1707 posts • joined Monday 16th April 2007 14:57 GMT
And your point is?
The main point of the legal case is to establish guilt, presumably of negligence.
"Injury" is a legal term and covers al manner of things including inconvenience. Whilst I agree that the case may indeed be opportunistic I do think it a perfectly reasonable use of the class action legislation so that once the legal points have been decided further individual cases are not required. I'm ambivalent as to whether I want the case to set a precedent in this. Technically, I think that LinkedIn is guilty of sloppy programming and basically negligence - a bit like a builder skimping on cement in the concrete. But I'm also aware that some of the sites I have worked on myself in the past don't have the best security. However, I suspect the case will spend most of its time worrying about how the data was obtained.
Re: Definitions - are you sure?
Yes, I am sure, seeing as I said "salt or system [for generating a salt]". Because it's systematic it's never arbitrary.
Re: Geo racial profiling?
Atlanta is pretty cosmopolitan thus the students with international backgrounds living there.
Very weird making stores the gatekeepers though. That's what customs officials are for: person has electronic equipment with them? check boarding cards and massive database and follow instructions.
Salting adds extra arbitrary data to a password when it is hashed
Not quite. Any system will use the same salt, or system, for all passwords. So salting is only as safe as the salt and the security is that rainbow tables generated for one site will not work with others.
Re: Not upgradeable is not ok
I suspect this will be down to the kernel not being backported to whichever ARMs run Windows Phone 7. Existing manufacturers aren't going to pay for something that won't sell more phones and you can bet quite a lot that Intel has contributed to the kernel which will mean restricting options even more. Expect Windows 8 phones to be even more identikit than Windows 7 ones. Be interesting to see how long anyone thinks it's worth trying to compete with Nokia - that might be Microsoft's long game.
Any comparison's with Android's upgrade strategy are flawed. While the problems with more recent versions (Gingerbread, Honeycomb, ICS) are largely down to the vendors and networks, they're not all that great and the number of DIY kits that allow you to upgrade yourself. Sure, that's very poor customer service driven partly by the desire to sell newer toys but also by the inability to manage the code base. Earlier changes included more significant work on hardware support so upgrades from 1.x based hardware beyond 2.x weren't really possible,
You can’t do code coverage with a dynamic scripting code
Python does have a coverage module for use with one of the testing frameworks. I don't know how that compares with Java and .NET equivalents but I do think it is wrong to categorically assert that coverage can't be obtained for dynamic languages but 100% is possible for unit tests.
Sure, there are cases where the code can be mutated in runtime but these are minimal and should only come from people who are happy to shoot themselves in the foot or prepared to use PyPy to create a statically compiled version of their code.
I thought that the debate had moved on from simple static vs. dynamic into horses for courses. Statically compiling does not remove all sources of errors, which is why we have testing. It does allow for much better memory allocation which is one of the main reasons that compiled code runs faster.
Re: Well I think it looks great
the next couple of generations of Intel chipsets will start matching/beating the current ARM generation in terms of power consumption
You used the wrong icon for trolling... ARM chips are more power efficient because they use fewer transistors to get the work done. Intel's advances are in making chips smaller and cooler but they can't erase that fundamental difference. So, you have Intel competing in a design race it can't win unless it breaks backward compatibility and the various fabs competing with Intel's considerable process nous. The economics are important: Intel can afford to sell its chips for a lot of money so it can afford to continue investing heavily in process and plant. As ARM chips sell for a lot less, the fabs have to sell a lot more of them to be able to continue to invest in process and plant. But the combination of TDP and price is making ARM attractive to areas outside phones, boosting volume. From my own back of the envelope calculation the lead that Intel has on the competition in terms of process is shrinking: Intel is dropping down to 22nm geometries just as the fabs are moving to 32nm, they stayed on 60nm and even 90nm for quite a while after Intel had dropped to 32nm. Plans to go down to 22nm have been announced and in this the fabs profit from the continued commodification of chip design forcing them to co-operate with each other (the volume is high enough) to cover the increasing costs of each new generation, just as such economics are starting to turn against Intel: should there be a significant take-up of ARM-based servers anywhere, expect Intel to drop prices.
