That's why these lawsuits aren't directly attacking Linux (yet). Apple went after HTC, even though most of the meat of their suit involves Android. They are doing this in the hope that going to court and winning will set the legal precedent they need to increase the chances of victory against the far more powerful forces at play. MS will likely do the same thing. I HIGHLY doubt they would go directly after Linux (the kernel), Red Hat, Ubuntu, or Android right off the bat. What's more likely to happen, is they will start going after the small players, and get to the point where they have done enough damage to take on the big ones...
All this does is show how broken the US patent system really is, and how entire markets could be taken out in a mass suicide strike unless something is done about it.
There's more to light than just color temperature... There's also emitted frequencies. So while an incandescent typically emits light evenly across the visible range, a typical CFL emits light in a more grained spectrum (http://en.wikipedia.org/wiki/Compact_fluorescent_lamp#Spectrum_of_light). So to emit the same "color temperature" and luminosity (brightness of overall effect), a CFL will need to emit more light in certain frequency ranges to compensate for the missing frequencies. And since the human eye doesn't perceive all frequencies equally (We're typically MUCH more sensitive to green than red or blue) it can lead to the light not "feeling" right. The net combination of the colors looks the same, but they are processed differently in the eye which leads to a real, measurable difference. A CFL can never be identical to an incandescent. It's a matter of the physics behind it. Sure, they can "approximate" the light output, but the difference will always be there (and hence why some colors are less discernible under a CFL than under an incandescent)... In situations where color is very important (Artists, designers, etc) an incandescent bulb will be far better than a CFL. In situations (like every day life) where it isn't important to get colors exactly right, then it doesn't matter. But the point is that there is a difference...
Then there is people claiming that CFLs give them headaches, if I had more time I'd point out the studies where people are shown to have similar sensitivity as those who sense EM fields.
While I don't get headaches directly from CFLs, if I do have one, I typically find that some CFLs will make it worse (When I get a headache, I'm typically very sensitive to light. The fact that some bulbs make it worse than others leads me to believe there may be something about sensitivity to certain light frequencies) The difference, is that it's only SOME CFLs that cause it... The light output varies from model to model, and while I wouldn't avoid CFLs because of it, I may avoid certain models... EM sensitivity I think is largely psychological, but I do think that light sensitivity is a very real effect (But definitely does have some psychological effect)...
As for the mercury argument, it only plays if you break a bulb. Sure, coal may put out more, but what's the average effect on each person with coal? I'd bet it's less than if you broke a bulb (and were directly exposed to the mercury). However with that said is the amount that's contained in a CFL dangerous? Is it beyond the LEL? The amount of mercury in a typical CFL is around 4mg (http://www.energystar.gov/index.cfm?c=cfls.pr_cfls_mercury)... Based on the MSDS http://www.jtbaker.com/msds/englishhtml/M1599.htm, that amount is WELL above the airborne exposure limits (40 times the OSHA upper limit). So the dangers of mercury are real, but the flip side of that argument is how many bulbs are broken? If you have a habit of breaking them, then perhaps it's a real concern. If you've never broken a bulb in your life, perhaps it doesn't concern you (Since exposure one time isn't nearly as bad as a repeated exposure)... But to say that it isn't dangerous is extremely short sighted and blatently ignoring the facts. Sure it's not a mitigate-able danger (just don't break the bulb), but it still exists...
This time instead of continuing to spout discredited crap, do a bit of research.
Well, that seems to be the way things are going, isn't it. Everyone fears that company A is getting to much data about you. So experts predict people will flock away from A. Company B comes along, makes no additional claims, but everyone flocks to it because it "must be better than A"... Then everyone starts to fear B. Soon, company C comes along. And either one of two things happen. Either the cycle continues to go forever, or everyone just sticks with one of them because it's good enough that they don't really want much more and for some reason they don't care about privacy. I see it happening now with Google. A lot of people are up in arms over privacy concerns with Google... But are masses of people flocking from it? Not that anyone has seen (so not a significant portion, anyway). People are flocking away from MySPACE, because there does exist a better competitor that just so happens to have better privacy (for now). So privacy doesn't appear to be the main motive for most people. Usability and utility appear to be the main drive, and privacy only comes into account for the vast majority of people if they need to pick between two companies that do the exact same thing. And even then, what their friends chose to use typically plays a bigger part than privacy... Then again, I could be wrong, it's JMHO...
So you take one sites total traffic (including searching, media, and generated traffic), and compare it to a (albeit large) portion of a another sites traffic. I mean it's cool that Facebook's traffic exceeds Google's search traffic, but I think the title is misleading...
One thing that bothers me is how Hitwise gets its data...
