Or support the N900 instead of the Android. It's not a totally open stack, but it's much more so than Android, and the apps also tend to be direct ports of Linux OSS. And the whole thing is less locked down to begin with.
I'm writing from one.... the "app stores" are just debian repositories, it's really an open platform... and the GUI is awesome...
I use facebook. When someone who isn't one of my friends looks at my profile, they see:
1) My name. Why else would they be looking at my profile?
2) My user photo. This isn't actually me, so I don't care. I didn't want my face up there, so I didn't put a picture of myself in.
3) My website -- actually just my flickr page, since I don't care if people find it. It's not like it has any more information about me.
4) My education and work listings. Again.. I left those up on the grounds that it would make it easier for people to find me, and I don't care if people see them.
Now they also see the list of all your FB friends. That's something I would consider private.
Do you understand how SSL works? At all? Since everything goes through the CA, the channel is secure. The CA *are* the digital signatures.
Mr anonymous coward, the question is not whether I understand SSL, but whether all updates happen through the SSL site.
Hopefully, things are designed so that the standard way for plugins to update themselves is through the addons site (protected by SSL). But even if this is the case, nothing stops an individual addon from directly connecting to some website outside of mozilla's control over http, https, or pigeon post, and updating itself from there.
All mozilla extensions on addons.mozilla.org go through a review process. Stuff might slip through, but its unlikely that unwanted behaviour in popular addons isn't noticed. The addons are distributed over SSL.
And are the updates properly secured with digital signatures? Otherwise dns poisoning or open wireless MITM is all that is needed..
typing a long, descriptive name 65 times is a bit of a PITA, and subject to its own bugs, when you misspell it a few times!
Learn to use autocomplete.
If you have autocomplete then you can probably also hover your mouse over the variable to get a little window with the documentation for it... So use that, STFU, and let me use variable names I can type reliably and possibly even pronounce.
You must not live in Britain. From everything I've heard about them, their crime is worse than America's. Admittedly, they don't get shot as much, but they get stabbed & beaten more.
It seems in the US you have 3 times more chances of being murdered than in the UK. Ordinary policemen in the UK do not even carry a gun. Under what definition of "worse", is crime in the UK worse than in the US?
Plus: non-statistical factoid. The only country in the world where I personally have been subject to armed robbery is the US (at gunpoint...).
People do NOT walk around the world indiscriminately. They avoid bad neighborhoods (...)
In the US, they do. Here in Europe mostly you can walk where the fuck you want. In none of the cities I have lived in in Europe throughout my life (and that includes some large ones), has there been a neighborhood where I was afraid to walk at night.
A "usage profile" for a user ID is also considered illegal if the user hasn't opted in or it is at least clear that the data is being collected. This is because those stats are not really anonymous. If they were, Google wouldn't be interested in them. It has been shown repeatedly that tracking back "anonymous" profiles to a RL user isn't hard if you have enough data.
So then, how can the EU legislate:
A. An American site doing this with euro user data?
I expect this would be outside the jurisdiction of EU member states.
B. A site keeping it's logs on its own and then, at a later date, transmitting them to Google?
Who owns the logs?
Would make no difference. According to the privacy protection laws we have in europe, you cannot "own" anybody's private data, and are not allowed to do practically anything with it unless the person signs a form for you, and certainly not to
send it to third parties, abroad or otherwise. So if your logs include private identifying data, you most certainly cannot ship them to google or anyone.
While you're explaining, can you tell us why DNSSEC makes the size of the DNS zones "unwieldy"?
DJB held an interesting keynote at USENIX WOOT this year, on some of the unintended side-effects of DNSSEC. Here are the slides: http://cr.yp.to/talks/2009.08.10/slides.pdf.
The biggest issue he found was that the a single, small DNS request triggers a huge DNSSEC response with lots of digital signatures
(each one of which is at least 1024 bits...). Since the requests are sent over UDP, they can be spoofed. End result? a HUGE DOS amplification effect.
