Part of the problem is the need to show off the 3D, the other part is the after-the-fact extrapolation. Avatar is the only movie I've seen where I felt the 3D really added to the experience, and a lot of that is because it was actually filmed in 3D, so it doesn't feel so gimmicky. The only part that always really bugs me is the grenade pins flying toward the camera in the final fight - I felt that was an uneeded effect. That's not the only time I noticed, just the only time it seemed forced. The otehr parts - walking in the trees, the holographic displays, and all the rest... I loved it. I feel that watching it in 2D afterward was really "movie-like" compared to the much "deeper" visual experience.
The problem is the render time. Pixar uses massive parellel arrays of powerful computers, and still can't render in anything approaching real-time. Even with as much optimization as possible, there's no way that theatrical-quality CGI movies will be available as anything other than pre-rendered video for a long time.
I agree that it would be awesome, though. GPUs are getting better all the time, so there may come a point where this is actually possible. Until then, be glad that at least some CGI movies are "filmed" in stereo, rather than trying to extrapolate the stereoscopic viewpoint after the fect.
You make a great point, but... damn, my attention almost never gets grabbed so much by a typo.
First I thought you were referencing the C function, ASCII-to-long-long. That didn't make sense though. Then I thought you were referring to a ring-shaped island, such as the Tuamotus of French Polynesia. Only after several seconds of considering did it occur to me that you meant "a toll."
For a moment I really hoped you were referring to somebody making a 3D movie of diving in the South Pacific. I'd totally watch that, so long as it was actually filmed in stereo...
Nice try, but it's worse than that. Even if you clear and re-set the alarm, it *STILL* goes off at the wrong time. They daylight savings code in the OS is simply broken.
That used to be true, but these days I see more Suse packages than RedHat ones. Both use the RPM format, and in rare cases the same package can be used on either platform, but even accounting for that I see plenty of Suse packages. Novell is certainly still big enough to attract third-party support.
Of course, I'm not using Linux commercially, just as a home user. RedHat seems to be slowly losing the home user market (to the extent it ever had one). Some enthusiasts are still running Fedora, but I see a lot more openSuse than Fedora these days. Therefore, when I look for packages (either software or drivers) I'm looking for consumer-type programs on consumer-type hardware (HP consumer-line laptop). Maybe there are more RedHat packages in other areas, but in that space Suse is really second only to Ubuntu (in my experience).
Actually, there have been quite a few exploits for Safari as well. Also, compromising it gives the attacker as much access as the user, because it's not sandboxed (unlike IE, on Vista and Win7 at least).
The Pwn2Own contests have fairly clearly demonstrated that it's actually very easy to break Safari. It just isn't economically worth doing. Even if it takes 5x as long to get an exploit for IE, you can make 10x as much money, so that's where everybody is looking.
N900 has 3G if you use a provider that uses the standard 3G bands. AT&T's refusal to interoperate with the rest of the world is hardly Nokia's fault; they build the device for the world market. 3G on T-Mobile works fine.
I'll grant you that the UI is clunkier. I would claim it is also more powerful, and for a true Linux device the presence of a physical keyboard is also a huge boon, but it is undeniably a less polished experience.
The specs of the device itself could be better too, although they do just fine for most things. I've watch YouTube directly from the browser and played Flash games, with no problems except for an increased drain on the battery.
Thank you. Miller's talk at CSW was in fact the source (which I should have included with my original post).
I don't know exactly how Miller selected his "minset" - the group of files that are used as fuzzing templates because they exercise as many parts of the parser at once - but I wouldn't be surprised if he used Adobe Reader for the minset generation. In that case, the files would in fact be testing features found in Reader but not in other parsers, like Preview.
In either case, the vastly larger attack surface of Reader should ahve meant more crashes, not (far) fewer.
You can play single-player completely offline, if you want to. All functions except online play, chat, streaming, and downloads (DLC, updates, etc.) will work just fine even if you remove the network connection entirely.
Considering that Nepal in general and the Khumbu (Everest region) in particular is incredibly mountainous, and that cell phones use line-of-sight frequencies, putting a cell tower up where it can see the summit of Everest also means extending the coverage over the entire region by a huge amount. The people of that region - mostly Sherpas (it's an ethnic group, not a job description, BTW) - are lucky if they have electricity for 4 horus after the sun sets, except in the largest villages. Satellite phones are relatively common, but too expensive for most people. When I was there 6 months ago, 3G coverage over the Khumbu was just beginning to spread, and cell phones were becoming popular. This is a huge step forward for these people.
