There's a big difference between lowering people's throughput during peak usage hours and cutting them off entirely after a certain consumption level. The former is quite reasonable and akin to a traffic jam - everyone is trying to use a limited resource at the same time which just doesn't work. The latter doesn't translate to a car analogy very well but is along the lines of disabling vehicles after a certain distance was traveled no matter how much fuel remains or what road usage looks like.
First, bcrypt requires a salt. Second, not everyone knows enough about security to do that (and not all of the cheap fly-by-night hosting solutions have the necessary extensions compiled - everything has md5/sha1), so I'd rather have a salted password and a crappy hash than nothing at all.
Either way, Sony should know better - as should any company with at least one salaried developer.
That's also relatively easy to block on the server side, since all of the requests will have the same referrer. Plus with some framebusting code, you can really screw with the website that's being used as the attack vector.
That's the problem I have - except I'm backing up ~2TB of media. I luckily haven't received any sort of rude notes from Comcast and I've uploaded way more than 250GB this month (I started about three weeks ago and I'm almost halfway done!) - presumably because it's all going over port 443 instead of some random bittorrent port. The biggest problem for me right now is upload speed. Even if I were caught up, I can easily create 5-10+GB of content in a day through photography and that alone will usually take a couple days up upload.
Isn't "fun" supposed to be the defining characteristic of a game? If I was interested in artistic merit, I'd go to a gallery or museum. At least for me, games are entirely about being enjoyable, and Valve's games very often excel at that.
Does that make it "special"? Apparently not, but that's also a remarkably vague and subjective term.
No kidding. It's very easy to unlink computers from your account - https://www.dropbox.com/account#manage (when you're logged in, of course). It even tells you the last activity from that system. However, it will not destroy the local copies of the file, which would be a good option to provide when unlinking systems - a remote wipe of sorts.
At least if an attacker starts modifying your files, it has file history to revert to an uncompromised version, if it helps. And OS X systems at least also let you use growl notifications when files are added, changed, or removed (not sure if Win/Linux have something similar).
They probably could do better with notifications overall though. When dealing with (potentially) sensitive data, it's a good idea to email users when that info has changed - email addresses or credit cards added to or deleted from account, new system added to sync rotation, etc. Password reset notifications should go out to all emails linked to the account just in case. It's infrequent enough that I'd tolerate the spam for the extra peace of mind.
And it's none of the state's business to collect taxes on something I bought from another state, which is Amazon's completely valid argument. One could argue that they should be collecting taxes on the state from which the item is shipping since there's the obvious physical presence (this would more closely mimic what happens when I buy an item at retail), but I think sales tax is bullshit to begin with since the state is providing no value to either the buyer or the seller, other than merely existing.
I can google for that comment and run the command faster than I can even open Photoshop. That probably holds true even if I don't have mogrify installed.
He's making the assumption that 'editing' == 'modifying'. Which is true in the same that f(x) != x, and that bytes changed. By any rational standard, editing is something inherently visual and thus ill-suited to the command line. Batch processing actions (watermarking, scaling, cropping, arguably sharpening, etc.) just happen. It's the difference between shrinking a document by zipping the file versus reading through it and removing unnecessary content. If a human is required, it's editing.
Adobe applies way more DRM than most companies - it's just really easy to get around if you know what you're doing. Like most DRM implementations, it only really hampers the people who have paid for the software. The rest of us spent fifteen seconds sending requests to adobe's activation servers to the void thanks to a couple entries in/etc/hosts.
I will immediately skip over resumes that mention dreamweaver. Vim and firebug, on the other hand, will go to the top of the pile. In both cases this isn't because of the choice of tool, but because past experience has told me that people that advertise dreamweaver skills on their resume are completely unsuitable for any job position I have open. Gimp vs photoshop is a wash (although I'm weary of the typical "zomg use gimp, it's open source!!!!" neckbeards). I look at what you create rather than how you create it - I'd take a really smart python/perl/ruby/other programmer over a crappy PHP programmer any day, despite the fact that our codebase is 99% PHP.
Of course, I'm a developer so I actually have useful standards for who I hire. You know - thought processes, reasoning, and results, rather than being a perfect replacement cog for the guy that just left.
