Domain: blogspot.com
Stories and comments across the archive that link to blogspot.com.
Comments · 20,258
-
Re:Google has BACKED DOWN in China
Actually they haven't removed censorship yet. They would be talking with the Chinese government about a way to provide an uncensored search within the law.
"We have decided we are no longer willing to continue censoring our results on Google.cn, and so over the next few weeks we will be discussing with the Chinese government the basis on which we could operate an unfiltered search engine within the law, if at all. We recognize that this may well mean having to shut down Google.cn, and potentially our offices in China."
So, we're still on hold as to if they will remove censorship.
-
Re:Language?
The Kindle application framework is Java based. You write "booklets" that work like Java applets. Under the hood the Kindle runs a Linux kernel, so in theory you could just write native C apps, but I doubt Amazon will give developers access to that.
Some more info about hacking your Kindle:http://igorsk.blogspot.com/2007/12/hacking-kindle-part-3-root-shell-and.html
-
More Password Analysis
I managed to obtain a copy of the list, and have been doing some analysis on my blog http://reusablesec.blogspot.com/ with more to come. You can find a list of the top 100 passwords from the RockYou disclosure here: http://reusablesec.blogspot.com/2009/12/rockyou-32-million-password-list-top.html I've also been analyzing more lists such as the 10k Hotmail list that was released a couple of months ago. As for the recommendations that Imperva made, I think they are too tough on the users. Let's be honest, someone could have had a 28 character passpharse and it wouldn't have helped them since Rockyou stored all the passwords in plain text. For most people, online password cracking isn't the main problem. Phishing/keystroke loggers are much more prevalent, (due to their low cost to attackers). What this shows though is you really need to have different classes of passwords. You don't have to remember a different password for every site, (which is almost impossible without using some keyvault program), but you should use a different password for your webmail/bank accounts compared to all of the other sites.
-
More Password Analysis
I managed to obtain a copy of the list, and have been doing some analysis on my blog http://reusablesec.blogspot.com/ with more to come. You can find a list of the top 100 passwords from the RockYou disclosure here: http://reusablesec.blogspot.com/2009/12/rockyou-32-million-password-list-top.html I've also been analyzing more lists such as the 10k Hotmail list that was released a couple of months ago. As for the recommendations that Imperva made, I think they are too tough on the users. Let's be honest, someone could have had a 28 character passpharse and it wouldn't have helped them since Rockyou stored all the passwords in plain text. For most people, online password cracking isn't the main problem. Phishing/keystroke loggers are much more prevalent, (due to their low cost to attackers). What this shows though is you really need to have different classes of passwords. You don't have to remember a different password for every site, (which is almost impossible without using some keyvault program), but you should use a different password for your webmail/bank accounts compared to all of the other sites.
-
Re:Exclusive?
I point you in the direction of Muramasa: The Demon Blade, which was released just a few months ago, uses sprites for all in-game characters/enemies, and is quite a beautiful game. Here are a couple screenshots:
http://2.bp.blogspot.com/_NXLKQR2FNpY/SwitorQly1I/AAAAAAAAAGs/unJ2YjKwJ3M/s1600/muramasathedemonblade-3.jpg
http://cache.gawker.com/assets/images/2009/06/custom_1244093929468_Muramasa2.jpgIt looks even better in motion, I highly recommend you look up some videos of the game in action. Using sprites doesn't necessarily mean it will look pixelated, it just means it isn't a fully rendered character. Considering the quality of 3D back in the PS1 days, it was a mistake to move the series to 3D then. I know that it would have eventually happened, I'm just questioning the timing of the move.
-
Re:Kids...
They can spell properly. Kids choose to spell like idiots because it makes them different from their parents.
It's the same reason they listen to music that's "unlistenable noise" if you ask their parents. In fact, a friend of mine complained his kids were into noisecore. Ha! He grew up being into heavy metal, which annoyed his parents who preferred the Beatles.
Texting doesn't make you a worse speller, because you have to know how to spell something properly before you can make it shorter for text-speak. Ask a linguistics professor about it sometime.
-
Re:Big Battle
A 3% marketshare for Bing is hardly anything to get excited about.
Using marketshare to make a point? Wanna try that with Linux on the desktop?
Bing is seriously terrible compared to Google
I find the opposite holds true for me.
Also, Microsoft is terrible at privacy compared to Google. You may be too young to remember Google fighting off a subpoena to hand over user information, while Yahoo and Microsoft caved:
http://googleblog.blogspot.com/2006/02/response-to-doj-motion.html
"The privacy of Google users matters, and Google has promised to disclose information to the Government only as required by law."
