The Openswan project is directly affected by this this month. We were contacted by an agency and asked to sign a non-disclosure agreement, following which they would tell us of a possible vulnerability in our code. This non-disclosure would prevent us to release details of the vulnerability until such time as the rest of the "group" would be ready for it to be announced.
In the case of an Open Source product, we cannot even do a "stealth" fix; we have to describe what each patch does when we commit it to CVS. That would make the vulnerability public and would be a no-no to this agency.
In essence, the agency could decide which bug we could fix and which ones we could not.
I see this as the equivalent to blackmail: Sign our non-disclosure and we will give you a possible vulnerability; don't sign it and you will look bad when the vulnerability is made public.
I am a CISSP, and quite willing to hold on the patch until others can fix their code if the allowed time is reasonable, but the non-disclosure is broad and has no time limitations... So what the heck should we do ?
Actually no, shorting means that you borrow someone's stock and you sell it right away with the promise that you will eventually buy some stock and give the stock back to whoever lent his to you.
Of course, if the company goes bankrupt, you never have to purchase the stock back...
So, if everyone shorts that means a huge amount of selling, bringing the price down. If enough shorting happens and the stock is low enough, it becomes a self-fufilling prophecy.
Yeah, but you need a gentle soul to be able to d/l it first and then create a BT seed for it. Publishers tend to not know about BitTorrent yet, so they typically don't use it.
That wind problem has intrigued me for the longest time....
It makes no sense to me why they would not have a wind sensor and winch the balloon down as the wind gets stronger. Have a concrete holding area with no top, and winch the balloon into it. It won't get damaged or lost this way. As soon as the wind has died down to a reasonable level, release it back into the air.
If they go to trial, have the defence lawyer ding a bell at random intervals during the whole process of the trial. At some point the judge will want to kill the lawyer, thereby demonstrating that the defendants (the slashdudes) have been rendered insane by the annoyance of receiving massive amounts of unsolicitated "dings".
When the judge finally screams "Will you stop that ?!?", have the lawyer look the judge straight in the eyes and say calmly: "No."
I've had an epiphany 2 months ago. I realized that the financial advise I had been given for the last 5 years, was basically ensuring me that I would retire poor.
I am now learning like crazy.
First thing I learned: Do not confuse your job with how you create your wealth.
Check out my diary to see what I am changing in my life.
A cheap tape drive on Ebay use DDS-2 tapes; that's 4Gigs max. Am I supposed to purchase 100+ tapes if I want a full backup and 7 days of incrementals ?
At $5 per tape, that's another $500+, plus the time it's gonna take to swap these puppies in the drive.
"Just buy another drive and RAID them..." Yeah, right. I got a few RAID horror stories for ya.
"Well, who cares, you aren't running productions-grade stuff at your house..." Well, 320 Gigs of data takes a *long* time to accumulate, even with rips and all. Losing that would take you a good amount of time and bandwidth to accumulate again.
This is the case of one technology pushing itself out of usefullness.
Slashdot Mirror
The Openswan project is directly affected by this this month. We were contacted by an agency and asked to sign a non-disclosure agreement, following which they would tell us of a possible vulnerability in our code. This non-disclosure would prevent us to release details of the vulnerability until such time as the rest of the "group" would be ready for it to be announced.
In the case of an Open Source product, we cannot even do a "stealth" fix; we have to describe what each patch does when we commit it to CVS. That would make the vulnerability public and would be a no-no to this agency.
In essence, the agency could decide which bug we could fix and which ones we could not.
I see this as the equivalent to blackmail: Sign our non-disclosure and we will give you a possible vulnerability; don't sign it and you will look bad when the vulnerability is made public.
I am a CISSP, and quite willing to hold on the patch until others can fix their code if the allowed time is reasonable, but the non-disclosure is broad and has no time limitations... So what the heck should we do ?
Have a quick look at http://owl.sourceforge.net/ , it might be just what the doctor ordered.
Structured QC/QA team. That's what makes or breaks a FOSS project.
Great, you just slashdotted a hamster...
And I run nvidia too; no need to remerge nvidia-kernel. I did remerge nvidia-glx, just in case, but you should not have to.
So, if everyone shorts that means a huge amount of selling, bringing the price down. If enough shorting happens and the stock is low enough, it becomes a self-fufilling prophecy.
Time to short SCOX. We are pretty sure this is near the end, so let's drive the price of the stock to the bottom. Call your brokers :-)
Great..... there goes my uptime.....
If I have to reboot more than once per year, I'm switching to Windows.
v) If all else fails, vote with your feet. Canada is close by.
As a Canuck speaking: "EX-cellent..."
Special kudos to the first that makes a bittorrent available of the 117documentarypremium2.mov file.
Wouldn't that be "IP over Voice", or IPoV ?
What was I supposed to do during those 3 hours? Wait? :-)
Pat
- cp openssh-3.6.1_p2.ebuild openssh-3.7_p1.ebuild
- emerge --update openssh
The emerge will fetch the file and complain that there is no digest.- ebuild openssh-3.7_p1.ebuild digest
- emerge --update openssh
Just tested it here, worked fine.Pat
Yeah, but you need a gentle soul to be able to d/l it first and then create a BT seed for it. Publishers tend to not know about BitTorrent yet, so they typically don't use it.
Any BitTorrent available, or is it already to late for even that?
You've been on Trading Spaces(tm) ??
Awwww crap.
It makes no sense to me why they would not have a wind sensor and winch the balloon down as the wind gets stronger. Have a concrete holding area with no top, and winch the balloon into it. It won't get damaged or lost this way. As soon as the wind has died down to a reasonable level, release it back into the air.
Well, I recommend bigger fonts, larger web pages, and waaaaaaay higher resolution.... to compensate.
When the judge finally screams "Will you stop that ?!?", have the lawyer look the judge straight in the eyes and say calmly: "No."
Ipso facto.
Cool, I didn't realize we had a colony there...
Is there so little happening in the news, or did we hit some bizarre wormhole, and we are now going back in time ?
At this point, I think that in the last 2 days over 70% of the stories have been dups.
Wow! Imagine a Beow SMACK!
I am now learning like crazy.
First thing I learned: Do not confuse your job with how you create your wealth.
Check out my diary to see what I am changing in my life.
How do you backup 320Gigs ??
A cheap tape drive on Ebay use DDS-2 tapes; that's 4Gigs max. Am I supposed to purchase 100+ tapes if I want a full backup and 7 days of incrementals ?
At $5 per tape, that's another $500+, plus the time it's gonna take to swap these puppies in the drive.
"Just buy another drive and RAID them..." Yeah, right. I got a few RAID horror stories for ya. "Well, who cares, you aren't running productions-grade stuff at your house..." Well, 320 Gigs of data takes a *long* time to accumulate, even with rips and all. Losing that would take you a good amount of time and bandwidth to accumulate again.
This is the case of one technology pushing itself out of usefullness.