Personally I don't see why anyone should be granted a monopoly over any of the possible ways of doing that sort of stuff.
So far in the past 20 years there have been very very few real innovations (not just incremental improvements).
Way back in the 1960s that Douglas Engelbart guy had a chord keyboard, mouse, was doing hypertext, wordprocessing, shared screen collaboration with another person over a remote link, etc. Too bad he was a bit too early;).
The people who are really innovative would be so far ahead of their time that 20 year patents won't help them;). And having longer patents would enslave the rest of us to the far more plentiful crappier "inventors".
So I don't see why anybody should be getting monopolies over anything. Hardly anyone who's got a patent deserves to have a monopoly.
Maybe in the absence of patents we could award some innovation prizes or something, so that the really innovative people can at least be comforted decades later that they were trail blazing the right track.
You don't need patents to get incremental improvements - there are millions of people in China who know how to do incremental improvements, and they will do them whether you like it or not:). I just bought two made in China toy RC helicopters for about USD27 each, they appear to be a clone of the original Mosquito helicopter BUT they have more robust rotor blades from the original, and they also have a stabilizer bar which the original doesn't appear to have.
If you're smart and you want to get rich go run a few laundromats or something. Boring? Doesn't require lots of brains or inventiveness? Good, that means you can pay someone not too smart a salary to do it. Then you can use the money and time left over to do your fun stuff.
True, but there are still too many replies below various thresholds. But sometimes I still reply anyway:).
On the subject of sigs, re: your sig, I haven't had mod points for very many years, maybe it's because I used to mod back up "off topic" stuff that were interesting replies to perhaps off tangent/topic stuff, and mod "underrated" stuff that's troll or flamebait.
Maybe it's because I replied in one of those infamous blacklisted threads.
Or maybe it's because of my sig - I can't remember what happened first:p.
After all those "economical" techniques is that e coli beef significantly cheaper than beef elsewhere to _purchasers_?
Or are a few rich people getting even richer from consumer ignorance? The last I checked those cowboys aren't earning big bucks for what they do. Maybe the mexicans in the slaughterhouses are?
For a similar issue check out the salmonella problem ( http://www.cspinet.org/reports/polt.html ). It's being spun that it's the customer's problem that they are not cooking stuff properly. But if it's standard practice to dump chickens into the same chilled water, it's no surprise so many chickens end up being contaminated.
Perhaps people should cook stuff properly, but a look at how the industry is doing stuff should show you things are so much crappier than they should be.
Yes it would be prohibitively expensive to keep changing the chilled water etc, but maybe if there were pressures to do things better there would be cheaper ways to achieve a similar end result with less shit on your food.
I guess it's the US corporate culture. Look at the US car industry - it regularly has to be dragged kicking and screaming to produce cleaner and more efficient cars. Whereas the Japanese are just going ahead and doing it.
The US Beef lobby kicks up a big fuss when the Japanese block imports of US beef for safety reasons, but I don't really blame the Japs given the "respect" the US "human fuel" industry has towards their product (I don't think they really see it as food do they?).
1) Bacteriophage treatment was used in the Soviet Union for a long long long time. 2) Why should e-coli be on the beef in the first place if you are butchering the cow properly? i.e. What's shit (cow or other) doing on your beef?
The advance I'm waiting for is a far more reliable and safe way of attaching devices to brains. Then the blind would be able to see etc.
Of course the **AA and the DMCA might cause problems with that.
Seriously, if they allow adults to have consensual sex with people who aren't their spouses, one night stands and all that, why should it matter if the partners are both 13 years old? Heck their relationship might be a lot more meaningful and last longer than the relationships of many adults.
If adults are allowed such stuff and these two get punished by the court then IMO they would be victims of the court/Law as well. They're just doing what the adults do - they don't know better (the adults should be providing better examples to children).
Maybe they should just make sex with someone not your spouse an offense:).
Is this from a certified medical doctor or just from the pilot:
"When the light hit the cockpit, it disoriented the Kern County Sheriff's pilot, causing pain and discomfort in his eyes for a couple of hours, the FBI said in a statement"
Those pointers make a beam that's visible even if you aren't hit. So you could see someone waving the laser pointer far away and claim they hit you when they didn't.