Sorry to the people who have problems, but I'd have to say my system feels a lot faster now. Boots faster, and compiz with all its 3d effects are a lot smoother with on my builtin intel card than they ever were with previous releases. I am a happy karmic user:)
Same experience here. I have only upgraded a laptop so far that has an intel graphics chipset, that was pretty slow on jaunty. Intel support has been massively improved.
huge amounts of knowledge about farming, irrigation, planting techniques, home building techniques, and plumbing best practices is going to change fuck all in a place like Ethiopia when all they need is rain !
Sometimes, unfortunately, shovelling rice at them is all that can keep them alive.
The world is not neatly divided into "have an SUV" and "on the brink of starvation". The OLPC project (now rebranded to lowercase olpc according to TFA, for whatever bizarre reason) is targeted at places where children have their basic food needs fulfilled, and have a school they can go to that at least sometimes gets electricity. One of the biggest deployments is in Peru, for instance. If you feel that shoveling rice at ethiopians is the only worthy humanitarian cause, please put your time and/or money where your mouth is and do something about it.
With something like Skype, pretty much all the stuff of interest is in the protocol(and the weird stuff that it gets up to, burrowing through firewalls and being designed to be heavily resistant to inspection and so forth). The UI isn't ghastly; but it isn't very interesting.
Obviously, this is exactly why Skype would be OSSing the GUI and not the protocol binary blob; but it is also why the news isn't of much interest. As long as basically all the program's important functions depend on a binary blob you can't see what it is doing, you can't port it to other architectures, you are really no better off than if the whole thing were binary.
Well, the OSS frontend will use the binary back-end, implicitly documenting its APIs to some extent. This means that you can write your own frontend with a better GUI than the horrible one provided by skype. Better yet, one could probably write a plugin for chat/voip applications allowing them to use skype as a backend, so you won't even have to run a separate skype application anymore.
There are a couple of scenes that I found absolutely awful; totalling maybe 60 seconds out of the, what, 7 hours of movies?
For me the worst scene in the movies one is when aragorn gets dragged down the ravine by the were-thingy and everyone thinks he's dead, and no-one in the audience who is more than 2 years old believes it for a moment. Phoney. Legolas skateboarding on a shield comes a close second. And Gimly being the village idiot throughout the 3 movies is funny at times but it gets really annoying in the end.
Overall, I really liked the first 2 movies, and was extremely bored by the third one except for the Frodo-sam-and-Gollum parts.
all the features you mentioned are available with windows mobile.
Additionally, you get a lot of nice extra features, like random restarts, battery monitor that always reports full battery, battery that lasts 1 full day when you're lucky, touchscreen that sometimes responds to your touch (sometimes even to do what you want it to do!), apps that cost much more than I am willing to pay and don't do what I need, plus a generally clunky and inconsistent UI.
I have a windows mobile phone and I will NEVER make that mistake again.
And before I get flamed: I know, many of the problems I have are specific to the device, not to windows mobile, so I have also blacklisted LG for my next purchase. Still, the OS makes you feel like it's windows 98 all over *shiver*.
It varies by type, but the standard appears to be 20 years. This patent was filed in 1990.
US patents used to last 17 years from date GRANTED, and were kept secret until granted. The company requesting the patent could deliberately delay the process of getting it granted for years, so that it remained secret and was valid until later (when the market for the covered "invention" is expetcted to be bigger). With the current system, there is less secrecy and patents are valid for 20 years from date of filing. I checked one of the 4 patents in the article. It was filed in 1992 and granted in 1994, so it should be valid until 1994+17=2011. Still quite a while to go without ethernet.
Good luck solving soft handoff for a bus traveling at 45 km/h or 30 mph. It's the same reason cell phones don't work well on planes: they pass over too many cells per minute.
I once got an SMS from the operator welcoming me to switzerland, just because I was flying over the country at 10000 meters altitude...
The problem is that this is not just some buffer overflow where you can replace single function call with an equivalent function call that does a safety length check. Security holes that depend on '\0' characters in strings exploit a systematic flaw in the Windows API design: the mix of two entirely different and incompatible types of strings all over the place. The 'native NT' API uses Unicode strings with an explicit length, but the Win32 API and C/C++ libraries usually use null-terminated strings.