If you want coverage there using a US phone, T-Mobile is the one to go with. Ncell is GSM, so Verizon is right out, and AT&T uses a different band for 3G so you'd get crappy speed even if you could unlock your phone. T-Mobile will unlock your phone for free after 3 months, at which point you could pop in a Ncell SIM card and get 3G. Mind you, Nepal in general doesn't have particularly fast Internet.
Why yes, I was just there (with an unlocked T-Mobile phone, even). This is a huge improvement though; 6 months ago there was very little coverage in the Khumbu (Everest region).
Sort of. Lukla (airport village forming one of the entrances to the Everest region) has a "Starbucks" but it's not really the same as the ones you expect. It *does* have WiFi though.
You do realize that Apple's PDF reader is *WAY* less secure than Adobe's, right? We're talking 15x as many exploitable vulnerabilies across the same test set of fuzzed files. Adobe and their miserable security practices are a scourge the computing world, you hate their stuff, you remove it all from the computer.. OK, fine. You go with an alternative that has more than an order of magnitude worse security... wait, what?!?
Foxit's security is pretty weak, but it's even less targeted than Apple's Preview (also very weak).
The KDE project has ported most of their desktop environment, including the PDF reader, to Windows. I mostly only use it for amoraK, but there's lots of good software in there.
On Windows, you can force any program to run at Low IL (Integrity Level support requires Vista or above). Low IL processes, regardless of their nominal user permissions, can only write to Low IL folders. There are only a couple of these in the base install - %USERPROFILE%\AppData\Local\Low contains things like the Temporary Internet Files folder (IE runs at low IL by default).
Low IL processes also can't start other processes at higher integrity levels. If for some reason you need a higher level (the usual reason is saving files) you can have a "broker process" that runs at the standard level (Medium IL) and exposes some interprocedural communication to the Low IL process. Strictly speaking this opens a hole in your sandbox, but it's a lot easier to lock down that broker process since it's very special-purpose and has a very small attack surface. Also, the broker process can be used to present a warning to the user when it is invoked for anything potentially dangerous (IE's "Protected Mode" warning appears when the browser asks the broker process to start an external application).
It's not as customizable as AppArmor, but it's less complicated. Unfortunately, it also takes a little tweaking to find out how to set process or folder IL.
Meh... or you could get a N900 that comes with those tools *ALREADY INCLUDED* in the base OS.
Package manager? Maemo is a modified Debian, and uses Apt. Shell? Default is Busybox, but the full system is in the repos. Build toolchain, including GCC? In the repos. OpenSSH and sshd? In the repos (also dropbear, if you prefer). Anything that's available as source and compiles on ARM? Go to town. You can even pull directly to the device using Subversion and other mackage managers.
Seriously, arguing over whether iOS or Android is more open is like arguing over whether a Prius or a sports car is better for off-road driving. You're both doing it wrong. Get the right tool for the job.
Yeah, HTML5, faster JS, and hardware acceleration are definitely big improvements. I was just pointing out that Firefox has been relatively thin on the area of actual new features for a while now.
My current employer would probably object if I offered to start working on Firefox. Opera is just fine for my cross-platform-browser needs, anyhow.
Did you actually think about what you said before you posted? How the hell does how somebody use Facebook in a way that there's no risk of serious damage? If I hijack your account, I can change all your privacy settings, upload all the pictures I want (they might not be your pictures, but that doesn't mena you want them on your profile), post comments, join groups, send nasty break-up letters to your girlfriend, and declare your undying love of the church of scientology in exchange for all the horrible problems they've been helping you deal with. I can send friend invites to all sorts of people who would be very interested to see you post such things, just to make sure it gets their attention.
Seriously, did you think this was read-only access or something? It's more analogous to identity theft, although without quite as many financial repurcussions.
Plugin separating is an improvement, although to a degree nspluginwrapper already did that on Linux and it was still a mess.
Process separation is not required for use of Low IL; IE7 runs everything in the same memory space and manages it just fine. The main thing is that you need a broker process with very strict IPC that can be invoked to handle standard-integrity tasks (like saving files or opening other programs) without providing an attack route out of the sandbox.
Good to know it has tab recombining. It's possible I simply hadn't noticed when I last used Firefox. I mostly use Opera or the IE9 beta right now depending on platform (sometimes Konqueror on Linux).
I'm very much aware of how Firefox's architecture is designed. I don't much like it - JavaScript is not really designed for multitasking, which makes it unsuited for this purpose in my opinion - but it does make extensions easier.