Sorry, I don't trust most cops.
Yes, cops are people too, and that's WHY I don't. I don't trust most people once you put a badge on them, or give them any significant power:).
Sounds fine to me as long as they all know the risks involved.
There might be significant motivation for Novartis et all to make stuff with not too serious side effects, since it's bad PR when things go badly wrong.
It's similar to car racing where even though the race car engines are nothing like the normal ones, it's still a major loss of face if your stuff blows up more often than your competitors.
Thing is there'll probably still be rules and cheating - I suspect that people would still want to distinguish between cyborgs and noncyborgs. For one the cyborgs are more likely to blow up than the noncyborgs - It's a Sony!;).
But if your cyborg bits pass the scanners (and dogs;) ) than I figure they're good enough for most humans.
If Google is IPv4 only, and you only have an IPv6 address (no IPv4 address), how would you use Google?
If you say NAT/proxy, 1) You still need a public IPv4 address right? I thought we were running out of those? 2) If you have a public IPv4 address and you use NATs/proxies, you might as well stick with private IPv4 since the tech is tried and proven.
Re:Bet there still isn't a decent "Stop!" button
on
HTML V5 and XHTML V2
·
· Score: 1
From your link you'll see that Ben Bucksch refers to my original proposal years earlier, which history shows is still relevant today.
The W3C and browser people still aren't interested.
I believe one of the browser people told me to implement it in a browser and then come back. Which is the equivalent of Ford Motor Corp telling me to make a car with brakes when I point out that their cars don't come with brakes built in - full of accelerator pedals, but no brakes. The W3C says stuff like: "When bad things happen all cars should throw a security exception", and that's about all the help you get from them - no requirement for brakes to be installed:).
Then when stuff happens, lots of people blame users for not driving safely or not maintaining their cars properly. They don't blame the car manufacturers and regulators for cars where to stop you need to make sure every single accelerator pedal is up, instead of just stepping on a brake pedal.
Re:Bet there still isn't a decent "Stop!" button
on
HTML V5 and XHTML V2
·
· Score: 1
Sorry don't understand the tag-soup vs DOM tree bit.
People can say XYZ won't be a tag-soup, valid XYZ is well formed and all that, but in practice attackers will send you malformed stuff if that's what it takes to exploit things.
In the real world, browsers WILL encounter tag soup, believing otherwise is naive. My proposal is to help browsers skip the nasty bits in the soup, rather than completely relying on the servers to dish out soup that's safe to all supported browsers.
A suggested implementation is for the disabling bit to be at the parser level. For example after the parser hits a restrict tag, it stops recognizing javascript (and other nonallowed stuff), and so stops adding stuff as javascript to the DOM-tree. When it sees a valid restrictoff tag it starts recognizing stuff again that aren't disallowed by other prior (and thus overriding) restrict tags.
Note: if they break the parser and get control over your browser they don't even need to care about running javascript etc anymore:).
I really don't care what form the tag eventually takes, I would prefer to leave it to the HTML people. That's why more than 5 years ago I tried to bring it up to them and the browser people. Some said it should be <tag/>, others said it should be something else, some have said I shouldn't be calling it a tag - technically it's not a tag, etc. I have resubmitted things to try to suit them. But almost all seemed to think that the filtering should only be done server side.
5 years have passed, and I still think I'm right that filtering shouldn't only be done server side:).
The HTML/browser people don't have to listen to me. Just means more money and jobs in the IT security line. Making money due to backwardness when thing could be so much better. Oh well, it's still money eh?
I think ubuntu and Suse have apparmor already which is similar to SELinux.
"First, if an app is going to announce itself, it might as well be specific and come with a full ACL describing what it should be doing,"
Should only do this for custom ACLs.
Most apps should be able to fall under a more manageable set of template ACLs that users can recognize.
Custom system ACLs could be signed by the OS vendor, so no prompts to the user - stuff just runs.
Custom 3rd party ACLs could be signed by a verifier that certifies it as being a member of a hopefully more recognizable class of ACLs (maybe with power/safety rating:) ). Perhaps the verifier could add comments (but then you might have to support multilanguage and all that "fun" stuff).