.. so much for "fighting" it.Also, where was microsoft when Google was making a stand in China? Yup, nowhere...
What has that got to do with providing good internet search results? Do you drive Ford because their CEO agrees with your political views? A real dimwit you are..
To me it shows Google is incompetent and can't even keep their network safe. I would be weary of a company that can get hacked so easily and holds my personal data.
-
Re:Not that bad
I know newspapermen are complete idiots, especially when it comes to technology - but surely even they'd clue on to the idea of disallowing all "Google bots" who don't actually originate from Google (all it takes is a reverse DNS lookup plus a forward DNS lookup). Hell, the instructions are even on Google's website! Yes, it's not foolproof, but it would stop all but the most determined paywall busters (which is only really a problem if that determined person is scraping their content and offering it up elsewhere for free).
-
Re:Summary full of errors
The issue has never been decided in any of the RIAA cases. The only RIAA case in which it has been litigated to any extent was UMG v. Lindor, where -the RIAA argued that it was a frivolous defense, -I argued that it was not a frivolous defense, and -the Judge agreed with me and rejected the RIAA's argument.
I would agree too - the defendant has the right to raise constitutionality as an issue. But that doesn't mean constitutionality has been litigated yet, nor did the judge agree with you [that the statutory damages are unconstitutional]. Rather, the judge [wisely] said, "let them have their day in court."
-
Re:Summary full of errors
NYCL clearly has his "side". The statements in it should be considered to be nothing more than opinion, as they are, rather than statements of fact or actual precedent
True
because the courts have repeatedly explored and rejected his claims
False. The issue has never been decided in any of the RIAA cases. The only RIAA case in which it has been litigated to any extent was UMG v. Lindor, where
-the RIAA argued that it was a frivolous defense,
-I argued that it was not a frivolous defense, and
-the Judge agreed with me and rejected the RIAA's argument. -
Re:Permanent damage at 100 meters too...
I've see many similar things at burn events. Just last weekend I was repeatedly woken up by a very loud propane cannon. Yes, my fault for wanting sleep. The cool thing about this is it seems to be designed to carefully maximize the shock wave.
-
Attack of the Retroclones and Simulacra
You'll be happy to hear that there's a lot of great games that aren't driven by the Hasbro/WotC machine and many of them hew faithfully to what made the old games so great - rules-light (compared to today's versions), tool-kit approach, "imagine the hell out of it" attitude. It's been mainly a niche of a niche, but in the last year or so, interest in the "Old School Renaissance" has really taken off.
If you liked AD&D 1e, the books are very easy to get off of Ebay/Craigslist, but OSRIC (http://www.knights-n-knaves.com/) is a retroclone that is free to download, and has promoted a few small publishers to continue releasing new 1e content.
If you liked Basic/Expert (the two book set from the early 80s) or the BECMI (the 5 "basic" books from the mid 80s) then Labyrinth Lord would be your thing: http://www.goblinoidgames.com/labyrinthlord.html - also free.
If you really want to go old school, back to the original 3 "Little Brown Books" printed in 1974, then Swords & Wizardry is a retroclone that simplifies an already simple game. http://www.swordsandwizardry.com/ - the Core Rules are the 3LBBs and the Greyhawk supplement (uses all the dice for HD and damage), while the "Whitebox" is a toolkit game that is strictly just the 3 books (d6s only for HD/damage)
There is a lot out there and there are tons of blogs, forums and groups that try to keep the flames alive on the old games. One of them is TARGA - http://www.traditionalgaming.org/ and in interest of full disclosure, I run an "old school" blog myself http://oldguyrpg.blogspot.com/ - I currently run a 3 group AD&D campaign setting and a solo OD&D campaign with my wife.
-
Re:'flagship webbrowser'
Uhhh... yes the do (as of a few days ago): http://gmailblog.blogspot.com/2010/01/default-https-access-for-gmail.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+OfficialGmailBlog+(Gmail+Blog)
-
Re:!do no evil
It's not like they just did it on a whim. They did research with usability between different models before settling on the current one. I don't see why you need any of the other stuff anyways, so the fade just helps you cut out the clutter and zero in on the search bar when you load the page.
You can read about it on their blog:
http://googleblog.blogspot.com/2009/12/now-you-see-it-now-you-dont.html -
Re:What's the point?
Yes, they are mainly for old people. That's certainly the market for them here in the Netherlands, where the most popular available electric bikes are marketed as having "invisible motors" so that people don't know you need assist.
For longer commutes, there are better options than electric assist.
-
Re:Net Neutrality
I had to right a short paper on this topic. Here is my the blog post.
http://thomas-netneutrality.blogspot.com/
If that's the quality of righting on your the blog, I'm not interested.
