As you can see, the Safari and Internet Explorer arguments are one and the same, and people need to stop pretending that the Mac OS setup is somehow different.
Except that Safari doesn't have a decade-long history of being rife with often-exploited security flaws, nor did Apple ignore standards that they helped create (HTML, CSS). THAT is the #1 reason we hate IE. MS's bad behaviors are icing on the cake--real geeks hate IE because it's a crappy, crappy product, from a technology and security perspective, which achieved market dominance. No matter what or why, we hate when the worst product wins.
shows 102 HRs. Each of those numbers may be a bit off (I see at least one other HR on the page; there might be other name links as well)--sometimes you need manual labor, not code, to get exact answers to annoying questions like this.
CAs should be fixed to not allow garbage in the domain. \0 isn't a legal character in DNS protocol, so why should anyone be allowed to register a domain certificate with something that is not allowed.
Exactly. My mind is totally blown by this. They're issuing SECURITY certificates and they don't VALIDATE USER INPUT?!?!? Isn't that the very first thing they cover when talking about how to design apps securely? This is would take, what, a one-line regular expression to catch? God help them if Bobby Tables wants a cert.
I agree that texting costs more than it should, but a security researcher saying "OMG we can't test because texting is too expensive!!!111" is even more ridiculous. $20/mo is less than ONE DOLLAR per workday. You can't swing a buck a day? Lunch--hell, a COFFEE--costs more.
Gotta love the way things get prioritized to create an attention-grabbing headline.
"Though Miller and Mulliner say they notified Apple about the vulnerability more than a month ago, the company hasn't released a patch..."
OMG, ONE WHOLE MONTH! Oh, and by the way, "...in the last 18 months, cybercriminals have begun using text messages to send links to malicious Web sites that infect the phone with malware, says Mikko Hyppönen, an F-Secure researcher. One seemingly-Chinese variant, known as 'Sexy View' and currently targeting the Symbian operating system, is far more threatening than an iPhone attack, given that around 50% of cellphones use Symbian, [emphasis added] Hyppönen says."
Miller also says "Texting applications' insecurity isn't due to the software's complexity so much as the security community's inattention and the expense of sending thousands of text messages to test a phone's security..."--um, I have an unlimited texting plan (AT&T, USA) and it's... well, I forget how much, but it's not a lot.
That said, a) it shouldn't be that hard to lock down an app whose main job is to send, receive, and display TEXT, and 2) because of that, I hope Apple issues a fix for this soon.
If they had a million VMs running NAV, the heat generated from CPU and disk usage would cause the data center to melt through the floor and start sinking to the center of the Earth.
And the other 90% comes from... you guessed it, THE PUBLIC DOMAIN! Snow White and the Seven Dwarfs, Pinocchio, Cinderella, Peter Pan, Sleeping Beauty, The Sword in the Stone, The Jungle Book, Robin Hood, The Little Mermaid, Beauty and the Beast, Aladdin, The Hunchback of Notre Dame, Hercules, and Tarzan, to name just a few. And they're still at it--look for Rapunzel in 2010. Fucking HYPOCRITES!
1) Wow. Must be pretty cool to have the richest man in the world read, and write for, your blog. I'm sure there were 9 layers of PR people between Bill and Gizmodo, but still. Damn.
Wow, talk about missing the point. You think it's heavy trying to carry a police officer around, try toting a whole HOUSE! It's a big world out there, outside your mom's basement.
If you ever decide to do something as stupid as build an automatic terrorism detector, here's a math lesson you need to learn first. It's called "the paradox of the false positive," and it's a doozy.
Say you have a new disease, called Super-AIDS. Only one in a million people gets Super-AIDS. You develop a test for Super-AIDS that's 99 percent accurate. I mean, 99 percent of the time, it gives the correct result -- true if the subject is infected, and false if the subject is healthy. You give the test to a million people.
One in a million people have Super-AIDS. One in a hundred people that you test will generate a "false positive" -- the test will say he has Super-AIDS even though he doesn't. That's what "99 percent accurate" means: one percent wrong.
What's one percent of one million?
1,000,000/100 = 10,000
One in a million people has Super-AIDS. If you test a million random people, you'll probably only find one case of real Super-AIDS. But your test won't identify one person as having Super-AIDS. It will identify 10,000 people as having it.
Your 99 percent accurate test will perform with 99.99 percent inaccuracy.
That's the paradox of the false positive. When you try to find something really rare, your test's accuracy has to match the rarity of the thing you're looking for. If you're trying to point at a single pixel on your screen, a sharp pencil is a good pointer: the pencil-tip is a lot smaller (more accurate) than the pixels. But a pencil-tip is no good at pointing at a single atom in your screen. For that, you need a pointer -- a test -- that's one atom wide or less at the tip.