CAPTCHA's no longer pit man against machine - most of them have become so annoying that I often give up - but increasingly man against man but with vastly different incentives. The CAPTCHAs I come across are generally related to getting access to some kind of website service and have little marginal value. Post-submission validation by e-mail seems to work just as well and is far less irritating, but where CAPTCHAs are used to protect identity then the thieves have a far greater incentive to attempt to crack them.
Apples and Oranges
These languages are "breaking into the enterprise" partly because some of the startups that used them are becoming enterprise. There have been some early successes in certain domains: banks like Python because one of the popular backend systems (I forget the name) exposes the C++ via Python; ILM and Disney were early adopters, because like many others, they discovered its advantage for plumbing other bits together and helping move lots of data around, NumPy and SciPy are moving from the scientific community to enterprise - NASA and ESA are now modelling jet engines in Python.
The jobs fair at this year's PyCon was a veritable who's who of "large" companies: Google, Facebook but also Cisco and Morgan Stanley.
Re: PHP , Python : legacy languages
C#/Java code with high code-coverage during functional & performance testing is less likely to fall-over and need constant maintenance.
A good testing strategy will save many a project and should be independent of the programming language; assuming the language provides nice access to testing tools. I'm not sure what you mean by "functional testing", i.e. whether this is a synonym for unit-testing (terminology may be indicate language bias) also also includes more user-side testing, which unfortunately breaks very easily. A key side-effect of testing is that the premises and hypothesis behind the code become exposed. When it comes to maintenance, and I think the metrics show that more time is devoted to software maintenance than to development, readability counts.
...is not what Apple likes to do. It likes to buy in, package nicely and sell on to the customer with a nice margin. Which is why Siri uses Wolfram Alpha, the chips come from Samsung, etc.. Otherwise Apple probably would have bought TomTom for maps and Yahoo for search. They could probably by both for well under USD 20 billion.
Apple still makes the vast majority of its profits from its hardware and uses the software and services to tie people to it, a point that El Reg's Mr Orlowski made many years ago. This was the unsaid message from the Android swipe last week - the small percentage of IOS users on older versions is the same small percentage on older phones. All the rest have already bought a shiny new one.
Re: Silicon Roundabout
The reference was somewhat tongue in cheek. There are more than enough IT clusters close enough to visit - ARM, and co. in Cambridge. I just like the Day Today style implication of how school funding is now so poor that the winter ski holiday has had to be relocated from Lake Tahoe to St Moritz.
Spending money on
In February we took 40 of those GCSE students to Silicon Valley. ...He added that his school used to teach scratch programming until specialist school funding was scrapped and it was no longer able to do so
So funding for school trips from London to Silicon Valley is there but not for programming. Not wanting to go overboard without all the facts but that sounds like a problem of priorities. Anyway, why go all the way to Silicon Valley to find out about computers? Surely, Silicon Roundabout is closer? Or how about pointing out that computing skills don't just get you jobs in the computer industry?
I'd rather have seen a seriously long-life ARM-based machine. Will be keeping the current MacBook Pro around for at least another year and giving some money to Samsung instead.
The right to fork
Git gets high marks for its commitment to the cardinal rule of open source: the right to fork
Ouch! Forking is easy with any VCS, it's merging that is so damn difficult and for which Git, Mercurial and Bazaar and others rightly get their attention.
DVCS have some great advantages such as allowing commits while offline but also some disadvantages especially on very large projects. Github really struggled when Haiku moved to it.
Anyway, although I'm one of the Mercurial fan boys, it's not really your choice of VCS that matters but that you have one at all.
Re: Apples and Oranges
Is anyone surprised? Par for the course, just missing something like "a valuation of $ 100 billion looks a bit small"!
Still, he must be doing something right for El Reg to keep inviting him back on. I wonder if it works like this: Mr Asay writes something nice about some friends of his in the valley which is good for their next round of funding. The article gets lots of clicks and views on El Reg which is good for their figures. And we all get to show how clever we are by pointing out the elementary flaws in the argument. Win, win, win?