Hitwise takes a wholly different approach. It does not gather data directly from individual computers as comScore and Nielsen do. Instead, it gets the data from Internet service providers (ISPs) who aggregate traffic data across all the individuals to whom they deliver Internet access. Hitwise provides ISPs with proprietary software that allows them to analyze website usage logs created on their networks
So what does that mean? Are they analyzing DNS queries? Are they analyzing raw IP addresses? Are they analyzing raw HTTP headers? And I'd like to know more about what ISPs are signed up for this. Is it a statistical significant portion of them, or is it only a few here and there... Do those providers use high speed, mid speed or dialup connections? These are the kinds of questions that need answering to know if the conclusions that they draw are indeed valid, or if this isn't just a marketing stunt for the company...
I agree 100%. And as for the "it's not accurate enough for research", I find that it's rarely REALLY wrong. And so long as you go through the sources and don't use it exclusively, it can be a great help. Especially when researching an unfamiliar topic, the Wikipedia page can typically give you a decent 10,000 foot view of the subject, and then you can base your research from there. While I wouldn't use it as a direct reference, you can usually gain enough knowledge from it to at least know what you're looking for when you look at bonafied sources. But then again, it seems like everyone's saying that Wikipedia isn't to be trusted, but that traditional encyclopedias are. From where I'm standing, the only difference between them is the fact that Wikipedia is up front about the "don't trust us". Traditional encyclopedias are typically outdated as soon as they are purchased (for any kind of an active field at least), and typically only show the "opinion" of one or two editors in each subject. Wikipedia at least has the benefit that it's constantly updated and is "peer reviewed" by a significant number of people in the field (at least for the more popular topics). Both have their limitations, but at lest Wikipedia is upfront about theirs...
Well, actually, now that I think about it, you probably could use it in direct situations, depending on what you're researching. If you're doing research into a highly debated subject, Wikipedia usually does a very good job of highlighting the fact from the opinion, and has subsections for each contested part. While this wouldn't be good for a physics research paper, it would likely be very good for a sociology, literary or even a psychology research paper... Subjects that the inherent inaccuracies in a system like Wikipedia would be useful.
Well, that's quite fair... Perhaps then it's time for MS to invest the resources needed to revamp their development process (Changing policy and workflow, perhaps firing some people and hiring others, etc). Either way, I think at least part of my OP is correct, in that they have the resources needed to change things to make it better. Yet they haven't (well, at least that the public has seen)...
Pouring resources into one particular project doesn't work. But pouring resources into a pile of otherwise unrelated projects does. IF it's a problem of overload (where they have 1000 outstanding issues to investigate/fix, and less than 1000 people to work on it, you could gain something by adding resources... The "Mythical Man Month" is about adding resources to one project (where everyone's work depends on everyone else's)...
Don't forget, you're talking about a monolith of a company. They have more than enough resources to pour into security. Yet they don't... I refuse to cut them any slack, when open source projects which are powered by volunteers (I know not all are, but a significant number are) can produce (and do produce) results SIGNIFICANTLY faster than MS typically does... If a bunch of volunteers with VERY limited resources can do it, why can't a company with practically unlimited resources handle it?
I'm all for full disclosure, but at least give people a fighting chance to patch their systems.
I agree 110%. But I also want a patch in a reasonable amount of time (and that time is dependent on the risk). If it's a true 0-Day, I want the fix today. Not 3 months from now. I want it today (I know I won't get it today, but that doesn't mean it shouldn't be an ASAP thing)...
Which allows for large companies that depend on IE to do regression testing on one patch (or patch release cycle), instead of two or more.
I fully understand that. However, we're talking about a 0-Day fix here. And not a academic example, one that was in the real world rapidly causing breaches in major corporations. In that particular case, I'd much rather 2 updates than one. Heck, you could even tell users that another non-security update is coming in a few weeks and let them decide. But don't punish those of us who care about the security of our networks for those that are too lazy to do things multiple times...
A popular open source project I think would also like a little breathing room to test things to make sure they got the fix right and that their code changes didn't break anything else.
I would give a LITTLE breathing room, but taking potentially years to issue major security fixes is completely inexcusable. And if a project made a habit of taking that long to deliver patches, I would bet a significant amount of $$$ that the community would not tolerate that (I have seen projects fail for exactly that reason)...
Developers--who also work inside Microsoft--are people too, and making them sweat doesn't help anyone. Just because the suits are asshats doesn't mean you have to act like one too.
I do understand they are people. I am more attacking the corporate culture and policy that I am the developers. If they really don't have the ability to produce the results, then either they should find a new job, or MS needs to hire more or better developers. If it's that they are just to busy, then that's on management. 99.5% of the blame IMHO falls onto the shoulders of management (all levels). Something needs to change (because the system they are using now isn't working IMHO), and it doesn't look like anything is changing (perception is reality)... So it's someone's fault...
