It may or may not be mixed with anything narsty (I'd lean toward "almost certainly does"), and it may or may not exist in sufficient quantities to be useful.
However, this is still a potentially significant discovery. If a future expedition discovers that there's enough water up there, it could make lunar bases easier to build. After all, water is probably the single heaviest thing you'd have to carry up for a lunar base. If a ready supply is already there, that's a big start, even if you have to develop some technologies to scrub the nasties out of it before you can drink it. It's also an important building component if you want to use local materials to, say, build protective walls over your delicate settlement. Lunar adobe brick made of local dirt and local water, for example. Then you wouldn't care what contaminants are in it, as long as it could be used to solidify bricks.
I have managed, through sources connected to major aerospace corporation, to collect a small sample of the water of moon and I can assuring you it is both refreshingly also delicious.
Do not listen to the naysayers who undoubtedly assure that such a beverage must be much expensive for the average person can afford! It is most assuredly not that way!
I have decided to assist them in the funding of their next expedition to moon by selling some of water that was returned from the last expedition. The aerospace company is located in small country in southern Africa, so you must comprehend there are bribes and other politics involved extracting an amount for your purchase and enjoyment.
However, I can assure you that the water is pure and safe, ready to drink, and unaltered. Through amazing coincidence, it contains all of the same chemicals found in most spring water, so it is most assuredly beneficial to your consumption use.
If you are interested in such opportunity, please reply soonest and I will arrange to have a sample sent to you. I may need small amount sent in cash, and if sample is of proven quality to you we may further discuss additional quantities.
So your company sells a product and spends more time making sure that what they sell is based on valid licensing than what they use. That is a rational business decision.
If you get caught pirating shareware (or even commercial software), the BSA will come down on you pretty hard, but generally they go easy on companies that work to comply. I mean, it's not like you shared 10 tracks on the Internet and didn't make any money. You're a for-profit business and the punishment standards are much lower than a nefarious casual music pirate.
All jokes aside, the BSA will charge you a decent chunk of change, but it's going to work out a rational way for you to pay for what you use, and the penalties aren't going to put you out of business - they'd rather capture 10% than drive you out of business trying to capture 100%.
On the other hand, if you are found guilty of busting licenses on stuff you are actively engaged in selling for profit, the code you are pirating can cost you a REAL chunk of sales.
Give the company a solid chance to come clean and fix up their licensing issues, with enough information to decide whether they want to. A lot of these issues can be cleared up with truly free software. Some things, like the WinZip delay thing, are technically not illegal but sure can't be helping internal feelings about the company's compliance (in other words, they are obvious signs that the company has licensing issues, and therefore might make a disgruntled employee a nice severance package courtesy of the BSA).
Make sure you have CLEAR documentation that you are undergoing that effort and are actively communicating your findings to management. Make sure that said documentation points out the cost and risk of not complying, and make it clear that while you have no interest in profiting by reporting it, others easily might. That may include citations of the BSA's cut and how much a disgruntled employee could potentially make if they decided to.
Don't threaten to blow the whistle yourself, but make it clear that someone easily could, and try to work with them to get things cleared up. At the same time, be sure it is well documented that you are a driving force for compliance. That way, if the company decides to screw you over and make you the scapegoat, you have plenty of evidence to demonstrate that the problem was there long before you were, and that you were trying to get them in compliance.
If, after all of your effort, the company decides that they would rather continue operations as-is, you have to let your conscience and circumstances be your guide on that one. Generally the proper thing to do is leave the company and contact the BSA. But you have to call the shots as you see them - if your employer is your father-in-law or has a title of of "Don", or both, you might want to simply become a very respectful advocate for truly free software and hope you can cop a plea if the company ever gets caught. And do what you're told because Guido can make the BSA boys look like rank amateurs, and a few years in prison with intact kneecaps is better than doing a personal verification to see if cement footwear is waterproof. I mean, I like the water and all, but...
As far as your immediate "what do I do about the computer in front of me" issue... Personally, I have refused and will continue to refuse to install software on company hardware unless it's clearly legal to do so.
I can also say that really easily - I've only had one company ever ask it of me, and they had some serious compliance issues, but the decision was easy. After a long meeting with a few executives about the risks to the company and an honest assessment how much money the company was really "saving", they decided it was best to spend the money on valid licenses and have me remove anything that was not in compliance until we could clear things up.