The last is similar to your suggestion of whitelisted acls and software pairs.
I have given the matter a fair amount of thought, and I believe it's actually doable and significantly beneficial.
But whether it will get done...:p
Re:Bet there still isn't a decent "Stop!" button
on
HTML V5 and XHTML V2
·
· Score: 2, Insightful
No because the closing tag has to have a lock string that matches the lock on the opening tag.
My attempts to change the world (albeit by a little bit) aren't going very well either - it's been more than 5 years since I first proposed the tags, but so far the W3C and Mozilla bunch have preferred to make other "more fun" stuff instead...
Personally I don't see why anyone should be granted a monopoly over any of the possible ways of doing that sort of stuff.
;).
;). And having longer patents would enslave the rest of us to the far more plentiful crappier "inventors".
:). I just bought two made in China toy RC helicopters for about USD27 each, they appear to be a clone of the original Mosquito helicopter BUT they have more robust rotor blades from the original, and they also have a stabilizer bar which the original doesn't appear to have.
So far in the past 20 years there have been very very few real innovations (not just incremental improvements).
Way back in the 1960s that Douglas Engelbart guy had a chord keyboard, mouse, was doing hypertext, wordprocessing, shared screen collaboration with another person over a remote link, etc. Too bad he was a bit too early
The people who are really innovative would be so far ahead of their time that 20 year patents won't help them
So I don't see why anybody should be getting monopolies over anything. Hardly anyone who's got a patent deserves to have a monopoly.
Maybe in the absence of patents we could award some innovation prizes or something, so that the really innovative people can at least be comforted decades later that they were trail blazing the right track.
You don't need patents to get incremental improvements - there are millions of people in China who know how to do incremental improvements, and they will do them whether you like it or not
If you're smart and you want to get rich go run a few laundromats or something. Boring? Doesn't require lots of brains or inventiveness? Good, that means you can pay someone not too smart a salary to do it. Then you can use the money and time left over to do your fun stuff.
True, but there are still too many replies below various thresholds. But sometimes I still reply anyway :).
:p.
On the subject of sigs, re: your sig, I haven't had mod points for very many years, maybe it's because I used to mod back up "off topic" stuff that were interesting replies to perhaps off tangent/topic stuff, and mod "underrated" stuff that's troll or flamebait.
Maybe it's because I replied in one of those infamous blacklisted threads.
Or maybe it's because of my sig - I can't remember what happened first
AFAIK allergic reactions are an immune system response.
;).
From fever, rashes to swell up and die.
Well maybe one side effect could be you end up feeling low for the rest of your life
Macintosh computers aren't what I call very expensive loads.
;).
;) ) even in rather short
If I were a trucker driving a full load of Intel processors from the factory to the airport then I might be a bit nervous
I've heard cases where somehow trucks get hijacked ( allegedly
journeys from the factory to the airport.
More important than carrying Uzis:
;).
1) They are willing to get between the bullet and you.
2) They wear decent body armour.
Without 2) the bullet could still go through them and into you. 2) also should help keep staff retention at decent levels
After all those "economical" techniques is that e coli beef significantly cheaper than beef elsewhere to _purchasers_?
Or are a few rich people getting even richer from consumer ignorance? The last I checked those cowboys aren't earning big bucks for what they do. Maybe the mexicans in the slaughterhouses are?
For a similar issue check out the salmonella problem ( http://www.cspinet.org/reports/polt.html ). It's being spun that it's the customer's problem that they are not cooking stuff properly. But if it's standard practice to dump chickens into the same chilled water, it's no surprise so many chickens end up being contaminated.
Perhaps people should cook stuff properly, but a look at how the industry is doing stuff should show you things are so much crappier than they should be.
Yes it would be prohibitively expensive to keep changing the chilled water etc, but maybe if there were pressures to do things better there would be cheaper ways to achieve a similar end result with less shit on your food.
I guess it's the US corporate culture. Look at the US car industry - it regularly has to be dragged kicking and screaming to produce cleaner and more efficient cars. Whereas the Japanese are just going ahead and doing it.
