The CyberLover program site doesn't do much. None of the links work, including the one for sample chat logs. The site says "Copyright 2005-2006", so this has been up for a while. The site was trying to recruit "affiliates", for a program that sells for only $4.95. This looks like an idea that didn't work.
1. They Bay of Fundy is kind of unusual. There is a lack of sites that are really that good.
2. Enviromental impact. Tidal areas tend to be very sensitive.
3. Cost. Except at few places tidal energy isn't very dense. It would require constructing huge systems.
That's right. The Bay of Fundy is about the best tidal spot on the planet. I've seen a study on possible locations for tidal power plants, and there are only about ten good sites in the world.
Such a site needs a bay with a narrow mouth suitable for a dam, and that's just the minimum. Only bays that are the right size and shape to have a resonance with the tide cycle yield really high tides, like the Bay of Fundy.
There's been some interest in putting underwater turbines at the Golden Gate near San Francisco. Water depth at the Golden Gate is 130 meters, which is unusually deep for a bay mouth, so this might actually work. But that's one of very few possible sites in the US.
Good tidal power sites are about as rare as Niagara Falls-sized waterfalls.
If instead ICANN had some cajones, they could take the bad registrars out...
The problme is that most of the registrars, by actual count, are now "bad". See the list of ICANN-approved registrars. There are several hundred, few of which have any real existence. Most are just fronts for some domaining operation. Some are obvious about it: "DropExtra.com, Inc.", "DropFall.com, Inc.", "DropHub.com. Inc", "DropJump.com, Inc.", etc., all of which are fronts for a "wholesale domain registrar". Then there's "Enom1, Inc."., "Enom2, Inc."...
"enom469, Inc.". Most of the "registrars" are now dummies like that.Those are ICANN's constituency.
No, there really is a problem with voting rights vs. short selling. See "One Share, One Vote - Short Selling Short-Circuits System", in the International Herald Tribune: When brokerages lend out a customer's stock to short sellers and those traders sell the stock to someone else, both investors are often able to vote in corporate elections.... "It is an abomination," said Thomas Montrone, chief executive officer of Registrar & Transfer, which oversees shareholder elections. "A lot of the time we have no idea who's entitled to vote and who isn't. It's nothing short of criminal." And: ""It appears to be the case where there are opportunities to game the system" (Cary Klafter, VP Legal and Government Affairs, Intel.)
There are other references, but that's enough for now.
So 2010 is the end of US manned spaceflight. There won't be a replacement for the Shuttle. NASA tried four times before, and never even got close to flight hardware. Why should this time be any different?
The Shuttle was designed in the 1960s. Back then, NASA could hire top people.
A huge number of experienced aircraft designers were available. Today, who goes into aerospace? NASA is sometimes called "the world's largest sheltered workshop". Aerospace is now so slow-paced that it takes decades to build anything.
The GAO Report on the Orion program indicates that there are significant problems. The most serious is the usual one with large spacecraft - weight growth in the upper stages, requiring huge increases in the size of lower stages. NASA's plan involves adding another section to the Shuttle-type solid rocket boosters, and there are real questions as to whether the resulting stack will be strong enough. (Remember, that's how Challenger blew up; failure at the solid rocket booster joints.)
Ugh. Now that I've read the Wikipedia article on "naked short selling", I'm probably going to have to edit it. It doesn't mention some of the real problems. "Naked short selling" creates fake stock, which is then purchased and owned by someone. And they can vote that stock. This can lead to more votes than there are shares outstanding.
The fake stock created by naked short selling is supposed to be replaced by buying real stock within 13 days. But that's not always happening. "Overstock.com" has had such fake stock outstanding for years, more fake stock than they actually have outstanding.
I put a job on Rent-A-Coder once. The job was to take an existing GPL piece of Python code that understood how to query some, but not all, of the various registrar WHOIS servers, and make it understand the output from each of them.
