My only issue with Moore's law is that it's a "Law", when really it's more of a guideline. If it was truly a law, then semiconductors would half in size naturally over time, without any research or development involved. Plus I believe that the "Law" gets regularly adjusted as the trend declines.
Freemium is a mix of free and premium, which means it is supported by micro-transactions or a percentage of the customers paying a subscription.
Freemium is not a mixture of "free" and "premium", it's meant to be free premium material. Freemium models exist that do not rely on subscriptions or micro-transactions - particularly, freemium magazines and just about everything that is supported by ads. Why is it that when something's ad-supported, it's no longer either free or considered premium? Is there some definition of "Premium" that specifically says "Product or service that does not feature advertisements" that I am unaware of?
What about Premium (not free) Magazines? They still have ads in them, so the whole ad-supported-or-not thing doesn't really gel there, either.
How about "Angry Brids"? The iPhone and Android versions are identical, except the Android version is free and paid for by ads (you can also buy an ad-free version of course). No Microtransactions are involved (well OK they added the "Mighty Eagle", but that was later in the game's release and it made plenty before that).
What about "GetJar"? It offers free PREMIUM apps and is largely supported by ads. No Subscriptions there, either. Is that not Freemium?
I think the business model of "Give away stuff for free and beg for money after" is what's really flawed, not the freemium "Give away stuff for free, get others to pay for it" model.
I think Free2Play and Freemium are very similar, but not quite the same thing. Free2play generally involves microtransactions that you can opt for, with many games practically requiring them if you don't want to waste your life grinding.
Freemium implies that the product itself is totally free, often funded via other means (usually ads). Freemium does work, freemium magazines have had success stories all over the place where traditional mags have been dying off due to the internet.
In fact, one could argue that Facebook is a "Freemium" service. You don't pay a cent to use it, yet it has many features that traditionally you'd have to pay a membership fee for - and it makes boatloads of cash.
It's on by default because it's there for the average user to easily connect their equipment. If it was off by default, it would require connecting (either via password or cable) and enabling it manually via the setup page - and by that point, you'd just connect the usual way. In a similar vein, it'd be like UAC being disabled by default - average user won't turn it on, even if it does help them.
The reason such a thing exists is because the good ol' secure password was too complicated for average-joe users to deal with. The precursor to this is Wireless routers that don't actually have a password set. To this day, you can still find unsecured wireless routers nearby and we all know what that leads to. The "easy" solution was put there so that routers could have security set by default, yet not confuse average-joe to the point where he just disabled it because it was the easiest thing to do.
And believe me, I worked for an ISP up until a few months ago - our Router/Modems (or Hubs, as they called them) now come with wireless security enabled. The default password (unique per hub) is written on the side of the device - and people still get confused and don't know what to do to connect their wireless.
Unfortunately, the implementation of the "easy" solution is the issue, not the solution itself. I mean, what's the point in having a secure PIN if you tell the user when they got the first half of it right? Especially if you don't prevent people from attempting thousands of connections.
In the UK, Virgin Media (about the only Cable/DOCSIS ISP here) managed to do both incorrectly. They don't give out static IPs, but they also don't like it when customers plug in different equipment. In "the old days" it was particularly bad, if a customer plugged in a device with a different MAC (e.g. they went from being directly connected to using a router) the DHCP lease refused to issue an IP until the host table on the UBR was flushed. These days it isn't too bad, but there's still a 4-device limit and sometimes the DHCP lease can last for weeks. To make matters worse, the only OFFICIAL way the host table can be flushed is via second-line support - first line don't have any tools to do this, so if you do get stuck in that position and don't have a way of spoofing your MAC, you're in trouble - and that's if you know what you're doing.
If you're lucky, the agent you speak to will recognise the problem (self-assigned IP) and not immediately blame the equipment, get second line to flush the UBR and away you go. If you're REALLY lucky, you'll get an agent that knows a trick to flush the UBR manually (Remove Coax from Modem, power on and let it assign a 192.x.x.x IP, then plug the Coax back it - it flushes the internal host table to remove the 192 IP and at the same time flushes the UBR's host table for that modem - simples).
Still, I did always wonder why the bothered doing this and not at least have the graciousness to offer a static IP, especially as their IP leases get longer and longer with each renew (mine is currently at something like 3 months).
Your arguments are getting more and more spurious. First It was because I only posted one source, then it was because I only posted Microsoft sources and now the sources I posted don't quite mention "out of band" in quite the way you like. It doesn't matter, it's semantics and I'll refer to my earlier post - don't complain about it on Slashdot, complain about it to Microsoft since they're apparently the originator of this misused term.