In the past 5 years of managing both production linux boxes and Windows boxes, I can honestly say I've seen more Windows updates break things than Linux updates break things. Typically, it's due to some rogue program that was either misusing an API, or relied on string results returned from a particular API call (rather than using the proper API, or a constant)... Who do I blame for that? I don't blame MS. I blame the offending software vendor. It's typical practice (that I follow) to wait on all non-critical security patches for potentially a few months to see if there were any issues reported from it. After that point, a quick test in staging, and it's rolled out. Personally, I'd rather they break things from time to time than have my network compromised because they decided to take their sweet ass time creating a fix for it... Something breaks == me either rolling back the change, or spending a day or two trying to fix it. A compromise == a lot more of a headache (First there's detecting the intrusion, rolling backups, investigation, mitigation, etc etc etc)... So I'd MUCH rather them get me a SECURITY fix sooner than later...
So how many months do you need to review once you are told about it?
Simple. How many months will you give them before you go public?
At the possibility of being flamebait here, how the heck does MS keep publishing products full of security holes? I know Linux and Mac have had their share of holes, but it seems as if every week there's a new announcement about some MS product that has either a 0 day flaw, or another MAJOR flaw? And even worse is their failure to deal with them in a reasonable amount of time! I mean 6 months to COMMENT on an advisory? That's ridiculous... Sure, they may have a lot of notices to work through, but if that's the case, hire more developers to deal with the security issues! They are out spreading the message that you can depend on MS products, and then leave gaping holes open for months... Not to long ago (within the month), they delayed a patch --well, wanted to anyway before they were called out on it-- for a 0-day in IE by 3 weeks, so that they could put it in a "planned update to IE"... If this was a popular open source project trying to pull this stuff, how quickly would a fork surface? Then again, it's all about placating the sheeple, right?
Ummm, actually microUSB has emerged as the "standard"... IIRC, it's actually law in the EU now (I could be wrong here, but I thought I remembered reading about that).
And to be fair, the Bot-Nets could be using this as an exercise as well... They Hydra can only ever be killed if there exists a root node. If there is no head, killing one will have no effect on the whole (As multiple more would spring up in its place)...
Actually, I think that religion and philosophy are all but equivalent. The only significant difference, is religion --an organized religion at least-- requires membership, where as anyone can believe in a philosophy... Studies have shown that although many people claim to belong to a specific organized religion, they don't believe --or at least act according to-- in everything the religion says. Catholicism dictates that adults should fast for all but the evening meal and not eat meat on Fridays during Lent. Yet how many "Catholics" do (Not most of the ones I know)? Judaism dictates that no adult should do any work on the Sabbath (and some interpret that as even doing anything that requires any one else to work, so driving a car is out of the question, using electricity is out of the question, etc), yet how many follow that? The Muslim religion dictates that people preform the Salah prayer 5 times per day, yet how many do that? The simple fact that most people take religion, and use it in their own way dictates that you cannot put a fine cap on what a religion is. Sure, most religions do require some form of behavior (be it prayer, not using electricity, attending an organized ceremony once per week, etc), but can you say someone doesn't believe/follow that religion based solely on their not doing that behavior? Extremest in each religion would say that they are not members. But for the rest of us (judging from the outside), it's a lot harder of a call to make. It's for those reasons that I feel a religion is loosely defined by its principals, not its behaviors. Sure, there are different "sects" within each religion that each adhere to a different interpretation, but if you say that those sects are all part of the grand religion (if you say that both Hasidic Jews and Orthodox Jews are members of the Jewish religion), then you must say that ALL interpretations of a specific religion must be a valid religion (Otherwise what would be the distinguishing factor between the religion and the non-religion, and how would it be non-arbitrary?)... And if you say that, why would someone who just believes only in the concepts of Christianity (and not its practices or teachings) be religions, where I would not (Since I don't base my beliefs consciously on any organized religion)? The source of the belief is different in the two cases, but every other quality and measurable aspect would be similar?
Actually, it's the same reason alternatives to gasoline weren't heavily researched (at least publicly) until after gas hit $3 per gallon. Below a certain cost, these processes just aren't profitable. It only makes sense to build if you honestly think the cost of the products in question will go up in the future (or stay the same) and maintain a profit margin long enough to justify the investment. What the companies are afraid of, is that they'll dump the $500M into the plants/mines, and then get into a price war with China (and lose all hope of being profitable). But if China ever puts an embargo on us, or a huge tax is put on these minerals (Either via a Tariff or other measure), then it may become economically feasible (and companies will jump in on it)...
