Won't this screw up Cleartype? At least until they have an option to support this particular sub-pixel organization. Does Cleartype support multiple sub-pixel orderings right now? Although this seems like it would be a bit more complex, since the ordering changes not just on the x axis, but is differently laid out on the y axis as well.
Sounds like an interesting problem. I wonder how much information modern lcd displays give the cpu about their sub-pixel layout.
Which brings me to another question -- I wonder if anyone has looked into designing an image format which contained extra data to allow sub-pixel display layout of the image? Or whether there are any image display programs that take advantage of sub-pixel layout when scaling. Or further, hardware scaling routines on laptops (for when you're at lower resolution) that use it. (On the other hand, images are probably more color sensitive than text, so this might not work nearly as well).
From the article: In particular, the updated video format is capable of quality double that of DVDs while taking up half the space, Fester said.
I've always wondered, how do they measure "double the quality"? Is there a heuristic comparison they can run on the decompressed and original images to determine quality loss? (I say heuristic because perceived quality is most definitely not the same thing as information loss -- which is the whole basis behind the psychoacoustic models used for MP3s. Do they use similar things for video?) Can they say, "this new codec is only 1.8 times the quality of the old one"? Or is there some guy watching the video who goes, "that looks twice as good!"?
Further, wouldn't twice the quality in half the space be translatable to some single measure, such as four times the quality in the same space, or equal quality in one quarter the space?
Sounds like marketing crap to me, but I could be wrong.
That's a very good point, and a true one, so let my clarify what I'm trying to question. Perhaps I expressed it badly in my original post. I can almost believe that 1 in 6 people are handicapped, but I have a very hard time believing that 1 in 6 is handicapped to the point that they need to (or want to) use accessibility aids in order to use a computer -- and that's the context in which the statistics were quoted. But now that I look more closely, I see that the original lecture was on "Handicapped Accessibility in Technology," and not just in computers, so perhaps there's a significantly broader audience than I thought at first.
Depending on how broad you are with your definition of handicapped, I'm sure you can produce a very large swing in the number of people who qualify. At what point does bad eyesight become a handicap? How about a leg injury? Any number of progressive diseases? There's too much grey area... It just makes it a hard statistic to make useful.
So more than 1 in 6 people is handicapped. *Looks around the room.* I know of one person out of the 110 or so in my workplace that is "handicapped" to the point that they use accessibility options. Admittedly, there are reasons why my workplace would be lower than average on the number of handicapped people, but I was wondering just what the criteria used were.
Note that I'm _not_ saying that there aren't a lot of handicapped people around, or that accessibilty options aren't important (they're very important to that one individual, who is in turn very important to us). I'm just curious about how those statistics were arrived at, since it feels like an astoundingly high number to me.
After all, 95% of statistics are made up on the spot.
-Puk
p.s. If you're going to flame me about my use of the word handicapped or claiming I'm downplaying the importance of accessibility tools, please don't even bother.
[sic] doesn't indicate a spelling mistake. From webster:
3 sic \'sik, 's<e^->k\ adv (ca. 1859)
[L, so, thus -- more at SO]
:intentionally so written -- used after a printed word or passage to
indicate that it is intended exactly as printed or to indicate that
it exactly reproduces an original <said he seed [sic] it all>
So even if the original author used "computor" to indiciate some different meaning or usage, but a large part of slashdot would assume it was a typo (which we evidently would), [sic] is appropriate.
Man, this is an unusually anal post for me. It's too cold.
-Puk
p.s. For what it's worth, webster doesn't have "computor".:)
I think Reuters is being completely irresponsible by reporting this hole before a fix can be completed by all affected parties. The only current known fix for this hole is to make sure less matter falls in than energy is radiated by the hole, and keep it that way for a long time. In the meantime (however many millions and millions of years that takes), script kiddies with FTL drive capabilities will be having a field day.
Slashdot is just contributing to the problem by spreading the news. Sheesh!
-Puk
p.s. This hole is hardly a surprise. We've found that space is riddled with such holes, and to my knowledge, none of them have been closed. If space was open source to begin with, enterprising hackers would have found these holes long ago, and plugged them with Bill Gates' ego.
