The funniest part of the brackets was that they actually got the marketroid part wrong in at least one place:
[Java DataBase ConnectivityTM] JDBCTM APIs
JDBC is not an acronym for Java DataBase Connectivity! I wish I could find a link to Sun's site to prove the point. But note that nowhere in their JDBC site do they say it's Java DataBase Connectivity.
This is a good technical solution, but it's easily defeated. I'm betting that if this practice becomes widespread, somebody is going to modify Mozilla so that it fakes out the REFERER header (always set a REFERER header of http://www.the_site_in_question.com). Then the problem becomes one without such an easy technical solution - you have to check for cookies set from previous pages or something like that. The legal solution may indeed be easier at that point.
What is the point of locking up some guy for trying to steal a car that was designed to be stolen?
Because stealing a car is against the law. The car wasn't designed to be stolen; it was designed to catch thieves. Car thieves tend to steal more than one car. Lock up a car thief, and you're preventing some car thefts from happening.
The lawyer's website (and it's Cem, not Cern - silly C|Net reporter) contains some interesting links on UCITA, license "agreements", and other aspects of computer law. He also co-authored a very good book on software testing, Testing Computer Software.
A die-hard MS nut at work today was giving me grief over the fact that Red Hat has "published" 500MB of "updates" to "Linux" since version 6.2 and how could the OS be so insecure as to need that many updates
Are you sure he wasn't pointing out how few updates RedHat has? I just checked the Windows Update site on my copy of Windows XP, and it reports that, for Critical Updates, it needs to install:
This is for an operating system that's been out for, what, six months? And that doesn't include patches to all parts of the system; this is mostly IE! I'm not sure that it's all of the updates for XP, either. The earliest item on the list is Feb 9 2002, so there may have been items earlier.
open the APIs and protocols...release and freeze the file formats
I'm all in favor of opening the APIs and protcols and releasing the file formats, but "freeze the file formats"? This would rightly be seen as stifling innovation. Can you name one file format that's frozen? Plain ASCII text, maybe? HTML isn't frozen; it has evolved into XHTML 1.0 and 1.1.
MS needs to be able to change the file formats to add new features. Besides, they haven't changed many of the formats in a while; Word 97/2000/XP file formats are the same. They're also moving away from some proprietary formats (HLP to HTML). Release them, yes, but don't freeze them.
OK, your script parses Google's HTML output today, but what about a year from now when Google changes its output, to say, XHTML or plain text or something. How well will your script work then? Although the Google API could change tommorow like some companies' , in general APIs are more stable. I haven't looked at their API, but I'm guessing it's also easier to develop against their API, and it should be less processor- and network-intensive.
The display is a red, transparent computer screen, but, in fact, is no screen at all. The device shoots a tiny laser beam that draws patterns onto the retina so that only the wearer sees the images.
OK, fine, but how come I can barely see the guy's right eye in the picture? There's not much point in a transparent screen if the surrounding equipment is not tranparent. Maybe if it was off-axis it would be more useful.
In this case, "private" means only that a non-government entity is bringing the suit. It does not mean that the suit is supposed to be a secret. You can't keep a lawsuit like this secret (AFAIK, IANAL).
There are viewers available for Office 95/97/2000/2002 documents. The viewers are available only for Windows platforms, of course, but you don't need to buy Word to see.DOC files. See http://office.microsoft.com/downloads/2000/wd97vwr 32.aspx.
I know, this is Slashdot, and not everybody has Windows. I'm just trying to do a little public service here and point out that you don't need to spend the big bucks to buy Office to view.DOC files. You need to spend the big bucks to buy Windows.:)
most non-MS Office Suites can still read MOST MS office files, but not ALL MS Office files, which keeps a lot of shops from converting. Especially those that rely on specialized macros and whatnot.
I agree with both of these. But if a company has specialized macros and such, I don't think opening up the file formats will help much. The other suites will have to recreate VBA (the macro language) in all of the products. They might have to recreate COM as well. Both of these seem like non-trivial undertakings. Still, opening up the formats is a good place to start.
