What they (and all the other incumbents in the smartphone OS market) missed was the significance of the improvements the iPhone made over previous smartphones (firstly combining multitouch with a decent web browser engine to make a browser people actually wanted to use and secondly bringing a big enough group of fanboys and an easy enough development environment to get their appstore off the ground*). Google was able to quickly get the key features from the iPhone into andriod (which was in developement at the time) and quickly become number 2 (and eventually become number 1) in the smarphone OS market.
MS are trying to get back in to the smartphone OS market but afaict they are struggling to find a killer feature to differentiate themselves from all the android devices out there. Plus they alienated all their existing developers which can't be helping.
* IIRC There had been previous attempts at appstores but afaict none of them acheived a critical mass of developers like the iPhone app store (and later the android market) did.
To a file that will then be used as the virtual disk for your new vm (or if your vm software doesn't support raw disk images converted into a disk image format it does support, qemu comes with a tool that can convert raw images to vmware images iirc). You don't strictly need to understand the contents of the disk to read it to an image hook the image up to a vm.
The problem comes if you need to make any tweaks before the system will boot in the vm. Then you do need something that can read/write the filesystem:(
I believe Apple started all their "i" shit when they migrated from PowerPC to Intel.
No, apple started using the i name long before they went intel.
Apple adopted the practice to distinguish between PowerPC computers like the holdover MacMini, which was late to transition to intel, and the newer iMacs. (See "Power Mac" for differentiation)
If anything the opposite is true when we look at the computers themselves.
SFF boxes: Mac mini (powerPC) => Mac mini (intel) Towers: Powermac (powerPC) => Mac pro (intel) High end laptops: Powerbook (powerpc) => Macbook pro (intel) Lower end (though still expensive by PC standard) laptops: iBook (powerpc) -> Macbook (intel) All-in-one desktops: iMac (powerpc) => iMac (intel)
Having said that the prominance of the i mark in product lines other than computers did rise at arround that time. The ipod (which had existed long before the switchover) grew considerablly in popularity and apple released a new office suite "iwork" at arround that time. Maybe some other software too that i'm not aware of.
720p is 720 lines. If you have a system with square pixels and a 16:9 ratio that means you get 1280 pixels per line.
However when you read the specs you find pretty much all HDTVs that are advertised as "HD ready 720p" have an native resoloution of 1366*768 in the specs.
Why would 1366x768 be related to 720p.
My guess is that by using 1366*768 panel manufacturers could produce a panel that was (barely) acceptable for both the monitor (must be above 1024*768 and have square pixels) and HDTV (must be widescreen and have at least 720 lines) markets. Then inertia made it stick arround to screen sizes that people wouldn't want to use as monitors at that resoloution.
What is really annoying is that some HDTVs don't like to be fed with a 1366*768 input even though that is supposedly their native resoloution.
Firstly area per diagonal doesn't make sense if you are scaling a 2D shape the shape (including it's ratios and angles) the same then the area goes with the square of the diagonal. Double the length of a linear measurement and keep all length ratios and angles the same and you quadruple the area.
Secondly the area to diagonal squared ratio of a rectangle does indeed depend on it's ratio as can easilly be shown with some simple algebra and geometry.
Let A be the area, W be the width, H be the height, D be the diagonal and R be the ratio
R=W/H A=W*H D^2=W^2+H^2
A*R=W^2 A/R=H^2
D^2=A*R+A/R D^2=A*(R+1/R)
A/D^2=1/(R+1/R)
We can easilly see on a graph (and if we really want prove by differentiation to find turning points and then calculating a point in each range) that the area to diagonal squared ratio reaches a maxium when R=1.
1: manually read through the code to find all instances of a name, manually check the context of each one to see if it should be changed, make the change (either manually or through the replace tool), try and build the program, see where I screwed up and fix the screwups. 2: use a tool with dumb search to find all instances of a name, manually check the context of each one to see if it should be changed, make the change (either manually or through the replace tool), try and build the program, see where I screwed up and fix the screwups. 3: use a tool that understands the programming language i'm working with to perform the rename automatically and without screwups.
Option 2 will be a lot quicker than option 1 but a lot slower than option 3.