The existing code was years out of date, but did approximately the right thing. Each registrar has a slightly different format for the same WHOIS data, so you need a collection of parsing modules, or something smart enough to do it generically. It's not a difficult problem, just time-consuming.
The code, and a test file of 1000 test domains, was provided. The statement of the problem said that all the test cases had to work. The resulting code would be re-released under the GPL.
Four programmers in succession took that job, with bids from $200 to $500 and locations from Ireland to Russia, and none of them produced any working code.
The older versions of Dreamweaver work better. Dreamweaver 3 is a good WYSIWYG system, and produces reasonably correct HTML 3.2 without much trouble. The user interface makes sense and does what you'd expect.
Dreamweaver 8 can't even produce code that passes its own validation, let alone the W3C validator. What you see is sort of like what a browser will display, but not quite. Even FTP worked better in the earlier versions.
There's something to be said for teaching from the older versions. If you teach from the current ones, much time will be spent teaching workarounds for Dreamweaver bugs.
What actually came out about the asset purchase agreement was straightforward. The written agreement says Novell didn't transfer the UNIX copyright to SCO. Earlier discussions between Novell and SCO had discussed transferring the copyright, and SCO wanted to do that. But Novell wanted all the money up front before irrevocably transferring the copyright. (In case SCO went bankrupt or didn't pay, of course.) SCO didn't have enough cash to pay in full. So the actual agreement as signed called for payments to be made over time, and no copyright transfer, just a license. Some people on both sides thought the copyright had been transferred, because that's what had been discussed in early meetings, but that's not what was actually in the signed documents.
Once all this came out in court, the Judge ruled for Novell.
Sending humans to Mars is stupid and pointless. It's an idea trotted out by politicians every decade or so to distract voters, not something to really do.
Congress is right to pull the plug.
Space travel on chemical fuels is just barely possible, and it's not getting any better. Chemical rockets work about as well as they did forty years ago.
Chemical fuels haven't improved, and they're not going to. We've had liquid hydrogen/liquid oxygen for forty years, and that's as good as it gets.
Hence the fundamental problem. All spacecraft have to be so weight-reduced that they're fragile and unreliable. If spacecraft could be built with the weight budget of a jetliner, with about 50% of the mass at takeoff being fuel, they'd work fine.
Without fission, fusion, or antimatter power, or new physics, this isn't going to improve. We're stuck without a better power source.
There hasn't been a new power source for half a century now. First time since the Industrial Revolution that's happened. Most of the major problems in the world today, from global warming to the Middle East, come from that fact.
Yes. The article says "Aggregating the reputations of all recipients of a particular message, therefore, is equivalent to combining those users' rating power to estimate the legitimacy of the sender and the message." If you're able to even count all the recipients of a particular message, a large count is a good indicator of spam.
But it's been a long time since spammers simply sent the same text to a large number of addresses. Identifying multiple transmissions as instances of a "particular message" is the big problem today. This new scheme doesn't help with that.
If a message contains URLs, filtering today works quite well. The few spams that get through SpamAssassin typically don't contain URLs. The spammers are getting desperate. I just had a spam come in that expresses a domain as "nartbx. com /* O, mit Empty Space". It got through the spam filter, but it hardly seems worth it for the sender.
The OLPC effort may show us the way out. The great hope with the OLPC is that it doesn't have any legacy applications that rely on security holes. It might actually work, and they have a chance of fixing it if it doesn't.
Neither the Windows nor the Linux world really support untrusted applications, ones with fewer privileges than their user. That's the fundamental problem. But OLPC does. They've thought about the problem correctly, and have something implemented that's reasonable. Now we'll have to see how it works in the field.