-
Net Neutrality
I had to right a short paper on this topic. Here is my the blog post. http://thomas-netneutrality.blogspot.com/
-
Re:Oh well
FiveThirtyEight provides fantastic political coverage, largely based upon statistical analyses. Although the site became a bit more editorialized after the 2008 election, Nate Silver acknowledges his biases up front, and almost always provides rock-solid data to back them up. He's also been responsible for bringing down a few fraudulent pollsters.
Speaking of political commentary, Andrew Sullivan is certainly an interesting beast. His tangents about Sarah Palin are a bit silly, although his general political commentary tends to be spot-on.
Bad Astronomy is an all-around fantastic science blog.
Jason Kottke's blog has very little original content, although his content selections are impeccable, reminding me of what Slashdot used to be. He's good at his job in the same way that NPR is good at what it does.
There are more excellent music blogs than I can even possibly begin to enumerate. These have helped launch a mini revolution in the music industry. Although mainstream pop is still the same recycled garbage as it always was, the alternative music community is thriving, and occasionally some of the good stuff does trickle up into the mainstream.
BLDGBLOG is a great read for armchair architects. Infrastructurist is a great read for armchair civil engineers.
FlowingData is a fascinating read about data visualization.
Want to look good at work? Read this.
I'm sure I'm forgetting a few good ones. Google solicited the reading lists of a few experts. Their recommendations are generally quite good.
-
Re:Good luck with that
The NYT (and subsidiaries like the Boston Rag, er, Globe) pass off op-eds as news and ignore stories which don't support their biases
What can I say? Citation needed.
There are many, many examples, but here's a personal favorite: back in 2002/2003, the Times ran 95 stories in nine months on the supposedly big controversy involving the Augusta National Golf Club, which didn't admit women as members. When the time came for the big demonstration against the club, about 40 people showed up. I humbly suggest that so many stories about such a minor controversy is good evidence of a political agenda driving news coverage.
As for ignoring stories that don't fit their biases, readers of the Times were probably surprised when Van Jones resigned, because until then there hadn't been any coverage of the controversy.
-
Re:I'll probably sign up for this
You Sir are spot on: it is only fair that people should be compensated for their work. However I think you are presenting a false choice. The choice is not 1) the 'incredibly valuable service' of the NYT and 2) 'crappy blogers that can't spell.'
There are plenty of high quality sources of information that are still available for free online, including most major newspapers and media companies. Fortunately there are also quite a few blogs who are a good source of information, opinions, and independent research, and whose authors are quite well versed in their field, and include Nobel prize winners. For example, on economics and finance you have Calculated Risk, Greg Mankiw's blog, Becker and Posner, Zero Hedge. Really, when you think about it, NYT does not have an especially compelling offer. -
Re:"Not for ________ use"
A fair profit margin is 100% or more.
I don't know what business *you're* in, but 100% is ridiculous. It looks like the average US corporate profit margin in 2006 was 8.5%.
I'm in a government regulated business and Washington sets our profit at 8% or even 4% sometimes. No reason health care shouldn't get fixed at 4% profit margin too.
-
What do you expect when you give china source code
Are all of these attacks really a surprise? Remember that Microsoft gave China access to the Windows source code years ago. http://solarislackware.blogspot.com/2010/01/china-microsoft-and-why-you-should-be.html
-
Re:What?
The use of "open source" is specifically listed as not allowed in WiiWare requirements. It is _not_ specifically listed as not allowed in the requirements for Wii disc titles. It was not listed or mentioned in the Gamecube requirements either.
This came about due to the ScummVM fiasco where Atari contracted Majesco to develop a WiiWare title, who then sub-contracted to Mistic Software, who have a development office in Ukraine, who used ScummVM and didn't tell anyone.
-
Re:I call bullshit!
I also like this link
http://evoandproud.blogspot.com/2009/06/what-caused-rickets-epidemic.html ... but it's no way reputable and does not prove my point. In fact, you win. See... I can't define the terms of winning and you can. So I concede. -
Re:But... what?
What this guy is saying
.. could that be correct? How does that match with what the parent is saying? -
Re:Audio/Videophiles Beware
Or the Grado RA1 Headphone Amplifier.
-
Re:Well then...
There are many reasons why this is happening:
1. ACTA agreement and license fees are up for renewal.
http://www.mpegla.com/main/programs/AVC/Pages/FAQ.aspx
All OEM product makers and content encoders are now waiting on the 2010 agreement from the mpegla licensing aggregation company . It will be stiff fees apparently, although not confirmed yet. What is even stranger is that we are now in 2010, and they have still not released the new licensing terms. Very weird; What are they waiting on i wonder ? Maybe ACTA resolution ?