Definitely check out cygwin. It comes with an implementation of bash which works pretty well. I haven't really checked as to whether it has other shells, or whether they will compile with cygwin, but I wouldn't be suprised. The installation is pretty flexible and painless, it it gives you a whole slew of useful unix (including perl, grep, awk, etc.) utils pretty seamlessly under windows. A lot of stuff that doesn't come with it is available separately.
Also, if you want a dos-style CLI with a lot of the more useful features of unix ones, check out 4NT (and related) from jpsoft. I've been using it on and off for years, and I love it. It hurts to use the built-in MS CLI now.
That's a good point. It's certainly possibly, but it's even more difficult than getting 'if (!strcmp(username, "CIAsekritacc0unt") setuid (0);' into the source code by getting a patch containing that accepted by some kernel maintainers.
If you're the CIA (or FBI, but I never had them pegged for subtlety), you need to make it look like an accident. In your patch, you need to place a hidden buffer overrun, or race condition, or something even more subtle, that won't be immediately obvious _and_ has some actual use in your patch. The person who submits the patch needs plausible deniability -- the ability to deny any knowledge (or complicity in creating) the hole, and have it be at least somewhat believable.
Since Windows is closed source, even if the hole was found by "outsiders", only people inside MS would know where in the source it was located, how it got there, and who put it there. This makes it a lot easier on them, especially if Microsoft (or a small segment of it) is in on the deal.
I'm not claiming this has or will happen, btw... I just thought the idea was interesting and thought it was funny how this explained the acceptance of XP, the back-off of the DOJ, and the explanation of Enhanced Carnivore (XP?) all in one.:)
-Puk
p.s. If I suddenly stop posting, I probably guessed right.;)
At first I thought that this was just stupid, because no one running a reasonably secure system, keeping up to date with the latest patches, etc, would be caught by it. But then I thought: why rely on already known (and fixed) and other yet undiscovered holes, when you can roll your own?
recently seen in #anti-trust:
*** BillG is now known as GMoney ***
<GMoney> How can we get out of this DOJ crap?
<FBI> I have this "security patch" I'd like you to distributed through Windows Update. Say it fixes some hole using malformed URLs in IE5 and IE6. No one will blink twice. I'm not even sure most XP users can read.
<GMoney> Will you put in a good word for me with the DOJ?
<FBI> Sure.
<FBI> DOJ: Let Microsoft go scott-free, or I post incriminating pictures of John Ahscroft and Hilary Rosen to usenet.
<DOJ> Rokie dokie, baws.
GMoney laughs maniacally.
FBI laughs maniacally.
DOJ tries to laugh maniacally, but chokes on the pencil eraser he was chewing.
*poof*. Insta-hole. Security patches are worthless if you can't trust the source. And yes, this wouldn't work with non-MS OSes, especially decentralized open source ones. I hope.
You don't actually mean that, do you? You don't gain money by making tax deductible donations, you know -- you just lose less than the gross amount you donated.
Wait a minute... You're drunk right now, aren't you?!
That was one of my favorite exchanges every on the Drew Carrey show. Assuming that's what you were referring to.
-Puk
"I came to work drunk, and you turned me in."
"You came to work drunk."
"And you turned me in."
...
"Wait a minute... you're drunk right now!"
or something like that
Re:why so negative towards xbox?
on
XBox Released
·
· Score: 2
These are the very people Microsoft is trying to target, here.
Is this true? I'm not saying it's not true, just that I'm not sure.
What I wonder is -- what percentage of consoles are bought by "gamers", and what percentage by "other". "Other" includes parents buying for their kids, college students who want a console in their dorm to mess around with, and the like.
What's the breakdown for console _games_?
Companies don't care if they are hated by a core group that spends the most mental energy on gaming, only if they sell more consoles to those who spend the most money on gaming.
Does anyone have any statistics like what I'm asking for?
Individual parents may be sued in civil court by any offspring who feels that they were harmed by the actions of their parents. The offspring shall be given presumption in all cases and does not have to prove that their parent's actions actually resulted in any harm to them, only that those actions could reasonably be considered to have the potential to harm the offspring or the offspring's development as a child.