Show the results from more than one test, and I'll be happy. As the browser showdown that was posted last week, one test doesn't prove anything. And considering the numerous open source tests that are available, why not show us all of them?
All that skepticism aside tho, if this is the truth (that IE9 will be standards based --and push the performance envelope--) then MS may be on the road to redeeming themselves... But the question remains, how tight will it be to the OS? Would a simple security flaw give a bit of JS access to the kernel? Or are they going to significantly sandbox the JS, and try to do everything right (as opposed to just the rendering)... Only time will tell if IE will become a browser friendly to geeks and developers (although something tells me it won't)...
That's the key point here. Just because something is believed by many doesn't make it absolutely correct (well, in terms of everyone else anyway)... I mean which sounds more absurd, that there's an omnipresent being in the sky that knows all and watches over everyone (not to mention that the being "punishes" wrong doers), or that all life is connected by a inherent quality that connects every living being? You say "Who defines what a religion is"... I say "Who defines what a religion isn't"...
Religion started as a way to explain the unexplainable (Nature, Life, Death, etc), and in doing so implemented a moral backbone. Every major organized religion (I'm assuming major, I've yet to find any one that doesn't) attempts to qualify both aspects. They explain the hereto unexplainable, and they do provide a basis for moral life (typically through consequences in the afterlife, if one exits in said religion)... So what defines a religion then? Does it need to be organized (and a 503c organization) to be considered a religion? Or does it just need to be a set of beliefs that a person follows? I personally don't believe in any organized religion. But I do have my own beliefs about it. Does that mean I shouldn't be exempted from a law that violates my belief (For example, I believe that helmet laws are immoral. If someone wants to take the risk, let them) because it's not organized? Once we as a world can get our heads around that concept (that a religion is a set of ideas, and not something you are a "member" of), the world will be a lot better of a place...
Well, I guess I should have clarified a bit more. When I said read, I mean read normal text (a book, a screen, etc), not just a few giant letters put in the field of view (Which given the resolution --400px-- is a fair assumption about how they define read)...
Well, there's a difference between the Gvnt wire tapping my home, and them using that data in court. If they illegally wire tap me, and get information, it's not admissible in court without a warrant. And they cannot use that to give a Judge proper cause for a warrant (considering it was illegally obtained). So basically, it's useless to them in a court of law (For if it was used either as evidence, or as cause for a warrant, an appeals court should reject the offending item). What it is useful for --to them-- is identifying whom they will need/want to follow more closely (which is why they do it)...
One thing of note. Their privacy policy has the following quote:
If you ask MySpace to stop using your PII, MySpace will honor that request while retaining any record of your PII that is necessary to comply with applicable federal, state or local law.
So the question remains, how do I ask them that? I've already sent them an email stating that affect, so is that all I need to do?
Yet another example of the adaptability of the human brain. I wonder what the resolution of such a system would be? What's the possibility of being able to read with it?
And a minor pedantic point. It's not a sensor on his tongue. A sensor is an input device. This is an output device (relative to the computer "device")...
A commonly discussed scenario where implied licenses are destined to play a major role is on the World Wide Web. When a Web page is viewed in a Web browser, the page is downloaded through the Internet and placed on the user's screen. It is clear that a copy of the Web page is being made by the user. It is also clear that the Web page is protected against unauthorized copying by copyright law. But it would not make sense to allow the author of a Web page to sue a user who viewed her page, since the author intended that the page be viewed by others when she placed it on the World Wide Web. Rather, attorneys argue, courts should find that the Web page author has given end users an implied license to download and view the Web page. The extent of this implied license is unclear, and may someday be defined by the courts.
http://www.netatty.com/copyright.html
That last one talks specifically about HTML copyright, but considering that a fair number of email clients are HTML based, I don't see it as being too far off the mark...
I'm not saying that it would be an easy case to win, but I am saying that there are "legal defenses" against someone just copying an email and posting it on Facebook. Sure, there are Fair Use methods of doing it, but not all cases would be able to claim fair use (especially if a "reasonable person" would assume that a message was intended to be confidential based on its content... Eg: "I'm only telling you this because I trust you: **Insert Some Secret Here**")...
Well, unless I misunderstood their TOS, when you signed up, you granted MySPACE the right to do what it pleases with your data. By deleting your account, aren't you thereby revoking that right from MySPACE? So if you delete it today, and they sell it tomorrow, aren't they violating your rights (and hence are liable for the sale)... Or do I not understand this correctly?
When I make a phone call, I don't expect privacy either. But I do expect my 4th amendment rights to be in force. So just because someone can tap in and listen, doesn't mean that the government can do so to gather evidence... And that's the subtle difference here. Just because "someone" can read what I sent, doesn't give the government the right to spy in on it.
