Forgot your password?
typodupeerror

Comment: Not complex; not broken; not meant for enterprise (Score 1) 86

by Xeger (#43257861) Attached to: A Truckload of OAuth Issues That Would Make Any Author Quit

IMHO, the only legitimate points in this gentleman's post are: (1) a compromised browser defeats OAuth, and (2) OAuth isn't mobile-friendly because it requires browser interaction to gain user consent to grant access.

While both of these are true, Web browsers are ubiquitous; OAuth is a Web standard. You can abuse it slightly to make it work with mobile devices (see "access code grant") but really, it not was intended to be a be-all end-all authorization mechanism.

Likewise, claims that the protocol isn't "enterprise-friendly" are somewhat silly. OAuth was not intended for fine-grained authorization within an authentication or trust domain. It's for cross-domain (cross-application) grants, between unrelated apps, under the assumption that all three parties in the transaction are basically unrelated.

If an executive wants to delegate calendar permissions to his secretary, he should *just do it* by clicking a checkbox on Microsoft Outlook or whatever product they use for scheduling, which no doubt has its own rich permissions system and obviously has its own authentication mechanism. There's no need for a Web standard to facilitate this use case!

As for claims that "there is no standard" -- that's entirely true. There is a draft standard, which presumably will eventually be ratified by IETF once we have all had a chance to play with the technology and suggest improvements. Standards are not an item of worship; they're just a way to ensure that a protocol has had a reasonable degree of scrutiny, has no undisclosed patent encumbrances, etc. I've heard people accuse OAuth of being complex or flawed, but never fundametnally insecure.

Frankly, anyone who thinks the OAuth draft RFC is complex, should choose a dozen or so documents from the SAML protocol suite, relax in a hot bath, and read through several hundred pages of THAT claptrap. Then we can talk about complexity.

(Disclaimer: yes, I do read security standards in the bath, and I create toy implementations of security protocols and algorithms for fun. That probably makes me mentally ill.)

Comment: AMD's next CPU will crush protesters into rubble? (Score -1, Offtopic) 161

by Xeger (#41161087) Attached to: AMD's Next-Gen Steamroller CPU Could Deliver Where Bulldozer Fell Short

Rather unfortunate timing for the headline of this article, considering today's news item about a literal bulldozer that did not fall short...

http://www.latimes.com/news/nationworld/world/middleeast/la-fg-israel-corrie-verdict-20120829,0,4476903.story

Comment: Re:Search (as most people use it) not CLI (Score 2) 1134

by JPRelph (#40516009) Attached to: Has the Command Line Outstayed Its Welcome?

It's not quite like that though is it, it's:

cd /Applications
open Mail.app

or

cd /Applications
open Microsoft\ Office\ 2011/Microsoft\ Word.app

I wouldn't fancy trying to explain that to most of our users, let alone explaining that they need to match the case, rather than just saying "It's in the Applications folder" or even more quickly "Click on the Spotlight icon and start typing Word...".

I use the command line fairly constantly (our servers are OpenIndiana and don't have a GUI installed), but command lines require using a particular grammar and vocabulary that need to be learned. Most users have no interest in learning those and it's very different from Google which will handle re-ordering of terms, different capitalisation and even typos.

Comment: Re:no expectation of privacy (Score 1) 391

by Xeger (#36570038) Attached to: LulzSec Document Dump Shows Cops' Fear of iPhones

Cops are public servants working in public spaces; given that the justification for speeding cameras and CCTV has always been that there is no reasonable expectation of privacy for someone in a public space, why should the public-spaces rights of policemen be any different from those of the general public?

If you are in public, regardless whether you're on the job, you must accept the notion that you could be observed, by people or recording devices. Bear in mind that most COPS have recording equipment in their squad cars and frequently videotape traffic stops.

If the concern were merely about videotaping police work, police departments would be worrying about their own recordings. It seems to me that their concern is about OTHER people recording police work, when said recordings are outside of the police department's control.

Comment: Re:Well (Score 5, Interesting) 405

by JPRelph (#35412830) Attached to: The Car Faster Than a Speeding Bullet

I know someone who is involved in the Bloodhound project, working with a large education company over here (one of the sponsors of the car). There is a really big focus on the education side of things with this; they're touring schools and colleges doing presentations, along with a full size replica of the car. One of the big reasons for doing it is to get kids at school interested in science, maths and engineering and that seems like a pretty good idea because there has been a continuing decline in students going on to study those subjects at higher levels in the UK (and I believe most Western countries these days).

There's a bit about it on their website http://www.bloodhoundssc.com/education.cfm . I also doubt that the overall resource usage for the entire project is actually that high (I'd bet fewer resources used than most Hollywood films for instance), so if it increases interest in the areas they're targeting so that general science and engineering gets a bit more attention, I don't think that's too bad a result.

.

Comment: Re:Not fiber? (Score 1) 368

by JPRelph (#35292436) Attached to: MacBook Pro Specs Leaked, iPad Event March 2

I've not seen many that come with full-sized displayport and even the Apple ones don't use mini displayport... And, of course, none of these adaptors are standard anymore, they're all $20 extra...

The Apple Cinema Displays *do* use Mini DisplayPort, and it's been officially brought into the standard now, so isn't just an Apple only port. There's also quite a few laptops out there using it, from Dell, Toshiba HP... The Wikipedia page for Mini DisplayPort has a list of a few.