Another possible explanation is that they gave up because they realised trying to control the export of encryption techology that was already well-known outside the US was pointless and only served to hurt US buisnesses.
Also if there is anything the past decade or so has taught us it's that even if the underlying encyrption algorithms are sound the cryptosystems built round them often aren't. SSL is a good example, it relies on certificate authorities to determine whether you are really communicating with the server you think you are. I'm quite sure that if the US government needed a cert for a particular domain to use in a MITM attack they would have no trouble getting it.
You probably ban by the first/64 of the IPv6 address which is effective
Thinking about it i'd probablly agree with you. Some ISPs give their customers more than one/64 but frankly anyone who knows how to change which/64 their lan is using probablly has other methods of ban evading available.
incidentally is also too big (current technology) to use the brute force run through the hash algorithm
Further of those blocks allocated to RIRs afaict only a small fraction are actually used on the internet. Afaict this places the brute force problem into the category of "painful but doable".
We only record a cryptographic hash of the IP address of people who have been banned.
To place a ban you need to know what to put in the ban. That means if you are banning by a hash of the IP then you need to record that hash of the IP for any action you might want to use as the basis for a ban.
Assuming a normal hash function with IPv4 it would be trivial to run every IPv4 address through the hash function until you found the one(s) that matched.
With IPv6 if you hashed the whole address it would become impractical to do that. However banning by the complete IPv6 address is likely to result in a pretty ineffective ban. If you only include the part that is likely specific to a customer (as apposed to amachine within a customers lan) then it's probablly feasible to brute force it (especially if you have a list of what IPv6 blocks are actually allocated to ISPs)
If you used a deliberately slow hash function then maybe it would work better but how many sites really do that?
Round here in the UK you see 2L bottles all the time and occasionally 3L ones. BUT they are clearly designed to be bottles you pour into cups for multiple people to drink, not bottles that are designed to be drunk from directly.
Are these 85 oz (that is roughtly 2.5L afaict) designed to be drunk from directly?
The fundamental problem with simple search and replace is in most languages the meaning of foo.bar depends on the type of foo. So to find the declaration for foo.bar requires you to find where foo was declared, find out it's type (say tbaz) and then search for the declaration of tbaz.bar, an IDE that understands the language can have that information available so that you can jump straight from the foo.bar call to the declaration of the method that is being called.
Now C and C++ are difficult in this regard because they use simple text replacement as part of the language. THEN the meaning of the replaced text depends on context. That is difficult for an IDE to follow in the general case.
Personally I like the delphi approach. When you declare a property you tell the compiler how to read and write it. You can either use a field directly or use a function. So there is no need to generate loads of boilerplate gettters and setters but if you later need to change a property to add verification or side effects or whatever you can add a getter or setter at that stage without needing to change the code that uses the property.
Hard drives arrays can be fast at sequential transfers but they suck at random access as tends to happen when doing things like loading software or running most types of server.
Though for network troubleshooting you probablly would want to root as the provided settings app didn't seem to have any idea what ethernet was. So while the OS was happy to grab and IP over DHCP and use the connection there didn't seem to be any way to configure it to a static IP (which you are likely to want to do on a network troubleshooting device).
Disclaimer, I don't have a nexus 7 myself, the one I set up belongs to my mum.
My parents have been worried about the security implications of wireless (and I don't blame them, it seems the wireless guys have finally got it mostly right but it took more than a few attempts) so don't have wireless in their home network. To initially set the device up (it won't let you get past the initial power on screen without setting up a wifi network:( ) we resorted to using a cellphone with wifi tethering but that is not ideal if you want to make big downloads. So we tried plugging in a cheap "USB hub with ethernet" we had hanging arround and it worked.
Look at the list of teir 1 ISPs, most of them are US based and most of the remainder are western european.
The core of the internet used to be in the US, more recently it has spread across the atlantic to also include western europe. Everyone pays to get their traffic to/from the core of the internet. That is good for europeans and americans. Good for people who want servers to serve stuff to a userbase worldwide (locate your server in the US or western europe and get cheap traffic to users arround the world), bad for customers who are a long way from the US or western europe.