Another question is, if MS is forced to produce an Office for Linux, what's to keep them from making something that totally sucks, then blaming it on Linux? I doubt that the states can define some objective measure of quality for MS to meet before shipment, and if they do, then MS will contend that they can't reach this level. IANAL, but I can't think of any other cases where a court or settlement has ordered the creation of a product.
I would comdem RH - but I use their products and I have Wu installed on some of my systems (They're all internal - so don't even think about it). I'm glad I'll have the fix.
Don't think that because your systems are internal, they are safe. I'm in charge of administrating about 10 machines, and others in my group each administered about 3. Not one of these machines is accessible outside the company. When Code Red came-a-knocking, guess how many unpatched systems got it? That's right, all of them. People got infected on their home machines, then connected via VPN to the company network and BAM!
I would strongly recommend that anyone running wu-ftpd update their systems ASAP. It sounds like you will. Others won't, and will get rooted.
I agree with your disagreement. The amusing part is that, in the proper context, McGraw's second sentence in his statement makes perfect sense. However, given the context here, it's nonsense. Google is not the insecure system here. It's the silly webmasters who have secret data at publicly accessible URLs that are the problem. Nobody cracked Google to get sensitive data - it's doing what it said it would do. From the quote, it would seem like people are abusing Google; instead, it's the webmasters who are abusing the users who entrusted them with sensitive data.
I would not say, though, that Google is making the webmasters' mistakes obvious. Google doesn't notify webmasters, "Hey, you're an idiot. Fix your site". Furthermore, if I'm a webmaster who thinks there might be some sensitive info from my site in Google, how do I use Google to find it? OK, I could figure out how to search Google for pages only from my site that contain "passwords" or something like that, but that's a bit much for a clueless webmaster to do. If he thought that might reveal a problem, he should know where to look without checking Google. I'm not faulting Google; it's not Google's responsibility to hit webmaster with the clue stick.
Unless McGraw's statement was taken hopelessly out of context (which is quite likely), he's an idiot. It's not Google's responsibility to think about security of other people's sites.
Good points, Hemos, and it is important to note that write-down of goodwill is a noncash expenditure and basically irrelevant to the current financial situation.
However, the overall picture is still grim. Looking at the cash flow from operating activities (minus 19M) and the current assets-current liabilities (97M - 33M) of 64M means about 3 quarters more before LNUX runs out of cash, assuming that the company gets no more financing. These are not numbers to warm a skeptic's heart. I like Slashdot/SF/etc as much as the next guy, but I'd update my resume if I were you.
Not exactly. It's presumed innocent until proven guilty. They're not the same thing. All the same, I can't believe that the 6th amendment is being ignored so blatantly.
What's funny is that despite warning people how active scripting can cause problems without having all the appropriate security patches installed, they're displaying this info with an.asp page!
Somewhat OT, but ASP pages in general have nothing to do with this vulnerability. ASP pages run on the server and send HTML down to the browser. The HTML that is sent can contain client-side scripts, just like a static HTML page can. The only thing that makes an ASP page special is server-side processing that interpret scripting commands embedded in the page. These server-side scripts are usually done with VBScript but the code is running on the server and never sent to the browser. The bulletin included some client-side scripts, but the fact that it was generated via ASP is irrelevant.
Spellchecking again; Re:On correct use of apos...
on
God's Debris
·
· Score: 1
Thank reader mblumber for this review of Scott Adams's God's Debris, newly republished in hardcover after starting out life a few years ago as an e-book. For those who've never seen Adam's serious side, this is an interesting introduction.
I like reading books that make me think, but not in the same way that I think when I'm at work or doing homework. When reading for pleasure, I want something that at first glance is so strange it's absurd, but at closer examination makes a tremendous amount of sense. That depth is the essence of Scott Adams' God's Debris, A Thought Experiment.
Well, it might help if the article's author had used a consistent spelling. Instead, he covered all three of the popular variations. I think we can all agree that "Adam's" is wrong, because the guy's last name is Adams. Do you add the "'s" or just the "'"? I don't know. Me, I like the apostrophe rules given here
#1. Delete email after 90 days and don't save tape backups.
