I am designing a conference. How do I find out every thing that may or may not negatively affect some member of the audience and eliminate all of these things from conference presentations? The only way I can see is to have a society where no one says anything.
Probably China couldn't be called a free market. However, the traditional free market response to this issue has been upholding the property rights of those who are being polluted via courts or voluntary agreement, making air pollution too expensive compared to the alternatives. No free market advocate believes polluters should not be held accountable for their actions, that's what lawsuits are for.
I thought the same thing. "hey spend hard-earned tuition dollars and get nothing in return." Isn't a problem for the university, that's a problem for the student. Another poster described the same student repeatedly signing up for the course and failing for non-participation. A good mechanism for the college to drain "students" dry. When I was in grad school, I could almost always tell the students who were paying a good amount out of pocket (determined, focused, a pleasure to be on assignments with) from those who were paying with some sort of financial aid (lazy, unengaged, complainers). (ye, there were some exceptions on the aid side. I never met a lazy unmotivated student who was paying with their own money.) The problem here isn't the online course, it's all the money enabling unmotivated people to pay for the courses who shouldn't even be in there.
Enjoy your wait. Perhaps you might respond to my point, which was that Google has created an online automated system that (in part) allows people to create forms that other people can use to submit data. What do you expect Google to do, somehow magically tell the difference between legit and fake forms? Or do you think simply forbidding a field named "password" would address the problem?
All the phishers are doing is using Docs in the way it is meant to be used. If Google sees a form to enter information for ABC corp's Mr John McNobody, there's no way for Google to know if this is legitimate or not, other than actually trying to find Mr John McNobody and ask if it was legit.
We've worked out a way to use our HTTP proxies to deny POSTing of information to Google docs/drive. This way, folks can still access information, they just can't use POST or PUT commands to send any. It isn't too hard to determine the necessary POST URLs to whitelist for logon, logoff, password change, and other operations. It's not perfect but a lot better than nothing. Maybe you could take a similar approach. Does require a proxy that intercepts SSL traffic.
Are you seriously claiming that "legitimate journalists" never lie? Hm, you must be funning us. heh heh well done, you had me going there for a second.
Well that's not true. Humans assess risk all the time. For example, I drove today even though I know there is a chance I could get in a fatal accident. Just because the assessment of others doesn't agree with your assessment doesn't mean they are stupid or wrong.
Not sure if this was your point or not, but I use Adblock. I am not that familiar with how it works, so it might be blocking some ads hosted by the same domain. In which case I would be an unwitting hypocrite. I'll probably check up on that at some point.
Heh thanks for reminding me of that, now I want to watch it again. My first exposure to this series was actually the CDROM-based game. Now that I think of it, this series was probably a big factor in my original conclusion.
Any invention is just an addition to preexisting technologies. Bell et al. didn't invent the telephone in ancient Greece for a reason. There was all sorts of work to be done with sound, electricity, and magnetism first. The telephone was just adding voice capability to the telegraph, right?
This was always my response to the 'it is immoral to block ads' argument. I always said that if blah.com is hosting the ads itself I would be willing to allow them but as long as the content is from some unknown domain that I haven't chosen to trust, forget about it.
Agree. At first I felt "well, the carriers ARE substantially underwriting the phones, why shouldn't they have some say in how they are used?" But then I thought, why the hell do we need a new law with excessive new penalties for this? The carrier was always free to take this to small claims court to get their couple hundred bucks back for breach of contract. So I'm not bent out of shape that the carriers want to make restrictive contracts. I am bent out of shape that "my" government wasted its time making a ridiculous hysterical overreaction to what is at best very petty crime. If I were a praying man, I'd be praying right now that I can get on the first jury trial to test this law.
When I say 'reports' I refer to the data on successful attacks, not necessarily 'news'. Despite your assertion, there are several sources of such data. And you'll have to provide a citation regarding how much fraud is taking place with no indication of how. According to some of the other posters here. moving to DNSSEC is not 'very low cost maintenance', so doing it when the apparent threat is very close to zero is in most cases going to be judged a waste of time.
Regardless, my intended point could be phrased like this: people will make the change when they perceive a reason to do so. And right now there doesn't appear to be a reason. The simple fact of a vulnerability isn't a reason, we will accept it just like all the other vulnerabilities we live with every day.
How "major" is the flaw when there are few reports of it being used in attacks? People will change their behavior when there is a real reason to do so. Until there is an upswing in DNS cache poisoning, most will see no reason to go to the expense of converting. As another poster pointed out, there are plenty of other techniques attackers are using to impersonate websites.
"a syndicate for the purpose fo managing employees" Isn't this what a union is? Except the guy making a hugely inflated salary is the union head instead of the CEO.
Well, how may would it take to make it a success? It doesn't have to be more popular than Windows to be a success, it just needs to recoup the investment and then some. Apple keeps making PC OSes, even though there's virtually no chance it will overtake Windows any time soon.
Slashdot Mirror
I am designing a conference. How do I find out every thing that may or may not negatively affect some member of the audience and eliminate all of these things from conference presentations? The only way I can see is to have a society where no one says anything.
American innovation hinges on creativity
so let's do everything we can to stifle it.