The US Beef lobby kicks up a big fuss when the Japanese block imports of US beef for safety reasons, but I don't really blame the Japs given the "respect" the US "human fuel" industry has towards their product (I don't think they really see it as food do they?).
1) Bacteriophage treatment was used in the Soviet Union for a long long long time.
2) Why should e-coli be on the beef in the first place if you are butchering the cow properly? i.e. What's shit (cow or other) doing on your beef?
The advance I'm waiting for is a far more reliable and safe way of attaching devices to brains. Then the blind would be able to see etc.
Of course the **AA and the DMCA might cause problems with that.
Because some developers like to use newfangled stuff like DirectX 10?
Even if it's not necessary (or it is counterproductive).
Don't forget, Microsoft will try to get devs over to Vista ASAP.
The stats for q=porn are quite different for the stats for q=sex.
Go figure.
Thing is it's not just rape that gets you registered as a sex offender.
Well that shows that law is screwed up.
:).
Seriously, if they allow adults to have consensual sex with people who aren't their spouses, one night stands and all that, why should it matter if the partners are both 13 years old? Heck their relationship might be a lot more meaningful and last longer than the relationships of many adults.
If adults are allowed such stuff and these two get punished by the court then IMO they would be victims of the court/Law as well. They're just doing what the adults do - they don't know better (the adults should be providing better examples to children).
Maybe they should just make sex with someone not your spouse an offense
Then they should make stuff like adultery an offense (apparently it's still an offense in some US States just not prosecuted).
;)
It seems rather incongruous to treat adultery lightly while making a big fuss about the other stuff e.g. people looking at pictures of naked people.
If people don't have sex out of marriage (that includes premarital sex) stuff like HIV become a lot less of a problem.
Yes I know this is Slashdot and adultery is not likely to directly affect most of us, but humour me OK?
What makes sexual offenders so much worse than violent nonsexual offenders (who are allowed internet access)?
There are a fair number of sexual offenders who aren't actually violent.
I believe sex crimes include stuff like indecent exposure, "Lewd and lascivious conduct", consensual (but illegal) sex, etc.
I guess the Wars Against Drugs, Terror, Iraq etc are not enough, have to start a War Against Sex Offenders too.
Oh well I suppose that makes most voters in New Jersey feel safer.
It is a fair assumption, most of them aren't very smart (and why should they need to be?) and are usually ignorant.
;). Works for politicians, works for Microsoft.
For as long as most people are stupid and ignorant it makes sense to target the largest market
So you have thousands of windows administrators that can only admin say 5-10% of a single machine (they can't figure out the rest).
Whereas a skilled admin should be able to admin hundred or so windows/linux desktops, or thousands of Linux/BSD servers.
Is this from a certified medical doctor or just from the pilot:
:).
"When the light hit the cockpit, it disoriented the Kern County Sheriff's pilot, causing pain and discomfort in his eyes for a couple of hours, the FBI said in a statement"
Those pointers make a beam that's visible even if you aren't hit. So you could see someone waving the laser pointer far away and claim they hit you when they didn't.
Sorry, I don't trust most cops.
Yes, cops are people too, and that's WHY I don't. I don't trust most people once you put a badge on them, or give them any significant power
Mod parent up.
;).
I bet that customer isn't coming back for a long time
Makes me wonder if some Circuit City etc store has a stash of illegal porn just waiting to be discovered in a raid.
Sounds fine to me as long as they all know the risks involved.
;).
;) ) than I figure they're good enough for most humans.
There might be significant motivation for Novartis et all to make stuff with not too serious side effects, since it's bad PR when things go badly wrong.
It's similar to car racing where even though the race car engines are nothing like the normal ones, it's still a major loss of face if your stuff blows up more often than your competitors.
Thing is there'll probably still be rules and cheating - I suspect that people would still want to distinguish between cyborgs and noncyborgs. For one the cyborgs are more likely to blow up than the noncyborgs - It's a Sony!
But if your cyborg bits pass the scanners (and dogs
Well it's going to be hard getting those fat bearded hackers through air vents or windows.
;).
On the bright side, some of them might actually smell better after dumpster diving.
Will that be after or before Duke Nukem Forever is released? ;)
"Unless you actually want to access the machines behind that public IP address. Which is one of the nice things you can do with v6."