If these guys want anybody to pay attention, they should submit their protocol as an RFC. Their "standards document" is badly written. It has statements like "Features that are ready for implementation now, but only for use in crawler
communication by prior arrangement, are labelled with an amber spot. These
represent a minority of extensions for which there are possible security vulnerability
or other issues in their implementation on the web crawler side, such as creating
possible new opportunities for cloaking or Denial of Service attack." One such problem is that they stuck in a redirect mechanism that directs the crawler to pull data from another domain. Then they put in mealy-mouthed phrases like "It is recommended that, if possible, the URI should normally specify a resource within
the crawled resource and not external to it, as this is less likely to present technical
and security difficulties to the crawler.". This reads like something from a committee that doesn't have to make it work. They need to formally address the issue of the security scope of a robots.txt file, not hand-wave around the problem.
That's no good. Somebody competent familar with IETF procedures will have to overhaul this.
This isn't a Second Life problem. It affects all QuickTime players.
QuickTime has a recently discovered vulnerability which allows it to be used as a way to inject executable content into the user's machine. This can attack far more than Second Life.
See US CERT Vulnerability Note VU#659761 --
Apple QuickTime RTSP Content-Type header stack buffer overflow. "Apple QuickTime contains a stack buffer overflow vulnerability that may allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial of service condition.... We are currently unaware of a practical solution to this problem.....
"Note that QuickTime is a component of Apple iTunes, therefore iTunes installations are also affected by this vulnerability. We are aware of publicly available exploit code for this vulnerability.
Testing indicates that QuickTime versions 4.0 through 7.3 are vulnerable on all supported Mac and Windows platforms."
CERT suggests disabling all the ways QuickTime can be launched:
Block the rtsp:// protocol
Disable the QuickTime ActiveX controls in Internet Explorer
Disable the QuickTime plug-in for Mozilla-based browsers
Disable file association for QuickTime files
This vulnerability was first published on November 23, 2007.
first, I predict for the foreseeable future none of these fighting machines will be allowed to shoot anyone without human authorization.
There's considerable interest in systems that shoot back, really fast. The U.S. Army has had counter-battery fire systems for decades, but they've been used against larger indirect-fire weapons. The Army would like to downsize this into a "use a gun, die within seconds" capability, something that could detect hostile gunfire and land indirect fire on the shooter faster than a human could get out of the way.
We'll probably see robotic guns like that, operating under rules of engagement that allow them to kill anybody without an IFF firing a weapon.
McAfee's SiteAdvisor already looks for malware available from web pages, downloading everything that might be a threat and running it in a virtual Windows machine with Internet Explorer. SiteAdvisor does the work themselves; they're not trying to get people to work for them for free. Google already had something like that, although not as good. Allowing users to add to the machine-generated lists is useful, but not a big deal.
Besides, why work for Google for free?
If you're going to report phishing sites, report them to PhishTank, where the list is open and free. Harmful software should be reported to StopBadware, which, again, has public data.
Remember Google's scheme for getting people to photograph businesses and send the pictures to Google? Whatever happened to that?
"JSON" refers to strings of JavaScript source, which are essentially S-expressions, used for marshalling data for transmission. It's promoted as an alternative to XML, because parsing XML in Javascript requires shipping an XML parser in Javascript along with the web page.
The trouble with this idea is that Javascript has the wrong primitives for this operation. In LISP, there's the "reader", which turns a character string into an S-expression, and "eval", which executes an S-expression. JavaScript combines those two functions into "eval", which takes in a string and runs it as a program. Uh oh. Big security hole there.
So the JSON crowd has to provide "firewalls", written in Javascript, which look at the string to be executed before running it. Some of these "firewalls" almost work. Some don't. Ones that work more reliably are complicated, like XML parsers. So, overall, JSON didn't turn out to be a win over XML.
If JavaScript had a built-in "reader" like LISP, a parser that just produced a linked structure as output but didn't do anything more, the JSON idea would work better.
True. During the dot-com boom, one band got VC funding and tried to IPO. It was a flop, but a cool idea.