Re: Oh, c'mon.
Don't equate OS with the underpinnings. While I think the BSD userland is wonderful, the NeXTStep framework and GUI are just as much part of the OS but the port couldn't really happen until it was possible to virtualise PowerPC commands fast enough (Rosetta + Intel Core Duo) to remain usable.
Re: OS X & x86!
In essence the big factor was that Apple were far sighted enough to support Bootcamp
Running on x86 meant that virtualisation tools such Parallels were a very viable option without even having to worry about dual-booting.
Re: a hands-on perspective about mongo use
Indeed, very informative. People wanting simple and fast key/value storage for part of an application should look Postgres' H-store data-type.
Another large-scale, write-heavy Postgres-based application:
Still in operation and significantly scaled-up.
What are "operational" and "analytical" databases?
Databases are categorised by how they store and manage data, aren't they? Relational, hierarchical, network, etc. I'm obviously behind the curve on this. Time to resurrect my plan to serialise all data via Twitter!
Re: Stupid Apple
That, and the fact that the court may well decide again that it doesn't have the jurisdiction.
Fire the lawyers, Apple, and spend the money on more innovation.
Less of the bile, please
The SIII is innovative in so many ways that stand out from the crowd including Apple. I, along with many, think the size might deter a few but other things like "picture in picture" and intelligent use of the webcam will definitely sell.
Apple has fantastic products and very distinctive styling: the minimalist design of just glass and steel of the Iphone 4 is chic. As long as they can continue to produce such wonderful things, they needn't worry too much about the competition but should respond to the challenge by being even better. I'm not convinced they are doing this.
The recent spate of lawsuits reminds me of Yahoo's recent salvo against world + dog in a feeble attempt to prop up the share price.
I don't know. Discussions with a friend of mine at a bank said they were in a similar situation with the next upgrade pencilled in for 2014 / 2015 at the earliest, if at all.
I can see Windows 8 tablets finding their spot in the heterogeneous environment but not if they are hopelessly crippled as currently seems the plan. If people can't use their existing version of Office then why should they bother with Windows? MS will need very good arguments to get management to swap Ipads for Wintabs and paying for existing software isn't one of them!
Multicore is great a match for Android on ARM but there are no magic bullets for scheduling and I/O. The mobile phone market has validated both the multi, specialised core (CPU for managing the user, DSP for signal processing, etc.) and SoC (squeeze processing and radios onto the same component), which is why Intel and AMD are playing catchup with the unified architectures.
ARMs smaller, weaker cores offer greater efficiency for the majority of tasks, whereas as Intel's larger, stronger single core shines at individual disciplines. If it weren't for the GPU Intel would shit on ARM for rendering websites which is a surprisingly complex task. But the GPUs are there offload the rendering to.
Intel's advantage in chip-manufacturing is essential to be able to compete in the mobile market. But, as long as its unit costs stay at least a factor higher than the competition, it can't afford to maintain that advantage forever. And it's not even as if the competition is that far behind with the move to 32nm already happening.
Why are people trying to confuse two issues - cookies and passwords? Your statement is false - permission is not required for essential cookies, ie. where state must be persisted.
While I think some kind of legal action is necessary to determine whether not observing certain procedures can be counted as negligent, I'm petrified that some judge or committee gets to come up with definitive procedures in much the same way that financial regulation tries to prevent the last crisis. However, there will be considerable inertia to overcome before any such suit can be launched as any judgement would set a precedent for every website out there inviting serial copycat suits.
Passwords are flawed. Support for secure two-factor authentication must become universal but the governments are dead against it as they will argue that only they or naughty terrorists need to keep anything truly secret. Viz. the case brought against someone who refused to give the Truecrypt password for their disk drive.
Re: Who writes this crap?
You make a valid point but spoil it by the tone. It is always a bit embarrassing when people who don't understand something describe it but at least Brid was highlighting the key failure in the procedure.
I wonder if not salting and encrypting passwords will soon be considered as negligent.
