Ironically enough, this is very much the goal of the next release of Windows Internet Explorer. IE9's very minimalist UI is designed to "let the page content shine through" or some such, and get out of the user's way as much as possible.
I'd prefer a bit more customizability in the UI, as I feel they took out more than I like, but it's only in beta and it does do a fantastic job of maximizing screen real-estate for page content.
I applied to eight universities. Two rejected me, two waitlisted me then eventually said no, the other 4 said yes. Two of the Yes schools offered substantial incentives (monetary and otherwise) to attend. My SAT scores (98th percentile overall) ranged from third quartile (UC Berkley as an out-of-state, second quartile if I'd been in-state - they rejected me) to 99th percentile (my safety school, a relatively well-regarded state university that threw every scholarship they could find at me). So yeah, some people do this whole "cast a wide net, and expect that you'll get rejected a few times" approach.
Most of my peers, at the university I neded up attending (one of the top 10 CS programs in the USA), had applied to at most three schools. Some had applied to only this one. A few others had also applied to a safety school where they were a complete shoe-in. Almost nobody else applied to more than five. I was very surprised, but apparently my approach was quite uncommon.
"I agree that C is really nice from K&R, but why not go for the original, i.e. Fortran?"
It's a newer language with a lot of advantages (libraries, interoperability with other code, performance, modernized syntax), is cross-platform (Mono is an officially supported runtime), and is well-supported. OCaml isn't going to just vanish, and for legacy reasons will still get lots of use for a long time, but for a new project using F# makes a lot of sense if you want a ML-derived functional language.
Early versions of the JVM used bytecode interpretation, and were excruciatingly slow..NET has been, since its inception, JIT-compiled to native code before first execution, with pretty good optimization, resulting in performance comparable to C++. The Java runtime environment has also been using JIT compilation for years now, and as a result the JRE is about the same speed as.NET and the slowness of the JVM is a thing of the past. However, people still *remember* that slowness, and.NET never went through that phase.
You're presumably referring to PatchGuard, the protection Microsoft implemented on the x64 version of the Vista kernel (about 4 years ago, actually). Symantec and McAfee threw hissy-fits over the inclusion of anti-rootkit protection that also happened to block their rootkit-like method of hooking into the kernel. After much whining and threatening of lawsuits, MS relaxed the protections such that the kernel could still be modified, provided the modifying code had a trusted digital signature. This is a lot weaker, but it did appease the giants of the AV world.
Interestingly, Trend Micro just went and implemented their next antivirus release to use the new kernel API that Microsoft had released specifically to allow AV to work despite Patchguard. Trend Micro's PC-Cillin was working on Vista x64 long before MS weakened PatchGuard, back when the Symantec and McAfee were running crying to their lawyers. For a couple years, I recommended PC-Cillin on the simple basis of Trend Micro apparently being able to find its ass without the use of both hands and a guiderail.
Um, bullshit. They aren't bundling anything. This is nothing like what was done with IE. They're including an optional download link, in the same place that they include links to Silverlight and Live Essentials tools like Movie Maker. They aren't changing any default configurations, or making available anything that wasn't available before.
Mind you, I disagree that AV is a critical part of security. It has its place as a defense-in-depth component, but AV really doesn't actually protect a knowledgeable user. It's reactive, more analogous to first aid than to armor on the battlefied of computer security. If it's useful at all, soemthing has already gone wrong.
The only AV alerts I get are for browser ad scripts that wouldn't be able to run anyhow. The only time I actually lost a system to virus infection I was about 10 and had just gotten broadband (well, faster-than-dialup) for the first time, knew nothing about computer security, and was on an OS with no inherent security features (unlike modern Windows versions).
Internet Explorer is already an optional feature, just enabled by default on most builds. Systems that don't have it can already get it as an optional download. New versions are already available as an optional update on Windows Update. How exactly is adding one more optional update supposed to be a problem? It doesn't install automatically or anything.
It's an optional update, which means it won't actually autmoatically install. The user has to manually check for updates and select the optional ones they want.
It's also a really stupid thing to complain about, as if providing another avenue for downloading MSE is really changing anything. It's on the web; Windows comes with a web browser. It's one of the options recommended by Security Center for systems without AV. It's free no matter how you get it; they aren't adding cutting the cost or letting some people avoid some loophole to get it.