This was also a financial management company that had a lot of customer data in their possession and processed checks and other monetary instruments by the thousands every day - having the word hit the street that they couldn't count licenses or were knowingly engaging in piracy could lead to an exceptionally unpleasant visit from people far less forgiving than the BSA. They had also never had an IT resource before - each department bought their own software and I was their first foray into a centralized IT "organization", if you want to call a young snot-nosed kid happy to have a folding table in the server room as his desk on his first IT job an "organization".
The uninstall/buy/reinstall process was VERY ugly, but at the end we had a fully compliant company with a clear sheet of purchased licenses and a clean process for transferring licenses from computer to computer, and all the install media was locked away. I won't say we hit 100%, people still brought in pirated software (this was in the Windows 3.11 days, much harder to prevent it back then). But we had pretty clear documentation that we were doing our best to keep things clean.
OK, so if people don't know any better, how is the consent going to be considered "informed" in any way?
I understand your point, but problem cannot be solved through consent if the users don't understand what they are consenting to. And if they understood what they were consenting to, they'd know they ALREADY HAVE the tools to block cookies if they want to.
You can easily simulate the effectiveness and impact of this new law.
Pick 100 people who call their desktop computer case "the hard drive". Ask all of them if they know what a third-party cookie is and eliminate anyone who doesn't say something about frosting. I mean no insult to inexperienced computer users here - but you need to find people "who don't know any better".
Put them in front of a fresh install of {Firefox, Opera, IE} with "ask about every cookie" turned on.
After two hours, you'll experience one of four behaviors:
1. The cleverest will simply find a way to turn the prompts off and leave cookies on. You'll get a lot more of these if you leave a 10-year-old kid in the room. 2. Some will say "no" every time, and will complain that the Internet has a lot of problems, can't seem to remember things, and why are they being asked about dessert all the time? 3. Some will say "yes" every time and simply gripe about all the stupid boxes asking permission for cookies all the time. But at least the Internet remembers things. 4. Some will see their first prompt and get educated. Again, see the point about having a 10-year-old in the room. Those who gain an understanding about the various uses for cookies will make an informed choice on every cookie for every site. Am I at yro.slashdot and I'm getting a cookie for login.slashdot? That's probably good. Am I getting a cookie for ads.thetrackingcompany? Probably not so good, depending on your personal feelings on tracking. They will make a nuanced, informed decisions about each cookie.
#4 will last, depending on the perseverance of the user, for anywhere between 1 minute and several days. Then they'll revert to #1, because it's a shitload of work for little actual security benefit. Some might only prompt for third-party cookies, that'll last for a week or two. Then they'll revert to #1 as well.
Oh, wait, #1 would be made illegal under EU law.
Now imagine, instead of a consistent per-cookie prompt, tens of thousands of companies having to implement this in HTML with no consistent wording, no consistent way to say yes or no, no consistent way of tracking that permission has in fact been given, no way to change permission on the user end once it's been given or denied (or conflicting/inconsistent ways to do so).
Your educated, informed users are going to be horribly inconvenienced and deeply regret the passage of this law, because they've already made their decision in their browser settings. Your least educated, least informed users are going to either piss and moan about the new thingies they have to click on to access every single site they visit and be no better educated than they are today, or they'll quickly become a more informed user and piss and moan, but with an understanding of what is annoying them.
What browser do you use? IE, Firefox, and Opera all have a very simple user setting that you can turn on. It's off by default, but is really easy to turn on.
The instant you do, you'll be asked every time a site wants to set or use a cookie. With most of them you can even differentiate between first- and third-party cookies (so cookies that originate from the site you are visiting can be tracked differently from cookies that originate from other sites). Once a site has been asked about, most browsers allow you to choose between four functional options (they are presented differently in each browser):
1. Yes, and always allow cookies from this site or domain without asking. 2. Yes, just this once. 3. No, just this once. Ask me again next time. 4. No, and never allow cookies from this site or domain again, and never ask me again.
Actually, you owe it to yourself to turn this feature on, if only for a short time before the popup warnings drive you insane. It's a real eye-opener as to how much cookies are used on the Web today.
Ideally, all browsers would come with this set on in the beginning, with a large prominent button that said "never ask me this again - by pressing this I give my browser permission to gobble down all the delicious delicacies it wants". EU happy, users happy, trackers happy. And for those who really, REALLY care about tracking cookies, well, don't push the button.
It's an interesting argument, and parallels the "open WiFi access point" issue - if someone "steals" your WiFi because you were too lazy to at least hide the SSID and left it in unencrypted broadcast mode, then some (myself included) would be inclined to regard it as usage of something openly offered and not theft.