I'll give you another example. You're in your back-yard at your house talking with a friend. Sure, neighbors can likely hear your conversation, so you don't have an unusual expectation of privacy. But, if a FBI agent is sitting in a tree 100 yards away with a sound amplifier pointed at you (and hence recording/listening in to your conversation), that would be an invasion of your 4th amendment rights. And privacy is relative (you even allude to it in your quote). The fact that "objectively reasonable" is used to qualify privacy shows that it's relative. In your back yard, you wouldn't expect someone to explicitly listen in to your conversation (unless you were yelling). Conversely, if you were on a crowded train, you wouldn't expect any type of privacy from verbal communication (But you would expect a reasonable level of privacy if you were typing on your computer on said train). That's the difference. Not if there is any form of privacy, but if there is a reasonable expectation given the circumstances...
Slashdot Mirror
That's why these lawsuits aren't directly attacking Linux (yet). Apple went after HTC, even though most of the meat of their suit involves Android. They are doing this in the hope that going to court and winning will set the legal precedent they need to increase the chances of victory against the far more powerful forces at play. MS will likely do the same thing. I HIGHLY doubt they would go directly after Linux (the kernel), Red Hat, Ubuntu, or Android right off the bat. What's more likely to happen, is they will start going after the small players, and get to the point where they have done enough damage to take on the big ones...
All this does is show how broken the US patent system really is, and how entire markets could be taken out in a mass suicide strike unless something is done about it.
There's more to light than just color temperature... There's also emitted frequencies. So while an incandescent typically emits light evenly across the visible range, a typical CFL emits light in a more grained spectrum (http://en.wikipedia.org/wiki/Compact_fluorescent_lamp#Spectrum_of_light). So to emit the same "color temperature" and luminosity (brightness of overall effect), a CFL will need to emit more light in certain frequency ranges to compensate for the missing frequencies. And since the human eye doesn't perceive all frequencies equally (We're typically MUCH more sensitive to green than red or blue) it can lead to the light not "feeling" right. The net combination of the colors looks the same, but they are processed differently in the eye which leads to a real, measurable difference. A CFL can never be identical to an incandescent. It's a matter of the physics behind it. Sure, they can "approximate" the light output, but the difference will always be there (and hence why some colors are less discernible under a CFL than under an incandescent)... In situations where color is very important (Artists, designers, etc) an incandescent bulb will be far better than a CFL. In situations (like every day life) where it isn't important to get colors exactly right, then it doesn't matter. But the point is that there is a difference...
While I don't get headaches directly from CFLs, if I do have one, I typically find that some CFLs will make it worse (When I get a headache, I'm typically very sensitive to light. The fact that some bulbs make it worse than others leads me to believe there may be something about sensitivity to certain light frequencies) The difference, is that it's only SOME CFLs that cause it... The light output varies from model to model, and while I wouldn't avoid CFLs because of it, I may avoid certain models... EM sensitivity I think is largely psychological, but I do think that light sensitivity is a very real effect (But definitely does have some psychological effect)...
As for the mercury argument, it only plays if you break a bulb. Sure, coal may put out more, but what's the average effect on each person with coal? I'd bet it's less than if you broke a bulb (and were directly exposed to the mercury). However with that said is the amount that's contained in a CFL dangerous? Is it beyond the LEL? The amount of mercury in a typical CFL is around 4mg (http://www.energystar.gov/index.cfm?c=cfls.pr_cfls_mercury)... Based on the MSDS http://www.jtbaker.com/msds/englishhtml/M1599.htm, that amount is WELL above the airborne exposure limits (40 times the OSHA upper limit). So the dangers of mercury are real, but the flip side of that argument is how many bulbs are broken? If you have a habit of breaking them, then perhaps it's a real concern. If you've never broken a bulb in your life, perhaps it doesn't concern you (Since exposure one time isn't nearly as bad as a repeated exposure)... But to say that it isn't dangerous is extremely short sighted and blatently ignoring the facts. Sure it's not a mitigate-able danger (just don't break the bulb), but it still exists...
Ummm... No comment...
Well, that seems to be the way things are going, isn't it. Everyone fears that company A is getting to much data about you. So experts predict people will flock away from A. Company B comes along, makes no additional claims, but everyone flocks to it because it "must be better than A"... Then everyone starts to fear B. Soon, company C comes along. And either one of two things happen. Either the cycle continues to go forever, or everyone just sticks with one of them because it's good enough that they don't really want much more and for some reason they don't care about privacy. I see it happening now with Google. A lot of people are up in arms over privacy concerns with Google... But are masses of people flocking from it? Not that anyone has seen (so not a significant portion, anyway). People are flocking away from MySPACE, because there does exist a better competitor that just so happens to have better privacy (for now). So privacy doesn't appear to be the main motive for most people. Usability and utility appear to be the main drive, and privacy only comes into account for the vast majority of people if they need to pick between two companies that do the exact same thing. And even then, what their friends chose to use typically plays a bigger part than privacy... Then again, I could be wrong, it's JMHO...