Out-of-band doesn't have a "specific" meaning, though, that's kind of the point. In your workplace, it may mean one thing, however in this context the meaning is different. It means something else entirely when you talk about network protocols, for example.
Today we’re providing advance notification for an out-of-band security update to address the publicly disclosed issue described in Security Advisory 2659883. The release is scheduled for tomorrow, December 29, at approximately 10 a.m. PST.
No it wouldn't, there's PLENTY of obvious troll accounts on Slashdot. To be honest, it's all part of the parcel of Slashdot. The first post is generally a waste of time. The second post is usually also a waste of time, often someone trying to GET the first post. The real discussions happen further down, where the trolls can't be bothered to read.
Despite all the idiots, I still find slashdot to be a worthy place for discussion with plenty of insightful and knowledgeable people around - you just have to look for it.
Except that weak passwords are weak because they can be brute-forced, either directly or by comparing hashes. The picture password only has a limited number of attempts before the system will prompt you for your actual password. So yes, even Microsoft are admitting that it's no substitute for a good, strong password, but they're also saying that it's not meant to be - it's a half-way between a strong password and an easy way to log in securely. For it to be a risk, someone would need access to hundreds of machines that you're logged into.
MS addressed the insecure picture idea in one of their blog posts. It's insecure if you have only one or two points of interest, but with 3 or more the security goes up quite a bit because each of the POI's has numerous things that can be attributed to them - taps, swipes from one to another in either direction and different sizes of circles. Then you have to get the order right on top of that. Yes, there are other issues for sure (Smudges, etc.) but the points of interest one isn't actually that bad.
That would be a bit unfortunate for left-handed people, who already have to deal with a lot of stuff designed for right-handed people (layouts, mice, default controls, etc.), but there's no reason why it couldn't be a configurable option - it's not like the program itself has to set the placement of UI items like that.
Interesting, that certainly makes a lot of sense. Does that mean that Flash memory isn't as susceptible to such techniques, or does it also have some form of residual data?
Also, does that mean that writing zeros numerous times is also likely not to be effective since (theoretically, at least) there will still be a difference in charge between what was once a 0 (before it was overwritten) and what was a 1? Similarly, overwriting with all zeroes and then all 1's would likely be a waste of time? Hence why you say random data would be more secure.
What I'm trying to ask is, is overwriting with zeroes multiple times less effective than overwriting with random data once?
"Everyone else" is the majority of computer users out there, i.e. Windows. I know, it sucks but no matter what way you swing it, it does have 90%+ of the desktop market. The server market is different, but who cares for UIs on a server?
I also disagree with your cascading windows suggestion, it doesn't make a huge difference because the "Exit" button is on the side of a window, all that really differs is which side. Plus, on today's widescreen monitors, the "gap" between the left and right side of the window is absolutely huge (I just tested it with about 60 open windows). You'd have to have literally hundreds and hundreds of cascading windows for that to be an issue and by that point, a different way of switching windows is probably more ideal.
However all that said, I cannot understate how much I do agree with your latter point - having the controls at the side of the window does seem to make a lot more sense. Might take some getting used to, but I can definitely see that being useful and unobtrusive, especially as vertical screen real estate is in such high demand these days.
Slashdot Mirror
My only issue with Moore's law is that it's a "Law", when really it's more of a guideline. If it was truly a law, then semiconductors would half in size naturally over time, without any research or development involved. Plus I believe that the "Law" gets regularly adjusted as the trend declines.
They're different laws about different things, they just happen to relate in this instance.
Freemium is not a mixture of "free" and "premium", it's meant to be free premium material. Freemium models exist that do not rely on subscriptions or micro-transactions - particularly, freemium magazines and just about everything that is supported by ads.
Why is it that when something's ad-supported, it's no longer either free or considered premium? Is there some definition of "Premium" that specifically says "Product or service that does not feature advertisements" that I am unaware of?
What about Premium (not free) Magazines? They still have ads in them, so the whole ad-supported-or-not thing doesn't really gel there, either.
How about "Angry Brids"? The iPhone and Android versions are identical, except the Android version is free and paid for by ads (you can also buy an ad-free version of course). No Microtransactions are involved (well OK they added the "Mighty Eagle", but that was later in the game's release and it made plenty before that).
What about "GetJar"? It offers free PREMIUM apps and is largely supported by ads. No Subscriptions there, either. Is that not Freemium?