That's neither here nor there, though. Other browsers have been adding features like superior tab management, better New Tab pages, innovative new privacy modes (beyond "you're private in this session" or "delete all traces"), and other cool things. The last major update to Firefox that felt very impressive to me was the spell checker, and I expect the next one will be the hardware acceleration once it works reliably.
Sorry, I was apparently not sufficiently obvious in my sarcasm. They touted the skinning feature as this huge improvement, when not only did I not care I can barely take advantage of it anyhow because in otder for it to do much you have to have a whole bunch of wasted chrome. I rearrange the UI for compactness and maximum content real estate, and as a result found the entire thing pointless. Not uninteresting - I liked the idea, though I wouldn't call it a major improvement - but pointless because there wasn't room to see it.
If you're running without Flash, I might believe you (probably not, though). If you're running Flash with the same architecture as Firefox, I can believe you're just exaggerating. However, on Linux, using x64 Firefox + x86 Flash via nspluginwrapper is a crash-prone noghtmare. Removing the wrapper only helps a little.
It has been improving, but it's nowhere near as good as you claim.
There's no reason for data to be duplicated. The static code pages can be loaded into memory once and then utilized by each process. It means you get more memory used if you add up the working sets, but just adding working set has been known for years to be an inaccurate measure of memory usage for exactly this reason. Private working set (non-shared memory) is somewhat more accurate, but still not perfect.
That said, there is still a little bit of per-process memory overhead (seriously though, it's like a few KB beyond the overhead for each thread) and such separation does introduce all kinds of other complexities. The Chrome team has had to do some very impressive engineering to make it work properly in a cross-platform manner (IPC and all).
Slashdot Mirror
Part of the problem is the need to show off the 3D, the other part is the after-the-fact extrapolation. Avatar is the only movie I've seen where I felt the 3D really added to the experience, and a lot of that is because it was actually filmed in 3D, so it doesn't feel so gimmicky. The only part that always really bugs me is the grenade pins flying toward the camera in the final fight - I felt that was an uneeded effect. That's not the only time I noticed, just the only time it seemed forced. The otehr parts - walking in the trees, the holographic displays, and all the rest... I loved it. I feel that watching it in 2D afterward was really "movie-like" compared to the much "deeper" visual experience.
The problem is the render time. Pixar uses massive parellel arrays of powerful computers, and still can't render in anything approaching real-time. Even with as much optimization as possible, there's no way that theatrical-quality CGI movies will be available as anything other than pre-rendered video for a long time.
I agree that it would be awesome, though. GPUs are getting better all the time, so there may come a point where this is actually possible. Until then, be glad that at least some CGI movies are "filmed" in stereo, rather than trying to extrapolate the stereoscopic viewpoint after the fect.
You make a great point, but... damn, my attention almost never gets grabbed so much by a typo.
First I thought you were referencing the C function, ASCII-to-long-long. That didn't make sense though.
Then I thought you were referring to a ring-shaped island, such as the Tuamotus of French Polynesia.
Only after several seconds of considering did it occur to me that you meant "a toll."
For a moment I really hoped you were referring to somebody making a 3D movie of diving in the South Pacific. I'd totally watch that, so long as it was actually filmed in stereo...
Nice try, but it's worse than that. Even if you clear and re-set the alarm, it *STILL* goes off at the wrong time. They daylight savings code in the OS is simply broken.
That used to be true, but these days I see more Suse packages than RedHat ones. Both use the RPM format, and in rare cases the same package can be used on either platform, but even accounting for that I see plenty of Suse packages. Novell is certainly still big enough to attract third-party support.
Of course, I'm not using Linux commercially, just as a home user. RedHat seems to be slowly losing the home user market (to the extent it ever had one). Some enthusiasts are still running Fedora, but I see a lot more openSuse than Fedora these days. Therefore, when I look for packages (either software or drivers) I'm looking for consumer-type programs on consumer-type hardware (HP consumer-line laptop). Maybe there are more RedHat packages in other areas, but in that space Suse is really second only to Ubuntu (in my experience).
Actually, there have been quite a few exploits for Safari as well. Also, compromising it gives the attacker as much access as the user, because it's not sandboxed (unlike IE, on Vista and Win7 at least).
The Pwn2Own contests have fairly clearly demonstrated that it's actually very easy to break Safari. It just isn't economically worth doing. Even if it takes 5x as long to get an exploit for IE, you can make 10x as much money, so that's where everybody is looking.