Reminds me of something I did back at school. I was sitting in my apartment, logged in on my own linux machine as well as remotely to one of our lab machines, and I wanted to start up XMMS to play some music.
Of course, I seriously abuse screen, and it's very easy to mix up what terminal is what. So I start up XMMS, and get no sound. After some poking my equipment for a few seconds, and realizing what I had done, I kill XMMS and start it up again locally. All is well.
When I get into work the next day, my officemate says something to the effect of, "Dude, it was really weird. Your computer is possesed or something. Yesterday I was just sitting here working, and your computer started BLASTING music for like 10 seconds, and then stopped." I almost died laughing. Wish I remembered what song it was.
Not on Halloween, but funny. Maybe a subtle friend was playing audio from your machine remotely?:)
What you're saying here is that historically, we have used a deductive approach, generating theories and the confirming them with our technology.
I worry about too much reliance on an absolute technology, though. Even if you take a bore of soil and can tell the exact day when each item fell into it, you still learn nothing about trade routes, cultures, mythologies, ancient lifestyles, etc.
This only becomes a worry if you are still working on the inductive approach. When you have accurate enough data in large enough quantities, you can use a deductive approach to generate your theories from the data itself. In the presences of such data, this can be very effective. You can take that soil, find when every item fell into it, and use that to guess at trade routes, rather than guessing at trade routes and then using the bore to see if you were right.
Just because we developed archaeology without carbon dating and then used carbon dating to verify the theories of previous archaeological work doesn't mean that's the best way to do it. Just because it's a different approach doesn't mean it's any worse then then "anthropological" approach. The best results will surely come of combining anthropology and technology (and, more than likely, deduction and induction), but the order in which they are applied may shift. Times change, technologies change, and sometimes we have to change our ways of thinking in order to keep on doing better.
Your example is not so good (since it's a famous person, which a lot of people can identify without using SSN, and so could recognize an imposter), but I get the idea. However, identity theft/fraud is a big problem today, and having someone's SSN can get you pretty far (especially if you have other pseudo-secret info like DOB and Mother's maiden name). Just because I don't know how to accomplish something bad with that SSN doesn't mean it's not easy -- I have no inclination to learn how. On the other hand, I agree with your conclusion:
stop once and for all this nonsense about a publically available number being used for security purposes
That's exactly right. SSN shouldn't be used for security because it's so easily available. Just make it more available and stop using it for that purpose. On the other hand, this means we shouldn't be making our fingerprints and DNA scans easily available for exactly the same reasons. In addition, it's easier to stop using your SSN (you can get a new one) than your fingers or your DNA.
One could argue that fingerprints and DNA are already easily available, but how many people do you know with a DNA sequencer in their basement?
"It's not a good idea to carry your SSN card with you (or other documents
that contain your SSN). If you should lose your wallet or purse, your SSN
would make it easier for a thief to apply for credit in your name or
otherwise fraudulently use your number."
Now imagine if said card also contained or linked to a database containing your fingerprints, facial scans, and DNA sequencing. Better hope you don't ever drop your wallet, or get it stolen.
You're going on the assumption that it's a good thing that they can laways track you. Some people would prefer not to have the government living with them 24 hours a day.
The question is, what benefit does this new card give us? We already have "voluntary" (bleh) id cards of several sorts. What does having this gigantic database accomplish that the current system doesn't? How would this have changed the events of September 11th, and even if it did alter them, was it worth the guy at the airport being able to print out a nice copy of my fingerprint for home use?
He asked that the security people "stop releasing sample code that exploits security holes". In the article, hey says, "We can and should discuss security vulnerabilities, but we should be smart, prudent, and responsible in the way we do it."
Is this so bad? He's not saying they shouldn't find and publish the security holes. Just that they shouldn't release sample code which exploits it. (For the record, I wasn't even aware they did this. All of the security advisory's I've seen -- noting that I'm not in the IT industry, and haven't seen that many -- simply describe the vulnerability, without code that exploits it.)