I think the business model of "Give away stuff for free and beg for money after" is what's really flawed, not the freemium "Give away stuff for free, get others to pay for it" model.
I think Free2Play and Freemium are very similar, but not quite the same thing. Free2play generally involves microtransactions that you can opt for, with many games practically requiring them if you don't want to waste your life grinding.
Freemium implies that the product itself is totally free, often funded via other means (usually ads). Freemium does work, freemium magazines have had success stories all over the place where traditional mags have been dying off due to the internet.
In fact, one could argue that Facebook is a "Freemium" service. You don't pay a cent to use it, yet it has many features that traditionally you'd have to pay a membership fee for - and it makes boatloads of cash.
...and get reminded of this? http://www.lemon64.com/?mainurl=http%3A//www.lemon64.com/reviews/view.php%3Fid%3D466
I highly recommend the Atari 2600 talk, it was interesting and fun. Any other recommendations?
Probably because on slashdot, anything pro-microsoft is going to get flamed.
It's on by default because it's there for the average user to easily connect their equipment. If it was off by default, it would require connecting (either via password or cable) and enabling it manually via the setup page - and by that point, you'd just connect the usual way.
In a similar vein, it'd be like UAC being disabled by default - average user won't turn it on, even if it does help them.
The reason such a thing exists is because the good ol' secure password was too complicated for average-joe users to deal with. The precursor to this is Wireless routers that don't actually have a password set. To this day, you can still find unsecured wireless routers nearby and we all know what that leads to. The "easy" solution was put there so that routers could have security set by default, yet not confuse average-joe to the point where he just disabled it because it was the easiest thing to do.
And believe me, I worked for an ISP up until a few months ago - our Router/Modems (or Hubs, as they called them) now come with wireless security enabled. The default password (unique per hub) is written on the side of the device - and people still get confused and don't know what to do to connect their wireless.
Unfortunately, the implementation of the "easy" solution is the issue, not the solution itself. I mean, what's the point in having a secure PIN if you tell the user when they got the first half of it right? Especially if you don't prevent people from attempting thousands of connections.
In the UK, Virgin Media (about the only Cable/DOCSIS ISP here) managed to do both incorrectly.
They don't give out static IPs, but they also don't like it when customers plug in different equipment. In "the old days" it was particularly bad, if a customer plugged in a device with a different MAC (e.g. they went from being directly connected to using a router) the DHCP lease refused to issue an IP until the host table on the UBR was flushed.
These days it isn't too bad, but there's still a 4-device limit and sometimes the DHCP lease can last for weeks.
To make matters worse, the only OFFICIAL way the host table can be flushed is via second-line support - first line don't have any tools to do this, so if you do get stuck in that position and don't have a way of spoofing your MAC, you're in trouble - and that's if you know what you're doing.
If you're lucky, the agent you speak to will recognise the problem (self-assigned IP) and not immediately blame the equipment, get second line to flush the UBR and away you go. If you're REALLY lucky, you'll get an agent that knows a trick to flush the UBR manually (Remove Coax from Modem, power on and let it assign a 192.x.x.x IP, then plug the Coax back it - it flushes the internal host table to remove the 192 IP and at the same time flushes the UBR's host table for that modem - simples).
Still, I did always wonder why the bothered doing this and not at least have the graciousness to offer a static IP, especially as their IP leases get longer and longer with each renew (mine is currently at something like 3 months).
And there was me wondering what F3 did that was so special...
Your arguments are getting more and more spurious. First It was because I only posted one source, then it was because I only posted Microsoft sources and now the sources I posted don't quite mention "out of band" in quite the way you like.
It doesn't matter, it's semantics and I'll refer to my earlier post - don't complain about it on Slashdot, complain about it to Microsoft since they're apparently the originator of this misused term.
Ok then,
http://nakedsecurity.sophos.com/2011/09/17/oracle-issues-rare-out-of-band-update-for-apache-ddos-vulnerability/ "Oracle issues rare out-of-band update for Apache DDoS vulnerability"
http://www.simplysecurity.com/2011/09/27/adobe-releases-out-of-band-patch/ "Adobe Releases Out-of-Band Patch"
http://publib.boulder.ibm.com/infocenter/director/v6r1x/index.jsp?topic=/director.tbs_6.1/fqm0_r_tbs_um_installing_out_of_band_updates_for_bc_using_telnet_fails.html "Installing out-of-band updates for IBM BladeCenter devices using Telnet fails"
So because I only linked one source, it must be the ONLY one?