Most China OEMS don't pay the fees, and hence why ACTA is being "negotiated" so secretly also.
http://www.eetasia.com/login.do?fromWhere=/ART_8800463180_499501_NT_5bb04467.HTM
So this is a "double whammy" waiting to explode.2. There are many other codecs around to choose from and why not test the water for others.
There is much discussion in this area. But its a chicken and Egg game.
You can make a fantastic codec, but you gotta have GPU support, otherwise its pointless.
See below for how this can happen in the Long Tail version.3. Google knows that its Chrome OS is reaching a tipping point where they need to decide how they will handle video - they need to resolve this and get their ducks in a row.
They can do flash on ARM CPU now, but i am sure they wish they did not have to.
And they also know that with JavaScript and HTML% coming through like a train, Flash days are definitely numbered. See Sproutcore JavaScript framework for example of one of the many "flash replacements".
And they have OpenGL covered with O3D and WebGl also moving forward very fast now with working implementations and even content conversion thinks to the Collada Open 3d format specification not fully entrenched.they can do NACL (NativeClient), and have already implemented a NACL c language h264 decoder. This was one of the first libraries they did !!
Native Client FAQ: http://code.google.com/p/nativeclient/wiki/FAQ
H264 Implementation: http://geekglue.blogspot.com/2008/12/google-native-client.htmlSo the cards on the table are all congealing based on the above factors, and its a good time for Google to see where the cards fall for them and their various business models.
So, why not ask the users too.I think it will come down to the h264 licensing terms to be released, and the ability for GPU's and embedded GPUs to handle video decoding.
-
Helps to be a team player
Many employers are also looking for people who can be good team players. Communication skills and attitude (or lack of attitude) are also very important attributes. This guy hits the nail on the head. http://williamfink.blogspot.com
-
APK REBUTTAL: HOSTS vs ADBLOCK #1... apk
"Good luck using the Hosts file in a computer where you don't have admin privileges." - by icebraining (1313345) on Friday January 15, @04:18PM (#30784074)
Well, then they ought to be deployed via logon scripts then, because HOSTS files have definite benefits in security and allow for gains in speed, many ways (& they are easily obtained, in updated form (witness mvps.org or bluetack/biss, or the wikipedia link I put up in my post which is parent to yours)... Personally though, per what I quoted from you?
I don't have that problem.
----
"Also, the Hosts file can't be auto-updated, like adblock." - by icebraining (1313345) on Friday January 15, @04:18PM (#30784074)
See the link from wikipedia for reliable & regularly updated HOSTS files (mvps.org's is good), or, use Spybot "Search & Destroy" (because both provide regular trustworthy updates to HOSTS files, easily)...
(& again: HOSTS files don't use up extra CPU & slow browsers up in THAT capacity @ all, whereas browser addons DEFINITELY do (nor are HOSTS files subject to the same types of bugs that browser addons are either, much less DNS servers as well)).
HOSTS files are also NOT severely LIMITED TO 1 BROWSER FAMILY ONLY... browser addons, are. HOSTS files cover & protect (for security) and speed up (all apps that are webbound) any app you have that goes to the internet (specifically the web).
----
"And Hosts file block all the domain - good luck blocking that big annoying image or flash animation that's served from the same domain as the content." - by icebraining (1313345) on Friday January 15, @04:18PM (#30784074)
IF a site's KNOWN as bad? You BET I want to block ALL OF IT... my sources? Very reputable & reliable, are as follows (typically & mostly):
----
A.) Spybot "Search & Destroy" updates (populates HOSTS and browser block lists)
B.) Sites like ZDNet's Mr. Dancho Danchev's blog -> http://ddanchev.blogspot.com/
C.) Sites like FireEye -> http://blog.fireeye.com/
D.) SRI -> http://mtc.sri.com/
----
Plus, ALL of the HOSTS files @ WIKIPEDIA's site for them I noted in my post parent to your own!
(Albeit, here, I wrote an app that used ALL of the above, & my HOSTS file is currently @ 655,552 entries... My app (APK HOSTS File Grinder 4.0++) "normalizes" & removes duplicates, plus, makes the blocking address used as SMALL as possible for the OS platforms its used on (be that 0, 0.0.0.0, or the largest & slowest of all, the "loopback adapter" of 127.0.0.1), & lastly it PINGS my favorite websites, & places their IP-to-DOMAIN/HOST NAME to its correct resolution in the file ("hardcoding in" & speeding up my favorites too, ontop of adbanner blocking or blocking of KNOWN bad sites like botnet "c&c servers", malicious name servers, or known bad websites & known malicious adbanners too).