One thing that bothers me is how Hitwise gets its data...
http://www.stateofthemedia.org/2010/online_sidebars_backgrounders
So what does that mean? Are they analyzing DNS queries? Are they analyzing raw IP addresses? Are they analyzing raw HTTP headers? And I'd like to know more about what ISPs are signed up for this. Is it a statistical significant portion of them, or is it only a few here and there... Do those providers use high speed, mid speed or dialup connections? These are the kinds of questions that need answering to know if the conclusions that they draw are indeed valid, or if this isn't just a marketing stunt for the company...
I agree 100%. And as for the "it's not accurate enough for research", I find that it's rarely REALLY wrong. And so long as you go through the sources and don't use it exclusively, it can be a great help. Especially when researching an unfamiliar topic, the Wikipedia page can typically give you a decent 10,000 foot view of the subject, and then you can base your research from there. While I wouldn't use it as a direct reference, you can usually gain enough knowledge from it to at least know what you're looking for when you look at bonafied sources. But then again, it seems like everyone's saying that Wikipedia isn't to be trusted, but that traditional encyclopedias are. From where I'm standing, the only difference between them is the fact that Wikipedia is up front about the "don't trust us". Traditional encyclopedias are typically outdated as soon as they are purchased (for any kind of an active field at least), and typically only show the "opinion" of one or two editors in each subject. Wikipedia at least has the benefit that it's constantly updated and is "peer reviewed" by a significant number of people in the field (at least for the more popular topics). Both have their limitations, but at lest Wikipedia is upfront about theirs...
Well, actually, now that I think about it, you probably could use it in direct situations, depending on what you're researching. If you're doing research into a highly debated subject, Wikipedia usually does a very good job of highlighting the fact from the opinion, and has subsections for each contested part. While this wouldn't be good for a physics research paper, it would likely be very good for a sociology, literary or even a psychology research paper... Subjects that the inherent inaccuracies in a system like Wikipedia would be useful.
Well, that's quite fair... Perhaps then it's time for MS to invest the resources needed to revamp their development process (Changing policy and workflow, perhaps firing some people and hiring others, etc). Either way, I think at least part of my OP is correct, in that they have the resources needed to change things to make it better. Yet they haven't (well, at least that the public has seen)...
Pouring resources into one particular project doesn't work. But pouring resources into a pile of otherwise unrelated projects does. IF it's a problem of overload (where they have 1000 outstanding issues to investigate/fix, and less than 1000 people to work on it, you could gain something by adding resources... The "Mythical Man Month" is about adding resources to one project (where everyone's work depends on everyone else's)...
Don't forget, you're talking about a monolith of a company. They have more than enough resources to pour into security. Yet they don't... I refuse to cut them any slack, when open source projects which are powered by volunteers (I know not all are, but a significant number are) can produce (and do produce) results SIGNIFICANTLY faster than MS typically does... If a bunch of volunteers with VERY limited resources can do it, why can't a company with practically unlimited resources handle it?
I agree 110%. But I also want a patch in a reasonable amount of time (and that time is dependent on the risk). If it's a true 0-Day, I want the fix today. Not 3 months from now. I want it today (I know I won't get it today, but that doesn't mean it shouldn't be an ASAP thing)...
I fully understand that. However, we're talking about a 0-Day fix here. And not a academic example, one that was in the real world rapidly causing breaches in major corporations. In that particular case, I'd much rather 2 updates than one. Heck, you could even tell users that another non-security update is coming in a few weeks and let them decide. But don't punish those of us who care about the security of our networks for those that are too lazy to do things multiple times...
I would give a LITTLE breathing room, but taking potentially years to issue major security fixes is completely inexcusable. And if a project made a habit of taking that long to deliver patches, I would bet a significant amount of $$$ that the community would not tolerate that (I have seen projects fail for exactly that reason)...
I do understand they are people. I am more attacking the corporate culture and policy that I am the developers. If they really don't have the ability to produce the results, then either they should find a new job, or MS needs to hire more or better developers. If it's that they are just to busy, then that's on management. 99.5% of the blame IMHO falls onto the shoulders of management (all levels). Something needs to change (because the system they are using now isn't working IMHO), and it doesn't look like anything is changing (perception is reality)... So it's someone's fault...
