Firing employees for publicly identifying security holes is a lot cheaper than actually fixing the holes (or grand canyon, in this case). After all, security holes aren't a problem if no one knows they're there.
Wasn't the deadline for appeals two months after the original decision? Which I believe was end of March. I'm thrilled to see that someone finally stood up before the deadline. I have hope once again (despite the fact we all know MS will come up with a way to quash it).
So it's too expensive to buy the readers to do triangulation. But you could buy the cheap readers and put them on doorways to trace things as they pass by. Then you can track what room an object was last seen in. That is probably sufficient for your purposes.
On my ten-year-old laptop, I installed a text-to-speech program (festival) and wrote some bash & python scripts to time kickboxing warmups and workouts. It's like having Stephen Hawking there with a stopwatch telling me exactly what to do and when (I even wrote some randomization scripts so that it's different every time). For someone who has poor self-motivation, having the computer tell me what do with precise timing makes it difficult to get away with cheating.
And how often do people have accidents because they were talking to a passenger? Sure they see spikes in neural activity, and they would expect higher incident of accidents, but it's really not that significant in reality. Therefore, I think they should investigate why they think the brain is overwhelmed when it's really not (or performance anxiety inside of a simulator).
Regardless of whether this was a shady decision/vote or not, this reminds us why the "do no evil" mantra went out the window when Google went public. No matter how much the employees and management agree to "do no evil" it's really up to the shareholders/investors who don't give a shit what Google does as long as it makes them money.
There is an advantage using hardware-based encryption. That is, the key never resides in memory. Although this has been stated before, it has been understated. There's a million ways to get the key out of the RAM if it persists there (as it has to, for you to run software-based encryption [did you know your firewire ports allow OS-independent memory dumps?]) If this is implemented properly on hardware, there should be no way to get the key off the drive without a passphrase that decrypts the AES key.
In nearly all cases, the weakest point of the encryption will be passphrase, if one is used (instead of a keyfile). No matter how you look at it, if a passphrase is used, it is near-infinitely easier to guess that passphrase than it is to break the AES directly. This is why I use a 24-character passphrase generated by/dev/random for my harddrive encryption:)
The security is definitely improved (if implemented properly), but may be irrelevant: someone who has the ability to break the software-based solution, probably has the ability to break this one too (keyboard loggers, most likely).
Let's end the whole those-ISO-guys-are-idiots. Every person who is impartial and technical has completely denounced the OOXML-trainwreck as a standard, and unfortunately, these are not the people who are in control to release documents like this. Clearly MS has more of a foot-in-the-door than we'd like (after all, OOXML passed), and it's these same threads they're pulling to get news releases like the BS "ISO OOXML FAQ", and "ISO Calls for Ceasefire of Personal Attacks."
MS has ISO exactly where they want it. They have the right people in their pocket, and the people who aren't in their pocket get fed up and leave, thus making the overall MS-influenced-members-to-impartial-members ratio just that much higher. But the point is, the people releasing the documents like this FAQ are not idiots. They know exactly what's going on (there's no way they couldn't know) and everything is carefully planned out. (yes, I'm a conspiracy theorist, but it's tough not to be in this case)
The real question is how to bring ethics and order back to an organization which is flooded with bad members. A lot of rules or exceptions that could be used to help the impartial minority take back over, will also help the bad guys trigger false alarms and disrupt the process when they are in the minority. Honestly, I haven't come up with a solution to this conflict, yet. At least not without a higher-level government intervention which forces a reorganization, or a law is passed somewhere to ban members who have a conflict-of-interest.
It's the little guys that care about the desktop, and they're the ones who improve it for free. Obviously it would be nice to see big names like IBM supporting linux desktop development, but their business is in "big iron," and there's plenty of nerds sitting in their basement saying "I wish this or that was better.... wait, I can do it myself!"
...they'd quickly rethink their situation when they realize they have the destiny of the world in their hands. Yes, even the chief monkey in the White House. This would be a valid statement if Mr Chief Monkey didn't think the rapture was coming...