One of the last things I'd like to build into it?
(& I have been planning that for a LONG time?)
I.E.-> A client-server design where the user can set it active as a tooltray app & have it check X times a day for updates of a HOSTS file I plan to serve up from GOOGLE DOCUMENTS (once it finalizes as a site that is), to overcome "one of your objections" in fact, & I've always thought it'd be a good idea & way to do this all for end-users in fact... & when it finds updates to the HOSTS file I do? Download it FOR the user & install it (no reboots needed on Windows XP/Server 2003/VISTA/Windows Server 2008, or Windows 7 either).
----
"And as far as I know Adblock removes the ad *before* Firefox tries to load it, so I doubt it even sends a DNS request. But with Firefox you can use both Adblock and Hosts, and get the advantages of the
-
Debunking Right-Wing Trade Bullsh!t
-
Re:Times have changed
It seems he was more happy when EA was the company that didn't create much of new IP or games, but just milked the old ones every year with new versions.
You completely missed the point of the article. Maybe you're a fan of some of the games and you feel that the guy is attacking those, but he doesn't have a word to say about game quality. His main concern is EA's failure to adapt to digital distribution, and the reshaping of a game as we imagine it. In fact a lot a people are failing to see the point, that's the reason there is a follow up post named Packaged Goods to explain game unbundling. It's all about choice. Nowadays instead of spending 60$ on a box and get 40 hours of gameplay, we the gamers, want to select our experience. If I only play on my iPhone during my daily commute I can spend a buck once in a while and I'm happy. The freaks that spend their every waking hour in some corner of a virtual world can pay a monthly subscription and be happy.
-
Not a great work for russian scientists
Russian scientists spent a month to decide it was an HAARP effect... only few days to reach the same conclusion (and much more) in this italian blog... (in italian language): http://marcobiso.blogspot.com/2009/12/preparatevi-al-2012.html
-
Re:Been complaining about this for years
I can't speak on this specific case, but in general there are specific areas in china and IP ranges where attacks have come from for a while, many of which have no resale value on the market, or political value only to China.
One incident doesn't tell the story, but combined they do.See http://taosecurity.blogspot.com/2009/10/report-on-chinese-government-sponsored.html for more details.
-
Re:Canadian Healthcare like this too
If the "elite" jumped the queue by paying to the point that the lines were sufficiently shortened to no longer be a political issue, there would be no issue to fix.
I was trying to say that if the "elite" jumped the queue, the "elite", who tend to have the most influence, might not see fixing the long queues as being a priority - at least that is how I have always heard this policy defended. Rich Canadians (and even the provincial health-care-systems themselves when it makes economic sense) have always made use of access to the US Medical system in any case, so mostly these prohibitions on private medical processes effect those who want to offer such services much more than they effect those desiring such services.
The solution to health care is affordable health insurance. Eliminate absurd punitive damages in malpractice suites, inefficiencies of different systems for a myriad of insurers, and price differentials between insured and uninsured[1], and you'd make it far more affordable.
I had once read that malpractice legal issues were a relatively small part of the overall costs, but I cannot find a good online reference one way or another.
I certainly agree with you that getting to a single-payer model which insures everyone across the board with an administration overhead closer to Medicare's 2-5% and Canada's 1.3% rather than the US's health care system as a whole which seems to spend almost 25%, at least according to this article, is the best way to cut costs.
http://angrybear.blogspot.com/2006/01/us-health-care-system-administrative.html
Anyway, as you noted, this doesn't have much to say about the Kindle issue. Having not even RTFA, I don't have much to say on that....
-
While we're busy pimping Haitian charity options
"We have a relationship with one organization, Batay Ouvriye, and are putting our resources and time into helping Batay Ouvriye to help rebuild from the catastrophe and maintain the struggle for a better Haiti and a better world. Batay Ouvriye is a combative grassroots worker and peasant?s organization in Haiti with workers organized all over Haiti, especially in the Industrial sweatshops and Free Trade Zones. We have set up a means to send money to Batay Ourviye. If others wish to send money to Batay Ouvriye, please email miamiautonomyandsolidarity@yahoo.com
The Batay Ouvriye Haiti Solidarity Network is calling on all Progressives to join us in the aftermath of the Earthquake Disaster to help us organize support for the various Workers” Unions, Peasant Associations, Toilers’ Associations in the Batay Ouvriye Movement in Haiti."
More info on the Batay Ouvriye from the Industrial Workers of the World trip: http://iwwinhaiti.blogspot.com/2008/04/blog-post.html
-
Re:But...