It even parallels the WiFi argument in that most browsers are set to accept all cookies (first and third party) without prompting but that it is a trivial matter to set your browser to ask you (in the same way that it's trivial to at least hide the SSID or enable some useless encryption like WEP to at least make it clear that your wireless access point is NOT for public use).
Then your Slashdot rights will be revoked to Anonymous Coward and you'll be forced to post at -2 for the rest of eternity, where even the mods can't select low enough to find you and mod you up. Screaming at the top of your lungs, never to be heard. But with good coffee aplenty. And muffins. Hey, it's Purgatory, not hell.
No, sorry, I never said that. I said that their summary listed ActiveX as a separate technology from web browsers. Based on that, they may or may not be including ActiveX vulnerabilities as part of IE.
And I'm not even sure if that would be valid, either way. ActiveX is separate, though it cannot to my knowledge be separatED, from Internet Explorer. You can also add ActiveX to Firefox.
However, I cannot conjecture as to their ACTUAL testing/validating/summarizing methodology because they did not see fit to disclose it in the paper.
So the ActiveX thing is just me pointing out additional uncertainties introduced by their summary, over and above the fact that they didn't provide any supporting data, or even any idea where they got their data, or how they compiled it.
About the only thing I can tell for sure from that paper is their contact information on the last page if I want to buy crap from them.
This is an executive summary designed to lead up to a sales presentation. And the executive summary may be based on real data. Or it may not.
Right, but in this case they aren't even really stating clearly what metric they are using. Maybe they picked four guys and had them each dress up as their favorite browser, then threw sunflower seeds at them and treated each one that stuck to their costumes as a "bug" for the report. It just means the Firefox dude made his out of duct tape and left the sticky bit exposed.
Seriously, without some indication of how the raw data was collected and how it was collated, this might as well be a made-up number, and any discussion of what it means is useless because we don't even know what it's SUPPOSED to mean, much less if it's rigorously derived and based on unbiased data.
Maybe it's a good conclusion based on real data and Firefox really is a piece of crap.
If so, every other study I've seen that is based on real-world vulnerability/exposure (as opposed to bug counts, which aren't even possible to compare in a meaningful way) is wrong and these guys are freaking geniuses.
Based on this article? Impossible to say. In fact, since there's no mention made of what data they used or how they compiled the raw data, I'd suggest that the number may be based on something meaningless. Or maybe not.
Firefox is certainly not invulnerable. But Firefox rarely remains vulnerable to any flaw for long, and by definition every bug that happens is reported. So that will tend to overestimate the "number of bugs" and underestimate the importance of how fast they went away.
Have read the article, and the attached PDF, and they only state the conclusions. No mention is made of how they counted vulnerabilities, only that Firefox had 44% of them, and that they represented "Web Vulnerabilities by Major Type". Adding to the confusion was that they also talked about applications and servers and alternated back and forth between the three with little warning.
Also interesting was that "ActiveX" was listed as a technology separate from Web Browsers, the one time it was mentioned. In other words, their vulnerability percentage, which is already vague, may not include ActiveX vulnerabilities within IE. Or they may. All we know is that they claim IE has 15%.
Nowhere is there mention of what constitutes a reportable vulnerability, what versions of each browser were counted, how they were classified or even what the classifications were, what sorts of reports were included by browser (did plugins or addons get included in Firefox? ActiveX for IE? For multiplatform browsers like Opera, Firefox, and Safari, were vulnerabilities mitigated by only being exploitable on some platforms and not others, or reported multiple times - once for each vulnerable platform?)
The PDF was severely [citation needed], but remarkably honest in that it expressed surprise that Firefox was the most vulnerable web browser when compared IE, Safari, and Opera, and comprised almost half the identified vulnerabilities among the four browsers.
If this is like most reports of the same type, they are using vendor-reported bugs. Firefox would, by definition, have the largest bug list by any stretch in such a report. They are the only web browser development team that allows (and encourages) access to the same bug-tracking database that their developers use. Safari, IE, and Opera only report vulnerabilities when (a) they have been fixed, or (b) when so many reports have come out that they finally have to 'fess up.
Clothes are not really the "impulse" item, accessories are. That $80 handbag is a "must have" accessory when seen with the two $120 dresses, but the intended purchase was a $240 in dresses. The handbag is an impulse buy that, in the buyer's mind, adds perceived value to the purchase already made that is more than the money spent. So the dresses are not an "impulse" item, but the handbag sure is.