Comment: Re:"Thunderbolt"? Bleh... (Score 1) 368

by JPRelph (#35292130) Attached to: MacBook Pro Specs Leaked, iPad Event March 2

...At least "Light Peak" gave me a vague idea of how the tech works by the name alone, whereas Thunderbolt just sounds completely unrelated to the technology.

It's worth bearing in mind that the version of Light Peak that we're likely to see tomorrow, is probably going to be copper-based rather than optical, so Light Peak would probably be just as unrelated as Thunderbolt

Comment: Re:Big buzzkill, over-dramatized (Score 2) 142

by Xeger (#34526258) Attached to: Feds To Adopt 'Cloud First' IT Policy

No doubt, cloud is a huge buzzword at the moment. No reason you can't use that to your advantage, however.

"Cloud computing" in common parlance means at least three things at the moment:

* A marginal-cost pricing model for compute resources (pay for only what you use)
* Making use of virtualization in one's app architecture
* Pervasive use of automation in the architecture and throughout the software lifecycle (dev/test/deploy)

#1 is a bit of a fad; some workloads can be shoved out into a public cloud with no risk to security or availability, but many workloads will never be suited for that.

However, #2 and #3 are here to stay for the next decade -- and even if computer architecture makes another massive swing (e.g. massive parallelism or quantum computing or some hooey) and virtualization is no longer as sexy as it is right now, automation always has been, and will always continue to be, a key component of successful IT operations. Automation = productivity!

Even a large part of what we call the "virtualization benefit" is actually due to automation-related productivity. The fact that I can take my pre-built OS + app stack and deploy it on whichever hardware I wish -- and in some cases even migrate it between two differently-capable host systems WHILE my guest is running! -- is all a flavor of automation. We've always been able to migrate servers, but it used to require a screwdriver and lots of patience.

So -- my advice is, don't look down your nose at the sudden cloudiness! Take advantage of this buzzword-laden atmosphere to justify your sound technical decisions to the businessfolk, in terms that their feeble minds can understand. ;-)

Comment: Re:No surprise (Score 4, Informative) 334

by JPRelph (#32374412) Attached to: UK Home Office Set To Scrap National ID Cards

Since we already are required by law to carry our driving licence while driving most people just keep it in their wallet. This allows the police to stop and search you at any time and find out who you are. Stop and search in the UK does not require a warrant.

We're not required to have it with us while driving. If you don't have it on you the Police can demand that you take it into a Police station within 7 days though.

Comment: Re:Cognitive dissonance (Score 1) 224

by Xeger (#31999810) Attached to: Why Making Money From Free Software Matters

The quote, actually, is "information wants to be free."

There's no _should_ about it. It's not a value judgement; it's an expression of one of the natural properties of information: that it tends to replicate itself in any way it's able, subject only to the constraints of the underlying medium (and of course to any artificial constraints placed on it, though those have a track record of working badly).

Even "information wants to be free" is a bit imprecise because it anthropomorphizes the information. Data has no intent, there's no "want" there; it just seems that the natural state of information is to propagate, and to mutate as it propagate.

Also, keep in mind that "free software" doesn't necessarily mean free as in beer. If you have heard someone saying "software should be free," they may have been referring to the fact that the source code to the software that runs your life should not be a trade secret locked away in someone's corporate vault.

As numerous generations of software pirates, malware authors and hackers have shown us, to someone of sufficient skill, the machine code to a piece of software yields enough information to mutate or copy that software. Protecting source code is an attempt to create artificial scarcity -- or security through obscurity, if you prefer -- and it doesn't work very well.

Maybe my argument convinces you; maybe it doesn't. It's not really my concern. I'm employed by an open-source software company whose business is growing tremendously year-over-year -- in the middle of a recession, no less! -- and one of the main reasons for our success is that our products are _open_.

Our customers are free to inspect, modify, ask questions regarding, and contribute improvements to the tools we sell them. Because we try whenever possible to leverage open-source dev tools, we enjoy the same openness in our infrastructure and development toolset. We are able to adapt our tools to work well for us, and contribute the improvements back to the community when we're done.

"Free as in beer" is not "free as in freedom." If your industry ignores this fact, it does so at its own peril. Don't be surprised if a lightning-fast innovator comes along and disrupts everyone. And if they do, look for open source to be greasing the wheels of their productivity.

Comment: Re:Not really so (Score 1) 367

by JPRelph (#31740468) Attached to: Microsoft and Apple Rumble Into Middle Age

3 years is not that old for a PowerMac purchased in late 2006, and which now refuses to run Safari 4 and other recent software, since they require 10.6 or higher.

That's not actually true, Apple provide a download of Safari 4 for Snow Leopard (10.6), Leopard (10.5) and Tiger (10.4). That G5 purchased in 2006 would have shipped with 10.4, so you don't even need to have purchased any additional software in order to use the very latest version of Safari. You can download a 10.4 compatible version of Safari from here.

I really don't know where you're getting this 10.6 requirement from, because there really isn't one.

Announcements

+ - Researchers discover that sand behaves like water->

Submitted by
Xeger
Xeger writes "University of Chicago researchers have found that streams of sand can behave similar to liquids, forming water-like droplets when poured from a funnel. To obtain these results they dropped their expensive high-speed camera from a height of several meters and observed the sand forming into droplets — something that shouldn't happen without surface tension! These findings suggest that conventional engineering wisdom about sand, dirt and other grainy materials needs to be rethought, and that it might be possible to apply fluid dynamics to some solids problems!"
Link to Original Source

Neutrinos are into physicists.

Working...