"...is that C++ is a rather complex and brittle language.:-)..bruce.."
That's not so much a problem as it is the nature of computers. Computers and the logic that runs them is complex and brittle, thus why it is important that developers understand a lower-level language like C++. If you don't understand the underlying system for which you are developing, you won't be efficient or effective at doing what you're attempting to do.
But the minute you have to do that with your ARMPIT, you are sunk. I took a written (the process of leaving graphite trails on paper) test for ASP.NET once... Unless you know what your are doing, you are screwed. Use whatever tools you want, whatever LAMP/.NET. But make sure you learn what you are doing, and not just doing.
Agreed. I'm actually much more efficient programming using my skills in VIM instead of Visual Studio autocomplete/magic. And I understand what I'm doing better. Maybe once a month I open VS to do a complex debugging task, but in general I could live without it.
Students SHOULD know that there are alternatives, and that a good IDE doesn't make a good programmer, but what can we do?
Personally, MS is smart for doing this... it's not evil, it's good business. Perhaps HD-DVD could've taken a page from this book to win the format war -- sell everything for remarkably low until they win the war. They take a loss to begin, but win the format war and make it all up the next year (of course some big-wig wasn't willing to take an initial loss, and now he has to take a permanent loss).
I've been doing this for quite a while. Put Ubuntu 6.06 and a 300GB HDD into a PII, 400 MHz desktop that's about 8 years old. It works beautifully!
I use sshfs to mount the server's harddrives on my local computer with full access to samba directories. Then I configured samba to provide a "publicShare" directory, readable and writeable by any computer. Another directory called "fileServe" which is read-only from any computer. I even set up apache on a separate folder and port-forwarding so it doubles as webserver as well.
Anytime I find anything interesting at all--videos, documents, images, software--I post them to my fileServe directory for everyone else to use. And they typically backup all their stuff and share things with each other on the publicShare since it's publicly-writable.
I've been running this setup flawlessly for 1.5 years. It's a lot better than paying $15-$30 to have the hardware recycled.
I agree, this is overboard. But it is feasible. The time syncronization is not a huge issue: the same program which executes this type of secure protocol can easily keep track of the time syncronization issues since it will have access to both clocks when logged in.
For instance, if the interval is changed every minute, and the connection is used at least once a month, the syncronization state can be tracked pretty reliably. Even if the connection is only opened once per year, it could easily allow 2-4 failed attempts to allow for mis-syncronizations.
"With Android on the horizon, the possibility for video technology to be broadcast on this spectrum, and a "do no evil" corporation behind its implementation we as consumers could see a major change in how we use and most importantly PAY for cell phones."
I love Google, but I think the "do no evil" thing went out the door when they went public and got shareholders whom expect returns. So far they're not evil, and I love them for it. But as they amass assets like this spectrum, they might start changing.
The email thing happens occasionally at my office. Sometimes, there are certain numbers that are classified in a particular context, but the other information is not. For instance, someone who is working on new type of laser may be able to talk about the laser (the knowledge of the technology is unclassified), as long as they don't disclose certain properties of it (for instance, its specific power and waveband may be classified).
I frequently see situations where a particular classified value could be derived from 3 other values. Typically, only one or two of those three values will be classified. If you work a lot with those numbers, it can be easy to forget which one is the classified value and drop it in an email to a coworker to clarify information That would be a security violation.
Another example is resolution of data. In the past, I have seen that certain data is classified only if specified to a certain number of significant digits (usually >1). Or, certain dates may be classified, but the month of the event is unclassified. Or specifying any more accurately than the Quarter may be classified.
Not to mention you can be told a classified number and the person forgets to tell you its classified. This happened recently. The guy who heard it dropped the number in an email and got a security violation. You can see how uncertainty of classifications can sneak into people's heads.
Slashdot Mirror
I'd love to believe this will make a difference, but I suspect the same bribing/stacking/manipulation MS used before will succeed again.
Firing employees for publicly identifying security holes is a lot cheaper than actually fixing the holes (or grand canyon, in this case). After all, security holes aren't a problem if no one knows they're there.