In the same vein, if you are going in to spend $240 on 4 new games, and you see a controller that could potentially make all four games more fun, $80 could be a "must have" accessory. If it makes all four games twice as much fun, or you think it might, then it's a no-brainer to add that to the cart, right?
That's impulse. The "hey, in the context of what I'm doing right now, this item seems really important to me in relation to its price".
Keep in mind that I have never, ever owned a gaming console. But the wiimote was, by all accounts, a game changer. Instead of pushing buttons, you moved something you held in your hand. But it's still a handheld controller, and is in some ways a ripoff of a standard game controller - the "only" changes were that you had fewer buttons and you used actual motion of one arm to control the device. And it had a nasty habit of making holes in expensive large-screen televisions.
With this unit, the "controller as a device on your person" is gone. You use actual body movements and voice to control the game, not just the movements of one arm on a unit that still has buttons. Not that this type of interface is totally new, but it is the first time it's being mass-marketed to such a low audience and is made affordable enough that just about anyone in a first-world country could scrape together the funds to get one, and to many this will be chump change.
In other words, this appears to be to the wiimote what the wiimote was to a standard controller - the "next step forward" in making games more engaging.
Of course, if this doesn't work well or is not implemented well, it's going to suck pretty badly. With a basic controller, you push da buttons and if something doesn't happen you either pushed the wrong button or you need a new controller because yours is busted. With a wiimote, you swirl the thing around and if it doesn't do what you want you either moved it wrong or you busted it last time it hit the wall. With this thing, it is potentially reading a lot more data from you, and a poorly designed game could go bad fast.
This could lead to some really clever intuitive games, or it could lead to some really stupid games whose controls make us long for a couple of 4-way buttons on a plastic puck.
I think it depends on what you are shopping for. If I'm in the market for a handful of new games at $60 each, adding in an ~$80 controller doesn't sound all that bad, and could be an impulse buy pretty easily.
When and where it will be marketed, it's cheap and attractive enough for an impulse buy for the type of person they are marketing to in the context of what they are likely intending to buy. It's the equivalent of putting bags of $1 candy at the checkout line or a $10 DVD bin near the DVD players. Or a $250 branded polo shirt on the wall in a Mercedes salesperson's office. Or a display of an $8000 glass cockpit at your local Cessna dealer.
In context, each of those items can be easily sold as an impulse buy - "it's not that much money in context to what I am currently looking at spending, so I can buy it without a second thought."
Put the $8000 glass cockpit in the candy aisle and you'll get a lot fewer takers. Heck, put the $1 candy in the Cessna dealer and you probably won't sell any there, either.
Your "impulses" are a lot more controlled and managed by savvy retailers than you might be comfortable with.:)
Say you're a new galactic overlord driving a car, but you're in space, and you're drunk. You see this big blue planet getting bigger and bigger in your windscreen. At the last possible moment, you hear me yelling to get the hell off my lawn, you suddenly swerve, and miss. But you've ruined Cowboy Neal's tulips, you insensitive clod!
And, of course, the other important reason to ignore the trolls.
If you take the time to respond to every ridiculous lie said about you, your political opponents will quickly learn that the fastest way to castrate you is to, drum roll please, say ridiculous lies about you. And you'll get caught up in a wave of responses where your opponents simply need to cut-and-paste bits of various lies together to keep you off your stride:
"[MyOpponent] was caught [action] [subject]! And if he doesn't deny it right now in public, with proof, you should assume it's true!"
Hell, you could write a simple mailmerge script in Outlook and send a different version to everyone in your mailing list. Your opponent would be so wrapped up trying to respond to your accusations.
If you play your cards right, you can turn a nonexistent accusation into a multimillion-dollar multi-year witch hunt into every aspect of their existence, eventually find something that really does exist and, despite the fact that it's not relevant, you can actually render a public opponent completely ineffective.
Slashdot Mirror
Narciopaths?
Someone at NASA has an actual sense of humor. Who knew?
Oh, right, it's probably the same one who came up with naming a treadmill the "C.O.L.B.E.R.T."
They have found water, as in H2O, not CO2.
It may or may not be mixed with anything narsty (I'd lean toward "almost certainly does"), and it may or may not exist in sufficient quantities to be useful.