To be honest, either you're overestimating your abilities or applying to the wrong kinds of companies. Probably the former (that's not meant as an attack at all, just an observation as someone that is part of making hiring decisions)
Exactly - copyleft is simply a (rather oddly named) type of license for copyrighted material. If you want to go all the way with open source by relinquishing copyright and releasing it to the public domain, you're giving up all rights on setting terms on how your code should be used.
Copyrights are not bad things. Companies lobbying for infinite copyright length *cough*disney*cough* so that they can sit around and profit from decades-old content and not innovate or even produce new material are bad things. Never mind the whole cultural contribution aspect of copyright expiration.
At least patents expire - although in software years they might as well go on forever. That's my biggest beef with (non-obvious) software patents in particular - the length of a patent term does not correspond with the useful lifetime of the product or its industry.
Without specialized equipment, strobes throw a relatively wide beam (even when the head is zoomed for strobes that support focusing, which is almost all of them these days). Very effective from five feet away, mostly just annoying from twenty or more. Of course I've seen thirty strobes discharged at full power simultaneously which is only slightly brighter than a nuclear blast (that photo was with them dialed down to probably 1/128, the full power version was solid pure white), but that's not exactly practical for use as a handheld LTL weapon. Sounds like this is far more focused - not to laser precision, but at least on the level of stage spotlight (relative to the actual size of the light source).
Of course, that whole massive procedure around three-factor authentication goes to hell when the first guy holds the door open for the two people standing behind him. The biggest issue always has and will likely always be social - the person walking around in a jumpsuit with a toolbelt will, in almost all locations, be assumed to be on the maintenance staff and will go completely unquestioned as he attaches mystery devices to the network wiring. Basically, the sooner that we're taken over by the machines, the sooner we can finally have effective security.
I hope you never use any form of public transportation. If you've ever flown, you've put your life in the pilot's hands (and chances are that you were not the pilot). Sure - we could all get our pilots licenses and take cessnas everywhere for our longer-range travel, but I'd trust the two highly-trained professionals in the cockpit to fly much safer than a bunch of random people with extra cash that spent a few months learning to fly. In the same way that commercial pilots are paid to know all of the safety precautions to take and the emergency procedures in the event that something goes wrong, so are the people designing software for self-driving cars.
As someone that designs and builds complicated software that needs to handle tons of bizarre edge cases and unexpected conditions I know this is no small undertaking, but it's my job to handle those situations and design everything in a way that it can fail safely in the event of a new unexpected condition. And because it's my full-time job rather than something I do a few hours every week, I'm going to do it much better than the majority of people. The only difference here is that what I build won't put people's lives in danger if it screws up, but the principles are still the same.
Which is great until you realize that your production environment runs on a case-sensitive filesystem, while you've been developing on HFS+ which is not case-sensitive*. Or something equally stupid which causes immediate fatal errors on your next deployment. Yes, I've been bitten by this several times. My company has all developers working out of VMs that are configured identically to our production environment (OS, software, yum repos, etc) for this reason. I can even use our standard deployment mechanisms locally and not destroy my system's crontab because even that's virtualized.
* By default. And there's a ton of OS X software that was written sloppily, so setting up your boot drive on case-sensitive HFS+ is basically pointless. I suppose you could set up a case-sensitive partition or drive and develop against that, but you might as well virtualize everything else at that point anyway, since something else inevitably won't line up.
Not to mention that not everyone wants to live in a city. My dad commutes an hour each way to/from work simply because my parents wanted to live somewhere rural and quiet, and actually have some land. Both my brother and I are out of school so that's irrelevant; it has nothing to do with the practicality of living in a city. A lot of people just hate that kind of environment. If they wanted to live near the office they could afford to do so, they just don't want that.
A better investment would be improving other infrastructure so that telecommuting is more practical. Maybe not five days a week (for most people, it's very hard to keep on task without spending at least a day a week in the office), but even if it's only useful one day a week you're still removing 20% of the commuting. Never mind that people will be happier because they can spend more time with their kids/spouses/etc, not wasting their own time driving around, and can avoid at least some office politics. And, oh yeah, we have better communications infrastructure, which helps us stay relevant to the rest of the world.
And right now, I have the power of 20-years-ago supercomputers on my cell phone. I'd have happily made the same argument then as you're making now, but obviously programmers will find new and creative ways to write inefficient code that does pointless stuff in order to use the newly available resources. Ever notice that computers never seem to feel subjectively faster, despite the fact they've improved by three orders of magnitude in clock speed, available memory, etc? The only upgrade I've ever performed that gave a noticeably faster feel to any system was moving to an SSD, and even that's not magic.