The music industry could probably keep CDs alive if they dropped the price to $8 and undercut the online people. Manufacturing cost is well under $1, including packaging. From manufacturing to on the shelf at Wal-Mart is less than 2x for most Wal-Mart products. So there's still plenty of headroom for profits. Most of the spending in the music industry actually goes into promotion.
Promotion is the bottleneck. Promotion is the other function record labels perform. It's their remaining competitive edge.
"Myspace Records" was a flop, even though Myspace has very low cost promotional capability; they can run ads on their own site, and did.
(That seems to reflect mismanagement; they couldn't get the recordings out the door, the bands were mediocre, and they couldn't even keep the Myspace Records page on Myspace updated.)
It's all about the zombies, of course. There really aren't that many different spammers left. Look at how little diversity there is in incoming spam. That's why GMail works so well. If you filter a large number of mailboxes in a coordinated way, the basic characteristic of spam, many messages sent from one source, just pops out at you.
The only reason we still have a spam problem is zombies running on Microsoft Windows desktop machines. These are sources for the last few incoming spams:
71-83-93-18.dhcp.rvsd.ca.charter.com
189-015-128-110.xd-dynamic.ctbcnetsuper.com.br
i05v-212-194-126-37.d4.club-internet.fr
91-65-156-187-dynip.superkabel.de
Those just have to be botnets.
So, as usual, it's all Microsoft's fault, shipping an OS that encourages users to download executables that operate with the user's full privileges.
After reading this, I immediately checked to see if Google had fixed their open redirector. No, they haven't, and there are six exploits of it listed in PhishTank. Google needs to turn that off. If they absolutely insist on having an open redirector, it needs its own subdomain, which is what Yahoo does. Then the subdomain can be blacklisted without collateral damage.
Phishing via exploits of major sites is a big problem, but involves a small number of major sites. 168 major sites today. The usual exploits are:
Phishing site web servers on DSL lines. Some ISPs are good at kicking these off, and some aren't as good. "bellsouth.net" has more entries in PhishTank than any other domain.
"Open redirectors", URLs that can be exploited to redirect to another site, like the Google URL above.
Web hosting services, especially free ones, sometimes find themselves hosting phishing sites.
"Web 2.0" sites which allow uploading of user content but don't check it for exploits. Photobucket is used by some phishers, who upload hostile ".swf" files.
Break-ins on legitimate sites, where, typically, some obscure page is hosting hostile content. When an ".edu" site shows up in our list, that's usually what happened.
Out of 1.6 million domains in DMOZ, and over 10,000 phishes in PhishTank, only 168 domains are in both. So the number of sites that need to be fixed is small. In fact, some of those sites are already fixed, but the entries haven't been removed from PhishTank yet. (Hint: if you kill a hostile page on your domain, make it a 404 error; that gets the page out of PhishTank's "active and online" list automatically. Don't just change the content or redirect it somewhere else, or it stays in the tank until somebody rechecks it manually, which can take weeks.)
For every site in the list, there's some competitor in the same business who isn't on the list. "Everybody has this problem" isn't a valid excuse any more. This is a useful point to make with management if you find your own company on the list.
This list of 168 exploited sites is updated automatically every three hours.
There's also a list of sites recently removed from PhishTank.
"n-insanity.com", "tropmet.res.in", "wsjob.com" were dropped from the list today; they no longer have active, online entries in PhishTank. "gentlesource.com", "t35.com" (an eBay phish), "tilapia.com" (another eBay phish), and "uic.edu" (already fixed) were added; they just appeared in PhishTank.
If you have any responsibility for a site on the list, please take steps to fix the problem. If you're not part of the solution, you're part of the problem.
That's very much a Navy view: "Enlisted men and women are, fundamentally, operators." In the Navy, the basic combat unit is the ship. Tactical decisions are made at the ship level, not below. A hundred to several thousand people serve the ship; a few officers make the tactical decisions.