However, this is still a potentially significant discovery. If a future expedition discovers that there's enough water up there, it could make lunar bases easier to build. After all, water is probably the single heaviest thing you'd have to carry up for a lunar base. If a ready supply is already there, that's a big start, even if you have to develop some technologies to scrub the nasties out of it before you can drink it. It's also an important building component if you want to use local materials to, say, build protective walls over your delicate settlement. Lunar adobe brick made of local dirt and local water, for example. Then you wouldn't care what contaminants are in it, as long as it could be used to solidify bricks.
Greetings, Sir or Madam.
I have managed, through sources connected to major aerospace corporation, to collect a small sample of the water of moon and I can assuring you it is both refreshingly also delicious.
Do not listen to the naysayers who undoubtedly assure that such a beverage must be much expensive for the average person can afford! It is most assuredly not that way!
I have decided to assist them in the funding of their next expedition to moon by selling some of water that was returned from the last expedition. The aerospace company is located in small country in southern Africa, so you must comprehend there are bribes and other politics involved extracting an amount for your purchase and enjoyment.
However, I can assure you that the water is pure and safe, ready to drink, and unaltered. Through amazing coincidence, it contains all of the same chemicals found in most spring water, so it is most assuredly beneficial to your consumption use.
If you are interested in such opportunity, please reply soonest and I will arrange to have a sample sent to you. I may need small amount sent in cash, and if sample is of proven quality to you we may further discuss additional quantities.
I await eagerly your reply.
So your company sells a product and spends more time making sure that what they sell is based on valid licensing than what they use. That is a rational business decision.
If you get caught pirating shareware (or even commercial software), the BSA will come down on you pretty hard, but generally they go easy on companies that work to comply. I mean, it's not like you shared 10 tracks on the Internet and didn't make any money. You're a for-profit business and the punishment standards are much lower than a nefarious casual music pirate.
All jokes aside, the BSA will charge you a decent chunk of change, but it's going to work out a rational way for you to pay for what you use, and the penalties aren't going to put you out of business - they'd rather capture 10% than drive you out of business trying to capture 100%.
On the other hand, if you are found guilty of busting licenses on stuff you are actively engaged in selling for profit, the code you are pirating can cost you a REAL chunk of sales.
Give the company a solid chance to come clean and fix up their licensing issues, with enough information to decide whether they want to. A lot of these issues can be cleared up with truly free software. Some things, like the WinZip delay thing, are technically not illegal but sure can't be helping internal feelings about the company's compliance (in other words, they are obvious signs that the company has licensing issues, and therefore might make a disgruntled employee a nice severance package courtesy of the BSA).
Make sure you have CLEAR documentation that you are undergoing that effort and are actively communicating your findings to management. Make sure that said documentation points out the cost and risk of not complying, and make it clear that while you have no interest in profiting by reporting it, others easily might. That may include citations of the BSA's cut and how much a disgruntled employee could potentially make if they decided to.
Don't threaten to blow the whistle yourself, but make it clear that someone easily could, and try to work with them to get things cleared up. At the same time, be sure it is well documented that you are a driving force for compliance. That way, if the company decides to screw you over and make you the scapegoat, you have plenty of evidence to demonstrate that the problem was there long before you were, and that you were trying to get them in compliance.
If, after all of your effort, the company decides that they would rather continue operations as-is, you have to let your conscience and circumstances be your guide on that one. Generally the proper thing to do is leave the company and contact the BSA. But you have to call the shots as you see them - if your employer is your father-in-law or has a title of of "Don", or both, you might want to simply become a very respectful advocate for truly free software and hope you can cop a plea if the company ever gets caught. And do what you're told because Guido can make the BSA boys look like rank amateurs, and a few years in prison with intact kneecaps is better than doing a personal verification to see if cement footwear is waterproof. I mean, I like the water and all, but...
As far as your immediate "what do I do about the computer in front of me" issue... Personally, I have refused and will continue to refuse to install software on company hardware unless it's clearly legal to do so.
I can also say that really easily - I've only had one company ever ask it of me, and they had some serious compliance issues, but the decision was easy. After a long meeting with a few executives about the risks to the company and an honest assessment how much money the company was really "saving", they decided it was best to spend the money on valid licenses and have me remove anything that was not in compliance until we could clear things up.
This was also a financial management company that had a lot of customer data in their possession and processed checks and other monetary instruments by the thousands every day - having the word hit the street that they couldn't count licenses or were knowingly engaging in piracy could lead to an exceptionally unpleasant visit from people far less forgiving than the BSA. They had also never had an IT resource before - each department bought their own software and I was their first foray into a centralized IT "organization", if you want to call a young snot-nosed kid happy to have a folding table in the server room as his desk on his first IT job an "organization".
