My bad - I meant to say BNG, not PNG in the first paragraph.

I hope Snowden sends a note telling Assange to leave him the hell out of his egomaniacal delusions. God, how embarrassing it would be to be associated with that guy for all eternity - and literally as his "right hand man", of all things?

Everyone thinks horrible things at time, but most of us have a mental barrier that blocks those things from being blurted out loud. If you've ever been around someone who lacks an effective brain-to-mouth filter, you know things can get really awkward really fast. If he hid those comments from you growing up, then it perhaps means he knew they were wrong and shouldn't be uttered in front of his grandchildren. Have you talked to your parents about this?

After I became an adult, I learned that my grandfather was actually a rather horrible father (think The Great Santini), and caused a lot of grief for his family. My dad never told us about this when me and my siblings were younger, because he wanted us to be able to form our own unprejudiced relationships with them - and indeed, he always behaved himself when we were visiting. It certainly changed my view of him, of course, and it was sad for me to learn of such things, but we still had great memories of him while I was growing up, and I'm glad for that.

I'm a videogame programmer, and Ogg Vorbis is actually a very popular format for game audio. It's not only license free, but it supports multichannel audio and seamless sample-accurate looping, which standard MP3 can't do. It was great for videogame companies, but did little to really promote the file format itself. So, sure, the fact that we have usable reference libraries means anyone can add support to their products, but I don't think that makes much of a difference, unfortunately.

Don't get me wrong - I think it's a great format (obviously technically superior) and would love to see it succeed. You say that if the format "becomes a standard implemented by browsers and major graphics tools, it will get adopted". Well, sure, but that's sort of the hard part, right?

Don't think of it as "low end" graphics. The smallest pictures are demonstrating the worst artifacting possible in order to demonstrate the compression techniques being used. In the case of JPG, we can see the block-based artifacts very clearly. In PNG's case, you can see that the compression works differently, by reducing details and colors where it can, creating a "photoshopped" effect, as you put it.

Just like you never really see a JPG image compressed that badly, you'll probably also never see a BNG graphic with highly visible artifacts like that. The important point to take from this is that for the same image quality, you'll get images that look far less compressed. Alternatively, for the SAME bandwidth, you can get images that have much less visible artifacts. This format also supports high bit depths as well as transparency, so it's very much at home in the high-end side of graphics as well.

Yes, national security agencies probably think at that level, because they can afford to think at that level - same with top industry security experts such as Bruce Schneider. Even so, I'd still posit that it's still very much a hypothetical threat or method of attack. It's fun to theorize about what-ifs, but we should probably recognize it as such, with the understanding that it's not really relevant to nuts-and-bolts security issues in the real world. There's a pretty significant difference between "this is theoretically possible" versus "this has a reasonable chance of ever occurring".

BTW, even early and very rudimentary viruses such as the old "happy99" virus replaced a Windows DLL to inject itself into outbound traffic. Unless I'm misunderstanding something, I don't think that's really an example of what we're talking about here. Stuxnet was hella impressive for a lot of other reasons, of course.

Is there something about those formats that prevents someone from writing a Javascript-based visualizer? It's helpful that it's available, but frankly, it seems like an interim step to help in promoting the format - allowing people to see it on the web it it's native format instead of converted to a lossless PNG.

It does look like a great format, but until it's adopted as a web standard, all the browsers support it, and the major image editors can export it, it will remain among the many technically superior yet unused formats we've seen over the years. Too bad if it doesn't gain traction, but it's hard to fight the sheer inertia of popular formats.

I'm not sure how you can argue that after looking at the pictures in the link. It's clearly superior to JPG, because *everyone* can see the JPG artifacts. You only tend to notice the artifacts with BPG if you're comparing to a high quality picture or the original, or else looking really hard. It seems similar in principle to good audio compression that saves space by removing details the human ear is unlikely to miss.

It's too bad, because we really could have used this years ago while we were still on dialup - it would have saved us from seeing many beautiful images compressed all to hell. Yes, bandwidth matters to some degree nowadays, but not nearly as much as it used to. This format will, unfortunately, probably get little traction for one reason. JPG is here and it's "good enough". Audiophiles chafe at MP3 as well. Technically speaking, Ogg Vorbis was a superior format in nearly every way, but it's widely ignored in favor of MP3, which is "good enough". There's a small movement with FLAC and hi resolution sound, but most people can't hear or don't care about the difference. It will probably be the same for this.

Who knows... maybe I'll be proven wrong. It would help if the browser makers actually got behind it early and supported it fully - PNG suffered poor adoption because IE lagged so far behind with support for many years. Adobe, Corel, and other makers of image software will also need to offer native support as well. A format is worthless unless people are actually using it.

Never underestimate a government's ability to keep doggedly charge forward with a policy even in the face of obvious failure. After all, we've been conducting a "war on poverty", "war on drugs", and more recently, a "war on terror" for many years without effective results. No, they'll just claim that they're not getting enough funding to do a proper job, or that new laws are needed to close loopholes.

It seems a bit foolish to worry about purely theoretical security issues when we've got so many real ones to deal with. Ken Thompons' compiler infection demonstration was an interesting experiment designed to make a particular point, but I don't think it's wise to consider tool-chain hacking a legitimate threat, as we've never seen anything remotely like this in the wild, as far as I'm aware. And frankly, I question whether it's even realistically possible beyond a very simplistic demonstration.