Who cares about their dirty (or not) implementation details? The \0 in certificates trick is a bug that was present pretty much all over the place, not just in windows. If you are an ubuntu user and you read the description of security updates when they are pushed to you, you will have seen mention of this bug in at least a dozen different updates already. Hell, today there was one for wget! I agree with the grand parent poster: taking so long to fix this on windows is inexcusable.
Stallman's a fanatic, but on the other hand, Microsoft is Microsoft. Which is to say, it's probably difficult to be too paranoid about their intentions with respect to competition.
Or in other words: just because you're paranoid, doesn't mean that someone isn't out to get you....
I second this. Orwell's 1984 should be mandatory reading for all high schoolers..
Agreed. It may not be the best novel ever in terms of character development, etc, but IMHO it is up there with Freud's interpretation of dreams in being one of those world-view shaping books of the modern age that everyone should read. I also find the whole utopian/dystopian thread rather interesting... but if that were the focus of the class a lot of other books could be included, from Gulliver's travels to Le Guin's "The Dispossessed".
That potaroo site is hopeless. It's now at 738 days. That's two days *more* than the last time this came up on slashdot a month or so ago. It's also roughly the same as it was last year, and the year before that. It predicts nothing. Their baseline assumptions are wrong, otherwise they'd at least have a figure that would go down at some rate approximating 1 day per day.
I think you misunderstand what they are trying to do. They are making predictions based on the assumption that ip assignment practices remain the same as they are now. Not because they believe there will be no changes, but because that is a meaningful prediction to make. If practices are changing, it is because scarcity is inducing the changes, and some of these changes may well have a cost.
They are not trying to be an oracle, and they adjust over time to changing practices. For instance see the comment from may 11th:
I've made a couple of changes to the prediction model to align with current RIR practices and my understanding of the manner in which the legacy B and C blocks will be managed by the RIRs.
The RIPE NCC has commenced allocations from 188.0.0.0/8 in February 2009. This is a legacy Class B block that is marked as "various". I've moved this block into the RIPE-managed address pool and used the recent allocations from this block as part of RIPE's total set of allocation in terms of demand modelling RIPE's future needs.
Also, scarcity basically increases the price of an IP address, therefore reducing the number of new addresses assigned. If you do a prediction based on current trends, the date may move forward as price increases reduce demand. But that only means that the scarcity already has a cost TODAY, not just 2 years in the future.
IPv4 Exhaustion is expected approximately 734 days from today's date. That is just about 2 years.
Right, and they have been saying two years for about 12 years now. Just like how we've been 10 years away from running out of oil for close to 40 years, and about 10 years away from commercialized fusion for about the same amount of time.
So your point of view can be summed up as: "people have cried wold before and been wrong, so resources are never going to run out?". I won't speak on cold fusion, but for both oil and IPv4 addresses, the debate is just on when. Maybe instead of hiding your head in the sand you should try to do the math, or check someone else's math. For IPv4 you may want to check out this link http://www.potaroo.net/tools/ipv4/. It currently reads: "Projected IANA Unallocated Address Pool Exhaustion: 13-Oct-2011". And as far as oil is concerned, the prediction from Hubbert in 1956 http://en.wikipedia.org/wiki/M._King_Hubbert was not that we would run out of oil in the seventies, but that the US oil extraction would reach a peak in the seventies. Time has proven him right already: http://en.wikipedia.org/wiki/File:Hubbert_US_high.svg.
I like the idea of wave to a certain extent -- but I'm sceptical about the architecture. For IM/collaobration sure -- but as a *replacement* for email/news ? Email is pretty much bulletproof, with failover, handling of temporarily downed servers etc straight out of the box.
Wave (as a protocol) seems far less scalable.
I don't know how robust/scalable it is. We will have to try and see. Anyhow I don't think it will replace email. I think it is complementary to email, and will replace some uses of email (like the endless reply-all threads that you get when collaborating on a project).
Slashdot Mirror
Or support the N900 instead of the Android. It's not a totally open stack, but it's much more so than Android, and the apps also tend to be direct ports of Linux OSS. And the whole thing is less locked down to begin with.