It couldn't be them. China would never do anything wrong.
That... or they'll just blame it on their status as a "developing nation" and that they shouldn't be held to the same standards as everyone else.
The original official notification of this from Google's Chief Legal Officer where he mentioned human rights advocates and human rights issues causes this to seem above the average security breach:
Second, we have evidence to suggest that a primary goal of the attackers was accessing the Gmail accounts of Chinese human rights activists.
I can understand how "We can't enforce copyright on software and music when we're busy lifting hundreds of millions of citizens out of poverty as a developing nation" works but I can't understand how "We need to arrest and persecute human rights activists because we're a developing nation" works.
-
Re:Krave
Well, according to this, they do seem to correlate with adult smoking:
http://medjournalwatch.blogspot.com/2007/05/candy-cigarettes-make-young-smokers.html
http://www.ncbi.nlm.nih.gov/pubmed/17532370?dopt=Abstract
History of childhood candy cigarette use is associated with tobacco smoking by adults.
Klein JD, Thomas RK, Sutter EJ.
University of Rochester School of Medicine and Dentistry, Department of Pediatrics and Community, Rochester, NY 14642, USA. jonathan_klein@urmc.rochester.edu
OBJECTIVE: We examined whether childhood candy cigarette use was associated with adult tobacco smoking. METHODS: 25,887 U.S. adults from the Harris Poll Online (HPOL) were surveyed about current smoking status from November 2005 to May 2006. Respondents were randomly assigned to a yes/no item or a dose-response scale to assess candy cigarette use. Data were weighted to reflect the U.S. adult population. RESULTS: 26.4% of respondents reported current smoking and 29.4% reported former smoking. Candy cigarette use was reported by 88% of both current and former smokers and 78% of never smokers (por=0.001). Logistic regression showed that the odds of smoking for those who used candy cigarettes was 1.98 (95% CI: 1.77, 2.21) for ever (current plus former) smokers and 1.83 (1.59, 2.10) for current smokers, compared to those who had not used candy cigarettes. Odds for current and ever smoking increased with increasing candy cigarette use. CONCLUSION: History of candy cigarette use was associated with increased risk of ever and current smoking among this nationally representative online sample of adults. Odds of smoking increased as candy cigarette use increased; these relationships persisted when controlled for sociodemographics. Elimination of candy cigarettes may protect children from products that promote the social acceptability of smoking.
-
Correction to summary
"Only two Gmail accounts appear to have been accessed"... by attacking Google systems directly. Using other methods, the attackers were highly successful.
Google disclosed that upon investigating users suspected of being attacked, they found "dozens" of Chinese human rights activists who had been compromised through phishing, malware or other systems that allowed security forces (presumably) to read their mail via a valid authentication. So, while Google itself may be mostly reliable on the backend, the security ecosystem as a whole is deeply flawed.
Google: "as part of this investigation but independent of the attack on Google, we have discovered that the accounts of dozens of U.S.-, China- and Europe-based Gmail users who are advocates of human rights in China appear to have been routinely accessed by third parties. These accounts have not been accessed through any security breach at Google, but most likely via phishing scams or malware placed on the users' computers."
http://googleblog.blogspot.com/2010/01/new-approach-to-china.htmlSo go change your passwords.
-
Re:Oh please. Not the same bullshit again.
Actually Apple is dropping DRM on music and Google is changing its mind about censorship in China.
Nothing to say about the rest, though.
-
Not through sniffing
Apparently the two compromised accounts were because of "access a system used to help Google comply with search warrants by providing data on Google users." I've blogged about this. And my source for all of that is from an article in Computer World.
-
Re:Statescraft
They are NOT doing a bad job of it, and they are much more skilled then "script kiddies".
When organizations like Google and people like Richard Bejtlich (who has literally written the book on network monitoring and incident detection) admit to being p0wn3d and unable to be sure the mess is cleaned up, you know you're up against a very sophisticated attacker.
-
Re:I Don't Think Censorship's Been Lifted
-
Google siding w/"human rights activists" or not?
Is it just me or is there a "spin disconnect" with this news stroy. I hear and read from multiple sources that "Google" is "pulling out of China" because of cyber attacks. My guess is most will read such stuff and concluded that google is either removing censorship or leaving
.cn because it can't protect itself from hacking. Reading google's post on the topic here http://googleblog.blogspot.com/2010/01/new-approach-to-china.html seems to suggest that google is modifying its policies or leaving because "Chinese human rights activists" were primary targets. Google doesn't go so far as to say they are siding with "Chinese human rights activists," but it does seem to be implied. So which is it? Is google championing "Chinese human rights activists" If so, why doesn't google focus, or redirect, the media coverage accordingly? -
Re:Free trade of ideas, anyone?