The uninstall/buy/reinstall process was VERY ugly, but at the end we had a fully compliant company with a clear sheet of purchased licenses and a clean process for transferring licenses from computer to computer, and all the install media was locked away. I won't say we hit 100%, people still brought in pirated software (this was in the Windows 3.11 days, much harder to prevent it back then). But we had pretty clear documentation that we were doing our best to keep things clean.
OK, so if people don't know any better, how is the consent going to be considered "informed" in any way?
I understand your point, but problem cannot be solved through consent if the users don't understand what they are consenting to. And if they understood what they were consenting to, they'd know they ALREADY HAVE the tools to block cookies if they want to.
You can easily simulate the effectiveness and impact of this new law.
Pick 100 people who call their desktop computer case "the hard drive". Ask all of them if they know what a third-party cookie is and eliminate anyone who doesn't say something about frosting. I mean no insult to inexperienced computer users here - but you need to find people "who don't know any better".
Put them in front of a fresh install of {Firefox, Opera, IE} with "ask about every cookie" turned on.
After two hours, you'll experience one of four behaviors:
1. The cleverest will simply find a way to turn the prompts off and leave cookies on. You'll get a lot more of these if you leave a 10-year-old kid in the room.
2. Some will say "no" every time, and will complain that the Internet has a lot of problems, can't seem to remember things, and why are they being asked about dessert all the time?
3. Some will say "yes" every time and simply gripe about all the stupid boxes asking permission for cookies all the time. But at least the Internet remembers things.
4. Some will see their first prompt and get educated. Again, see the point about having a 10-year-old in the room. Those who gain an understanding about the various uses for cookies will make an informed choice on every cookie for every site. Am I at yro.slashdot and I'm getting a cookie for login.slashdot? That's probably good. Am I getting a cookie for ads.thetrackingcompany? Probably not so good, depending on your personal feelings on tracking. They will make a nuanced, informed decisions about each cookie.
#4 will last, depending on the perseverance of the user, for anywhere between 1 minute and several days. Then they'll revert to #1, because it's a shitload of work for little actual security benefit. Some might only prompt for third-party cookies, that'll last for a week or two. Then they'll revert to #1 as well.
Oh, wait, #1 would be made illegal under EU law.
Now imagine, instead of a consistent per-cookie prompt, tens of thousands of companies having to implement this in HTML with no consistent wording, no consistent way to say yes or no, no consistent way of tracking that permission has in fact been given, no way to change permission on the user end once it's been given or denied (or conflicting/inconsistent ways to do so).
Your educated, informed users are going to be horribly inconvenienced and deeply regret the passage of this law, because they've already made their decision in their browser settings. Your least educated, least informed users are going to either piss and moan about the new thingies they have to click on to access every single site they visit and be no better educated than they are today, or they'll quickly become a more informed user and piss and moan, but with an understanding of what is annoying them.
What browser do you use? IE, Firefox, and Opera all have a very simple user setting that you can turn on. It's off by default, but is really easy to turn on.
The instant you do, you'll be asked every time a site wants to set or use a cookie. With most of them you can even differentiate between first- and third-party cookies (so cookies that originate from the site you are visiting can be tracked differently from cookies that originate from other sites). Once a site has been asked about, most browsers allow you to choose between four functional options (they are presented differently in each browser):
1. Yes, and always allow cookies from this site or domain without asking.
2. Yes, just this once.
3. No, just this once. Ask me again next time.
4. No, and never allow cookies from this site or domain again, and never ask me again.
Actually, you owe it to yourself to turn this feature on, if only for a short time before the popup warnings drive you insane. It's a real eye-opener as to how much cookies are used on the Web today.
Ideally, all browsers would come with this set on in the beginning, with a large prominent button that said "never ask me this again - by pressing this I give my browser permission to gobble down all the delicious delicacies it wants". EU happy, users happy, trackers happy. And for those who really, REALLY care about tracking cookies, well, don't push the button.
But, um, well... oh, my. Excellent point. Harrumph.
It's an interesting argument, and parallels the "open WiFi access point" issue - if someone "steals" your WiFi because you were too lazy to at least hide the SSID and left it in unencrypted broadcast mode, then some (myself included) would be inclined to regard it as usage of something openly offered and not theft.