Probably China couldn't be called a free market. However, the traditional free market response to this issue has been upholding the property rights of those who are being polluted via courts or voluntary agreement, making air pollution too expensive compared to the alternatives. No free market advocate believes polluters should not be held accountable for their actions, that's what lawsuits are for.
They already know how broken their country is. They just can't openly talk about it or the broken people will stomp on them.
I thought the same thing. "hey spend hard-earned tuition dollars and get nothing in return." Isn't a problem for the university, that's a problem for the student. Another poster described the same student repeatedly signing up for the course and failing for non-participation. A good mechanism for the college to drain "students" dry. When I was in grad school, I could almost always tell the students who were paying a good amount out of pocket (determined, focused, a pleasure to be on assignments with) from those who were paying with some sort of financial aid (lazy, unengaged, complainers). (ye, there were some exceptions on the aid side. I never met a lazy unmotivated student who was paying with their own money.) The problem here isn't the online course, it's all the money enabling unmotivated people to pay for the courses who shouldn't even be in there.
Enjoy your wait. Perhaps you might respond to my point, which was that Google has created an online automated system that (in part) allows people to create forms that other people can use to submit data. What do you expect Google to do, somehow magically tell the difference between legit and fake forms? Or do you think simply forbidding a field named "password" would address the problem?
In the business world, there are hordes of 'web based applications' that use java from the browser.
All the phishers are doing is using Docs in the way it is meant to be used. If Google sees a form to enter information for ABC corp's Mr John McNobody, there's no way for Google to know if this is legitimate or not, other than actually trying to find Mr John McNobody and ask if it was legit.
We've worked out a way to use our HTTP proxies to deny POSTing of information to Google docs/drive. This way, folks can still access information, they just can't use POST or PUT commands to send any. It isn't too hard to determine the necessary POST URLs to whitelist for logon, logoff, password change, and other operations. It's not perfect but a lot better than nothing. Maybe you could take a similar approach. Does require a proxy that intercepts SSL traffic.
Ah nuts, you're right. I apologize.
to become an enzyme on it's own
should say:
to become an enzyme on its own
Are you seriously claiming that "legitimate journalists" never lie? Hm, you must be funning us. heh heh well done, you had me going there for a second.
What does what the parent mentioned have to do with the ability to sue for malpractice?
This explains why they are always trying to move money out of these countries, the banks are riddled with malware over there.
humans are incapable of assessing risk
Well that's not true. Humans assess risk all the time. For example, I drove today even though I know there is a chance I could get in a fatal accident. Just because the assessment of others doesn't agree with your assessment doesn't mean they are stupid or wrong.
Not sure if this was your point or not, but I use Adblock. I am not that familiar with how it works, so it might be blocking some ads hosted by the same domain. In which case I would be an unwitting hypocrite. I'll probably check up on that at some point.
Heh thanks for reminding me of that, now I want to watch it again. My first exposure to this series was actually the CDROM-based game. Now that I think of it, this series was probably a big factor in my original conclusion.
Any invention is just an addition to preexisting technologies. Bell et al. didn't invent the telephone in ancient Greece for a reason. There was all sorts of work to be done with sound, electricity, and magnetism first. The telephone was just adding voice capability to the telegraph, right?
This was always my response to the 'it is immoral to block ads' argument. I always said that if blah.com is hosting the ads itself I would be willing to allow them but as long as the content is from some unknown domain that I haven't chosen to trust, forget about it.
You're right I should have posted AC
Agree. At first I felt "well, the carriers ARE substantially underwriting the phones, why shouldn't they have some say in how they are used?" But then I thought, why the hell do we need a new law with excessive new penalties for this? The carrier was always free to take this to small claims court to get their couple hundred bucks back for breach of contract. So I'm not bent out of shape that the carriers want to make restrictive contracts. I am bent out of shape that "my" government wasted its time making a ridiculous hysterical overreaction to what is at best very petty crime. If I were a praying man, I'd be praying right now that I can get on the first jury trial to test this law.
When I say 'reports' I refer to the data on successful attacks, not necessarily 'news'. Despite your assertion, there are several sources of such data. And you'll have to provide a citation regarding how much fraud is taking place with no indication of how. According to some of the other posters here. moving to DNSSEC is not 'very low cost maintenance', so doing it when the apparent threat is very close to zero is in most cases going to be judged a waste of time.
Regardless, my intended point could be phrased like this: people will make the change when they perceive a reason to do so. And right now there doesn't appear to be a reason. The simple fact of a vulnerability isn't a reason, we will accept it just like all the other vulnerabilities we live with every day.
How "major" is the flaw when there are few reports of it being used in attacks? People will change their behavior when there is a real reason to do so. Until there is an upswing in DNS cache poisoning, most will see no reason to go to the expense of converting. As another poster pointed out, there are plenty of other techniques attackers are using to impersonate websites.
"a syndicate for the purpose fo managing employees" Isn't this what a union is? Except the guy making a hugely inflated salary is the union head instead of the CEO.
Well, how may would it take to make it a success? It doesn't have to be more popular than Windows to be a success, it just needs to recoup the investment and then some. Apple keeps making PC OSes, even though there's virtually no chance it will overtake Windows any time soon.