Depends on your intentions. If you were going to buy it anyway at full price, then you are saving money - although obviously more in an opportunity cost sense than a savings account sense. If you wanted to buy it but weren't willing to pay the normal price, then you were just doing the free market thing. If you bought it simply because it was being sold at a discount, then I've got a piece of land in which you might be interested.
400%? That doesn't sound right. Maybe we've improved our algorithms significantly since then, but I tend to hear anywhere from "rounding error" (probably hardware support) to 30-40% increase.
I got an addon that tries to force SSL where available, and it's surprising so many sites that doesn't have SSL enabled at all.
Well, SSL is not free in any sense. There's some amount of overhead simply in the encryption, of course. If you're running multiple sites from one machine (read: any shared hosting plan), you need a dedicated IP per SSL site* which costs extra. Then there's the cost of the certificate itself**, and the initial process of setting it up. And once you have the technical side of things configured, you still need to make sure that ALL resources on the page are coming in over https as well, which is easier said than done especially if you rely on any third-party scripts (primarily analytics).
Don't get me wrong - I would love to have everything on the internet running over SSL. But under the current infrastructure, it's simply not practical. Unfortunately, it's not as simple as flipping a switch.
* There's some weird multi-domain certificate chaining thing you can do to avoid this, but it's not fully cross-browser compatible and is a huge pain to set up. Granted it's not an easy problem to solve unless you want to spew out certificates for all sites listening on that IP (thereby exposing all sites listening on that IP, never mind the overhead), but it still sucks. Bring on IPv6 already so I don't have to pay an extra two bucks a month per IP per server - it's fine for my "real" sites, but that's not happening for all of my personal sites sitting on a single $11/mo cloud server.
** Yes, I'm aware of StartSSL and other services that provide free basic certs. Most people are not. Self-signing is fine from a security standpoint (or, at least, good enough for the types of sites that would use it), but with all of the browser warnings that come along with it, rather impractical.
Slashdot Mirror
There's a big difference between lowering people's throughput during peak usage hours and cutting them off entirely after a certain consumption level. The former is quite reasonable and akin to a traffic jam - everyone is trying to use a limited resource at the same time which just doesn't work. The latter doesn't translate to a car analogy very well but is along the lines of disabling vehicles after a certain distance was traveled no matter how much fuel remains or what road usage looks like.
First, bcrypt requires a salt. Second, not everyone knows enough about security to do that (and not all of the cheap fly-by-night hosting solutions have the necessary extensions compiled - everything has md5/sha1), so I'd rather have a salted password and a crappy hash than nothing at all.
Either way, Sony should know better - as should any company with at least one salaried developer.
That's also relatively easy to block on the server side, since all of the requests will have the same referrer. Plus with some framebusting code, you can really screw with the website that's being used as the attack vector.
That's the problem I have - except I'm backing up ~2TB of media. I luckily haven't received any sort of rude notes from Comcast and I've uploaded way more than 250GB this month (I started about three weeks ago and I'm almost halfway done!) - presumably because it's all going over port 443 instead of some random bittorrent port. The biggest problem for me right now is upload speed. Even if I were caught up, I can easily create 5-10+GB of content in a day through photography and that alone will usually take a couple days up upload.
Isn't "fun" supposed to be the defining characteristic of a game? If I was interested in artistic merit, I'd go to a gallery or museum. At least for me, games are entirely about being enjoyable, and Valve's games very often excel at that.
Does that make it "special"? Apparently not, but that's also a remarkably vague and subjective term.
No kidding. It's very easy to unlink computers from your account - https://www.dropbox.com/account#manage (when you're logged in, of course). It even tells you the last activity from that system. However, it will not destroy the local copies of the file, which would be a good option to provide when unlinking systems - a remote wipe of sorts.
At least if an attacker starts modifying your files, it has file history to revert to an uncompromised version, if it helps. And OS X systems at least also let you use growl notifications when files are added, changed, or removed (not sure if Win/Linux have something similar).
They probably could do better with notifications overall though. When dealing with (potentially) sensitive data, it's a good idea to email users when that info has changed - email addresses or credit cards added to or deleted from account, new system added to sync rotation, etc. Password reset notifications should go out to all emails linked to the account just in case. It's infrequent enough that I'd tolerate the spam for the extra peace of mind.