Ground troops need a completely different mindset. The basic combat unit is far smaller, a squad or platoon. Individual soldiers make tactical decisions. Marines are especially big on this. It's Marine doctrine to equip the Marine, not man the equipment. The US Army likes to fight with bigger units, but can break them down into small, independent units when necessary.
The CyberLover program site doesn't do much. None of the links work, including the one for sample chat logs. The site says "Copyright 2005-2006", so this has been up for a while. The site was trying to recruit "affiliates", for a program that sells for only $4.95. This looks like an idea that didn't work.
1. They Bay of Fundy is kind of unusual. There is a lack of sites that are really that good.
2. Enviromental impact. Tidal areas tend to be very sensitive.
3. Cost. Except at few places tidal energy isn't very dense. It would require constructing huge systems.
That's right. The Bay of Fundy is about the best tidal spot on the planet. I've seen a study on possible locations for tidal power plants, and there are only about ten good sites in the world. Such a site needs a bay with a narrow mouth suitable for a dam, and that's just the minimum. Only bays that are the right size and shape to have a resonance with the tide cycle yield really high tides, like the Bay of Fundy.
There's been some interest in putting underwater turbines at the Golden Gate near San Francisco. Water depth at the Golden Gate is 130 meters, which is unusually deep for a bay mouth, so this might actually work. But that's one of very few possible sites in the US.
Good tidal power sites are about as rare as Niagara Falls-sized waterfalls.
If instead ICANN had some cajones, they could take the bad registrars out...
The problme is that most of the registrars, by actual count, are now "bad". See the list of ICANN-approved registrars. There are several hundred, few of which have any real existence. Most are just fronts for some domaining operation. Some are obvious about it: "DropExtra.com, Inc.", "DropFall.com, Inc.", "DropHub.com. Inc", "DropJump.com, Inc.", etc., all of which are fronts for a "wholesale domain registrar". Then there's "Enom1, Inc."., "Enom2, Inc." ...
"enom469, Inc.". Most of the "registrars" are now dummies like that.Those are ICANN's constituency.
No, there really is a problem with voting rights vs. short selling. See "One Share, One Vote - Short Selling Short-Circuits System", in the International Herald Tribune: When brokerages lend out a customer's stock to short sellers and those traders sell the stock to someone else, both investors are often able to vote in corporate elections. ... "It is an abomination," said Thomas Montrone, chief executive officer of Registrar & Transfer, which oversees shareholder elections. "A lot of the time we have no idea who's entitled to vote and who isn't. It's nothing short of criminal." And: ""It appears to be the case where there are opportunities to game the system" (Cary Klafter, VP Legal and Government Affairs, Intel.)
There are other references, but that's enough for now.
So 2010 is the end of US manned spaceflight. There won't be a replacement for the Shuttle. NASA tried four times before, and never even got close to flight hardware. Why should this time be any different?
The Shuttle was designed in the 1960s. Back then, NASA could hire top people. A huge number of experienced aircraft designers were available. Today, who goes into aerospace? NASA is sometimes called "the world's largest sheltered workshop". Aerospace is now so slow-paced that it takes decades to build anything.
The GAO Report on the Orion program indicates that there are significant problems. The most serious is the usual one with large spacecraft - weight growth in the upper stages, requiring huge increases in the size of lower stages. NASA's plan involves adding another section to the Shuttle-type solid rocket boosters, and there are real questions as to whether the resulting stack will be strong enough. (Remember, that's how Challenger blew up; failure at the solid rocket booster joints.)
Sprint is spread-spectrum CDMA, not time-division GSM.
Ugh. Now that I've read the Wikipedia article on "naked short selling", I'm probably going to have to edit it. It doesn't mention some of the real problems. "Naked short selling" creates fake stock, which is then purchased and owned by someone. And they can vote that stock. This can lead to more votes than there are shares outstanding.
The fake stock created by naked short selling is supposed to be replaced by buying real stock within 13 days. But that's not always happening. "Overstock.com" has had such fake stock outstanding for years, more fake stock than they actually have outstanding.