How about this one from 2008? https://msevents.microsoft.com/CUI/EventDetail.aspx?culture=en-US&EventID=1032393979&CountryCode=US
Or this one from last year? http://blogs.technet.com/b/msrc/archive/2010/09/30/q-amp-a-from-the-september-2010-out-of-band-security-release-webcast.aspx
Or this one from waaay back in 2006? http://blogs.technet.com/b/msrc/archive/2006/09/26/459194.aspx
And someone other than Microsoft: http://isc.sans.edu/diary.html?storyid=8062
And someone else: http://my.opera.com/wikipedian/blog/2011/09/28/for-reasons-unknown-microsoft-has-released
And someone else: http://www.dataprotectioncenter.com/antivirus/sunbelt/microsoft-will-do-out-of-band-patch-for-lnk-vulnerability/
Need I go on?
Out-of-band doesn't have a "specific" meaning, though, that's kind of the point. In your workplace, it may mean one thing, however in this context the meaning is different. It means something else entirely when you talk about network protocols, for example.
However, if you're still sure you're correct, rather than posting about it on slashdot, you might want to tell Microsoft themselves that they're using the wrong term: http://blogs.technet.com/b/msrc/archive/2011/12/28/advanced-notification-for-out-of-band-release-to-address-security-advisory-2659883.aspx
No, I believe "out-of-band" is correct, if you go by the following definition:
"In general language, out-of-band refers to communications which occur outside of a previously established communication method or channel"
The "Method or Channel" in this instance is Patch Tuesday.
No it wouldn't, there's PLENTY of obvious troll accounts on Slashdot. To be honest, it's all part of the parcel of Slashdot. The first post is generally a waste of time. The second post is usually also a waste of time, often someone trying to GET the first post. The real discussions happen further down, where the trolls can't be bothered to read.
Despite all the idiots, I still find slashdot to be a worthy place for discussion with plenty of insightful and knowledgeable people around - you just have to look for it.
"used to" being the key words there, right?
Except that weak passwords are weak because they can be brute-forced, either directly or by comparing hashes. The picture password only has a limited number of attempts before the system will prompt you for your actual password. So yes, even Microsoft are admitting that it's no substitute for a good, strong password, but they're also saying that it's not meant to be - it's a half-way between a strong password and an easy way to log in securely. For it to be a risk, someone would need access to hundreds of machines that you're logged into.
MS addressed the insecure picture idea in one of their blog posts. It's insecure if you have only one or two points of interest, but with 3 or more the security goes up quite a bit because each of the POI's has numerous things that can be attributed to them - taps, swipes from one to another in either direction and different sizes of circles. Then you have to get the order right on top of that. Yes, there are other issues for sure (Smudges, etc.) but the points of interest one isn't actually that bad.
That would be a bit unfortunate for left-handed people, who already have to deal with a lot of stuff designed for right-handed people (layouts, mice, default controls, etc.), but there's no reason why it couldn't be a configurable option - it's not like the program itself has to set the placement of UI items like that.
Interesting, that certainly makes a lot of sense. Does that mean that Flash memory isn't as susceptible to such techniques, or does it also have some form of residual data?
Also, does that mean that writing zeros numerous times is also likely not to be effective since (theoretically, at least) there will still be a difference in charge between what was once a 0 (before it was overwritten) and what was a 1? Similarly, overwriting with all zeroes and then all 1's would likely be a waste of time? Hence why you say random data would be more secure.
What I'm trying to ask is, is overwriting with zeroes multiple times less effective than overwriting with random data once?
Good point, I can't say I disagree with that.
"Everyone else" is the majority of computer users out there, i.e. Windows. I know, it sucks but no matter what way you swing it, it does have 90%+ of the desktop market. The server market is different, but who cares for UIs on a server?
I also disagree with your cascading windows suggestion, it doesn't make a huge difference because the "Exit" button is on the side of a window, all that really differs is which side. Plus, on today's widescreen monitors, the "gap" between the left and right side of the window is absolutely huge (I just tested it with about 60 open windows). You'd have to have literally hundreds and hundreds of cascading windows for that to be an issue and by that point, a different way of switching windows is probably more ideal.
However all that said, I cannot understate how much I do agree with your latter point - having the controls at the side of the window does seem to make a lot more sense. Might take some getting used to, but I can definitely see that being useful and unobtrusive, especially as vertical screen real estate is in such high demand these days.