I'm writing from one.... the "app stores" are just debian repositories, it's really an open platform... and the GUI is awesome...
I use facebook. When someone who isn't one of my friends looks at my profile, they see: 1) My name. Why else would they be looking at my profile? 2) My user photo. This isn't actually me, so I don't care. I didn't want my face up there, so I didn't put a picture of myself in. 3) My website -- actually just my flickr page, since I don't care if people find it. It's not like it has any more information about me. 4) My education and work listings. Again.. I left those up on the grounds that it would make it easier for people to find me, and I don't care if people see them.
Now they also see the list of all your FB friends. That's something I would consider private.
Do you understand how SSL works? At all? Since everything goes through the CA, the channel is secure. The CA *are* the digital signatures.
Mr anonymous coward, the question is not whether I understand SSL, but whether all updates happen through the SSL site.
Hopefully, things are designed so that the standard way for plugins to update themselves is through the addons site (protected by SSL). But even if this is the case, nothing stops an individual addon from directly connecting to some website outside of mozilla's control over http, https, or pigeon post, and updating itself from there.
All mozilla extensions on addons.mozilla.org go through a review process. Stuff might slip through, but its unlikely that unwanted behaviour in popular addons isn't noticed. The addons are distributed over SSL.
And are the updates properly secured with digital signatures? Otherwise dns poisoning or open wireless MITM is all that is needed..
Learn to use autocomplete.
If you have autocomplete then you can probably also hover your mouse over the variable to get a little window with the documentation for it... So use that, STFU, and let me use variable names I can type reliably and possibly even pronounce.
You must not live in Britain. From everything I've heard about them, their crime is worse than America's. Admittedly, they don't get shot as much, but they get stabbed & beaten more.
First result on google for "murder rate statistics us uk":
http://www.nationmaster.com/graph/cri_mur_percap-crime-murders-per-capita
It seems in the US you have 3 times more chances of being murdered than in the UK. Ordinary policemen in the UK do not even carry a gun. Under what definition of "worse", is crime in the UK worse than in the US?
Plus: non-statistical factoid. The only country in the world where I personally have been subject to armed robbery is the US (at gunpoint...).
People do NOT walk around the world indiscriminately. They avoid bad neighborhoods (...)
In the US, they do. Here in Europe mostly you can walk where the fuck you want. In none of the cities I have lived in in Europe throughout my life (and that includes some large ones), has there been a neighborhood where I was afraid to walk at night.
A "usage profile" for a user ID is also considered illegal if the user hasn't opted in or it is at least clear that the data is being collected. This is because those stats are not really anonymous. If they were, Google wouldn't be interested in them. It has been shown repeatedly that tracking back "anonymous" profiles to a RL user isn't hard if you have enough data.
Yes it has, most recently on the netflix dataset: "Robust De-anonymization of Large Sparse Datasets" http://www.cs.utexas.edu/~shmat/shmat_oak08netflix.pdf
So then, how can the EU legislate: A. An American site doing this with euro user data?
I expect this would be outside the jurisdiction of EU member states.
B. A site keeping it's logs on its own and then, at a later date, transmitting them to Google? Who owns the logs?
Would make no difference. According to the privacy protection laws we have in europe, you cannot "own" anybody's private data, and are not allowed to do practically anything with it unless the person signs a form for you, and certainly not to send it to third parties, abroad or otherwise. So if your logs include private identifying data, you most certainly cannot ship them to google or anyone.
While you're explaining, can you tell us why DNSSEC makes the size of the DNS zones "unwieldy"?
DJB held an interesting keynote at USENIX WOOT this year, on some of the unintended side-effects of DNSSEC. Here are the slides: http://cr.yp.to/talks/2009.08.10/slides.pdf.
The biggest issue he found was that the a single, small DNS request triggers a huge DNSSEC response with lots of digital signatures (each one of which is at least 1024 bits...). Since the requests are sent over UDP, they can be spoofed. End result? a HUGE DOS amplification effect.