Unless of course, they get slashdotted...
Wasn't the deadline for appeals two months after the original decision? Which I believe was end of March. I'm thrilled to see that someone finally stood up before the deadline. I have hope once again (despite the fact we all know MS will come up with a way to quash it).
So it's too expensive to buy the readers to do triangulation. But you could buy the cheap readers and put them on doorways to trace things as they pass by. Then you can track what room an object was last seen in. That is probably sufficient for your purposes.
On my ten-year-old laptop, I installed a text-to-speech program (festival) and wrote some bash & python scripts to time kickboxing warmups and workouts. It's like having Stephen Hawking there with a stopwatch telling me exactly what to do and when (I even wrote some randomization scripts so that it's different every time). For someone who has poor self-motivation, having the computer tell me what do with precise timing makes it difficult to get away with cheating.
And how often do people have accidents because they were talking to a passenger? Sure they see spikes in neural activity, and they would expect higher incident of accidents, but it's really not that significant in reality. Therefore, I think they should investigate why they think the brain is overwhelmed when it's really not (or performance anxiety inside of a simulator).
Regardless of whether this was a shady decision/vote or not, this reminds us why the "do no evil" mantra went out the window when Google went public. No matter how much the employees and management agree to "do no evil" it's really up to the shareholders/investors who don't give a shit what Google does as long as it makes them money.
Is anyone else bothered by the fact the summary might as well say "skynet" instead of "botnet" and it would make just as much sense.
I think the future has arrived.
There is an advantage using hardware-based encryption. That is, the key never resides in memory. Although this has been stated before, it has been understated. There's a million ways to get the key out of the RAM if it persists there (as it has to, for you to run software-based encryption [did you know your firewire ports allow OS-independent memory dumps?]) If this is implemented properly on hardware, there should be no way to get the key off the drive without a passphrase that decrypts the AES key.
/dev/random for my harddrive encryption :)
In nearly all cases, the weakest point of the encryption will be passphrase, if one is used (instead of a keyfile). No matter how you look at it, if a passphrase is used, it is near-infinitely easier to guess that passphrase than it is to break the AES directly. This is why I use a 24-character passphrase generated by
The security is definitely improved (if implemented properly), but may be irrelevant: someone who has the ability to break the software-based solution, probably has the ability to break this one too (keyboard loggers, most likely).
Let's end the whole those-ISO-guys-are-idiots. Every person who is impartial and technical has completely denounced the OOXML-trainwreck as a standard, and unfortunately, these are not the people who are in control to release documents like this. Clearly MS has more of a foot-in-the-door than we'd like (after all, OOXML passed), and it's these same threads they're pulling to get news releases like the BS "ISO OOXML FAQ", and "ISO Calls for Ceasefire of Personal Attacks."
MS has ISO exactly where they want it. They have the right people in their pocket, and the people who aren't in their pocket get fed up and leave, thus making the overall MS-influenced-members-to-impartial-members ratio just that much higher. But the point is, the people releasing the documents like this FAQ are not idiots. They know exactly what's going on (there's no way they couldn't know) and everything is carefully planned out. (yes, I'm a conspiracy theorist, but it's tough not to be in this case)
The real question is how to bring ethics and order back to an organization which is flooded with bad members. A lot of rules or exceptions that could be used to help the impartial minority take back over, will also help the bad guys trigger false alarms and disrupt the process when they are in the minority. Honestly, I haven't come up with a solution to this conflict, yet. At least not without a higher-level government intervention which forces a reorganization, or a law is passed somewhere to ban members who have a conflict-of-interest.
It's the little guys that care about the desktop, and they're the ones who improve it for free. Obviously it would be nice to see big names like IBM supporting linux desktop development, but their business is in "big iron," and there's plenty of nerds sitting in their basement saying "I wish this or that was better.... wait, I can do it myself!"
...they'd quickly rethink their situation when they realize they have the destiny of the world in their hands. Yes, even the chief monkey in the White House. This would be a valid statement if Mr Chief Monkey didn't think the rapture was coming..."...is that C++ is a rather complex and brittle language. :-) ..bruce.."