On planet earth
The multinational <insert name here> I work with is still busy rolling out XP - Windows 7 upgrades. So no quick upgrade there. At the same time a policy for Ipads has been rolled out and Iphones are due next. Once management migrates completely away from Windows based desktops you can expect them to allow the plebs to do so as well. That process may well be completed before the next upgrade cycle is due and put the whole idea of such a cycle into question.
Consumers don't normally get to choose the operating system on the kit they buy. It was only the revolt of the corporate customers that got OEMs to get Microsoft to extend the life of XP and offer them a choice while VIsta was being pushed.
The guy from Acer must be very glad that they also make Android devices.
Google+, the ad giant's flagging social network.
Can you please stop thinking of Google+ as a social network. Having it as the backbone of nearly ubiquitous Google profiles makes it both more and less, depending on what you want from it, than that. Anyone with a Google Play account for their Android device has such a profile. There is value in just that for both Google and users.
More insightful analysis into the role of the gatekeepers and identity traders such as Google and Facebook instead of simply repeating trite sound bites would be appreciated.
Re: Promote for Like Pages
I run a Facebook page for people who have Liked a web site...
I think there is a "c" missing somewhere! ;-)
Ouch! Insulting your potential customers as an excuse for being late...
While the Apple "propaganda" does encourage the devote it is very careful to stroke the vanity of its customers and not insult them.
I like the idea and decided to peek into the future.
For some reason the Windows Phone version seems to be struggling:
I programmed on leave home, turn off the lights but it turns the washing machine; on shake, play some music but it just crashes...
Worst of all, however, is I can't seem to be able to anything without "Clippy"*, some kind of animated paper clip, popping up and asking me if I want make an action for that.
* torn between this and the imps that power the Raspberry personal disorganisers on the Discworld. Clippy won out though because the imps seemed to show the ability to learn from the past!
Re: Lots of good uses for this.
Irrelivent (sic) and poorly spelt.
Re: Focus ?
Kim Jong Eun can use it to check if he's cleaned his teeth properly!
@Rik nice article highlighting just how flush the US military still is. NASA might have to put stuff out to fixed cost contracts but over at DARPA the party never stops.
The most important lesson
for Internode is that done right, customers will not even notice the change to IPv6
My router (FritzoBox is set up to run IPv6 when possible). Those devices on the LAN that are IPv6 capable play along happily and the rest (the telly, one mobile phone) carry on blissful of their ignorance. ISP, Unitymedia, doesn't provide an IPv6 uplink yet but has it in the FAQ.
1 % is already pretty good compared to a few years ago. Many of Germany's ISPs have committed to supporting IPv6 this year and I assume it's similar elsewhere. The rest will follow as network buildouts and updates use IPv6 capable hardware. There won't be anything dramatic unless particularly positive (much more efficient routing, lower latency, simpler provisioning) or negative aspects (security, privacy, configuration headaches) associated with deployment come to light, which events like IPv6 are supposed to highlight.
Will El Reg be running an IPv6 service like Heise does?
Re: Do not track is not the law
Do not track is not the law
You forgot to say where it is the law. In the EU the law is that people must opt-in to being tracked. Microsoft is only being sensible by helping users and webmasters as, EU law tends to be adopted in other countries, see the browsers selection screen.
* Onto the meaty parts: self-regulation of advertisers. Yeah, that works well. Might as well let the banks regulate themselves...
* Do not track is conceptually flawed as it does not actually enforce the setting. Until there are actual cases and judgements advertisers and stalkers will be free to do as they please.
* The whole tracking discussion is a red herring to distract people from the real identity trade. Users logged into the favourite service (eg. Facebook, Google, Windows Live, Twitter) then these services have the user's informed consent to track them across the interwebs. Google already has doubleclick, expect the competition to buy of create their own advertising arms to take advantage of this situation. Though, to be honest the value of such highly targeted advertising is questionable. More money is going to be made on the detailed personal profiles that the identity traders will be able to offer: this guy not only visits El Reg but also lovelyfuffysheep.com, regularly exceeds the speed limit, etc.
Re: Not impressed
Yes, a product from Microsoft that can't be found in the download centre or site search. Hardly rocket science to think that isn't quite right. Oh hang on, it's must be that I'm fecking ijit!