Sorry to the people who have problems, but I'd have to say my system feels a lot faster now. Boots faster, and compiz with all its 3d effects are a lot smoother with on my builtin intel card than they ever were with previous releases. I am a happy karmic user :)
Same experience here. I have only upgraded a laptop so far that has an intel graphics chipset, that was pretty slow on jaunty. Intel support has been massively improved.
huge amounts of knowledge about farming, irrigation, planting techniques, home building techniques, and plumbing best practices is going to change fuck all in a place like Ethiopia when all they need is rain !
Sometimes, unfortunately, shovelling rice at them is all that can keep them alive.
The world is not neatly divided into "have an SUV" and "on the brink of starvation". The OLPC project (now rebranded to lowercase olpc according to TFA, for whatever bizarre reason) is targeted at places where children have their basic food needs fulfilled, and have a school they can go to that at least sometimes gets electricity. One of the biggest deployments is in Peru, for instance. If you feel that shoveling rice at ethiopians is the only worthy humanitarian cause, please put your time and/or money where your mouth is and do something about it.
With something like Skype, pretty much all the stuff of interest is in the protocol(and the weird stuff that it gets up to, burrowing through firewalls and being designed to be heavily resistant to inspection and so forth). The UI isn't ghastly; but it isn't very interesting. Obviously, this is exactly why Skype would be OSSing the GUI and not the protocol binary blob; but it is also why the news isn't of much interest. As long as basically all the program's important functions depend on a binary blob you can't see what it is doing, you can't port it to other architectures, you are really no better off than if the whole thing were binary.
Well, the OSS frontend will use the binary back-end, implicitly documenting its APIs to some extent. This means that you can write your own frontend with a better GUI than the horrible one provided by skype. Better yet, one could probably write a plugin for chat/voip applications allowing them to use skype as a backend, so you won't even have to run a separate skype application anymore.
As a counterpoint, I submit LOTR.
There are a couple of scenes that I found absolutely awful; totalling maybe 60 seconds out of the, what, 7 hours of movies?
For me the worst scene in the movies one is when aragorn gets dragged down the ravine by the were-thingy and everyone thinks he's dead, and no-one in the audience who is more than 2 years old believes it for a moment. Phoney. Legolas skateboarding on a shield comes a close second. And Gimly being the village idiot throughout the 3 movies is funny at times but it gets really annoying in the end.
Overall, I really liked the first 2 movies, and was extremely bored by the third one except for the Frodo-sam-and-Gollum parts.
all the features you mentioned are available with windows mobile.
Additionally, you get a lot of nice extra features, like random restarts, battery monitor that always reports full battery, battery that lasts 1 full day when you're lucky, touchscreen that sometimes responds to your touch (sometimes even to do what you want it to do!), apps that cost much more than I am willing to pay and don't do what I need, plus a generally clunky and inconsistent UI.
I have a windows mobile phone and I will NEVER make that mistake again.
And before I get flamed: I know, many of the problems I have are specific to the device, not to windows mobile, so I have also blacklisted LG for my next purchase. Still, the OS makes you feel like it's windows 98 all over *shiver*.
It varies by type, but the standard appears to be 20 years. This patent was filed in 1990.
US patents used to last 17 years from date GRANTED, and were kept secret until granted. The company requesting the patent could deliberately delay the process of getting it granted for years, so that it remained secret and was valid until later (when the market for the covered "invention" is expetcted to be bigger). With the current system, there is less secrecy and patents are valid for 20 years from date of filing. I checked one of the 4 patents in the article. It was filed in 1992 and granted in 1994, so it should be valid until 1994+17=2011. Still quite a while to go without ethernet.
Good luck solving soft handoff for a bus traveling at 45 km/h or 30 mph. It's the same reason cell phones don't work well on planes: they pass over too many cells per minute.
I once got an SMS from the operator welcoming me to switzerland, just because I was flying over the country at 10000 meters altitude...
He says as he posts on an ad supported website...
There are ads on the internet? I forgot about that...
(this post was enabled by firefox+adblock)
The problem is that this is not just some buffer overflow where you can replace single function call with an equivalent function call that does a safety length check. Security holes that depend on '\0' characters in strings exploit a systematic flaw in the Windows API design: the mix of two entirely different and incompatible types of strings all over the place. The 'native NT' API uses Unicode strings with an explicit length, but the Win32 API and C/C++ libraries usually use null-terminated strings.