In general the internet can be thought of as a pyramid of provider/customer relationships with peering links crossing between providers at a similar level. Traffic goes up the pyramid until it finds a peering link it can cross over on and then works it's way down the pyramid. At the top of the pyramid are the teir 1 providers who are all peered with each other. Initially it would seem this would mean that sender and recipiant were roughly sharing the costs but in reality it doesn't mean that for two reasons.
1: senders are usually servers and as such the owners have pretty free choice in their location. So they locate them in the US and western europe where the teir 1 providers have a major presense and there are major peering points so internet transit is cheap. Recipiants are usually clients and so their location is constrained by other factors. So many of them have to pay a lot more to get their data from places where the teir 1 providers have a major presense. 2: when two providers are peered in multiple locations it is usual to use "nearest exit" routing so when a packet travels from the US to europe (or vice-versa) the packet will generally cross a peering link first and then travel across the pond. Having said that the big international networks often have ratio requirements so a provider that only has content customers is likely to find it difficult to get peering with big international networks..
Didn't these guys check the pricing models of all the cloud hosts?
I get the impression that amazon's charges for internet traffic don't bear much relationship to what that traffic actually cost's amazon.
P.S. while I don't think the way the internet is currently run is particually fair (In particular the way there is a small group of teir 1 ISPs more than half of which are US based who get paid for internet service while not paying anyone for upstream) I dislike the idea of the UN being in control even more.
The arm servers being discussed are dedicated onboard BGA ram chips.
Not true, the new server orientated arm chips like the marvell armada XP and the calexeda energycore are finally supporting the bus widths needed to drive normal memory modules and the vendors (at least dell, HP, boston and openblocks) are putting on slots for them in at least some of their designs.
While for some fucking reason they used a micro B connector instead of a micro AB the port DOES support host mode with the right adapter (which was easy enough to find on amazon).
The biggest annoyances are 1: AFAICT there is no easy way to charge the device and put the port in host mode at the same time. The USB battery charging spec lays out a way to do it but it's tricky to acheive physically (you need to find a cable to cut up that allows you access to the ID line) and I don't know if the nexus will actually support it when you try. 2: You need to root to mount USB drives (though if you are running ubuntu you are presumablly at that point already)
Interestingly with the adaptor I tried Ethernet over USB worked out of the box with no need to root.
the whole purpose of certificate chains is to prevent MITM attacks
But it can only do that if those who hold root or intermediate certificates that your application trusts can be trusted can be trusted not to issue (whether through their own choice, through trickery by the attacker or through pressure applied by the attacker) a fraudulent certificate to your attacker for the service you are connecting to.
AIUI everyone on that list (and anyone they delegate to!) can generate certificates that will let them MITM your ssl browsing sessions from firefox. I'm pretty sure that most of them would provide certificates for any domain if ordered to do so by the government of the country they are based in. Some of them may even by infiltrated by criminals. Therefore if your threat model includes governments then you should not rely on SSL with the "standard" CAs. OTOH if your threat model only includes low level criminals you are probably ok.
Not everyone who buys a computer uses it for just one thing. Being satisfied with a resoloution in games does not nessacerally mean being satisfied with that same resoloution on the desktop.
RISC-OS was a nice OS for it's day but while it's quick afaict it is still a cooperative multitasker allowing any one process to lock things up. There is also the issue that running older software requires a third party emulation layer which is only available for a handful of devices (and costs money for some of them).
Afacit google's goal isn't necessarily to offer a "complete computing experience" it is to offer tools that encourage people to use their services. While they don't seem to mind letting (and sometimes even helping) us techies re-purpose their kit to run things that aren't associated with google services it's not the primary goal of the devices.
They didn't return my emails asking for price info but I later found an article from the register quoting arround $10K per slab. IMO that is just too much for what they are offering.
Slashdot Mirror
What they (and all the other incumbents in the smartphone OS market) missed was the significance of the improvements the iPhone made over previous smartphones (firstly combining multitouch with a decent web browser engine to make a browser people actually wanted to use and secondly bringing a big enough group of fanboys and an easy enough development environment to get their appstore off the ground*). Google was able to quickly get the key features from the iPhone into andriod (which was in developement at the time) and quickly become number 2 (and eventually become number 1) in the smarphone OS market.