And it's none of the state's business to collect taxes on something I bought from another state, which is Amazon's completely valid argument. One could argue that they should be collecting taxes on the state from which the item is shipping since there's the obvious physical presence (this would more closely mimic what happens when I buy an item at retail), but I think sales tax is bullshit to begin with since the state is providing no value to either the buyer or the seller, other than merely existing.
Better than the daily ones from the men.
I can google for that comment and run the command faster than I can even open Photoshop. That probably holds true even if I don't have mogrify installed.
He's making the assumption that 'editing' == 'modifying'. Which is true in the same that f(x) != x, and that bytes changed. By any rational standard, editing is something inherently visual and thus ill-suited to the command line. Batch processing actions (watermarking, scaling, cropping, arguably sharpening, etc.) just happen. It's the difference between shrinking a document by zipping the file versus reading through it and removing unnecessary content. If a human is required, it's editing.
Adobe applies way more DRM than most companies - it's just really easy to get around if you know what you're doing. Like most DRM implementations, it only really hampers the people who have paid for the software. The rest of us spent fifteen seconds sending requests to adobe's activation servers to the void thanks to a couple entries in /etc/hosts.
Sorry, what now?
I will immediately skip over resumes that mention dreamweaver. Vim and firebug, on the other hand, will go to the top of the pile. In both cases this isn't because of the choice of tool, but because past experience has told me that people that advertise dreamweaver skills on their resume are completely unsuitable for any job position I have open. Gimp vs photoshop is a wash (although I'm weary of the typical "zomg use gimp, it's open source!!!!" neckbeards). I look at what you create rather than how you create it - I'd take a really smart python/perl/ruby/other programmer over a crappy PHP programmer any day, despite the fact that our codebase is 99% PHP.
Of course, I'm a developer so I actually have useful standards for who I hire. You know - thought processes, reasoning, and results, rather than being a perfect replacement cog for the guy that just left.
To be honest, either you're overestimating your abilities or applying to the wrong kinds of companies. Probably the former (that's not meant as an attack at all, just an observation as someone that is part of making hiring decisions)
Exactly - copyleft is simply a (rather oddly named) type of license for copyrighted material. If you want to go all the way with open source by relinquishing copyright and releasing it to the public domain, you're giving up all rights on setting terms on how your code should be used.
Copyrights are not bad things. Companies lobbying for infinite copyright length *cough*disney*cough* so that they can sit around and profit from decades-old content and not innovate or even produce new material are bad things. Never mind the whole cultural contribution aspect of copyright expiration.
At least patents expire - although in software years they might as well go on forever. That's my biggest beef with (non-obvious) software patents in particular - the length of a patent term does not correspond with the useful lifetime of the product or its industry.
Without specialized equipment, strobes throw a relatively wide beam (even when the head is zoomed for strobes that support focusing, which is almost all of them these days). Very effective from five feet away, mostly just annoying from twenty or more. Of course I've seen thirty strobes discharged at full power simultaneously which is only slightly brighter than a nuclear blast (that photo was with them dialed down to probably 1/128, the full power version was solid pure white), but that's not exactly practical for use as a handheld LTL weapon. Sounds like this is far more focused - not to laser precision, but at least on the level of stage spotlight (relative to the actual size of the light source).
Of course, that whole massive procedure around three-factor authentication goes to hell when the first guy holds the door open for the two people standing behind him. The biggest issue always has and will likely always be social - the person walking around in a jumpsuit with a toolbelt will, in almost all locations, be assumed to be on the maintenance staff and will go completely unquestioned as he attaches mystery devices to the network wiring. Basically, the sooner that we're taken over by the machines, the sooner we can finally have effective security.
I hope you never use any form of public transportation. If you've ever flown, you've put your life in the pilot's hands (and chances are that you were not the pilot). Sure - we could all get our pilots licenses and take cessnas everywhere for our longer-range travel, but I'd trust the two highly-trained professionals in the cockpit to fly much safer than a bunch of random people with extra cash that spent a few months learning to fly. In the same way that commercial pilots are paid to know all of the safety precautions to take and the emergency procedures in the event that something goes wrong, so are the people designing software for self-driving cars.
As someone that designs and builds complicated software that needs to handle tons of bizarre edge cases and unexpected conditions I know this is no small undertaking, but it's my job to handle those situations and design everything in a way that it can fail safely in the event of a new unexpected condition. And because it's my full-time job rather than something I do a few hours every week, I'm going to do it much better than the majority of people. The only difference here is that what I build won't put people's lives in danger if it screws up, but the principles are still the same.