This is the paradox of the false positive, and here's how it applies to terrorism:
Terrorists are really rare. In a city of twenty million like New York, there might be one or two terrorists. Maybe ten of them at the outside. 10/20,000,000 = 0.00005 percent. One twenty-thousandth of a percent.
That's pretty rare all right. Now, say you've got some software that can sift through all the bank-records, or toll-pass records, or public transit records, or phone-call records in the city and catch terrorists 99 percent of the time.
In a pool of twenty million people, a 99 percent accurate test will identify two hundred thousand people as being terrorists. But only ten of them are terrorists. To catch ten bad guys, you have to haul in and investigate two hundred thousand innocent people.
My first memory of this game was seeing the Atari version at the Exploratorium. I never knew that the original was text!
HERE ARE THE RULES THAT GOVERN YOUR SPACE VEHICLE:
(1) AFTER EACH SECOND, THE HEIGHT, VELOCITY, AND REMAINING FUEL WILL BE REPORTED.
(2) AFTER THE REPORT, A '?' WILL BE TYPED. ENTER THE NUMBER OF UNITS OF FUEL YOU WISH TO BURN DURING THE NEXT SECOND. EACH UNIT OF FUEL WILL SLOW YOUR DESCENT BY 1 FT/SEC.
Reading that, I was expecting (3) to be "It is pitch black. You are likely to be eaten by a grue.":-)
You mean that store that hit the five-billion-songs-sold mark ($4,950,000,000) over a year ago and has gone on to become a very successful movie, tv, and app store? (50k movies sold or rented per day) OK, I'd buy that for $7.8M. (Source: http://www.apple.com/pr/library/2008/06/19itunes.html)
Slashdot Mirror
As you can see, the Safari and Internet Explorer arguments are one and the same, and people need to stop pretending that the Mac OS setup is somehow different.
Except that Safari doesn't have a decade-long history of being rife with often-exploited security flaws, nor did Apple ignore standards that they helped create (HTML, CSS). THAT is the #1 reason we hate IE. MS's bad behaviors are icing on the cake--real geeks hate IE because it's a crappy, crappy product, from a technology and security perspective, which achieved market dominance. No matter what or why, we hate when the worst product wins.
But will it run Linux?
Sorry, I didn't even bother to read the title. What's this discussion about?
Each actor's name is a link so
shows 339 individual spoken lines. There's a horizontal rule (width=30%) after each block of dialog and
shows 102 HRs. Each of those numbers may be a bit off (I see at least one other HR on the page; there might be other name links as well)--sometimes you need manual labor, not code, to get exact answers to annoying questions like this.
When Aliens Attack... of course it's from Fox!
CAs should be fixed to not allow garbage in the domain. \0 isn't a legal character in DNS protocol, so why should anyone be allowed to register a domain certificate with something that is not allowed.
Exactly. My mind is totally blown by this. They're issuing SECURITY certificates and they don't VALIDATE USER INPUT?!?!? Isn't that the very first thing they cover when talking about how to design apps securely? This is would take, what, a one-line regular expression to catch? God help them if Bobby Tables wants a cert.
I agree that texting costs more than it should, but a security researcher saying "OMG we can't test because texting is too expensive!!!111" is even more ridiculous. $20/mo is less than ONE DOLLAR per workday. You can't swing a buck a day? Lunch--hell, a COFFEE--costs more.
Gotta love the way things get prioritized to create an attention-grabbing headline.
"Though Miller and Mulliner say they notified Apple about the vulnerability more than a month ago, the company hasn't released a patch..."
OMG, ONE WHOLE MONTH! Oh, and by the way, "...in the last 18 months, cybercriminals have begun using text messages to send links to malicious Web sites that infect the phone with malware, says Mikko Hyppönen, an F-Secure researcher. One seemingly-Chinese variant, known as 'Sexy View' and currently targeting the Symbian operating system, is far more threatening than an iPhone attack, given that around 50% of cellphones use Symbian, [emphasis added] Hyppönen says."
Miller also says "Texting applications' insecurity isn't due to the software's complexity so much as the security community's inattention and the expense of sending thousands of text messages to test a phone's security..."--um, I have an unlimited texting plan (AT&T, USA) and it's... well, I forget how much, but it's not a lot.
That said, a) it shouldn't be that hard to lock down an app whose main job is to send, receive, and display TEXT, and 2) because of that, I hope Apple issues a fix for this soon.
If they had a million VMs running NAV, the heat generated from CPU and disk usage would cause the data center to melt through the floor and start sinking to the center of the Earth.
what legal consequences are there for lying in this kind of situation?
Typically, laws passed in your favor and increased profits.
The funniest part is...
I guess you're not supposed to do such things when you run a company that makes handsets, though.
Wow. I never would have guessed.
