has newer versions or adequate replacements under 10.x, and she's dealt with the 6.x mailing-label program's non-portability by getting someone else to run the civic association mailing lists.
Wow - reading that NASA was going to cancel Dawn was scary - all this Daylight Savings stuff was really getting out of hand. I'm glad to know that we do get to have the sun come up again after all....
Bamford's book "A Pretense for War" does some really good analysis of the events and decision-making processes that led up to 9/11 and to the Iraqi invasion, and even with the evidence available back when he wrote it, it's obvious that Rumsfeld and Wolfowitz and Bush and Cheney were all bleeding incompetents.
If the Bush Administration doesn't destroy their records of the decisions that led up to the war, it'll be real interesting to some future researchers to find out what really happened and when. There's so much evidence that they were planning for the war from the first few weeks after Bush took office, but it wasn't until after 9/11 that they had a story they could successfully sell to the public. They're doing the best they can to lock up records and intimidate leakers, but at least reasonable shards of the truth will gradually leak out.
And yes, Google needs to buy bandwidth on their end. It's a lot cheaper per megabit for them, because they're buying gigabit quantities of the stuff, than it is for you, where the biggest cost is the wire to your house.
Just speculating here, but the big market for this information is probably "tax refund loans" being sold to people who want their refund money in February and don't realize the interest rates are usually a rip-off. This change lets the tax preparation companies provide financial information to the loan companies instead of originating the loans themselves. And the people who want the loans usually aren't the most financially savvy, and therefore aren't as likely to go reading the fine print themselves - or the fine print's in the loan application, and they don't get the loan without the information permission slip.
TurboTax did a fine job of calculating Alternative Minimum Tax when one startup my wife worked for paid her options that were taxable and never went public - but she had to get the right basis information herself and let the software do the easy parts.
US Law forbids the Census Bureau from giving out personal information, and that works just fine until either the Congress changes the laws or the Administration decides that those laws don't apply to it, for instance because the War on Terror lets them do Whatever It Takes with census data, just as they've decided that they can eavesdrop on anybody without warrants and arrest people without giving them any due process.
You've probably noticed that the Census asks for a lot of ethnic and national-origin data - especially about Hispanics; they didn't ask us Anglos to identify whether our ancestry were Brits or Scots or Irish or French or German, but they cared if you were Mexican or Cuban or Guatemalan etc. That's the kind of data that you really shouldn't trust a government with, especially when its immigration policies have demonstrable levels of racism. And while they do a reasonable level of obfuscation in the data, the number of Guatemalan-Mexican couples with two children ages seven and four living in three-bedroom 1.5-bath apartments in a given census tract is probably fairly small.
Google's not ugly - it's plain and clean without extraneous decoration, and tries hard not to distract the user visually or slow the user down waiting for animated decorations and complex style-sheets to draw, but fundamentally the reason it wins is that it produces very good search results very fast. IMHO, the "I'm Feeling Lucky" button is extraneous decoration, though it does add some personal feel to it, but it's something that other search engines wouldn't have even considered because they didn't have good enough page ranking algorithms to make it likely that the first hit would be one you wanted.
Craigslist is also ugly - the front page hits you with every category they've got, and you can do a bit of narrowing by geography, and everything else is just date order or a search. But they've done enough community-building that there's so much content, and the interface is pretty much good enough to find what you need and a bit of extra random stuff for fun.
So for me, an enclosure that comes with the drive built in and hard to access is going to be overpriced compared to a 3.5" high-capacity drive, it's not going to do what I need for recovery.
Of course, you Mac laptop people can just close the lid and tell the laptop to act like a Firewire enclosure and plug it into your other Mac, so you can avoid the problems the rest of us have :-)
I've seen a few devices out there that want multiple USB connections, not because they need more than 480Mbps of data, but because they want more power than a single USB cable provides.
I find it highly credible that a bright 17-year-old can hack together a system that does good metadata stuff to make it more hackable and more user-friendly - but scalability is harder to learn. You also need to be able to do the kind of social engineering that gets lots of people interested in your system, and other than dumb luck, that's a very very hard thing to do by yourself.
Just about every year since the mid-90s Internet boom we hear that fuel cells will be available Real Soon Now. They're a really cool idea, you obviously want them, and I hear that they're packaging them with a free copy of Duke Nukem Forever....
Sure they had DRM in 1981 or soon after that - it was called "Copy Protection", and it was designed to keep people from stealing games and business software. It didn't work very well, got cracked, and got into an arms race of increasing annoyingness (put the specially mis-formatted floppy into the drive while tweaking the switch on the dongle and typing your password three times backwards to start the program, etc.) Eventually users told the software manufacturers to blow off and started buying usable software, though the PC games business kept at it a bit longer.
I used to commute by train, and I used to use a Palm 3 (later Palm 7), and I downloaded a number of free non-DRM ebooks to the Palm. Sure, I also carried a laptop, but that's a lot more awkward, especially if I got stuck in the more cramped seats as opposed to the less cramped seats, and I could read ebooks on the Palm while waiting for the train to arrive as well as on the train, which was a lot less trouble than the laptop. Once I got settled on the train, if I had work to do or enough news downloaded to read, I might switch to doing that, or else I might just keep reading the ebooks and/or playing DopeWars on Palm (until I'd learned the trick for reaching improbably high scores and gotten bored.)
My wife gave me one of these back when they were new and about $500, maybe 5-6 years ago. Much geekier than the modern GPS watch in the article - it was a much bigger challenge fitting all of those parts into a wrist-sized package back then. It didn't have a lot of features, and wasn't blazingly fast, but it was high geek cred, and I was very happy about it.
Graphics cards have a finite amount of resources in them, such as memory, and they decided to spend the resources on more color depth per pixel instead of more pixels. 1024x768 is more resolution than 800x600. 800x600x24 is better than 800x600x8, but as a programmer, or writer, or diagram-drawer, or web-reader, I need more pixels a lot more than I need more colors. For looking at satellite imagery in the late 80s, it would have been nice to have more than 256 grey-scale (not that you could really see more than about 64 greys on the CRTs we had, but it would have given us more bits for overlays or false-color or let us avoid having the screen flash palettes as you switched between windows.)