oddgodd's comments

I'm not sure that it's a settled matter that HIPAA doesn't apply in this case. PHI includes demographic information which would seem to apply here just based on what we already know has been leaked.

In modern usage of the term they don't. The term originated in underground circles where anonymity by all participants was assumed, and where there were probably legal or criminal revenge consequences for tying a pseudonym to a real identity.

Kind of like how troll now means 'person who is an asshole on the internet' instead of 'post designed to rile up and elicit frivolous responses'. The meaning has changed over time for better or worse.

A modern clone of the PCB has been done: http://www.willegal.net/appleii/apple1.htm

Sourcing all the required components is likely to be difficult.

My understanding is that he objects to the non-free status of the firmware present on other devices.

Look at the "Try Turnkey on Amazon..." banner at the top of the turnkeylinux.org home page and tell me the artifacts don't look like hammered ass. I'll stick to lossless for anything with textual elements, thanks.

To your point one, I agree. I also fail to see how universal binaries help. The problem isn't with supporting multiple architectures, it's with supporting multiple distributions.

Regarding point two, the developer is stuck with the packaging hassle regardless. The binary goes one place, config files and man pages in others, maybe you want a launcher in the gnome and kde menus... You are stuck with writing an install script anyway.

It really is just a bad idea. Or at least one that is working against ideas central to the way Linux is currently used.

Universal/fat binaries made sense on the Macintosh because there is no concept of program installation on these systems. While I think that eschewing installation is generally a better design, one drawback is that if you want to be able to support multiple architectures in one application you have to do the architecture check when the program is loaded.

Central to Linux and Windows is the idea of program installation, either through packages or installer programs. No one is interested in making it so that you can drag and drop items in Program Files or /usr/bin between systems and expect them to run, which is the only thing that using fat binaries really gets you over other solutions.

Nearly all of the commercial binary-only software I have seen in Linux (and other Unixes) uses an installer program, just like windows. There is no technical reason why such an installer couldn’t determine the architecture to install.

>So please think hard on this, before you dismiss this as stupid or untenable.

I have. This is stupid and untenable.

Problem one: Right now if I encountered a login form that didn't mask the password I would probably attribute this to incompetence, not usability. I don't think I'm the only one.

Problem two: Right now all login forms work the same. The top field is the username and under that is the password field. This would break that consistency by adding the "show (or hide) password" behavior. In his description he even suggests that some sites default to a different behavior based on some notion of degree of security. Now logging in with someone looking on becomes quite a bit more nerve-wracking because you need to figure out if the password field will disclose your password. This is less usable.

Now, where I think this may be useful is if it is added as part of the "invalid password" behavior. Offer to give the user help only if they need it. Provide them a button to show the password they entered, and allow them to try again underneath it to fix any typos or verify that they correctly entered the password they were thinking of. This helps the user without changing the way the login form operates in the default case where a correct password is entered (a password that's probably in the user's muscle memory because they use it for everything). I know I've actually seen this done somewhere, although I can't remember where.

Mobile is a bit different. I’m completely behind the times in using a mobile device to access the web, but I know that my terribly slow phone running its gimped browser (netfront, I think?) on its tiny screen quite a few years ago provided the option to display masked fields in the editor window it would switch to whenever filling out an input field. This seems like a better solution to this problem to me (and was almost a necessity on that device since it didn’t have a proper keyboard).

That was Informix, not Oracle.

I suspect the grandparent is referring to a "cross site request forgery" (XSRF) style attack.

I wonder if he's using UUCP?