I actually agree with this. Explaining the vulnerability is good. It helps the developers find and fix the problem. Yes, it helps the crackers exploit the problem too, but that's the price. But releasing code which actually exploits it helps the crackers far for than it helps the developers. It speeds up the cracker's development cycle a lot more than the actual original coders'. Why do they need to do this?
Now the lines between "not enough" and "enough" and "too much" information may be hard to discern. Clearly saying "there's a buffer overflow vulnerability somewhere in IIS" isn't enough, and "here's a worm that takes advantage of the buffer overflow in IIS" is too much, but finding the middle ground can be difficult. But I don't think the article was advocating the security through obscurity mode of thought, just advocating a shift in the amount of detailed info the security reports provide.
-Puk
p.s. Please don't take this as an indication that I like Microsoft at all.:)
...even for Sega. Sega's cartridge-based NAOMI arcade system is the same hardware as the Dreamcast. (At least, when released, it was the same hardware, with an extensible architecture, meaning it could be extended to improve rendering speed above that over the DC, for future "arcade-improved" releases).
This is why their recent ports of the arcade games have been so quick (simultaneous arcade and home releases), and so "arcade-perfect". No time was spent porting the game engines, just on the interface changes.
I believe they also have a software porting layer for the ps2, now, so that they can do essentially simultaneous releases of Arcade, DC, and PS2 (see Capcom vs. SNK 2).
So they've done this before, and it seems to have had the desired effects for the most part. Why not do this, if it doesn't cost too much to adapt the hardware, when you can do the same home development and get an arcade version of the game "for free", to make whatever money you can off that. Now they're just doing it for someone else's system instead of their own, much like making their games for others' systems, instead of their own.
Make your own MP3, don't release it publicly, keep it on your (password-protected) machine, and when they break in, sue them under the DMCA for circumventing your copyrighted work's "technological protection measure".
I agree with what you said, to a point. However, I'm not sure the net is so much more reliable, taken at face value.
Consider this: How many times have you watched TV coverage of a subject you know and understand and you find yourself thinking "they're getting it wrong, that's false, they're missing it,..."?
I was nearly crying in my chair yesterday reading the Slashdot article Scientists Double Optical Fiber Transmission Capacity. That (along with most of the optical networking posts and commentary I've seen here) are so full of misinformation, poor assumptions, and incorrect assertions that it hurts, and I've only been in the industry a year. I refrain from posting on such posts because I know it will suck up way too much time.
I realize that Slashdot and other news sites don't have the breadth of knowledge to screen and fix everything that comes through, and that everything I read here must be taken with a grain of salt and a pound of research. That's why I still read Slashdot almost religiously. But how many "regular" people out there realize that about TV, or even about the Net? Just because the Net is "less" censored or wrong as a whole doesn't mean it isn't less so on an individual site basis.
I said at the beginning that I agreed with you, and I do. I think the variety the net gives and allows makes up for the quantity of misinformation around. TV doesn't allow that variety. If a person wants to put in the effort to gather their information from multiple sources and draw their own conclusions, they can do quite well on TV and on the net -- but better on the net. I just wanted to add this point.
This is a good point, but not an a perfect analogy (of course, nothing is a perfect analogy, or it would be the same thing:).
When we release the linux source, we're pretty sure that it's secure enough that no one can write a piece of code to permanently destroy all the hardware in any running linux box in a short period of time.
We (or at least, I) have no such confidence in genomes. Genome mapping is not fast, and just having a genome at this point doesn't necessarily give you a cure. (See: AIDS). Perhaps by the time scientists can effectively re-enginner a virus, they will be able to use that same genome to engineer a cure/vaccine. I don't know.
But in the in-between time, someone could (theoretically) create a virus that killed enough people and spread fast enough to wipe essentially everyone out before a cure was found. I'm not sure whether our immune systems or the variations with people would always be enough to stop it.
Mind you, I'm against this sort of activity (mapping the genomes of diseases). Right now I see more good coming of it than harm. But in the long run, I haven't really decided what I think yet -- I have no idea what the chances of each side cutting are.
Slashdot Mirror
Won't this screw up Cleartype? At least until they have an option to support this particular sub-pixel organization. Does Cleartype support multiple sub-pixel orderings right now? Although this seems like it would be a bit more complex, since the ordering changes not just on the x axis, but is differently laid out on the y axis as well.