In the past 5 years of managing both production linux boxes and Windows boxes, I can honestly say I've seen more Windows updates break things than Linux updates break things. Typically, it's due to some rogue program that was either misusing an API, or relied on string results returned from a particular API call (rather than using the proper API, or a constant)... Who do I blame for that? I don't blame MS. I blame the offending software vendor. It's typical practice (that I follow) to wait on all non-critical security patches for potentially a few months to see if there were any issues reported from it. After that point, a quick test in staging, and it's rolled out. Personally, I'd rather they break things from time to time than have my network compromised because they decided to take their sweet ass time creating a fix for it... Something breaks == me either rolling back the change, or spending a day or two trying to fix it. A compromise == a lot more of a headache (First there's detecting the intrusion, rolling backups, investigation, mitigation, etc etc etc)... So I'd MUCH rather them get me a SECURITY fix sooner than later...
Simple. How many months will you give them before you go public?
At the possibility of being flamebait here, how the heck does MS keep publishing products full of security holes? I know Linux and Mac have had their share of holes, but it seems as if every week there's a new announcement about some MS product that has either a 0 day flaw, or another MAJOR flaw? And even worse is their failure to deal with them in a reasonable amount of time! I mean 6 months to COMMENT on an advisory? That's ridiculous... Sure, they may have a lot of notices to work through, but if that's the case, hire more developers to deal with the security issues! They are out spreading the message that you can depend on MS products, and then leave gaping holes open for months... Not to long ago (within the month), they delayed a patch --well, wanted to anyway before they were called out on it-- for a 0-day in IE by 3 weeks, so that they could put it in a "planned update to IE"... If this was a popular open source project trying to pull this stuff, how quickly would a fork surface? Then again, it's all about placating the sheeple, right?
Ummm, actually microUSB has emerged as the "standard"... IIRC, it's actually law in the EU now (I could be wrong here, but I thought I remembered reading about that).
And to be fair, the Bot-Nets could be using this as an exercise as well... They Hydra can only ever be killed if there exists a root node. If there is no head, killing one will have no effect on the whole (As multiple more would spring up in its place)...
Actually, I think that religion and philosophy are all but equivalent. The only significant difference, is religion --an organized religion at least-- requires membership, where as anyone can believe in a philosophy... Studies have shown that although many people claim to belong to a specific organized religion, they don't believe --or at least act according to-- in everything the religion says. Catholicism dictates that adults should fast for all but the evening meal and not eat meat on Fridays during Lent. Yet how many "Catholics" do (Not most of the ones I know)? Judaism dictates that no adult should do any work on the Sabbath (and some interpret that as even doing anything that requires any one else to work, so driving a car is out of the question, using electricity is out of the question, etc), yet how many follow that? The Muslim religion dictates that people preform the Salah prayer 5 times per day, yet how many do that? The simple fact that most people take religion, and use it in their own way dictates that you cannot put a fine cap on what a religion is. Sure, most religions do require some form of behavior (be it prayer, not using electricity, attending an organized ceremony once per week, etc), but can you say someone doesn't believe/follow that religion based solely on their not doing that behavior? Extremest in each religion would say that they are not members. But for the rest of us (judging from the outside), it's a lot harder of a call to make. It's for those reasons that I feel a religion is loosely defined by its principals, not its behaviors. Sure, there are different "sects" within each religion that each adhere to a different interpretation, but if you say that those sects are all part of the grand religion (if you say that both Hasidic Jews and Orthodox Jews are members of the Jewish religion), then you must say that ALL interpretations of a specific religion must be a valid religion (Otherwise what would be the distinguishing factor between the religion and the non-religion, and how would it be non-arbitrary?)... And if you say that, why would someone who just believes only in the concepts of Christianity (and not its practices or teachings) be religions, where I would not (Since I don't base my beliefs consciously on any organized religion)? The source of the belief is different in the two cases, but every other quality and measurable aspect would be similar?
Actually, it's the same reason alternatives to gasoline weren't heavily researched (at least publicly) until after gas hit $3 per gallon. Below a certain cost, these processes just aren't profitable. It only makes sense to build if you honestly think the cost of the products in question will go up in the future (or stay the same) and maintain a profit margin long enough to justify the investment. What the companies are afraid of, is that they'll dump the $500M into the plants/mines, and then get into a price war with China (and lose all hope of being profitable). But if China ever puts an embargo on us, or a huge tax is put on these minerals (Either via a Tariff or other measure), then it may become economically feasible (and companies will jump in on it)...
Show the results from more than one test, and I'll be happy. As the browser showdown that was posted last week, one test doesn't prove anything. And considering the numerous open source tests that are available, why not show us all of them?