It even parallels the WiFi argument in that most browsers are set to accept all cookies (first and third party) without prompting but that it is a trivial matter to set your browser to ask you (in the same way that it's trivial to at least hide the SSID or enable some useless encryption like WEP to at least make it clear that your wireless access point is NOT for public use).
Good point. They really only need to make the media last one day longer than whatever we end up using for original sales receipts.
off coarse hes jowl king, see lee.
Dammit, a good Ozymandias joke, ruined by dyslexia.
And what idiot came up with the spelling of "dyslexia?" It's almost as cruel as putting an "s" in the word "lisp".
LYSDEXICS OF TEH WROLD, UNTIE!
I am 615732, King of Kings! Look upon my works, Ye Mighty, and Despair!
Then your Slashdot rights will be revoked to Anonymous Coward and you'll be forced to post at -2 for the rest of eternity, where even the mods can't select low enough to find you and mod you up. Screaming at the top of your lungs, never to be heard. But with good coffee aplenty. And muffins. Hey, it's Purgatory, not hell.
Hell would be Starbucks.
No, sorry, I never said that. I said that their summary listed ActiveX as a separate technology from web browsers. Based on that, they may or may not be including ActiveX vulnerabilities as part of IE.
And I'm not even sure if that would be valid, either way. ActiveX is separate, though it cannot to my knowledge be separatED, from Internet Explorer. You can also add ActiveX to Firefox.
However, I cannot conjecture as to their ACTUAL testing/validating/summarizing methodology because they did not see fit to disclose it in the paper.
So the ActiveX thing is just me pointing out additional uncertainties introduced by their summary, over and above the fact that they didn't provide any supporting data, or even any idea where they got their data, or how they compiled it.
About the only thing I can tell for sure from that paper is their contact information on the last page if I want to buy crap from them.
This is an executive summary designed to lead up to a sales presentation. And the executive summary may be based on real data. Or it may not.
Right, but in this case they aren't even really stating clearly what metric they are using. Maybe they picked four guys and had them each dress up as their favorite browser, then threw sunflower seeds at them and treated each one that stuck to their costumes as a "bug" for the report. It just means the Firefox dude made his out of duct tape and left the sticky bit exposed.
Seriously, without some indication of how the raw data was collected and how it was collated, this might as well be a made-up number, and any discussion of what it means is useless because we don't even know what it's SUPPOSED to mean, much less if it's rigorously derived and based on unbiased data.
Maybe it's a good conclusion based on real data and Firefox really is a piece of crap.
If so, every other study I've seen that is based on real-world vulnerability/exposure (as opposed to bug counts, which aren't even possible to compare in a meaningful way) is wrong and these guys are freaking geniuses.
Based on this article? Impossible to say. In fact, since there's no mention made of what data they used or how they compiled the raw data, I'd suggest that the number may be based on something meaningless. Or maybe not.
Firefox is certainly not invulnerable. But Firefox rarely remains vulnerable to any flaw for long, and by definition every bug that happens is reported. So that will tend to overestimate the "number of bugs" and underestimate the importance of how fast they went away.
Have read the article, and the attached PDF, and they only state the conclusions. No mention is made of how they counted vulnerabilities, only that Firefox had 44% of them, and that they represented "Web Vulnerabilities by Major Type". Adding to the confusion was that they also talked about applications and servers and alternated back and forth between the three with little warning.
Also interesting was that "ActiveX" was listed as a technology separate from Web Browsers, the one time it was mentioned. In other words, their vulnerability percentage, which is already vague, may not include ActiveX vulnerabilities within IE. Or they may. All we know is that they claim IE has 15%.
Nowhere is there mention of what constitutes a reportable vulnerability, what versions of each browser were counted, how they were classified or even what the classifications were, what sorts of reports were included by browser (did plugins or addons get included in Firefox? ActiveX for IE? For multiplatform browsers like Opera, Firefox, and Safari, were vulnerabilities mitigated by only being exploitable on some platforms and not others, or reported multiple times - once for each vulnerable platform?)
The PDF was severely [citation needed], but remarkably honest in that it expressed surprise that Firefox was the most vulnerable web browser when compared IE, Safari, and Opera, and comprised almost half the identified vulnerabilities among the four browsers.
If this is like most reports of the same type, they are using vendor-reported bugs. Firefox would, by definition, have the largest bug list by any stretch in such a report. They are the only web browser development team that allows (and encourages) access to the same bug-tracking database that their developers use. Safari, IE, and Opera only report vulnerabilities when (a) they have been fixed, or (b) when so many reports have come out that they finally have to 'fess up.