Here's a New York Times article that discusses the issue. Forbes has also written about this.
The top stocks with fake stock outstanding for long periods are:
I put a job on Rent-A-Coder once. The job was to take an existing GPL piece of Python code that understood how to query some, but not all, of the various registrar WHOIS servers, and make it understand the output from each of them. The existing code was years out of date, but did approximately the right thing. Each registrar has a slightly different format for the same WHOIS data, so you need a collection of parsing modules, or something smart enough to do it generically. It's not a difficult problem, just time-consuming.
The code, and a test file of 1000 test domains, was provided. The statement of the problem said that all the test cases had to work. The resulting code would be re-released under the GPL.
Four programmers in succession took that job, with bids from $200 to $500 and locations from Ireland to Russia, and none of them produced any working code.
The older versions of Dreamweaver work better. Dreamweaver 3 is a good WYSIWYG system, and produces reasonably correct HTML 3.2 without much trouble. The user interface makes sense and does what you'd expect.
Dreamweaver 8 can't even produce code that passes its own validation, let alone the W3C validator. What you see is sort of like what a browser will display, but not quite. Even FTP worked better in the earlier versions.
There's something to be said for teaching from the older versions. If you teach from the current ones, much time will be spent teaching workarounds for Dreamweaver bugs.
This is old. It's from September.
What actually came out about the asset purchase agreement was straightforward. The written agreement says Novell didn't transfer the UNIX copyright to SCO. Earlier discussions between Novell and SCO had discussed transferring the copyright, and SCO wanted to do that. But Novell wanted all the money up front before irrevocably transferring the copyright. (In case SCO went bankrupt or didn't pay, of course.) SCO didn't have enough cash to pay in full. So the actual agreement as signed called for payments to be made over time, and no copyright transfer, just a license. Some people on both sides thought the copyright had been transferred, because that's what had been discussed in early meetings, but that's not what was actually in the signed documents.
Once all this came out in court, the Judge ruled for Novell.
Sending humans to Mars is stupid and pointless. It's an idea trotted out by politicians every decade or so to distract voters, not something to really do. Congress is right to pull the plug.
Space travel on chemical fuels is just barely possible, and it's not getting any better. Chemical rockets work about as well as they did forty years ago. Chemical fuels haven't improved, and they're not going to. We've had liquid hydrogen/liquid oxygen for forty years, and that's as good as it gets.
Hence the fundamental problem. All spacecraft have to be so weight-reduced that they're fragile and unreliable. If spacecraft could be built with the weight budget of a jetliner, with about 50% of the mass at takeoff being fuel, they'd work fine.
Without fission, fusion, or antimatter power, or new physics, this isn't going to improve. We're stuck without a better power source.
There hasn't been a new power source for half a century now. First time since the Industrial Revolution that's happened. Most of the major problems in the world today, from global warming to the Middle East, come from that fact.
That's the problem. Mars is a sideshow.
Yes. The article says "Aggregating the reputations of all recipients of a particular message, therefore, is equivalent to combining those users' rating power to estimate the legitimacy of the sender and the message." If you're able to even count all the recipients of a particular message, a large count is a good indicator of spam.
But it's been a long time since spammers simply sent the same text to a large number of addresses. Identifying multiple transmissions as instances of a "particular message" is the big problem today. This new scheme doesn't help with that.
If a message contains URLs, filtering today works quite well. The few spams that get through SpamAssassin typically don't contain URLs. The spammers are getting desperate. I just had a spam come in that expresses a domain as "nartbx. com /* O, mit Empty Space". It got through the spam filter, but it hardly seems worth it for the sender.
The OLPC effort may show us the way out. The great hope with the OLPC is that it doesn't have any legacy applications that rely on security holes. It might actually work, and they have a chance of fixing it if it doesn't.