I've yet to see anybody crying foul about MS making their "Live Essentials" suite (movie maker, live messenger, mesh, etc.) available as an optional download, even though there are commercial products that compete with most if not all of those programs.
Not really. This accelerates learning, but doesn't actually increase skill. Somebody learning to play chess with one of these running would pick up the game much faster, and would be better than other people at his or her experience level. Somebody who already knows the game, no matter how they learned it initially, is going to be much less effected. Maybe they'd learn to adapt to their opponent's strategies faster or something, but it sounds like this just saves you some time learning, rather than actually granting a competitive advantage among people who've already learned.
C# borrows heavily from Java, but also from C++ (syntax, destructors, something loosely approximating function pointers, and address-bassed memory access (true pointers, buffers, etc. - if you want them).
It already is officially supported on Mono; I don't know why you'd feel it needs to be ported. Might be worth doing for fun, but you can already run F# on pretty much all mainstream OSes, not just Windows.
Interesting that your laptop is taking so long to wake up from sleep. Is it a clean install, an OEM image, or an upgrade? For me, Win7 resumes from sleep before my monitor is fully open (on my laptop) and about one second after I move the mouse (on my desktop).
It might just be a BIOS problem, I suppose... but as I understand it, instant resume from sleep was one of the major goals for Win7, and for me it works quite well.
As I understand it, Chrome OS is intended to be used on netbooks. Thus, for purposes of web browsing, it seems much more useful to me than an iPad.
The question in my mind is not how Chrome OS will compete with iPads, but how it will compete with traditional netbooks. Longer battery life? Lower hardware requirements? Cheaper licensing costs? Better UI for the form factor? Both Windows and (traditional) Linux have downsides on netbooks, but they're fantastically popular all the same.
Ok, the other question is why pointing out that an iPad is not very useful to somebody who wants to do more than simply consume content due to its lack of a keyboard is considered flamebait, but whatever.
Background gradients are a feature being highlighted in platform preview 6, which is a newer version of Trident than found in EI9 beta 1. While I'm personally not a fan of adding features to a product after it hits beta, it seems that the IE team (like much of the rest of the industry) is willing to do so.
Many of us, including those of us who post to Slashdot, find a hardware keyboard to be useful when browsing the web. I really dislike trying to use an iPad for anyything much beyond a vastly overpriced digital picture viewer.
Apple doesn't directly compete in this market - they have no computing devices this cheap except for the iPod Touch - but that doesn't mean they're immune. The market for the iPad could be eroded by this, for example. I still have trouble understanding the market for the MacBook Air (I've seen a lot more iPads than MBAirs, despite the difference in how long each has been out) so I'm not sure whether they'll be any impact there.
MS definitely has reason to be concerned, of course, though they've been very successful at getting Windows on netbooks. The first netbooks almost exclusively ran Linux, these days you have to hunt specifically for a Linux one. Chrome OS may manage to oust Windows (mostly Win7 these days) in that market, but I wouldn't count on it.
Random side note: why does Slashdot's CSS not use the standards-compliant border-*-radius CSS property on most pages? It's present on comments.pl, which means I get rounded corners if I click directly on a comment. It's not present on the home page or the story pages, though.
Some quick searching with the dev tools reveals part of the issue: instead of core-tidied.css (which has the correct property), I'm getting idlecore-tidied.css (even though I'm not on idle...) which lacks it. Very odd.
This is not entirely accurate. Firesheep operates in the application layer, not in ring 0. This means it can only access information directed to it from the kernel. The relevant point is that your network interface will throw away anything that isn't addressed to it, and only pass up information that is specifically addressed to your computer or is send in broadcast. None of the stuff you described is sent using broadcast packets (broadcast requires UDP, not TCP, anyhow). So, although your network card can technically "hear" all the traffic, programs like Firesheep would normally have no idea.
The trick is that Firesheep uses techniques like ARP (Address Routing Protocol) Poisoning to trick the router into sending other computer's traffic to your computer. Since those packets are now addressed to your machine, the kernel passes them up to the application layer, Firesheep receives them, and cookies are found. The end result is the same - everything that every computer sends ends up flowing through your system - but it's not because all that traffic is being sent out to all other computers.
There's a difference between reading data that is sent to your computer by design, and intercepting data and reading it. You described the former. Firesheep does the latter.