Sounds like an interesting problem. I wonder how much information modern lcd displays give the cpu about their sub-pixel layout.
Which brings me to another question -- I wonder if anyone has looked into designing an image format which contained extra data to allow sub-pixel display layout of the image? Or whether there are any image display programs that take advantage of sub-pixel layout when scaling. Or further, hardware scaling routines on laptops (for when you're at lower resolution) that use it. (On the other hand, images are probably more color sensitive than text, so this might not work nearly as well).
Well, random thoughts.
-Puk
From the article: In particular, the updated video format is capable of quality double that of DVDs while taking up half the space, Fester said.
I've always wondered, how do they measure "double the quality"? Is there a heuristic comparison they can run on the decompressed and original images to determine quality loss? (I say heuristic because perceived quality is most definitely not the same thing as information loss -- which is the whole basis behind the psychoacoustic models used for MP3s. Do they use similar things for video?) Can they say, "this new codec is only 1.8 times the quality of the old one"? Or is there some guy watching the video who goes, "that looks twice as good!"?
Further, wouldn't twice the quality in half the space be translatable to some single measure, such as four times the quality in the same space, or equal quality in one quarter the space?
Sounds like marketing crap to me, but I could be wrong.
-Puk
That's a very good point, and a true one, so let my clarify what I'm trying to question. Perhaps I expressed it badly in my original post. I can almost believe that 1 in 6 people are handicapped, but I have a very hard time believing that 1 in 6 is handicapped to the point that they need to (or want to) use accessibility aids in order to use a computer -- and that's the context in which the statistics were quoted. But now that I look more closely, I see that the original lecture was on "Handicapped Accessibility in Technology," and not just in computers, so perhaps there's a significantly broader audience than I thought at first.
Depending on how broad you are with your definition of handicapped, I'm sure you can produce a very large swing in the number of people who qualify. At what point does bad eyesight become a handicap? How about a leg injury? Any number of progressive diseases? There's too much grey area... It just makes it a hard statistic to make useful.
-Puk
285,663,670 / 50,000,000 = 5.71.
So more than 1 in 6 people is handicapped. *Looks around the room.* I know of one person out of the 110 or so in my workplace that is "handicapped" to the point that they use accessibility options. Admittedly, there are reasons why my workplace would be lower than average on the number of handicapped people, but I was wondering just what the criteria used were.
Note that I'm _not_ saying that there aren't a lot of handicapped people around, or that accessibilty options aren't important (they're very important to that one individual, who is in turn very important to us). I'm just curious about how those statistics were arrived at, since it feels like an astoundingly high number to me.
After all, 95% of statistics are made up on the spot.
-Puk
p.s. If you're going to flame me about my use of the word handicapped or claiming I'm downplaying the importance of accessibility tools, please don't even bother.
At first, I thought, "eh". But then I remembered this post.
-Puk
So even if the original author used "computor" to indiciate some different meaning or usage, but a large part of slashdot would assume it was a typo (which we evidently would), [sic] is appropriate.
Man, this is an unusually anal post for me. It's too cold.
-Puk
p.s. For what it's worth, webster doesn't have "computor".
I think Reuters is being completely irresponsible by reporting this hole before a fix can be completed by all affected parties. The only current known fix for this hole is to make sure less matter falls in than energy is radiated by the hole, and keep it that way for a long time. In the meantime (however many millions and millions of years that takes), script kiddies with FTL drive capabilities will be having a field day.
Slashdot is just contributing to the problem by spreading the news. Sheesh!
-Puk
p.s. This hole is hardly a surprise. We've found that space is riddled with such holes, and to my knowledge, none of them have been closed. If space was open source to begin with, enterprising hackers would have found these holes long ago, and plugged them with Bill Gates' ego.
Definitely check out cygwin. It comes with an implementation of bash which works pretty well. I haven't really checked as to whether it has other shells, or whether they will compile with cygwin, but I wouldn't be suprised. The installation is pretty flexible and painless, it it gives you a whole slew of useful unix (including perl, grep, awk, etc.) utils pretty seamlessly under windows. A lot of stuff that doesn't come with it is available separately.