Who cares about their dirty (or not) implementation details? The \0 in certificates trick is a bug that was present pretty much all over the place, not just in windows. If you are an ubuntu user and you read the description of security updates when they are pushed to you, you will have seen mention of this bug in at least a dozen different updates already. Hell, today there was one for wget! I agree with the grand parent poster: taking so long to fix this on windows is inexcusable.
Stallman's a fanatic, but on the other hand, Microsoft is Microsoft. Which is to say, it's probably difficult to be too paranoid about their intentions with respect to competition.
Or in other words: just because you're paranoid, doesn't mean that someone isn't out to get you....
I second this. Orwell's 1984 should be mandatory reading for all high schoolers. .
Agreed. It may not be the best novel ever in terms of character development, etc, but IMHO it is up there with Freud's interpretation of dreams in being one of those world-view shaping books of the modern age that everyone should read. I also find the whole utopian/dystopian thread rather interesting... but if that were the focus of the class a lot of other books could be included, from Gulliver's travels to Le Guin's "The Dispossessed".
That potaroo site is hopeless. It's now at 738 days. That's two days *more* than the last time this came up on slashdot a month or so ago. It's also roughly the same as it was last year, and the year before that. It predicts nothing. Their baseline assumptions are wrong, otherwise they'd at least have a figure that would go down at some rate approximating 1 day per day.
I think you misunderstand what they are trying to do. They are making predictions based on the assumption that ip assignment practices remain the same as they are now. Not because they believe there will be no changes, but because that is a meaningful prediction to make. If practices are changing, it is because scarcity is inducing the changes, and some of these changes may well have a cost.
They are not trying to be an oracle, and they adjust over time to changing practices. For instance see the comment from may 11th:
I've made a couple of changes to the prediction model to align with current RIR practices and my understanding of the manner in which the legacy B and C blocks will be managed by the RIRs.
The RIPE NCC has commenced allocations from 188.0.0.0/8 in February 2009. This is a legacy Class B block that is marked as "various". I've moved this block into the RIPE-managed address pool and used the recent allocations from this block as part of RIPE's total set of allocation in terms of demand modelling RIPE's future needs.
Also, scarcity basically increases the price of an IP address, therefore reducing the number of new addresses assigned. If you do a prediction based on current trends, the date may move forward as price increases reduce demand. But that only means that the scarcity already has a cost TODAY, not just 2 years in the future.
Right, and they have been saying two years for about 12 years now. Just like how we've been 10 years away from running out of oil for close to 40 years, and about 10 years away from commercialized fusion for about the same amount of time.
So your point of view can be summed up as: "people have cried wold before and been wrong, so resources are never going to run out?". I won't speak on cold fusion, but for both oil and IPv4 addresses, the debate is just on when. Maybe instead of hiding your head in the sand you should try to do the math, or check someone else's math. For IPv4 you may want to check out this link http://www.potaroo.net/tools/ipv4/. It currently reads: "Projected IANA Unallocated Address Pool Exhaustion: 13-Oct-2011". And as far as oil is concerned, the prediction from Hubbert in 1956 http://en.wikipedia.org/wiki/M._King_Hubbert was not that we would run out of oil in the seventies, but that the US oil extraction would reach a peak in the seventies. Time has proven him right already: http://en.wikipedia.org/wiki/File:Hubbert_US_high.svg.
(...) And make sure people don't use the same passwords for your critical servers and their external bank accounts and web services. (...)
Good advice. But how exactly do I make sure?
I like the idea of wave to a certain extent -- but I'm sceptical about the architecture. For IM/collaobration sure -- but as a *replacement* for email/news ? Email is pretty much bulletproof, with failover, handling of temporarily downed servers etc straight out of the box.
Wave (as a protocol) seems far less scalable.
I don't know how robust/scalable it is. We will have to try and see. Anyhow I don't think it will replace email. I think it is complementary to email, and will replace some uses of email (like the endless reply-all threads that you get when collaborating on a project).