Believe me, there are a lot of people who work at MS who would like that to. I wouldn't be surprised if somebody has already written a worm that does approximately that. I suppose the lawyers woudl disapprove, though.
Um no, it really doesn't "remain to be seen" at all. The very first preview of IE9 (10 months ago, now) had CSS rounded corners, for example.
You could always try out the tests on http://ie.microsoft.com/testdrive/Default.html in your browser of choice. They all work on IE9, and usually better (faster, smoother, or without layout issues) than on other browsers. All browsers, even IE8, can do some of the stuff there, but all other browsers have issues with some parts.
That's not to say IE9 doesn't still have issues with soem things that other browsers do fine, because it does. For example, I don't think it has WebSockets. However, it's still not only a huge step up from earlier versions, it's also better than its competitors in many areas.
Actually, it does slightly - mostly due to the havy use of JavaScript, and the far-faster JS engine in Trident 5. It still doesn't look as "pretty" as on some other browsers (Slashdot's rounded corners code is non-standard and only works on some browsers, for example). It's an improvement over 8 though, you might as well download the beta and try it out (note that the beta is based on a 2-month-older version of Trident 5 than the current Platform Preview, but the previews are not actually usable browsers).
Re:Have they decided to implement security yet?
on
OpenBSD 4.8 Released
·
· Score: 1
This should definitely be modded higher. Fine-grained security controls don't matter if nobody uses them correctly, and they introduce increased complexity in the codebase that makes more room for bugs to creep in. By comparison, OpenBSD may be much less user-friendly in most ways, but its emphasis has been "real-world" security from the beginning, with heavy code audits and good security defaults. Even if its security model isn't as advanced as some others (Linux, NT), its implementation is far better in most cases.
Re:OSNews? Thom Holwerda? Seriously?
on
OpenBSD 4.8 Released
·
· Score: 2, Interesting
You're forgetting the difficulty of a successful exploit in the first place. OpenBSD was the first OS to implement ASLR, for example (http://en.wikipedia.org/wiki/ASLR). Linux only has fairly weak ASLR built in. There are a few other differences. Yes, the value of things like SELinux or AppArmor is considerable, and it would be great if OpenBSD implemented such a sandboxing capability, but your argument that the security of the OS itself isn't also very important is incorrect.
Slashdot Mirror
Ironically enough, this is very much the goal of the next release of Windows Internet Explorer. IE9's very minimalist UI is designed to "let the page content shine through" or some such, and get out of the user's way as much as possible.
I'd prefer a bit more customizability in the UI, as I feel they took out more than I like, but it's only in beta and it does do a fantastic job of maximizing screen real-estate for page content.
I applied to eight universities. Two rejected me, two waitlisted me then eventually said no, the other 4 said yes. Two of the Yes schools offered substantial incentives (monetary and otherwise) to attend. My SAT scores (98th percentile overall) ranged from third quartile (UC Berkley as an out-of-state, second quartile if I'd been in-state - they rejected me) to 99th percentile (my safety school, a relatively well-regarded state university that threw every scholarship they could find at me). So yeah, some people do this whole "cast a wide net, and expect that you'll get rejected a few times" approach.
Most of my peers, at the university I neded up attending (one of the top 10 CS programs in the USA), had applied to at most three schools. Some had applied to only this one. A few others had also applied to a safety school where they were a complete shoe-in. Almost nobody else applied to more than five. I was very surprised, but apparently my approach was quite uncommon.
"I agree that C is really nice from K&R, but why not go for the original, i.e. Fortran?"
It's a newer language with a lot of advantages (libraries, interoperability with other code, performance, modernized syntax), is cross-platform (Mono is an officially supported runtime), and is well-supported. OCaml isn't going to just vanish, and for legacy reasons will still get lots of use for a long time, but for a new project using F# makes a lot of sense if you want a ML-derived functional language.
Early versions of the JVM used bytecode interpretation, and were excruciatingly slow. .NET has been, since its inception, JIT-compiled to native code before first execution, with pretty good optimization, resulting in performance comparable to C++. The Java runtime environment has also been using JIT compilation for years now, and as a result the JRE is about the same speed as .NET and the slowness of the JVM is a thing of the past. However, people still *remember* that slowness, and .NET never went through that phase.