You might want to read Google's Blog post about the introduction of google.cn: http://googleblog.blogspot.com/2006/02/testimony-internet-in-china.html
The short of it is that since google.com wasn't self-filtering, the government was filtering at the border, which led to slow and unreliable service, in addition to the filtering. Google decided that on the whole, it was better to provide an additional filtered local (and thus reliable) service than to leave the chineese with only a service that didn't work well (from the user's standpoint). And since it was additional, they didn't take away anything.
That, and it was good for business.
From the 2006 post, edited for length:
[In the fall of 2002, Google suddenly became completely unreachable from within China. Google did nothing, and about two weeks later, it could be reached again.]
However, we soon discovered new problems. Many queries, especially politically sensitive queries, were not making it through to Google’s servers. And access became often slow and unreliable, meaning that our service in China was not something we felt proud of. Even though we weren’t doing any self-censorship, our results were being filtered anyway, and our service was being actively degraded on top of that. Indeed, at some times users were even being redirected to local Chinese search engines Nevertheless, we continued to offer our service from outside China while other Internet companies were entering China and building operations there.
[much later in the testimony]
Since 2000, Google has been offering a Chinese-language version of Google.com, designed to make Google just as easy, intuitive, and useful to Chinese-speaking users worldwide as it is for speakers of English. Within China, however, Google.com has proven to be both slow and unreliable. Indeed, Google’s users in China struggle with a service that is often unavailable. According to our measurements, Google.com appears to be unreachable around 10% of the time. Even when Chinese users can get to Google.com, the website is slow (sometimes painfully so, and nearly always slower than our local competitors), and sometimes produces results that, when clicked on, stall out the user’s browser. The net result is a bad user experience for those in China.
The cause of the slowness and unreliability appears to be, in large measure, the extensive filtering performed by China’s licensed Internet Service Providers (ISPs).
... China has nine licensed international gateway data carriers, and many hundreds of smaller local ISPs. Each ISP is legally obligated to implement its own filtering mechanisms, leading to diverse and sometimes inconsistent outcomes across the network at any given moment. For example, some of Google’s services appear to be unavailable to Chinese users nearly always, including Google News, the Google cache..., and Blogspot... . Other services, such as Google Image Search, can be reached about half the time. Still others, such as Google.com, Froogle, and Google Maps, are unavailable only around 10% of the time.Even when Google is reachable, the data indicates that we are almost always slower than our local competitors. Third-party measurements of latency
... suggest that the average total time to download a Google webpage is more than seven times slower than for Baidu, the leading Chinese search engine. ...Based on our analysis of the available data, we believe that the filtering performed by the international gateway ISPs is far more disruptive to our services than that performed by smaller local ISPs. Because Google’s servers have, to date, been located exclusively outside China, all traffic to and from Google must traverse at least one of China’s international gateway ISPs. Accordingly, Google’s access problems can only be s
-
Google NOT hacked!
http://googleblog.blogspot.com/2010/01/new-approach-to-china.html
Second, we have evidence to suggest that a primary goal of the attackers was accessing the Gmail accounts of Chinese human rights activists. Based on our investigation to date we believe their attack did not achieve that objective. Only two Gmail accounts appear to have been accessed, and that activity was limited to account information (such as the date the account was created) and subject line, rather than the content of emails themselves.
Third, as part of this investigation but independent of the attack on Google, we have discovered that the accounts of dozens of U.S.-, China- and Europe-based Gmail users who are advocates of human rights in China appear to have been routinely accessed by third parties. These accounts have not been accessed through any security breach at Google, but most likely via phishing scams or malware placed on the users' computers.
Get the headline right. It was an attempt, but as usual hacking Google was not successful.
-
Pricing info
It doesn't seem that anyone else commenting on the article has noticed this yet, but if you click through to the Google Docs blog it has the pricing info:
http://googledocs.blogspot.com/2010/01/upload-and-store-your-files-in-cloud.html
Instead of emailing files to yourself, which is particularly difficult with large files, you can upload to Google Docs any file up to 250 MB. You'll have 1 GB of free storage for files you don't convert into one of the Google Docs formats (i.e. Google documents, spreadsheets, and presentations), and if you need more space, you can buy additional storage for $0.25 per GB per year. This makes it easy to backup more of your key files online, from large graphics and raw photos to unedited home videos taken on your smartphone. You might even be able to replace the USB drive you reserved for those files that are too big to send over email.