N900 has 3G if you use a provider that uses the standard 3G bands. AT&T's refusal to interoperate with the rest of the world is hardly Nokia's fault; they build the device for the world market. 3G on T-Mobile works fine.
I'll grant you that the UI is clunkier. I would claim it is also more powerful, and for a true Linux device the presence of a physical keyboard is also a huge boon, but it is undeniably a less polished experience.
The specs of the device itself could be better too, although they do just fine for most things. I've watch YouTube directly from the browser and played Flash games, with no problems except for an increased drain on the battery.
Charlie Miller, CanSecWest 2010.
http://securityevaluators.com/files/slides/cmiller_CSW_2010.ppt
See slide 53, for a very simple summary fo the numbers. The presentation I saw gave somewhat narrower ranges, 4 exploitable for Acrobat and 60 for Preview (thus my factor of 15).
Thanks WD for the link, http://slashdot.org/comments.pl?sid=1844332&cid=34058546
Thank you. Miller's talk at CSW was in fact the source (which I should have included with my original post).
I don't know exactly how Miller selected his "minset" - the group of files that are used as fuzzing templates because they exercise as many parts of the parser at once - but I wouldn't be surprised if he used Adobe Reader for the minset generation. In that case, the files would in fact be testing features found in Reader but not in other parsers, like Preview.
In either case, the vastly larger attack surface of Reader should ahve meant more crashes, not (far) fewer.
You can play single-player completely offline, if you want to. All functions except online play, chat, streaming, and downloads (DLC, updates, etc.) will work just fine even if you remove the network connection entirely.
Considering that Nepal in general and the Khumbu (Everest region) in particular is incredibly mountainous, and that cell phones use line-of-sight frequencies, putting a cell tower up where it can see the summit of Everest also means extending the coverage over the entire region by a huge amount. The people of that region - mostly Sherpas (it's an ethnic group, not a job description, BTW) - are lucky if they have electricity for 4 horus after the sun sets, except in the largest villages. Satellite phones are relatively common, but too expensive for most people. When I was there 6 months ago, 3G coverage over the Khumbu was just beginning to spread, and cell phones were becoming popular. This is a huge step forward for these people.
I realize you're joking but...
If you want coverage there using a US phone, T-Mobile is the one to go with. Ncell is GSM, so Verizon is right out, and AT&T uses a different band for 3G so you'd get crappy speed even if you could unlock your phone. T-Mobile will unlock your phone for free after 3 months, at which point you could pop in a Ncell SIM card and get 3G. Mind you, Nepal in general doesn't have particularly fast Internet.
Why yes, I was just there (with an unlocked T-Mobile phone, even). This is a huge improvement though; 6 months ago there was very little coverage in the Khumbu (Everest region).
Sort of. Lukla (airport village forming one of the entrances to the Everest region) has a "Starbucks" but it's not really the same as the ones you expect. It *does* have WiFi though.
http://www.travelpod.com/travel-photo/bfayolle/4/1257519913/lhukla.jpg/tpod.html :-)
http://www.bing.com/search?q=starbucks+lukla (Yes, I used Bing, it even got me what I was looking for
You do realize that Apple's PDF reader is *WAY* less secure than Adobe's, right? We're talking 15x as many exploitable vulnerabilies across the same test set of fuzzed files. Adobe and their miserable security practices are a scourge the computing world, you hate their stuff, you remove it all from the computer.. OK, fine. You go with an alternative that has more than an order of magnitude worse security... wait, what?!?
Foxit's security is pretty weak, but it's even less targeted than Apple's Preview (also very weak).
The KDE project has ported most of their desktop environment, including the PDF reader, to Windows. I mostly only use it for amoraK, but there's lots of good software in there.
On Windows, you can force any program to run at Low IL (Integrity Level support requires Vista or above). Low IL processes, regardless of their nominal user permissions, can only write to Low IL folders. There are only a couple of these in the base install - %USERPROFILE%\AppData\Local\Low contains things like the Temporary Internet Files folder (IE runs at low IL by default).
Low IL processes also can't start other processes at higher integrity levels. If for some reason you need a higher level (the usual reason is saving files) you can have a "broker process" that runs at the standard level (Medium IL) and exposes some interprocedural communication to the Low IL process. Strictly speaking this opens a hole in your sandbox, but it's a lot easier to lock down that broker process since it's very special-purpose and has a very small attack surface. Also, the broker process can be used to present a warning to the user when it is invoked for anything potentially dangerous (IE's "Protected Mode" warning appears when the browser asks the broker process to start an external application).