You're presumably referring to PatchGuard, the protection Microsoft implemented on the x64 version of the Vista kernel (about 4 years ago, actually). Symantec and McAfee threw hissy-fits over the inclusion of anti-rootkit protection that also happened to block their rootkit-like method of hooking into the kernel. After much whining and threatening of lawsuits, MS relaxed the protections such that the kernel could still be modified, provided the modifying code had a trusted digital signature. This is a lot weaker, but it did appease the giants of the AV world.
Interestingly, Trend Micro just went and implemented their next antivirus release to use the new kernel API that Microsoft had released specifically to allow AV to work despite Patchguard. Trend Micro's PC-Cillin was working on Vista x64 long before MS weakened PatchGuard, back when the Symantec and McAfee were running crying to their lawyers. For a couple years, I recommended PC-Cillin on the simple basis of Trend Micro apparently being able to find its ass without the use of both hands and a guiderail.
Um, bullshit. They aren't bundling anything. This is nothing like what was done with IE. They're including an optional download link, in the same place that they include links to Silverlight and Live Essentials tools like Movie Maker. They aren't changing any default configurations, or making available anything that wasn't available before.
Mind you, I disagree that AV is a critical part of security. It has its place as a defense-in-depth component, but AV really doesn't actually protect a knowledgeable user. It's reactive, more analogous to first aid than to armor on the battlefied of computer security. If it's useful at all, soemthing has already gone wrong.
The only AV alerts I get are for browser ad scripts that wouldn't be able to run anyhow. The only time I actually lost a system to virus infection I was about 10 and had just gotten broadband (well, faster-than-dialup) for the first time, knew nothing about computer security, and was on an OS with no inherent security features (unlike modern Windows versions).
Internet Explorer is already an optional feature, just enabled by default on most builds. Systems that don't have it can already get it as an optional download. New versions are already available as an optional update on Windows Update. How exactly is adding one more optional update supposed to be a problem? It doesn't install automatically or anything.
Win7's firewall is almost identical to Vista's, but yes, they are quite good (XP's is much better than nothing, but a long way from good).
It's an optional update, which means it won't actually autmoatically install. The user has to manually check for updates and select the optional ones they want.
It's also a really stupid thing to complain about, as if providing another avenue for downloading MSE is really changing anything. It's on the web; Windows comes with a web browser. It's one of the options recommended by Security Center for systems without AV. It's free no matter how you get it; they aren't adding cutting the cost or letting some people avoid some loophole to get it.
I've yet to see anybody crying foul about MS making their "Live Essentials" suite (movie maker, live messenger, mesh, etc.) available as an optional download, even though there are commercial products that compete with most if not all of those programs.
Not really. This accelerates learning, but doesn't actually increase skill. Somebody learning to play chess with one of these running would pick up the game much faster, and would be better than other people at his or her experience level. Somebody who already knows the game, no matter how they learned it initially, is going to be much less effected. Maybe they'd learn to adapt to their opponent's strategies faster or something, but it sounds like this just saves you some time learning, rather than actually granting a competitive advantage among people who've already learned.
C# borrows heavily from Java, but also from C++ (syntax, destructors, something loosely approximating function pointers, and address-bassed memory access (true pointers, buffers, etc. - if you want them).
It already is officially supported on Mono; I don't know why you'd feel it needs to be ported. Might be worth doing for fun, but you can already run F# on pretty much all mainstream OSes, not just Windows.
Interesting that your laptop is taking so long to wake up from sleep. Is it a clean install, an OEM image, or an upgrade? For me, Win7 resumes from sleep before my monitor is fully open (on my laptop) and about one second after I move the mouse (on my desktop).
It might just be a BIOS problem, I suppose... but as I understand it, instant resume from sleep was one of the major goals for Win7, and for me it works quite well.
As I understand it, Chrome OS is intended to be used on netbooks. Thus, for purposes of web browsing, it seems much more useful to me than an iPad.
The question in my mind is not how Chrome OS will compete with iPads, but how it will compete with traditional netbooks. Longer battery life? Lower hardware requirements? Cheaper licensing costs? Better UI for the form factor? Both Windows and (traditional) Linux have downsides on netbooks, but they're fantastically popular all the same.
Ok, the other question is why pointing out that an iPad is not very useful to somebody who wants to do more than simply consume content due to its lack of a keyboard is considered flamebait, but whatever.