Also, if you want a dos-style CLI with a lot of the more useful features of unix ones, check out 4NT (and related) from jpsoft. I've been using it on and off for years, and I love it. It hurts to use the built-in MS CLI now.
-Puk
That's a good point. It's certainly possibly, but it's even more difficult than getting 'if (!strcmp(username, "CIAsekritacc0unt") setuid (0);' into the source code by getting a patch containing that accepted by some kernel maintainers.
:)
;)
If you're the CIA (or FBI, but I never had them pegged for subtlety), you need to make it look like an accident. In your patch, you need to place a hidden buffer overrun, or race condition, or something even more subtle, that won't be immediately obvious _and_ has some actual use in your patch. The person who submits the patch needs plausible deniability -- the ability to deny any knowledge (or complicity in creating) the hole, and have it be at least somewhat believable.
Since Windows is closed source, even if the hole was found by "outsiders", only people inside MS would know where in the source it was located, how it got there, and who put it there. This makes it a lot easier on them, especially if Microsoft (or a small segment of it) is in on the deal.
I'm not claiming this has or will happen, btw... I just thought the idea was interesting and thought it was funny how this explained the acceptance of XP, the back-off of the DOJ, and the explanation of Enhanced Carnivore (XP?) all in one.
-Puk
p.s. If I suddenly stop posting, I probably guessed right.
At first I thought that this was just stupid, because no one running a reasonably secure system, keeping up to date with the latest patches, etc, would be caught by it. But then I thought: why rely on already known (and fixed) and other yet undiscovered holes, when you can roll your own?
recently seen in #anti-trust:
*** BillG is now known as GMoney ***
<GMoney> How can we get out of this DOJ crap?
<FBI> I have this "security patch" I'd like you to distributed through Windows Update. Say it fixes some hole using malformed URLs in IE5 and IE6. No one will blink twice. I'm not even sure most XP users can read.
<GMoney> Will you put in a good word for me with the DOJ?
<FBI> Sure.
<FBI> DOJ: Let Microsoft go scott-free, or I post incriminating pictures of John Ahscroft and Hilary Rosen to usenet.
<DOJ> Rokie dokie, baws.
GMoney laughs maniacally.
FBI laughs maniacally.
DOJ tries to laugh maniacally, but chokes on the pencil eraser he was chewing.
*poof*. Insta-hole. Security patches are worthless if you can't trust the source. And yes, this wouldn't work with non-MS OSes, especially decentralized open source ones. I hope.
-Puk
You don't actually mean that, do you? You don't gain money by making tax deductible donations, you know -- you just lose less than the gross amount you donated.
-Puk
Wait a minute... You're drunk right now, aren't you?!
That was one of my favorite exchanges every on the Drew Carrey show. Assuming that's what you were referring to.
-Puk
"I came to work drunk, and you turned me in."
"You came to work drunk."
"And you turned me in."
...
"Wait a minute... you're drunk right now!"
or something like that
These are the very people Microsoft is trying to target, here.
Is this true? I'm not saying it's not true, just that I'm not sure.
What I wonder is -- what percentage of consoles are bought by "gamers", and what percentage by "other". "Other" includes parents buying for their kids, college students who want a console in their dorm to mess around with, and the like.
What's the breakdown for console _games_?
Companies don't care if they are hated by a core group that spends the most mental energy on gaming, only if they sell more consoles to those who spend the most money on gaming.
Does anyone have any statistics like what I'm asking for?
-Puk
Um... what?
...
These were pretty uninteresting - just sitting there watching the kernel compile. Except that at one point,
So the machine essentially BSoD'd, but it's not interesting?
It seems to me he said that they were uninteresting, except when it BSODed -- which was interesting.
-Puk
Is the court filing available in source code form?
:)
-Puk
How about:
Individual parents may be sued in civil court by any offspring who feels that they were harmed by the actions of their parents. The offspring shall be given presumption in all cases and does not have to prove that their parent's actions actually resulted in any harm to them, only that those actions could reasonably be considered to have the potential to harm the offspring or the offspring's development as a child.