Welcome to the Internet, where all your jokes come true. :-)
God knows it's been ages, and the whole ball and paddle thing... I don't know, I just feel they could be doing so much more.
And the other 90% comes from... you guessed it, THE PUBLIC DOMAIN! Snow White and the Seven Dwarfs, Pinocchio, Cinderella, Peter Pan, Sleeping Beauty, The Sword in the Stone, The Jungle Book, Robin Hood, The Little Mermaid, Beauty and the Beast, Aladdin, The Hunchback of Notre Dame, Hercules, and Tarzan, to name just a few. And they're still at it--look for Rapunzel in 2010. Fucking HYPOCRITES!
1) Wow. Must be pretty cool to have the richest man in the world read, and write for, your blog. I'm sure there were 9 layers of PR people between Bill and Gizmodo, but still. Damn.
2) Almost as important, 1979 was a good year for Lego, too. I remember the original space sets well.
Wow, talk about missing the point. You think it's heavy trying to carry a police officer around, try toting a whole HOUSE! It's a big world out there, outside your mom's basement.
They give you cancer but they can diagnose blood disease. Sounds like a fair trade-off. :-)
Can't help with the cable mess, just wanted to point out that the proper plural of NAS is not NASes, it's NASen.
It was faster before they added all the craptastic javascript everywhere.
Agreed. Also, it's slow.
Cory Doctorw explains it pretty well.
If you ever decide to do something as stupid as build an automatic terrorism detector, here's a math lesson you need to learn first. It's called "the paradox of the false positive," and it's a doozy.
Say you have a new disease, called Super-AIDS. Only one in a million people gets Super-AIDS. You develop a test for Super-AIDS that's 99 percent accurate. I mean, 99 percent of the time, it gives the correct result -- true if the subject is infected, and false if the subject is healthy. You give the test to a million people.
One in a million people have Super-AIDS. One in a hundred people that you test will generate a "false positive" -- the test will say he has Super-AIDS even though he doesn't. That's what "99 percent accurate" means: one percent wrong.
What's one percent of one million?
1,000,000/100 = 10,000
One in a million people has Super-AIDS. If you test a million random people, you'll probably only find one case of real Super-AIDS. But your test won't identify one person as having Super-AIDS. It will identify 10,000 people as having it.
Your 99 percent accurate test will perform with 99.99 percent inaccuracy.
That's the paradox of the false positive. When you try to find something really rare, your test's accuracy has to match the rarity of the thing you're looking for. If you're trying to point at a single pixel on your screen, a sharp pencil is a good pointer: the pencil-tip is a lot smaller (more accurate) than the pixels. But a pencil-tip is no good at pointing at a single atom in your screen. For that, you need a pointer -- a test -- that's one atom wide or less at the tip.
This is the paradox of the false positive, and here's how it applies to terrorism:
Terrorists are really rare. In a city of twenty million like New York, there might be one or two terrorists. Maybe ten of them at the outside. 10/20,000,000 = 0.00005 percent. One twenty-thousandth of a percent.
That's pretty rare all right. Now, say you've got some software that can sift through all the bank-records, or toll-pass records, or public transit records, or phone-call records in the city and catch terrorists 99 percent of the time.
In a pool of twenty million people, a 99 percent accurate test will identify two hundred thousand people as being terrorists. But only ten of them are terrorists. To catch ten bad guys, you have to haul in and investigate two hundred thousand innocent people.
*shrugs*
My first memory of this game was seeing the Atari version at the Exploratorium. I never knew that the original was text!
HERE ARE THE RULES THAT GOVERN YOUR SPACE VEHICLE:
(1) AFTER EACH SECOND, THE HEIGHT, VELOCITY, AND REMAINING
FUEL WILL BE REPORTED.
(2) AFTER THE REPORT, A '?' WILL BE TYPED. ENTER THE
NUMBER OF UNITS OF FUEL YOU WISH TO BURN DURING THE
NEXT SECOND. EACH UNIT OF FUEL WILL SLOW YOUR DESCENT
BY 1 FT/SEC.
Reading that, I was expecting (3) to be "It is pitch black. You are likely to be eaten by a grue." :-)
I've invented a device which makes you read this in your head, in my voice!
Which is a good thing because you won't actually be hearing my voice while you watch the show! Better turn subtitles on, mwa?
You mean that store that hit the five-billion-songs-sold mark ($4,950,000,000) over a year ago and has gone on to become a very successful movie, tv, and app store? (50k movies sold or rented per day) OK, I'd buy that for $7.8M. (Source: http://www.apple.com/pr/library/2008/06/19itunes.html)
It would seem someone who drives less frequently is less practiced and would be a greater risk as compared to someone who is a regular driver.
That is correct. Also, whenever you drive, you should go as fast as possible to minimize your exposure to danger. Especially in bad weather. :-)