All that skepticism aside tho, if this is the truth (that IE9 will be standards based --and push the performance envelope--) then MS may be on the road to redeeming themselves... But the question remains, how tight will it be to the OS? Would a simple security flaw give a bit of JS access to the kernel? Or are they going to significantly sandbox the JS, and try to do everything right (as opposed to just the rendering)... Only time will tell if IE will become a browser friendly to geeks and developers (although something tells me it won't)...
That's the key point here. Just because something is believed by many doesn't make it absolutely correct (well, in terms of everyone else anyway)... I mean which sounds more absurd, that there's an omnipresent being in the sky that knows all and watches over everyone (not to mention that the being "punishes" wrong doers), or that all life is connected by a inherent quality that connects every living being? You say "Who defines what a religion is"... I say "Who defines what a religion isn't"...
Religion started as a way to explain the unexplainable (Nature, Life, Death, etc), and in doing so implemented a moral backbone. Every major organized religion (I'm assuming major, I've yet to find any one that doesn't) attempts to qualify both aspects. They explain the hereto unexplainable, and they do provide a basis for moral life (typically through consequences in the afterlife, if one exits in said religion)... So what defines a religion then? Does it need to be organized (and a 503c organization) to be considered a religion? Or does it just need to be a set of beliefs that a person follows? I personally don't believe in any organized religion. But I do have my own beliefs about it. Does that mean I shouldn't be exempted from a law that violates my belief (For example, I believe that helmet laws are immoral. If someone wants to take the risk, let them) because it's not organized? Once we as a world can get our heads around that concept (that a religion is a set of ideas, and not something you are a "member" of), the world will be a lot better of a place...
IMHO at least...
Well, I guess I should have clarified a bit more. When I said read, I mean read normal text (a book, a screen, etc), not just a few giant letters put in the field of view (Which given the resolution --400px-- is a fair assumption about how they define read)...
Well, there's a difference between the Gvnt wire tapping my home, and them using that data in court. If they illegally wire tap me, and get information, it's not admissible in court without a warrant. And they cannot use that to give a Judge proper cause for a warrant (considering it was illegally obtained). So basically, it's useless to them in a court of law (For if it was used either as evidence, or as cause for a warrant, an appeals court should reject the offending item). What it is useful for --to them-- is identifying whom they will need/want to follow more closely (which is why they do it)...
So the question remains, how do I ask them that? I've already sent them an email stating that affect, so is that all I need to do?
Yet another example of the adaptability of the human brain. I wonder what the resolution of such a system would be? What's the possibility of being able to read with it?
And a minor pedantic point. It's not a sensor on his tongue. A sensor is an input device. This is an output device (relative to the computer "device")...
http://www.netatty.com/copyright.html That last one talks specifically about HTML copyright, but considering that a fair number of email clients are HTML based, I don't see it as being too far off the mark...
I'm not saying that it would be an easy case to win, but I am saying that there are "legal defenses" against someone just copying an email and posting it on Facebook. Sure, there are Fair Use methods of doing it, but not all cases would be able to claim fair use (especially if a "reasonable person" would assume that a message was intended to be confidential based on its content... Eg: "I'm only telling you this because I trust you: **Insert Some Secret Here**")...
Well, unless I misunderstood their TOS, when you signed up, you granted MySPACE the right to do what it pleases with your data. By deleting your account, aren't you thereby revoking that right from MySPACE? So if you delete it today, and they sell it tomorrow, aren't they violating your rights (and hence are liable for the sale)... Or do I not understand this correctly?
When I make a phone call, I don't expect privacy either. But I do expect my 4th amendment rights to be in force. So just because someone can tap in and listen, doesn't mean that the government can do so to gather evidence... And that's the subtle difference here. Just because "someone" can read what I sent, doesn't give the government the right to spy in on it.
I'll give you another example. You're in your back-yard at your house talking with a friend. Sure, neighbors can likely hear your conversation, so you don't have an unusual expectation of privacy. But, if a FBI agent is sitting in a tree 100 yards away with a sound amplifier pointed at you (and hence recording/listening in to your conversation), that would be an invasion of your 4th amendment rights. And privacy is relative (you even allude to it in your quote). The fact that "objectively reasonable" is used to qualify privacy shows that it's relative. In your back yard, you wouldn't expect someone to explicitly listen in to your conversation (unless you were yelling). Conversely, if you were on a crowded train, you wouldn't expect any type of privacy from verbal communication (But you would expect a reasonable level of privacy if you were typing on your computer on said train). That's the difference. Not if there is any form of privacy, but if there is a reasonable expectation given the circumstances...
JMHO...