MS are trying to get back in to the smartphone OS market but afaict they are struggling to find a killer feature to differentiate themselves from all the android devices out there. Plus they alienated all their existing developers which can't be helping.
* IIRC There had been previous attempts at appstores but afaict none of them acheived a critical mass of developers like the iPhone app store (and later the android market) did.
To a file that will then be used as the virtual disk for your new vm (or if your vm software doesn't support raw disk images converted into a disk image format it does support, qemu comes with a tool that can convert raw images to vmware images iirc). You don't strictly need to understand the contents of the disk to read it to an image hook the image up to a vm.
The problem comes if you need to make any tweaks before the system will boot in the vm. Then you do need something that can read/write the filesystem :(
I believe Apple started all their "i" shit when they migrated from PowerPC to Intel.
No, apple started using the i name long before they went intel.
Apple adopted the practice to distinguish between PowerPC computers like the holdover MacMini, which was late to transition to intel, and the newer iMacs. (See "Power Mac" for differentiation)
If anything the opposite is true when we look at the computers themselves.
SFF boxes: Mac mini (powerPC) => Mac mini (intel)
Towers: Powermac (powerPC) => Mac pro (intel)
High end laptops: Powerbook (powerpc) => Macbook pro (intel)
Lower end (though still expensive by PC standard) laptops: iBook (powerpc) -> Macbook (intel)
All-in-one desktops: iMac (powerpc) => iMac (intel)
Having said that the prominance of the i mark in product lines other than computers did rise at arround that time. The ipod (which had existed long before the switchover) grew considerablly in popularity and apple released a new office suite "iwork" at arround that time. Maybe some other software too that i'm not aware of.
Isn't 720p 1280x720?
720p is 720 lines. If you have a system with square pixels and a 16:9 ratio that means you get 1280 pixels per line.
However when you read the specs you find pretty much all HDTVs that are advertised as "HD ready 720p" have an native resoloution of 1366*768 in the specs.
Why would 1366x768 be related to 720p.
My guess is that by using 1366*768 panel manufacturers could produce a panel that was (barely) acceptable for both the monitor (must be above 1024*768 and have square pixels) and HDTV (must be widescreen and have at least 720 lines) markets. Then inertia made it stick arround to screen sizes that people wouldn't want to use as monitors at that resoloution.
What is really annoying is that some HDTVs don't like to be fed with a 1366*768 input even though that is supposedly their native resoloution.
You are wrong (and the GP is more subtuly wrong).
Firstly area per diagonal doesn't make sense if you are scaling a 2D shape the shape (including it's ratios and angles) the same then the area goes with the square of the diagonal. Double the length of a linear measurement and keep all length ratios and angles the same and you quadruple the area.
Secondly the area to diagonal squared ratio of a rectangle does indeed depend on it's ratio as can easilly be shown with some simple algebra and geometry.
Let A be the area, W be the width, H be the height, D be the diagonal and R be the ratio
R=W/H
A=W*H
D^2=W^2+H^2
A*R=W^2
A/R=H^2
D^2=A*R+A/R
D^2=A*(R+1/R)
A/D^2=1/(R+1/R)
We can easilly see on a graph (and if we really want prove by differentiation to find turning points and then calculating a point in each range) that the area to diagonal squared ratio reaches a maxium when R=1.
So lets see I can
1: manually read through the code to find all instances of a name, manually check the context of each one to see if it should be changed, make the change (either manually or through the replace tool), try and build the program, see where I screwed up and fix the screwups.
2: use a tool with dumb search to find all instances of a name, manually check the context of each one to see if it should be changed, make the change (either manually or through the replace tool), try and build the program, see where I screwed up and fix the screwups.
3: use a tool that understands the programming language i'm working with to perform the rename automatically and without screwups.
Option 2 will be a lot quicker than option 1 but a lot slower than option 3.
Another possible explanation is that they gave up because they realised trying to control the export of encryption techology that was already well-known outside the US was pointless and only served to hurt US buisnesses.
Also if there is anything the past decade or so has taught us it's that even if the underlying encyrption algorithms are sound the cryptosystems built round them often aren't. SSL is a good example, it relies on certificate authorities to determine whether you are really communicating with the server you think you are. I'm quite sure that if the US government needed a cert for a particular domain to use in a MITM attack they would have no trouble getting it.