Neither the Windows nor the Linux world really support untrusted applications, ones with fewer privileges than their user. That's the fundamental problem. But OLPC does. They've thought about the problem correctly, and have something implemented that's reasonable. Now we'll have to see how it works in the field.
If these guys want anybody to pay attention, they should submit their protocol as an RFC. Their "standards document" is badly written. It has statements like "Features that are ready for implementation now, but only for use in crawler communication by prior arrangement, are labelled with an amber spot. These represent a minority of extensions for which there are possible security vulnerability or other issues in their implementation on the web crawler side, such as creating possible new opportunities for cloaking or Denial of Service attack." One such problem is that they stuck in a redirect mechanism that directs the crawler to pull data from another domain. Then they put in mealy-mouthed phrases like "It is recommended that, if possible, the URI should normally specify a resource within the crawled resource and not external to it, as this is less likely to present technical and security difficulties to the crawler.". This reads like something from a committee that doesn't have to make it work. They need to formally address the issue of the security scope of a robots.txt file, not hand-wave around the problem.
That's no good. Somebody competent familar with IETF procedures will have to overhaul this.
This isn't a Second Life problem. It affects all QuickTime players. QuickTime has a recently discovered vulnerability which allows it to be used as a way to inject executable content into the user's machine. This can attack far more than Second Life.
See US CERT Vulnerability Note VU#659761 -- Apple QuickTime RTSP Content-Type header stack buffer overflow. "Apple QuickTime contains a stack buffer overflow vulnerability that may allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial of service condition. ... We are currently unaware of a practical solution to this problem.. ...
"Note that QuickTime is a component of Apple iTunes, therefore iTunes installations are also affected by this vulnerability. We are aware of publicly available exploit code for this vulnerability.
Testing indicates that QuickTime versions 4.0 through 7.3 are vulnerable on all supported Mac and Windows platforms."
CERT suggests disabling all the ways QuickTime can be launched:
This vulnerability was first published on November 23, 2007.
first, I predict for the foreseeable future none of these fighting machines will be allowed to shoot anyone without human authorization.
There's considerable interest in systems that shoot back, really fast. The U.S. Army has had counter-battery fire systems for decades, but they've been used against larger indirect-fire weapons. The Army would like to downsize this into a "use a gun, die within seconds" capability, something that could detect hostile gunfire and land indirect fire on the shooter faster than a human could get out of the way.
We'll probably see robotic guns like that, operating under rules of engagement that allow them to kill anybody without an IFF firing a weapon.
McAfee's SiteAdvisor already looks for malware available from web pages, downloading everything that might be a threat and running it in a virtual Windows machine with Internet Explorer. SiteAdvisor does the work themselves; they're not trying to get people to work for them for free. Google already had something like that, although not as good. Allowing users to add to the machine-generated lists is useful, but not a big deal.
Besides, why work for Google for free? If you're going to report phishing sites, report them to PhishTank, where the list is open and free. Harmful software should be reported to StopBadware, which, again, has public data.
Remember Google's scheme for getting people to photograph businesses and send the pictures to Google? Whatever happened to that?
The Web 2.0 crowd rediscovers subroutine libraries. Film at 11.
"JSON" refers to strings of JavaScript source, which are essentially S-expressions, used for marshalling data for transmission. It's promoted as an alternative to XML, because parsing XML in Javascript requires shipping an XML parser in Javascript along with the web page.
The trouble with this idea is that Javascript has the wrong primitives for this operation. In LISP, there's the "reader", which turns a character string into an S-expression, and "eval", which executes an S-expression. JavaScript combines those two functions into "eval", which takes in a string and runs it as a program. Uh oh. Big security hole there.
So the JSON crowd has to provide "firewalls", written in Javascript, which look at the string to be executed before running it. Some of these "firewalls" almost work. Some don't. Ones that work more reliably are complicated, like XML parsers. So, overall, JSON didn't turn out to be a win over XML.
If JavaScript had a built-in "reader" like LISP, a parser that just produced a linked structure as output but didn't do anything more, the JSON idea would work better.