At some point, theory has to give way to practicality, and you have to use some good judgment and common sense. Humans have to use a "chain of trust" at some point, because if you took the time to independently verify everything yourself (even assuming you had the expertise), you'd never get anything practical done. In fact, just about everything we do in our society at a high level of technology or craftsmanship ultimately requires relying on and trusting in others to assist you, at least to some degree. Security is no different. You have to weigh the probabilities of hypothetical threats versus limited resources to deal with those threats and do the best you can with the resources available. Diverting your attention on unrealistic threats will ultimately make you less secure, not more.

Even beyond that, e-mail can be encrypted client-side when necessary, meaning you don't have to trust anyone. There's no reason to trust your e-mail provider in the first place if the contents are truly sensitive. For everything else, e-mail should be considered about as secure as a postcard.

If you need to protect the metadata as well as the content, then e-mail shouldn't even be used for that sort of correspondence. E-mail has never been secure. It probably never will be either, at least not for what we consider "e-mail" today, because there's too much legacy crap that would break if we lock it down (at least if we are trying to secure metadata).

If we're OK with simply encrypting content as needed, then there are ways of building that sort of infrastructure into the system. We're seeing a lot of 3rd party messaging solutions that are using very good "trust no one" client-side encryption technologies and methods, such as What's App (now that they've integrated Open Whisper Systems security) or Threema.

I think such techniques may tend to be highly locale-specific.

For instance, in desert regions, there's no shortage of waste heat, so the idea of trapping and re-using it elsewhere may not make any sense. In those environments, it's probably much more effective to try to make use of abundant solar resources to offset energy costs used. Liquid cooling make make more sense to try to offset the cooling costs here.

For data centers in colder climates, you've essentially got a big helping hand from mother nature in the cooling department, especially in the winter. Any generated waste heat can be gladly reused by someone else to offset normal heating costs they'd otherwise incur. Also, it seems like this heat may only going to be useful in a limited area around the data center, as I'd imagine it would be difficult to transport waste heat over long distances - at least without investing so much in infrastructure that it negates any potential advantage.

I suppose one potential solution is to utilize distributed data center clusters that can be located in building basements, and act as supplementary heating elements, rather than the giant data centers we see today. We've seen some companies moving in this direction, though of course, this would have challenges of it's own.

There are a few significant advantages I can think of for lasers off-hand. Near perfect accuracy with any line of sight to the target is essentially assured. That is, if you can see the target, you can hit it. That's extremely important for fast, inbound targets like anti-ship missiles, in which you may only get one real shot at it. The speed of the laser assures that the inbound target will be hit as far away from the ship as possible. Additionally, there are no limitations of ammunition - it doesn't have to be stored and it can't run out. The only limitation is the power requirements, presumably generated by the ship itself.

You're probably underestimating the difficulty of making targets perfectly reflective enough to actually deflect a high powered laser beam. You're not going to be able to coat flight surfaces with optics-grade mirrors easily - low grade mirrored surfaces would likely be all but worthless as defense in actual practice, especially since they'd need to protect equally against all viable laser weapon frequencies. Moreover, warplanes and drones would not be good candidates for being covered with highly reflective surfaces for rather obvious reasons.

I don't think the Navy is reckless enough to replace all weapons with lasers, especially early in their life cycle while they're still unproven. Even though current warplanes have guided missiles, most still also carry guns or cannons as well. The military is pretty big on defense-in-depth, since all different weapons types have advantages and disadvantages. Lasers are no different. Downsides are degraded capabilities in poor conditions, less power on target then bullets or chemical explosives, and probably a few others.

You say that like you're arguing with me, but I make almost this exact same point, just with different words. I was just providing a counter-anecdote, but I've seen plenty of bad C++ programmers too. Good programmers write good code, and bad programmers write crappy code. I personally think it doesn't matter which language you start with.

Oh? I can't speak for other industries, but that certainly doesn't describe my job of videogame programming, where C++ is used almost exclusively for large-scale games. C++ compilers do an excellent job at turning higher-level abstractions into very efficient code. Otherwise, the videogame industry would still be using C, as we're pretty fanatical about performance and highly optimized code.

The C++ committee has generally adhered to C's original zero-cost (i.e. "you only pay for what you use") principles when designing new language features. Good C++ programmers understand which abstractions actually incur a runtime cost and which don't, and know how to use them appropriately. In many cases, the higher-level abstractions C++ provide are actually compiled away to zero or negligible runtime costs. Sorry, but characterizing C++ as some slow, inefficient, high-level language seems a bit of a stretch to me.

A good point, but it's too early to say if it's sustainable, or what the longer-term results will be. We've seen a lot of very generous social-welfare programs enacted in European countries, and many of them have since had to roll back some of those programs once their economies dried up - usually resulting in massive protests and strikes over "austerity measures", or the collapse of economies of countries with politicians too cowardly to propose such measures.

Granted, I think one advantage a basic income has rather than means-testing social programs is that a lot of bureaucratic overhead can go away - at least in theory. You shouldn't need as many civil servants to simply mail out checks, and a large number of various programs could be consolidated into this single program. The end result might cost more, but would likely put a greater ratio of tax money into the hands of people that would spend it rather than being filtered away as overhead inside government institutions, as social services overhead tends to be ridiculously high. The question is whether that cost is ultimately too high to be sustained by the working population - or rather, whether they feel the actual results are worth the inevitable costs.

Either way, I say let Finland experiment with their economy and let the program simmer for a while before we evaluate the program based on actual results, rather than political promises and rosy forecasts.