That's not so much a problem as it is the nature of computers. Computers and the logic that runs them is complex and brittle, thus why it is important that developers understand a lower-level language like C++. If you don't understand the underlying system for which you are developing, you won't be efficient or effective at doing what you're attempting to do.
It reminds me of this: http://thedailywtf.com/Articles/It-Had-Too-Many-Functions.aspx
Why does the summary mention the average Cuban wages? Sounds like an extraneous calculation.
I love how I have to read other country's news reports to find out what's going on in my own country...
The ones who don't see sunlight gave up their CRTs long ago. We need another breakthrough to harness the LCD light.
Agreed. I'm actually much more efficient programming using my skills in VIM instead of Visual Studio autocomplete/magic. And I understand what I'm doing better. Maybe once a month I open VS to do a complex debugging task, but in general I could live without it. Students SHOULD know that there are alternatives, and that a good IDE doesn't make a good programmer, but what can we do?
Personally, MS is smart for doing this... it's not evil, it's good business. Perhaps HD-DVD could've taken a page from this book to win the format war -- sell everything for remarkably low until they win the war. They take a loss to begin, but win the format war and make it all up the next year (of course some big-wig wasn't willing to take an initial loss, and now he has to take a permanent loss).
I've been doing this for quite a while. Put Ubuntu 6.06 and a 300GB HDD into a PII, 400 MHz desktop that's about 8 years old. It works beautifully!
I use sshfs to mount the server's harddrives on my local computer with full access to samba directories. Then I configured samba to provide a "publicShare" directory, readable and writeable by any computer. Another directory called "fileServe" which is read-only from any computer. I even set up apache on a separate folder and port-forwarding so it doubles as webserver as well.
Anytime I find anything interesting at all--videos, documents, images, software--I post them to my fileServe directory for everyone else to use. And they typically backup all their stuff and share things with each other on the publicShare since it's publicly-writable.
I've been running this setup flawlessly for 1.5 years. It's a lot better than paying $15-$30 to have the hardware recycled.
I don't think the 4th amendment applies to crossing international border crossings.
I agree, this is overboard. But it is feasible. The time syncronization is not a huge issue: the same program which executes this type of secure protocol can easily keep track of the time syncronization issues since it will have access to both clocks when logged in.
For instance, if the interval is changed every minute, and the connection is used at least once a month, the syncronization state can be tracked pretty reliably. Even if the connection is only opened once per year, it could easily allow 2-4 failed attempts to allow for mis-syncronizations.
"With Android on the horizon, the possibility for video technology to be broadcast on this spectrum, and a "do no evil" corporation behind its implementation we as consumers could see a major change in how we use and most importantly PAY for cell phones."
I love Google, but I think the "do no evil" thing went out the door when they went public and got shareholders whom expect returns. So far they're not evil, and I love them for it. But as they amass assets like this spectrum, they might start changing.
If you replace all instances of "GPLv3" in the article summary with "Microsoft Vista" this would be a repeat of an article a a couple months ago.
The email thing happens occasionally at my office. Sometimes, there are certain numbers that are classified in a particular context, but the other information is not. For instance, someone who is working on new type of laser may be able to talk about the laser (the knowledge of the technology is unclassified), as long as they don't disclose certain properties of it (for instance, its specific power and waveband may be classified).
I frequently see situations where a particular classified value could be derived from 3 other values. Typically, only one or two of those three values will be classified. If you work a lot with those numbers, it can be easy to forget which one is the classified value and drop it in an email to a coworker to clarify information That would be a security violation.
Another example is resolution of data. In the past, I have seen that certain data is classified only if specified to a certain number of significant digits (usually >1). Or, certain dates may be classified, but the month of the event is unclassified. Or specifying any more accurately than the Quarter may be classified.
Not to mention you can be told a classified number and the person forgets to tell you its classified. This happened recently. The guy who heard it dropped the number in an email and got a security violation. You can see how uncertainty of classifications can sneak into people's heads.