True. During the dot-com boom, one band got VC funding and tried to IPO. It was a flop, but a cool idea.
The music industry could probably keep CDs alive if they dropped the price to $8 and undercut the online people. Manufacturing cost is well under $1, including packaging. From manufacturing to on the shelf at Wal-Mart is less than 2x for most Wal-Mart products. So there's still plenty of headroom for profits. Most of the spending in the music industry actually goes into promotion.
Promotion is the bottleneck. Promotion is the other function record labels perform. It's their remaining competitive edge. "Myspace Records" was a flop, even though Myspace has very low cost promotional capability; they can run ads on their own site, and did. (That seems to reflect mismanagement; they couldn't get the recordings out the door, the bands were mediocre, and they couldn't even keep the Myspace Records page on Myspace updated.)
It's all about the zombies, of course. There really aren't that many different spammers left. Look at how little diversity there is in incoming spam. That's why GMail works so well. If you filter a large number of mailboxes in a coordinated way, the basic characteristic of spam, many messages sent from one source, just pops out at you.
The only reason we still have a spam problem is zombies running on Microsoft Windows desktop machines. These are sources for the last few incoming spams:
Those just have to be botnets.
So, as usual, it's all Microsoft's fault, shipping an OS that encourages users to download executables that operate with the user's full privileges.
After reading this, I immediately checked to see if Google had fixed their open redirector. No, they haven't, and there are six exploits of it listed in PhishTank. Google needs to turn that off. If they absolutely insist on having an open redirector, it needs its own subdomain, which is what Yahoo does. Then the subdomain can be blacklisted without collateral damage.
Phishing via exploits of major sites is a big problem, but involves a small number of major sites. 168 major sites today. The usual exploits are:
Out of 1.6 million domains in DMOZ, and over 10,000 phishes in PhishTank, only 168 domains are in both. So the number of sites that need to be fixed is small. In fact, some of those sites are already fixed, but the entries haven't been removed from PhishTank yet. (Hint: if you kill a hostile page on your domain, make it a 404 error; that gets the page out of PhishTank's "active and online" list automatically. Don't just change the content or redirect it somewhere else, or it stays in the tank until somebody rechecks it manually, which can take weeks.)
For every site in the list, there's some competitor in the same business who isn't on the list. "Everybody has this problem" isn't a valid excuse any more. This is a useful point to make with management if you find your own company on the list.
This list of 168 exploited sites is updated automatically every three hours. There's also a list of sites recently removed from PhishTank. "n-insanity.com", "tropmet.res.in", "wsjob.com" were dropped from the list today; they no longer have active, online entries in PhishTank. "gentlesource.com", "t35.com" (an eBay phish), "tilapia.com" (another eBay phish), and "uic.edu" (already fixed) were added; they just appeared in PhishTank. If you have any responsibility for a site on the list, please take steps to fix the problem. If you're not part of the solution, you're part of the problem.
That's very much a Navy view: "Enlisted men and women are, fundamentally, operators." In the Navy, the basic combat unit is the ship. Tactical decisions are made at the ship level, not below. A hundred to several thousand people serve the ship; a few officers make the tactical decisions.
Ground troops need a completely different mindset. The basic combat unit is far smaller, a squad or platoon. Individual soldiers make tactical decisions. Marines are especially big on this. It's Marine doctrine to equip the Marine, not man the equipment. The US Army likes to fight with bigger units, but can break them down into small, independent units when necessary.
Just write a memo, "We need a license for this code". It probably won't be very expensive.
Here's the policy on use of code snippets in O'Reilly books. They generally allow it, but require acknowledgement in the documentation.
Kimball was just about ready to empanel a jury in SCO v Novell...
There's no jury. At this point, that case is down to claims for "equitable relief", and Judge Kimball ruled that a jury trial wasn't necessary.
It might not take five days of trial, either.