1) How do you do that with v6 if the one side is IPv4 only?
2) You can already do that with only IPv4 - just use VPNs.
The same way people suggest the IPv6 stuff interoperates with IPv4, is the same way to get IPv4 working with few addresses.
The Media companies will actually love the resulting scenario, because with the shortage of public IPs, they gain more power and control.
Don't get me wrong, I would like a solution, just that IPv6 is pretty crappy as a solution.
I suppose that's the only solution we're going to get though. Nobody has any better ideas?
If Google is IPv4 only, and you only have an IPv6 address (no IPv4 address), how would you use Google?
If you say NAT/proxy,
1) You still need a public IPv4 address right? I thought we were running out of those?
2) If you have a public IPv4 address and you use NATs/proxies, you might as well stick with private IPv4 since the tech is tried and proven.
From your link you'll see that Ben Bucksch refers to my original proposal years earlier, which history shows is still relevant today.
:).
The W3C and browser people still aren't interested.
I believe one of the browser people told me to implement it in a browser and then come back. Which is the equivalent of Ford Motor Corp telling me to make a car with brakes when I point out that their cars don't come with brakes built in - full of accelerator pedals, but no brakes. The W3C says stuff like: "When bad things happen all cars should throw a security exception", and that's about all the help you get from them - no requirement for brakes to be installed
Then when stuff happens, lots of people blame users for not driving safely or not maintaining their cars properly. They don't blame the car manufacturers and regulators for cars where to stop you need to make sure every single accelerator pedal is up, instead of just stepping on a brake pedal.
Sorry don't understand the tag-soup vs DOM tree bit.
:).
/>, others said it should be something else, some have said I shouldn't be calling it a tag - technically it's not a tag, etc. I have resubmitted things to try to suit them. But almost all seemed to think that the filtering should only be done server side.
:).
People can say XYZ won't be a tag-soup, valid XYZ is well formed and all that, but in practice attackers will send you malformed stuff if that's what it takes to exploit things.
In the real world, browsers WILL encounter tag soup, believing otherwise is naive. My proposal is to help browsers skip the nasty bits in the soup, rather than completely relying on the servers to dish out soup that's safe to all supported browsers.
A suggested implementation is for the disabling bit to be at the parser level. For example after the parser hits a restrict tag, it stops recognizing javascript (and other nonallowed stuff), and so stops adding stuff as javascript to the DOM-tree. When it sees a valid restrictoff tag it starts recognizing stuff again that aren't disallowed by other prior (and thus overriding) restrict tags.
Note: if they break the parser and get control over your browser they don't even need to care about running javascript etc anymore
I really don't care what form the tag eventually takes, I would prefer to leave it to the HTML people. That's why more than 5 years ago I tried to bring it up to them and the browser people. Some said it should be <tag
5 years have passed, and I still think I'm right that filtering shouldn't only be done server side
The HTML/browser people don't have to listen to me. Just means more money and jobs in the IT security line. Making money due to backwardness when thing could be so much better. Oh well, it's still money eh?
I think ubuntu and Suse have apparmor already which is similar to SELinux.
:) ). Perhaps the verifier could add comments (but then you might have to support multilanguage and all that "fun" stuff).
:p
"First, if an app is going to announce itself, it might as well be specific and come with a full ACL describing what it should be doing,"
Should only do this for custom ACLs.
Most apps should be able to fall under a more manageable set of template ACLs that users can recognize.
Custom system ACLs could be signed by the OS vendor, so no prompts to the user - stuff just runs.
Custom 3rd party ACLs could be signed by a verifier that certifies it as being a member of a hopefully more recognizable class of ACLs (maybe with power/safety rating
The last is similar to your suggestion of whitelisted acls and software pairs.
I have given the matter a fair amount of thought, and I believe it's actually doable and significantly beneficial.
But whether it will get done...
No because the closing tag has to have a lock string that matches the lock on the opening tag.
:).
My attempts to change the world (albeit by a little bit) aren't going very well either - it's been more than 5 years since I first proposed the tags, but so far the W3C and Mozilla bunch have preferred to make other "more fun" stuff instead...
Maybe Microsoft has subverted the W3C too