It's not as customizable as AppArmor, but it's less complicated. Unfortunately, it also takes a little tweaking to find out how to set process or folder IL.
Meh... or you could get a N900 that comes with those tools *ALREADY INCLUDED* in the base OS.
Package manager? Maemo is a modified Debian, and uses Apt.
Shell? Default is Busybox, but the full system is in the repos.
Build toolchain, including GCC? In the repos.
OpenSSH and sshd? In the repos (also dropbear, if you prefer).
Anything that's available as source and compiles on ARM? Go to town. You can even pull directly to the device using Subversion and other mackage managers.
Seriously, arguing over whether iOS or Android is more open is like arguing over whether a Prius or a sports car is better for off-road driving. You're both doing it wrong. Get the right tool for the job.
Yeah, HTML5, faster JS, and hardware acceleration are definitely big improvements. I was just pointing out that Firefox has been relatively thin on the area of actual new features for a while now.
My current employer would probably object if I offered to start working on Firefox. Opera is just fine for my cross-platform-browser needs, anyhow.
Less than 2%. Before you ask, the RAM overhead was under 10 KB/connection.
Seriously, the old "but SSL overloads the servers" crap is completley out of date. It costs a *tiny* bit more, yes, but the end result is far better.
Source: http://www.imperialviolet.org/2010/06/25/overclocking-ssl.html
Did you actually think about what you said before you posted? How the hell does how somebody use Facebook in a way that there's no risk of serious damage? If I hijack your account, I can change all your privacy settings, upload all the pictures I want (they might not be your pictures, but that doesn't mena you want them on your profile), post comments, join groups, send nasty break-up letters to your girlfriend, and declare your undying love of the church of scientology in exchange for all the horrible problems they've been helping you deal with. I can send friend invites to all sorts of people who would be very interested to see you post such things, just to make sure it gets their attention.
Seriously, did you think this was read-only access or something? It's more analogous to identity theft, although without quite as many financial repurcussions.
Plugin separating is an improvement, although to a degree nspluginwrapper already did that on Linux and it was still a mess.
Process separation is not required for use of Low IL; IE7 runs everything in the same memory space and manages it just fine. The main thing is that you need a broker process with very strict IPC that can be invoked to handle standard-integrity tasks (like saving files or opening other programs) without providing an attack route out of the sandbox.
Good to know it has tab recombining. It's possible I simply hadn't noticed when I last used Firefox. I mostly use Opera or the IE9 beta right now depending on platform (sometimes Konqueror on Linux).
I'm very much aware of how Firefox's architecture is designed. I don't much like it - JavaScript is not really designed for multitasking, which makes it unsuited for this purpose in my opinion - but it does make extensions easier.
That's neither here nor there, though. Other browsers have been adding features like superior tab management, better New Tab pages, innovative new privacy modes (beyond "you're private in this session" or "delete all traces"), and other cool things. The last major update to Firefox that felt very impressive to me was the spell checker, and I expect the next one will be the hardware acceleration once it works reliably.
Sorry, I was apparently not sufficiently obvious in my sarcasm. They touted the skinning feature as this huge improvement, when not only did I not care I can barely take advantage of it anyhow because in otder for it to do much you have to have a whole bunch of wasted chrome. I rearrange the UI for compactness and maximum content real estate, and as a result found the entire thing pointless. Not uninteresting - I liked the idea, though I wouldn't call it a major improvement - but pointless because there wasn't room to see it.
Ah cool, that's good to know. I've been using Opera, and sometimes the IE9 beta, much more than Firefox for the last few years.
If you're running without Flash, I might believe you (probably not, though). If you're running Flash with the same architecture as Firefox, I can believe you're just exaggerating. However, on Linux, using x64 Firefox + x86 Flash via nspluginwrapper is a crash-prone noghtmare. Removing the wrapper only helps a little.
It has been improving, but it's nowhere near as good as you claim.
There's no reason for data to be duplicated. The static code pages can be loaded into memory once and then utilized by each process. It means you get more memory used if you add up the working sets, but just adding working set has been known for years to be an inaccurate measure of memory usage for exactly this reason. Private working set (non-shared memory) is somewhat more accurate, but still not perfect.
That said, there is still a little bit of per-process memory overhead (seriously though, it's like a few KB beyond the overhead for each thread) and such separation does introduce all kinds of other complexities. The Chrome team has had to do some very impressive engineering to make it work properly in a cross-platform manner (IPC and all).