Rocket science is OTOH required to throttle the bandwidth.
First off I couldn't find the download from the Microsoft homepage so I had to go back to El Reg and follow the links. Installing and using is easy enough (I'm on a Mac) but there is no bandwidth control so you max out your uplink when it synchronises. That's bad enough at home but even worse if you're a guest on someone else's network. Think I'll stick with Dropbox.
Re: "Could it be simply because they don't know Lua?"
Oh please, give them some credit.
I think it's a reasonable remark.
The article also notes that the worm uses the "open source" libz library. Wow, apart from the fact that I think this is usually referred to as zlib though I don't want to get in a willy-waving competition about open source libraries, what the fuck does it matter that it's an open source library? Or that SQLite is being used for persistence? Implementation - the libraries used - shouldn't be confused with design - encrypted and compressed communication.
I'm not sure anyone is making money on Facebook stock beyond the initial IPO. It's just dipped below $30 for the first time.
You can be sure that someone is making money on that. It's what short-selling is all about. And any employees that were given shares before the IPO and are allowed to sell them might be cashing in as well. Even at $30 a share they're still getting a pretty good deal.
Aside from the issues of encouraging users to invalidate the warranties of their devices by installing a different OS, they'd also have to support any
idiots facebookers willing to try.
Easier to partner with an existing manufacturer such as HTC and get them to do the software changes. Buying RIM would give them the possibly poisoned chalice of a hardware department but more attractively the messaging suite.
Time for those with inside knowledge to make some money from the stockmarket.
What's the exta depth for?
I assume it (the pad) comes with a fan just in case the cores actually have to do some work? 710g is just about acceptable.
The "meccano" one is too heavy for an Air clone: 1.1 kg max. And, as others have said, Asus' approach to mixing an matching tablets and notebooks seems better: the keyboard not only comes with keys, duh, but an extra battery pack.
Another predictably poor piece of OpEd from Mr Asay.
I am, however, intrigued by the silence around the third category in the soothsayer's diagram: NewSQL. Is this an attempt to remedy the inherent deficiencies in the language? Or perhaps a set of engines that successfully distinguish between the logical and implementation layers?
Re: Yes, but..
Why would people pick MySQL in the first place? Because "everybody else does it", and they don't know any better. As the M in LAMP it sees a lot of automatic deployment even if a different approach might've been a better idea. It happens.
10 to 15 years ago MySQL was also available for Windows users which meant that many new developers chose it as they could run it on their own computers. As with so many other things at the time this meant that impressionable people chose tools because they were easy to use rather than their suitability for the job. That was bad enough, but it was compounded by the abundance of poor advice and hacks to compensate for deficiencies of said tools. SQL injection would never have been a problem if code examples and libraries demonstrated the use of pararmeterised queries.
Much as I personally detest the MyASM backend it was developed for a reason. I just wish this wasn't the default behaviour as errors in your application are likely to be exposed after deployment. Data integrity is fucking difficult to impose in the application layer which makes it one of the main reasons for using a data management system. You can get the pretty much the same performance using an ACID system if you selectively switch off or defer constraint checking but this is like two consenting adults agreeing to have sex without a condom - they are aware of the risks.
Of course, MyASM is supposed to be a great funnel for customers to upgrade their applications to Oracle once the failures inherent in a non-ACID data-based application start to appear.
Re: How come
a) because the software is easy to install on windows
b) because that's all they need to do to make the high and mighty quake in their boots
Re: Economics of reusability
Dragon would essentially re-use just the capsule, which is hardly equivalent to the shuttle cockpit. All the rest - the heavy bits of machinery - still gets dumped. But for the moment, this is the realistic way to do it, like it or not. The advantage is, at least in theory, where the shuttle needed to be essentially remanufactured after each flight, this time they may actually keep most of the thing in working condition.
That's pretty much my thinking and a useful clarification of the situation. I think it's why ESA doesn't bother about trying to reuse the ATV. I suspect real reuse won't really be possible until we have an easy way of getting in and out of orbit and can employ modified ship containers.