Combined with shared folders, you can store, organize, and collaborate on files more easily using Google Docs. For example, if you are in a club or PTA working on large graphic files for posters or a newsletter, you can upload them to a shared folder for collaborators to view, download, and print.
Again, after the 1gb limit, that $0.25 per gb-yr. By comparison, Amazon S3 is $0.15*12=$1.80 per gb-yr, almost an order of magnitude more expensive.
-
Putting closure on a software project is important
Putting closure on a software product is important.
Professional software usually has an EOL schedule. For example, RedHat Enterprise Linux and Windows XP both have EOLs for early 2014. This allows people using the software to plan upgrades and know when they need to be making a transition.
This is equally as important for open-source software. It looks really bad when this is not done. For example, Dan Bernstein's DjbDNS software package has three unpatched security holes. People using this software have to know about these holes and apply third-party patches.
In addition, when the maker of an open-source program says "OK, I'm done with this program.", it allows maintainers to step forward and take over the project. For example, when I announced I would no longer work on a Doom random map generator I had been hacking on for a while, someone expressed interest in maintaining the software, and subsequent updates have since been done.
I think the Apache foundation should either say "OK, we'll still fix security bugs on this program" or "We're no longer maintaining this release". This way, the users of these programs know whether to upgrade, form their own group applying security patches, or just know they're OK from a security prospective if they're current.
I have blogged about putting closure on open-source projects and have well defined EOL dates for older releases of my own MaraDNS.
A lot of open-source projects just languish when the developers lose interest; I feel this is irresponsible and feel EOL dates and putting closure is important.
-
Putting closure on a software project is important
Putting closure on a software product is important.
Professional software usually has an EOL schedule. For example, RedHat Enterprise Linux and Windows XP both have EOLs for early 2014. This allows people using the software to plan upgrades and know when they need to be making a transition.
This is equally as important for open-source software. It looks really bad when this is not done. For example, Dan Bernstein's DjbDNS software package has three unpatched security holes. People using this software have to know about these holes and apply third-party patches.
In addition, when the maker of an open-source program says "OK, I'm done with this program.", it allows maintainers to step forward and take over the project. For example, when I announced I would no longer work on a Doom random map generator I had been hacking on for a while, someone expressed interest in maintaining the software, and subsequent updates have since been done.
I think the Apache foundation should either say "OK, we'll still fix security bugs on this program" or "We're no longer maintaining this release". This way, the users of these programs know whether to upgrade, form their own group applying security patches, or just know they're OK from a security prospective if they're current.
I have blogged about putting closure on open-source projects and have well defined EOL dates for older releases of my own MaraDNS.
A lot of open-source projects just languish when the developers lose interest; I feel this is irresponsible and feel EOL dates and putting closure is important.
-
Putting closure on a software project is important
Putting closure on a software product is important.
Professional software usually has an EOL schedule. For example, RedHat Enterprise Linux and Windows XP both have EOLs for early 2014. This allows people using the software to plan upgrades and know when they need to be making a transition.
This is equally as important for open-source software. It looks really bad when this is not done. For example, Dan Bernstein's DjbDNS software package has three unpatched security holes. People using this software have to know about these holes and apply third-party patches.
In addition, when the maker of an open-source program says "OK, I'm done with this program.", it allows maintainers to step forward and take over the project. For example, when I announced I would no longer work on a Doom random map generator I had been hacking on for a while, someone expressed interest in maintaining the software, and subsequent updates have since been done.
I think the Apache foundation should either say "OK, we'll still fix security bugs on this program" or "We're no longer maintaining this release". This way, the users of these programs know whether to upgrade, form their own group applying security patches, or just know they're OK from a security prospective if they're current.
I have blogged about putting closure on open-source projects and have well defined EOL dates for older releases of my own MaraDNS.
A lot of open-source projects just languish when the developers lose interest; I feel this is irresponsible and feel EOL dates and putting closure is important.
-
Re:WTF is up with the summary?
Energetically the numbers do not add up for Nuclear power, maybe in 50 years time when we have materials technology to support engineering a burner reactor that has a conversion rate of uranium fuel to fissile ash greater than %1 of the fuel load.
We've had that technology for 40 years. There is absolutely no technical limitation that would prevent us from building a reactor that could run unenriched uranium with burnup ratios approaching 100%.
The problem is that breeder reactors have been banned by statute and the industry has stagnated ever since the late 70s since a de facto ban on new construction.
There's a Google Tech Talk video that describes one way that we could start building reactors that would eliminate address every downside that you can reasonably put forward. (It doesn't address the "I don't like nuclear power because it's icky" objection, but nothing ever will)