I figured the next news logical item was a press release for new HideMyAss.com thongs. Because they both apparently hide your ass equivalently.

Updates to Safari always require an OS X restart, for the same reason IE updates on Windows do: the "browser" is really just a UI wrapper around a core system component.

Unlike Windows, OS X allows you to replace in-use files without restarting, so you may be able to get away with restarting only the affected apps, rather than the entire system, but I don't think I'd take that risk.

Computers run on DC. The big power supply unit in your PC is an AC-DC converter.

The speculation is that Google is doing a couple of different things in regards to power.

First, they are probably doing the AC to DC conversion at the building's power inlet, and distributing DC to the racks so that each piece of equipment doesn't have to have its own power supply. One big power supply is generally more efficient than lots of small power supplies, not just in conversion efficiency but also in hard equipment costs.

Second, Google has probably optimized their hardware to reduce the number of DC voltages they need. Your PC's power supply has to put out +/-12 Vdc, +/-5 Vdc, and +3.3 Vdc. Further, down on the motherboard, and sometimes on the peripherals, there are additional down-conversions to produce other needed voltages, such as ~1.2 Vdc for your CPU chip. Again, each conversion causes an efficiency loss, and they stack up. Some of these rails are all but unused in modern PCs — particularly the negative ones — but because of standardization, they have to be there anyway. Even sitting idle, these underutilized power rails waste energy. Overall, your computer probably consumes about 20% more AC power than it delivers in DC power to the parts in your PC.

You cannot do these things in your house today because 1) neither Newegg nor your local power company sells whole-house AC-DC converters; 2) even if they did, your house doesn't have separate DC power wiring to distribute it to the rooms; and 3) even if you put that in, there are no standard connectors to use for it. There's been hope for years that all of this would eventually be sorted out; the solution is obvious, it's just the logistics that's hard. I think that over time, we'll start seeing USB connectors with +5 Vdc appearing in houses, but it'll be a process of decades to make any real progress here. Google doesn't have to wait for all that.

The famous quote doesn't apply to unidentified security flaws.

The point of the quote is that when someone points out buggy behavior, the many eyeballs will quickly pierce to the heart of the bug and find a way to fix it. With fewer eyes, really nasty bugs often remain unfixed long past the time they are first identified because none of the brains behind the few eyeballs that have looked at it have figured out the fix yet.

The nature of most security bugs is that their existence is not obvious. Most software with security flaws performs its intended function as long as it is run within expected bounds. There is nothing for the many eyeballs to attack until someone tries pushing the software into its operational gray areas, then notices that it does something unwanted or unexpected. As soon as that happens, the quote applies: security holes in open source software are typically fixed soon after being identified.

Schneier hasn't written a "hard" CS book since that first one because it turns out that the crypto solves only a tiny part of the problem. People are a much bigger part. I think Schneier felt he had to write these later books because he kept seeing software developers ignore the people problem.

You may say you really get this problem. Maybe you are right. The evidence, though, tells us that most people really do not get it, and need to be beaten over the head with it several times before they do get it. Much better to receive that beating at the hands of a benevolent master, rather than watch your carefully-built perfectly-designed cryptosystem fall to social engineering, or to a kid peeking at a stickynote under a keyboard.

For more stories of this sort, read Mitnick's book. It is not an especially enjoyable book, and Mitnick is not an especially good hacker. That's exactly the point, though. These are real stories of how real systems get compromised. Mitnick describes your actual enemy, not the one so many people seem to imagine. (The NSA, et al.).

I've put serious learning time in on at least 5 different general-purpose 3D graphics packages, including Blender. Blender is, hands-down, the hardest to learn and use of any I've tried. It even beat out a hoary old beast from the late 90's I had to use for a course, which was chosen purely because it was ancient and therefore cheap.

There are those that use the excuse, "It's professional grade, and pros don't cry about difficult to use tools." Well, sorry, but that only flies when there are no alternatives. If there's only one tool that does Thing X and the tool sucks, well, a pro will grit his teeth and use it anyway. That's not the case in 3D modeling / animation / rendering software. We have an embarrassment of choices, and they span a wide range of cost, power, and ease of use. Unless "freeeeee" is your only important criterion, there are usually better options than Blender, at least as of 2.4x.

I will certainly be playing with this new 2.5 version. Maybe they're right. Maybe they've completely fixed it all, and I can get off the Cinema4D, modo and SketchUp upgrade treadmills.

That's probably true if you refer only to command line ssh.

For GUI SSH, however, spending a bit of coin can be very much worth it.

I have to use Windows on my work desktop, from which I help manage hundreds of remote Linux boxen. It would be madness to do that that with PuTTY, with its horrible UI, or with ssh in a Cygwin window, where session management is entirely missing, unless you count ~/.ssh/config. The commercial GUI SSH client we use[*] lets us organize all those sessions, save login info, and sync all that among the handful of computers used by the people who I help with those remote servers. A user name, password, or IP changes about once a week, somewhere. Managing that with just command line tools would be less efficient. Further, we get features like a tabbed UI, integrated file transfer, scripting, etc. We pay back our hundred bucks a seat in efficiency pretty quickly.

[*] no point naming it, I'm not here to sell anyone anything

"Very timidly"? Nonsense. You want an example of open source timidity, look at Microsoft: how many substantial open-source programs do they provide? By comparison, Sun was profligate. Oracle is a clear regression back along the continuum toward the Microsoft end.

The question in my mind is, does Oracle actually intend to regress like this, or are we just seeing the fallout of standard merger problems? Is this all just stemming from mismanagement, resource allocation battles, and general confusion, or is there a mandate from the top to regress?

If you're lost in the mountains, simply knowing which tower received the SMS message would probably help the SAR team a lot.

Besides, this would allow SAR to hold a slow IM-like conversation with the lost person. They could describe their surroundings, coordinate movements, give status updates, etc.

It would be nice if the FCC would also raise the cap on radio strength when sending messages to 911. It should be able to temporarily jump to, say, 5 W to burst the SMS out. Even if this is only one-way, it'd probably save a lot of lives.

If the 35S I bought a few months ago is any indication, they're back on the right path. They're not the same as the 1990's and earlier generation HPs I have, but they suck a lot less.

I hear the 50G is part of this return to high build quality standards, but I haven't tried one myself.