You probably ban by the first /64 of the IPv6 address which is effective
Thinking about it i'd probablly agree with you. Some ISPs give their customers more than one /64 but frankly anyone who knows how to change which /64 their lan is using probablly has other methods of ban evading available.
incidentally is also too big (current technology) to use the brute force run through the hash algorithm
Note that while the ipv6 unicast internet is nominally 2000::/3* all IPv6 addresses allocated to RIRs or other global unicast uses so-far have been from one of the following prefixes (this is a summary of http://www.iana.org/assignments/ipv6-unicast-address-assignments/ipv6-unicast-address-assignments.xml).
2001::/16 (early allocations)
2002::/16 (6to4)
2003::/18 (ripe)
2400::/12 (apnic)
2600::/12 (arin)
2800::/12 (lacnic)
2A00::/12 (ripe)
2C00::/12 (afrinic)
Further of those blocks allocated to RIRs afaict only a small fraction are actually used on the internet. Afaict this places the brute force problem into the category of "painful but doable".
* IPv6 Ips outside this range are allocated to various other uses including private networks and multicast http://www.iana.org/assignments/ipv6-address-space/ipv6-address-space.xml.
We only record a cryptographic hash of the IP address of people who have been banned.
To place a ban you need to know what to put in the ban. That means if you are banning by a hash of the IP then you need to record that hash of the IP for any action you might want to use as the basis for a ban.
Assuming a normal hash function with IPv4 it would be trivial to run every IPv4 address through the hash function until you found the one(s) that matched.
With IPv6 if you hashed the whole address it would become impractical to do that. However banning by the complete IPv6 address is likely to result in a pretty ineffective ban. If you only include the part that is likely specific to a customer (as apposed to amachine within a customers lan) then it's probablly feasible to brute force it (especially if you have a list of what IPv6 blocks are actually allocated to ISPs)
If you used a deliberately slow hash function then maybe it would work better but how many sites really do that?
Round here in the UK you see 2L bottles all the time and occasionally 3L ones. BUT they are clearly designed to be bottles you pour into cups for multiple people to drink, not bottles that are designed to be drunk from directly.
Are these 85 oz (that is roughtly 2.5L afaict) designed to be drunk from directly?
The fundamental problem with simple search and replace is in most languages the meaning of foo.bar depends on the type of foo. So to find the declaration for foo.bar requires you to find where foo was declared, find out it's type (say tbaz) and then search for the declaration of tbaz.bar, an IDE that understands the language can have that information available so that you can jump straight from the foo.bar call to the declaration of the method that is being called.
Now C and C++ are difficult in this regard because they use simple text replacement as part of the language. THEN the meaning of the replaced text depends on context. That is difficult for an IDE to follow in the general case.
Personally I like the delphi approach. When you declare a property you tell the compiler how to read and write it. You can either use a field directly or use a function. So there is no need to generate loads of boilerplate gettters and setters but if you later need to change a property to add verification or side effects or whatever you can add a getter or setter at that stage without needing to change the code that uses the property.
Hard drives arrays can be fast at sequential transfers but they suck at random access as tends to happen when doing things like loading software or running most types of server.
Though for network troubleshooting you probablly would want to root as the provided settings app didn't seem to have any idea what ethernet was. So while the OS was happy to grab and IP over DHCP and use the connection there didn't seem to be any way to configure it to a static IP (which you are likely to want to do on a network troubleshooting device).
Disclaimer, I don't have a nexus 7 myself, the one I set up belongs to my mum.
My parents have been worried about the security implications of wireless (and I don't blame them, it seems the wireless guys have finally got it mostly right but it took more than a few attempts) so don't have wireless in their home network. To initially set the device up (it won't let you get past the initial power on screen without setting up a wifi network :( ) we resorted to using a cellphone with wifi tethering but that is not ideal if you want to make big downloads. So we tried plugging in a cheap "USB hub with ethernet" we had hanging arround and it worked.
Look at the list of teir 1 ISPs, most of them are US based and most of the remainder are western european.