What ever happened to parents parenting?
-Puk
Reminds me of something I did back at school. I was sitting in my apartment, logged in on my own linux machine as well as remotely to one of our lab machines, and I wanted to start up XMMS to play some music.
:)
Of course, I seriously abuse screen, and it's very easy to mix up what terminal is what. So I start up XMMS, and get no sound. After some poking my equipment for a few seconds, and realizing what I had done, I kill XMMS and start it up again locally. All is well.
When I get into work the next day, my officemate says something to the effect of, "Dude, it was really weird. Your computer is possesed or something. Yesterday I was just sitting here working, and your computer started BLASTING music for like 10 seconds, and then stopped." I almost died laughing. Wish I remembered what song it was.
Not on Halloween, but funny. Maybe a subtle friend was playing audio from your machine remotely?
-Puk
What you're saying here is that historically, we have used a deductive approach, generating theories and the confirming them with our technology.
I worry about too much reliance on an absolute technology, though. Even if you take a bore of soil and can tell the exact day when each item fell into it, you still learn nothing about trade routes, cultures, mythologies, ancient lifestyles, etc.
This only becomes a worry if you are still working on the inductive approach. When you have accurate enough data in large enough quantities, you can use a deductive approach to generate your theories from the data itself. In the presences of such data, this can be very effective. You can take that soil, find when every item fell into it, and use that to guess at trade routes, rather than guessing at trade routes and then using the bore to see if you were right.
Just because we developed archaeology without carbon dating and then used carbon dating to verify the theories of previous archaeological work doesn't mean that's the best way to do it. Just because it's a different approach doesn't mean it's any worse then then "anthropological" approach. The best results will surely come of combining anthropology and technology (and, more than likely, deduction and induction), but the order in which they are applied may shift. Times change, technologies change, and sometimes we have to change our ways of thinking in order to keep on doing better.
Just a thought.
-Puk
Your example is not so good (since it's a famous person, which a lot of people can identify without using SSN, and so could recognize an imposter), but I get the idea. However, identity theft/fraud is a big problem today, and having someone's SSN can get you pretty far (especially if you have other pseudo-secret info like DOB and Mother's maiden name). Just because I don't know how to accomplish something bad with that SSN doesn't mean it's not easy -- I have no inclination to learn how. On the other hand, I agree with your conclusion:
stop once and for all this nonsense about a publically available number being used for security purposes
That's exactly right. SSN shouldn't be used for security because it's so easily available. Just make it more available and stop using it for that purpose. On the other hand, this means we shouldn't be making our fingerprints and DNA scans easily available for exactly the same reasons. In addition, it's easier to stop using your SSN (you can get a new one) than your fingers or your DNA.
One could argue that fingerprints and DNA are already easily available, but how many people do you know with a DNA sequencer in their basement?
-Puk
From the Social Security Number FAQ:
"It's not a good idea to carry your SSN card with you (or other documents
that contain your SSN). If you should lose your wallet or purse, your SSN
would make it easier for a thief to apply for credit in your name or
otherwise fraudulently use your number."
Now imagine if said card also contained or linked to a database containing your fingerprints, facial scans, and DNA sequencing. Better hope you don't ever drop your wallet, or get it stolen.
You're going on the assumption that it's a good thing that they can laways track you. Some people would prefer not to have the government living with them 24 hours a day.
The question is, what benefit does this new card give us? We already have "voluntary" (bleh) id cards of several sorts. What does having this gigantic database accomplish that the current system doesn't? How would this have changed the events of September 11th, and even if it did alter them, was it worth the guy at the airport being able to print out a nice copy of my fingerprint for home use?
-Puk
He asked that the security people "stop releasing sample code that exploits security holes". In the article, hey says, "We can and should discuss security vulnerabilities, but we should be smart, prudent, and responsible in the way we do it."
:)
Is this so bad? He's not saying they shouldn't find and publish the security holes. Just that they shouldn't release sample code which exploits it. (For the record, I wasn't even aware they did this. All of the security advisory's I've seen -- noting that I'm not in the IT industry, and haven't seen that many -- simply describe the vulnerability, without code that exploits it.)