Background gradients are a feature being highlighted in platform preview 6, which is a newer version of Trident than found in EI9 beta 1. While I'm personally not a fan of adding features to a product after it hits beta, it seems that the IE team (like much of the rest of the industry) is willing to do so.
Many of us, including those of us who post to Slashdot, find a hardware keyboard to be useful when browsing the web. I really dislike trying to use an iPad for anyything much beyond a vastly overpriced digital picture viewer.
Apple doesn't directly compete in this market - they have no computing devices this cheap except for the iPod Touch - but that doesn't mean they're immune. The market for the iPad could be eroded by this, for example. I still have trouble understanding the market for the MacBook Air (I've seen a lot more iPads than MBAirs, despite the difference in how long each has been out) so I'm not sure whether they'll be any impact there.
MS definitely has reason to be concerned, of course, though they've been very successful at getting Windows on netbooks. The first netbooks almost exclusively ran Linux, these days you have to hunt specifically for a Linux one. Chrome OS may manage to oust Windows (mostly Win7 these days) in that market, but I wouldn't count on it.
Random side note: why does Slashdot's CSS not use the standards-compliant border-*-radius CSS property on most pages? It's present on comments.pl, which means I get rounded corners if I click directly on a comment. It's not present on the home page or the story pages, though.
Some quick searching with the dev tools reveals part of the issue: instead of core-tidied.css (which has the correct property), I'm getting idlecore-tidied.css (even though I'm not on idle...) which lacks it. Very odd.
This is not entirely accurate. Firesheep operates in the application layer, not in ring 0. This means it can only access information directed to it from the kernel. The relevant point is that your network interface will throw away anything that isn't addressed to it, and only pass up information that is specifically addressed to your computer or is send in broadcast. None of the stuff you described is sent using broadcast packets (broadcast requires UDP, not TCP, anyhow). So, although your network card can technically "hear" all the traffic, programs like Firesheep would normally have no idea.
The trick is that Firesheep uses techniques like ARP (Address Routing Protocol) Poisoning to trick the router into sending other computer's traffic to your computer. Since those packets are now addressed to your machine, the kernel passes them up to the application layer, Firesheep receives them, and cookies are found. The end result is the same - everything that every computer sends ends up flowing through your system - but it's not because all that traffic is being sent out to all other computers.
There's a difference between reading data that is sent to your computer by design, and intercepting data and reading it. You described the former. Firesheep does the latter.
Believe me, there are a lot of people who work at MS who would like that to. I wouldn't be surprised if somebody has already written a worm that does approximately that. I suppose the lawyers woudl disapprove, though.
Um no, it really doesn't "remain to be seen" at all. The very first preview of IE9 (10 months ago, now) had CSS rounded corners, for example.
You could always try out the tests on http://ie.microsoft.com/testdrive/Default.html in your browser of choice. They all work on IE9, and usually better (faster, smoother, or without layout issues) than on other browsers. All browsers, even IE8, can do some of the stuff there, but all other browsers have issues with some parts.
That's not to say IE9 doesn't still have issues with soem things that other browsers do fine, because it does. For example, I don't think it has WebSockets. However, it's still not only a huge step up from earlier versions, it's also better than its competitors in many areas.
Actually, it does slightly - mostly due to the havy use of JavaScript, and the far-faster JS engine in Trident 5. It still doesn't look as "pretty" as on some other browsers (Slashdot's rounded corners code is non-standard and only works on some browsers, for example). It's an improvement over 8 though, you might as well download the beta and try it out (note that the beta is based on a 2-month-older version of Trident 5 than the current Platform Preview, but the previews are not actually usable browsers).
This should definitely be modded higher. Fine-grained security controls don't matter if nobody uses them correctly, and they introduce increased complexity in the codebase that makes more room for bugs to creep in. By comparison, OpenBSD may be much less user-friendly in most ways, but its emphasis has been "real-world" security from the beginning, with heavy code audits and good security defaults. Even if its security model isn't as advanced as some others (Linux, NT), its implementation is far better in most cases.
You're forgetting the difficulty of a successful exploit in the first place. OpenBSD was the first OS to implement ASLR, for example (http://en.wikipedia.org/wiki/ASLR). Linux only has fairly weak ASLR built in. There are a few other differences. Yes, the value of things like SELinux or AppArmor is considerable, and it would be great if OpenBSD implemented such a sandboxing capability, but your argument that the security of the OS itself isn't also very important is incorrect.