The core of the internet used to be in the US, more recently it has spread across the atlantic to also include western europe. Everyone pays to get their traffic to/from the core of the internet. That is good for europeans and americans. Good for people who want servers to serve stuff to a userbase worldwide (locate your server in the US or western europe and get cheap traffic to users arround the world), bad for customers who are a long way from the US or western europe.
Sender already pays
Kinda.
In general the internet can be thought of as a pyramid of provider/customer relationships with peering links crossing between providers at a similar level. Traffic goes up the pyramid until it finds a peering link it can cross over on and then works it's way down the pyramid. At the top of the pyramid are the teir 1 providers who are all peered with each other. Initially it would seem this would mean that sender and recipiant were roughly sharing the costs but in reality it doesn't mean that for two reasons.
1: senders are usually servers and as such the owners have pretty free choice in their location. So they locate them in the US and western europe where the teir 1 providers have a major presense and there are major peering points so internet transit is cheap. Recipiants are usually clients and so their location is constrained by other factors. So many of them have to pay a lot more to get their data from places where the teir 1 providers have a major presense.
2: when two providers are peered in multiple locations it is usual to use "nearest exit" routing so when a packet travels from the US to europe (or vice-versa) the packet will generally cross a peering link first and then travel across the pond. Having said that the big international networks often have ratio requirements so a provider that only has content customers is likely to find it difficult to get peering with big international networks..
Didn't these guys check the pricing models of all the cloud hosts?
I get the impression that amazon's charges for internet traffic don't bear much relationship to what that traffic actually cost's amazon.
P.S. while I don't think the way the internet is currently run is particually fair (In particular the way there is a small group of teir 1 ISPs more than half of which are US based who get paid for internet service while not paying anyone for upstream) I dislike the idea of the UN being in control even more.
The arm servers being discussed are dedicated onboard BGA ram chips.
Not true, the new server orientated arm chips like the marvell armada XP and the calexeda energycore are finally supporting the bus widths needed to drive normal memory modules and the vendors (at least dell, HP, boston and openblocks) are putting on slots for them in at least some of their designs.
While for some fucking reason they used a micro B connector instead of a micro AB the port DOES support host mode with the right adapter (which was easy enough to find on amazon).
The biggest annoyances are
1: AFAICT there is no easy way to charge the device and put the port in host mode at the same time. The USB battery charging spec lays out a way to do it but it's tricky to acheive physically (you need to find a cable to cut up that allows you access to the ID line) and I don't know if the nexus will actually support it when you try.
2: You need to root to mount USB drives (though if you are running ubuntu you are presumablly at that point already)
Interestingly with the adaptor I tried Ethernet over USB worked out of the box with no need to root.
the whole purpose of certificate chains is to prevent MITM attacks
But it can only do that if those who hold root or intermediate certificates that your application trusts can be trusted can be trusted not to issue (whether through their own choice, through trickery by the attacker or through pressure applied by the attacker) a fraudulent certificate to your attacker for the service you are connecting to.
Take a look at this list.
http://www.mozilla.org/projects/security/certs/included/
AIUI everyone on that list (and anyone they delegate to!) can generate certificates that will let them MITM your ssl browsing sessions from firefox. I'm pretty sure that most of them would provide certificates for any domain if ordered to do so by the government of the country they are based in. Some of them may even by infiltrated by criminals. Therefore if your threat model includes governments then you should not rely on SSL with the "standard" CAs. OTOH if your threat model only includes low level criminals you are probably ok.
Not everyone who buys a computer uses it for just one thing. Being satisfied with a resoloution in games does not nessacerally mean being satisfied with that same resoloution on the desktop.
RISC-OS was a nice OS for it's day but while it's quick afaict it is still a cooperative multitasker allowing any one process to lock things up. There is also the issue that running older software requires a third party emulation layer which is only available for a handful of devices (and costs money for some of them).
Afacit google's goal isn't necessarily to offer a "complete computing experience" it is to offer tools that encourage people to use their services. While they don't seem to mind letting (and sometimes even helping) us techies re-purpose their kit to run things that aren't associated with google services it's not the primary goal of the devices.
They didn't return my emails asking for price info but I later found an article from the register quoting arround $10K per slab. IMO that is just too much for what they are offering.