Clothes are not really the "impulse" item, accessories are. That $80 handbag is a "must have" accessory when seen with the two $120 dresses, but the intended purchase was a $240 in dresses. The handbag is an impulse buy that, in the buyer's mind, adds perceived value to the purchase already made that is more than the money spent. So the dresses are not an "impulse" item, but the handbag sure is.
In the same vein, if you are going in to spend $240 on 4 new games, and you see a controller that could potentially make all four games more fun, $80 could be a "must have" accessory. If it makes all four games twice as much fun, or you think it might, then it's a no-brainer to add that to the cart, right?
That's impulse. The "hey, in the context of what I'm doing right now, this item seems really important to me in relation to its price".
I'd say it's more the "next generation" wiimote.
Keep in mind that I have never, ever owned a gaming console. But the wiimote was, by all accounts, a game changer. Instead of pushing buttons, you moved something you held in your hand. But it's still a handheld controller, and is in some ways a ripoff of a standard game controller - the "only" changes were that you had fewer buttons and you used actual motion of one arm to control the device. And it had a nasty habit of making holes in expensive large-screen televisions.
With this unit, the "controller as a device on your person" is gone. You use actual body movements and voice to control the game, not just the movements of one arm on a unit that still has buttons. Not that this type of interface is totally new, but it is the first time it's being mass-marketed to such a low audience and is made affordable enough that just about anyone in a first-world country could scrape together the funds to get one, and to many this will be chump change.
In other words, this appears to be to the wiimote what the wiimote was to a standard controller - the "next step forward" in making games more engaging.
Of course, if this doesn't work well or is not implemented well, it's going to suck pretty badly. With a basic controller, you push da buttons and if something doesn't happen you either pushed the wrong button or you need a new controller because yours is busted. With a wiimote, you swirl the thing around and if it doesn't do what you want you either moved it wrong or you busted it last time it hit the wall. With this thing, it is potentially reading a lot more data from you, and a poorly designed game could go bad fast.
This could lead to some really clever intuitive games, or it could lead to some really stupid games whose controls make us long for a couple of 4-way buttons on a plastic puck.
I think it depends on what you are shopping for. If I'm in the market for a handful of new games at $60 each, adding in an ~$80 controller doesn't sound all that bad, and could be an impulse buy pretty easily.
When and where it will be marketed, it's cheap and attractive enough for an impulse buy for the type of person they are marketing to in the context of what they are likely intending to buy. It's the equivalent of putting bags of $1 candy at the checkout line or a $10 DVD bin near the DVD players. Or a $250 branded polo shirt on the wall in a Mercedes salesperson's office. Or a display of an $8000 glass cockpit at your local Cessna dealer.
In context, each of those items can be easily sold as an impulse buy - "it's not that much money in context to what I am currently looking at spending, so I can buy it without a second thought."
Put the $8000 glass cockpit in the candy aisle and you'll get a lot fewer takers. Heck, put the $1 candy in the Cessna dealer and you probably won't sell any there, either.
Your "impulses" are a lot more controlled and managed by savvy retailers than you might be comfortable with. :)
Certainly does add some new air guitar possibilities...
Oh, and PS: This happens twice a year. And about every five years, you don't swerve fast enough.
(this is the "hauling a trailer" part of the car analogy).
Say you're a new galactic overlord driving a car, but you're in space, and you're drunk. You see this big blue planet getting bigger and bigger in your windscreen. At the last possible moment, you hear me yelling to get the hell off my lawn, you suddenly swerve, and miss. But you've ruined Cowboy Neal's tulips, you insensitive clod!
And, of course, the other important reason to ignore the trolls.
If you take the time to respond to every ridiculous lie said about you, your political opponents will quickly learn that the fastest way to castrate you is to, drum roll please, say ridiculous lies about you. And you'll get caught up in a wave of responses where your opponents simply need to cut-and-paste bits of various lies together to keep you off your stride:
"[MyOpponent] was caught [action] [subject]! And if he doesn't deny it right now in public, with proof, you should assume it's true!"
Hell, you could write a simple mailmerge script in Outlook and send a different version to everyone in your mailing list. Your opponent would be so wrapped up trying to respond to your accusations.
If you play your cards right, you can turn a nonexistent accusation into a multimillion-dollar multi-year witch hunt into every aspect of their existence, eventually find something that really does exist and, despite the fact that it's not relevant, you can actually render a public opponent completely ineffective.