Comment Re:anyone (Score 4, Funny) 140
You mean Ensign Ricky?
Comment Re:And yet (Score 1) 493
What's more, you shouldn't have to dig around in about:config to change a setting that doesn't actually do what you want.
The max rich results setting just means it won't display any search results. That's not even remotely the same as going back to an old-school auto-complete functionality.
Exactly. (Mod parent up.) There is no way to disable the Awesome Bar in the sense that d3ac0n means, i.e. returning to a sensible autocomplete dropdown rather than the search-based algorithm it uses now. And there apparently won't be, given that this bug is "RESOLVED WONTFIX".
To be fair, I hated it at first (and at times I still do) but while it sometimes has completely random matches, there are a number of sites that I can now get to much more easily, even without having bookmarked and tagged them. About the only thing that I do always do is use the oldbar extension as a basis for my CSS to get a slightly more sensible appearance (i.e. something that doesn't go half way down your screen with half a dozen results).
I don't hate it as much as I used to, and I recognize that 95% of users love it, but I'd still switch back if I had the option. I have miscellaneous usage problems I could rant in detail about (and yes, I have "trained" it--I've been using FF3 since Download Day), but my biggest problem is philosophical: it breaks expectations. The location bar is for typing locations. If I start typing a location, if it employs any kind of "smart" searching technology, then I can't predict what will be in the dropdown--whereas a bar that simply autocompletes rather than searches is predictable and useful.
In the WONTFIXed bug, the developers encourage feedback about how to make the awesome bar customizable, how to change the weightings applied to the search function, etc. They completely miss the point that no amount of tweaking and preference-weighting will make an algorithm that can exactly predict what I want 100% of the time. The entire premise of "search" in the location bar is flawed.
Admittedly, that's my opinion. And as I mentioned above, I recognize that the vast majority of people like it. I don't ask for it to be removed, or for it to not be the default. All I ask is for the option to revert to the old behavior.
Comment Re:Spam? (Score 1) 430
I could understand citing the political blogosphere as a whole, but to specifically mention the Huffington Post is just creepy. It's neither revolutionary nor reputable.
It is, however, the source of the best news correction I've ever seen:
"UPDATE: The Huffington Post has learned that the below video has been doctored. We regret the error and apologize to Mr. Gibson. John Gibson never compared Eric Holder to a monkey with a bright blue scrotum." Source
Comment Re:Ummmm (Score 4, Interesting) 79
You don't, and as scientific proof of the Earth's rotation, this is obviously completely useless. But if you trust the motor, this is a fun way to see what a Foucault pendulum does, without the expense and inconvenience of needing a full-sized model.
True enough, but if you ever want to show it to others, there will be skeptics.
I once saw a full-size Foucault pendulum at a science museum. If you stood and watched it for a few minutes you could see the precession (there were markings on a ring around the pendulum, so it was easy to see where it swung before). I overheard some other patrons asking if it was powered, why it didn't come to a stop, etc. The museum guide explained that it was not powered and how it worked, and mentioned that because of air resistance they used an electromagnetic ring to give it a tiny "push" with each swing to keep it going. He also explained that because the magnet was circular, it would always push the pendulum directly back the way it came rather than from side to side.
Several onlookers remained convinced that it was a trick and the electromagnet was causing the precession. And remember, these are people standing in a science museum, looking at an exhibit so massive it required the entire building to be designed around it, whose entire point was to show this effect.
Now imagine if there had been a motor attached to it, designed to "compensate for ellipsoidal motion"....
Comment Re:Already got one (Score 1) 125
Indeed. Google's PageRank algorithm started off as citation analysis for academic papers--one could find out which papers were notable in a given field by the quantity and notability of the papers citing it. Then they realized that the same approach could work for the Web, treating links as citations.
As a sibling post points out, this says nothing about the correctness of the paper, only its notability--but ideally if a paper is shown to be faulty, then the paper exposing the faults will get many citations too.
The proposed system might give a more detailed granularity than a purely citation-based system, so in that sense might have a reasonable benefit. However, as a "social network" of sorts, it will tend to have a life of its own, and consequently could very easily be subject to failings at the social/political layer (as other commenters have noted).
Comment Re:Poor reporting strikes again (Score 1) 579
It's not a "Batleth", it's a "Bat'leth". Without the apostrophe it just looks ridiculous.
Congratulations; you pass.
Submission + - Rogue CA Certificate Created from MD5 Collision
LargeMythicalReptile writes: A team of researchers has successfully used weaknesses in the MD5 hash function to create a rogue CA certificate that appears to be signed by one of the common root CAs. According to them, "We have identified a vulnerability in the Internet Public Key Infrastructure (PKI) used to issue digital certificates for secure websites. As a proof of concept we executed a practical attack scenario and successfully created a rogue Certification Authority (CA) certificate trusted by all common web browsers. This certificate allows us to impersonate any website on the Internet, including banking and e-commerce sites secured using the HTTPS protocol."
Comment Re:Triple MD5 Anyone? (Score 2, Informative) 125
Several points about this:
-DES was never algorithmically broken--it was just designed with too small a key size. 3DES effectively doubles the key size to something reasonable. MD5, however, is actually broken--it has algorithmic weaknesses that can be exploited. Thus, it's not an analogous case.
-We know a lot more about hash functions now than was known when MD5 was designed. From new attacks (e.g. multicollisions) to new design techniques (e.g. HAIFA), there's a lot more knowledge for cryptographers to use.
-As a corollary to the above, any new algorithm, even your 3MD5, would require application support. If we're going to ask people to code that up, why not get something entirely new?
-Finally, practical considerations. NIST wants something flexible for SHA-3, and there are various requirements that are not met by the above proposal. (Digest size from 224 to 512 bits, for example.) There are additional implementation considerations that make your proposal worse than MD5 itself--notably, the requirement that the bytes be read three times in various orders. Just about every practical hash function proposal (including all the major existing ones, and all the SHA-3 candidates I've looked at) is computable "online"--that is, it can be computed in a single pass reading through the message. It doesn't require multiple passes or even keeping the entire message in memory at once.
In short: NIST is looking for something better than SHA-2 (and definitely better than SHA-1). 3DES was a good idea because DES itself was still good, but in this case it's better to start fresh than throw a random patch on an old-and-broken algorithm.
Read the Federal Register notice to get an idea of what NIST wants out of this. It's a lot broader than "a patch on MD5."