That said, I'd still wait for v2.
goatse warning :(
Which is great until you realize that your production environment runs on a case-sensitive filesystem, while you've been developing on HFS+ which is not case-sensitive*. Or something equally stupid which causes immediate fatal errors on your next deployment. Yes, I've been bitten by this several times. My company has all developers working out of VMs that are configured identically to our production environment (OS, software, yum repos, etc) for this reason. I can even use our standard deployment mechanisms locally and not destroy my system's crontab because even that's virtualized.
* By default. And there's a ton of OS X software that was written sloppily, so setting up your boot drive on case-sensitive HFS+ is basically pointless. I suppose you could set up a case-sensitive partition or drive and develop against that, but you might as well virtualize everything else at that point anyway, since something else inevitably won't line up.
Not to mention that not everyone wants to live in a city. My dad commutes an hour each way to/from work simply because my parents wanted to live somewhere rural and quiet, and actually have some land. Both my brother and I are out of school so that's irrelevant; it has nothing to do with the practicality of living in a city. A lot of people just hate that kind of environment. If they wanted to live near the office they could afford to do so, they just don't want that.
A better investment would be improving other infrastructure so that telecommuting is more practical. Maybe not five days a week (for most people, it's very hard to keep on task without spending at least a day a week in the office), but even if it's only useful one day a week you're still removing 20% of the commuting. Never mind that people will be happier because they can spend more time with their kids/spouses/etc, not wasting their own time driving around, and can avoid at least some office politics. And, oh yeah, we have better communications infrastructure, which helps us stay relevant to the rest of the world.
The "you must be 13" thing is because of COPPA. The companies don't care in the slightest, they just don't want to deal with the regulatory junk.
Also, why the hell does a kid that young need a cell phone? Tell him to go outside and play in the dirt.
And right now, I have the power of 20-years-ago supercomputers on my cell phone. I'd have happily made the same argument then as you're making now, but obviously programmers will find new and creative ways to write inefficient code that does pointless stuff in order to use the newly available resources. Ever notice that computers never seem to feel subjectively faster, despite the fact they've improved by three orders of magnitude in clock speed, available memory, etc? The only upgrade I've ever performed that gave a noticeably faster feel to any system was moving to an SSD, and even that's not magic.
Yeah, but being sued is both time consuming and expensive.
Depends on your intentions. If you were going to buy it anyway at full price, then you are saving money - although obviously more in an opportunity cost sense than a savings account sense. If you wanted to buy it but weren't willing to pay the normal price, then you were just doing the free market thing. If you bought it simply because it was being sold at a discount, then I've got a piece of land in which you might be interested.
400%? That doesn't sound right. Maybe we've improved our algorithms significantly since then, but I tend to hear anywhere from "rounding error" (probably hardware support) to 30-40% increase.
I got an addon that tries to force SSL where available, and it's surprising so many sites that doesn't have SSL enabled at all.
Well, SSL is not free in any sense. There's some amount of overhead simply in the encryption, of course. If you're running multiple sites from one machine (read: any shared hosting plan), you need a dedicated IP per SSL site* which costs extra. Then there's the cost of the certificate itself**, and the initial process of setting it up. And once you have the technical side of things configured, you still need to make sure that ALL resources on the page are coming in over https as well, which is easier said than done especially if you rely on any third-party scripts (primarily analytics).
Don't get me wrong - I would love to have everything on the internet running over SSL. But under the current infrastructure, it's simply not practical. Unfortunately, it's not as simple as flipping a switch.
* There's some weird multi-domain certificate chaining thing you can do to avoid this, but it's not fully cross-browser compatible and is a huge pain to set up. Granted it's not an easy problem to solve unless you want to spew out certificates for all sites listening on that IP (thereby exposing all sites listening on that IP, never mind the overhead), but it still sucks. Bring on IPv6 already so I don't have to pay an extra two bucks a month per IP per server - it's fine for my "real" sites, but that's not happening for all of my personal sites sitting on a single $11/mo cloud server.
** Yes, I'm aware of StartSSL and other services that provide free basic certs. Most people are not. Self-signing is fine from a security standpoint (or, at least, good enough for the types of sites that would use it), but with all of the browser warnings that come along with it, rather impractical.