I actually agree with this. Explaining the vulnerability is good. It helps the developers find and fix the problem. Yes, it helps the crackers exploit the problem too, but that's the price. But releasing code which actually exploits it helps the crackers far for than it helps the developers. It speeds up the cracker's development cycle a lot more than the actual original coders'. Why do they need to do this?
Now the lines between "not enough" and "enough" and "too much" information may be hard to discern. Clearly saying "there's a buffer overflow vulnerability somewhere in IIS" isn't enough, and "here's a worm that takes advantage of the buffer overflow in IIS" is too much, but finding the middle ground can be difficult. But I don't think the article was advocating the security through obscurity mode of thought, just advocating a shift in the amount of detailed info the security reports provide.
-Puk
p.s. Please don't take this as an indication that I like Microsoft at all.
...even for Sega. Sega's cartridge-based NAOMI arcade system is the same hardware as the Dreamcast. (At least, when released, it was the same hardware, with an extensible architecture, meaning it could be extended to improve rendering speed above that over the DC, for future "arcade-improved" releases).
This is why their recent ports of the arcade games have been so quick (simultaneous arcade and home releases), and so "arcade-perfect". No time was spent porting the game engines, just on the interface changes.
I believe they also have a software porting layer for the ps2, now, so that they can do essentially simultaneous releases of Arcade, DC, and PS2 (see Capcom vs. SNK 2).
So they've done this before, and it seems to have had the desired effects for the most part. Why not do this, if it doesn't cost too much to adapt the hardware, when you can do the same home development and get an arcade version of the game "for free", to make whatever money you can off that. Now they're just doing it for someone else's system instead of their own, much like making their games for others' systems, instead of their own.
-Puk
Make your own MP3, don't release it publicly, keep it on your (password-protected) machine, and when they break in, sue them under the DMCA for circumventing your copyrighted work's "technological protection measure".
w00t.
-Puk
I agree with what you said, to a point. However, I'm not sure the net is so much more reliable, taken at face value.
Consider this: How many times have you watched TV coverage of a subject you know and understand and you find yourself thinking "they're getting it wrong, that's false, they're missing it,..."?
I was nearly crying in my chair yesterday reading the Slashdot article Scientists Double Optical Fiber Transmission Capacity. That (along with most of the optical networking posts and commentary I've seen here) are so full of misinformation, poor assumptions, and incorrect assertions that it hurts, and I've only been in the industry a year. I refrain from posting on such posts because I know it will suck up way too much time.
I realize that Slashdot and other news sites don't have the breadth of knowledge to screen and fix everything that comes through, and that everything I read here must be taken with a grain of salt and a pound of research. That's why I still read Slashdot almost religiously. But how many "regular" people out there realize that about TV, or even about the Net? Just because the Net is "less" censored or wrong as a whole doesn't mean it isn't less so on an individual site basis.
I said at the beginning that I agreed with you, and I do. I think the variety the net gives and allows makes up for the quantity of misinformation around. TV doesn't allow that variety. If a person wants to put in the effort to gather their information from multiple sources and draw their own conclusions, they can do quite well on TV and on the net -- but better on the net. I just wanted to add this point.
-Puk
This is a good point, but not an a perfect analogy (of course, nothing is a perfect analogy, or it would be the same thing :).
When we release the linux source, we're pretty sure that it's secure enough that no one can write a piece of code to permanently destroy all the hardware in any running linux box in a short period of time.
We (or at least, I) have no such confidence in genomes. Genome mapping is not fast, and just having a genome at this point doesn't necessarily give you a cure. (See: AIDS). Perhaps by the time scientists can effectively re-enginner a virus, they will be able to use that same genome to engineer a cure/vaccine. I don't know.
But in the in-between time, someone could (theoretically) create a virus that killed enough people and spread fast enough to wipe essentially everyone out before a cure was found. I'm not sure whether our immune systems or the variations with people would always be enough to stop it.
Mind you, I'm against this sort of activity (mapping the genomes of diseases). Right now I see more good coming of it than harm. But in the long run, I haven't really decided what I think yet -- I have no idea what the chances of each side cutting are.
-Puk