I know this was meant to be funny (and is), but like most funny things it is more than a little true. I don't know about Microsoft, but I know that at many companies, email is automatically deleted after 90 days (don't know about tape backups). I can't count the number of times this policy has caused me problems. I'm printing out a lot more stuff and filing it in paper format, that's for sure. Of course, this is all subject to a subpoena as well, but at least it's not full-text indexed. Our legal department apparently doesn't understand that keeping email wasn't Microsoft's core problem - the core problem was BREAKING THE LAW.
A couple of months later, MS released their first mouse, undercutting Logitech because they knew every detail about Logitech's production costs.
Well, OK, it could've happened this way, but Microsoft could also have called CompUSA or any other distributor and said, "How much are you paying for the Logitech mouse? Would you buy ours if it was $X cheaper?" Or even "We're thinking of selling a mouse with an MSRP of (Logitech's price - $5). How much will you buy it for?"
Knowing a competitor's production costs is helpful, but knowing how to minimize your own is what's really important.
Actually NeuLevel is a subsidiary of NeuStar. Or the other way around. The print edition of the NY Times mentioned this. The short online version here does not.
Re:Fat Corporations and Microsoft (MS not doomed)
on
Software "Open Monopoly"
·
· Score: 2, Insightful
Well, you "forgot" to mention the OEM sales channel:
OEM $1,819 $1,984
Apparently, the OEM channel is too opaque to be region-based, which isn't very surprising. And of course total revenue:
Total revenue $5,766 $6,126
But yes, Asia-Pacific did go down significantly year-over-year. And that is interesting. And the URL is here: http://www.microsoft.com/msft/earnings/FY02/Q02_1_ channelbusiness.htm
Are you kidding me?!? No, I'm not. The PROBLEM is the wide open by default installs that MS insists on doing.
You are correct in that the wide-open default install is not good. We also agree that clueless admins is a problem, though we apparently think the priorities are different. Fine. I'd also like to add as a major problem, "having a Windows Update site that doesn't check for IIS security updates". Why not call it IE update if it only deals with IE things? Oh, that's right, because it also tries to push Windows Media Player and other junk, so that I can listen to tunes or something while I'm getting cracked.
The latest IIS buffer overflow and Unicode exploits that resulted in Code Red/NIMDA had patches that were available months beforehand. Clueful (OK, very clueful) admins had patched their systems by the time Code Red was released.
And on an offtopic note, I think that the Unicode exploit would have happened in a pretty bare-bones IIS install; IIRC, the only way to really protect against it before the patch was to install IIS onto its own drive.
By publishing sample code, it really does make it much easier to exploit security holes. The main problem is clueless admins, not lack of information. The good admins need to know a lot of info about the problem to see if affects them, but they don't need sample code. Not giving source would make it a bit harder for the black hats, although a sufficiently good explanation of the problem would be an excellent starting point for a script kiddie.
At least the guy doesn't ignore that there are problems:
First, let's state the obvious. All of these worms made use of security flaws in the systems they attacked, and if there hadn't been security vulnerabilities in Windows®, Linux, and Solaris®, none of them could have been written.
I know I'm preaching to the anti-choir here, but he has a point.
Slashdot Mirror
This is a good technical solution, but it's easily defeated. I'm betting that if this practice becomes widespread, somebody is going to modify Mozilla so that it fakes out the REFERER header (always set a REFERER header of http://www.the_site_in_question.com). Then the problem becomes one without such an easy technical solution - you have to check for cookies set from previous pages or something like that. The legal solution may indeed be easier at that point.
How did this get moderated 4, Interesting?
The lawyer's website (and it's Cem, not Cern - silly C|Net reporter) contains some interesting links on UCITA, license "agreements", and other aspects of computer law. He also co-authored a very good book on software testing, Testing Computer Software.
Total (including prerequisites): 13 {files} = 19 MB, < 1 minute
This is for an operating system that's been out for, what, six months? And that doesn't include patches to all parts of the system; this is mostly IE! I'm not sure that it's all of the updates for XP, either. The earliest item on the list is Feb 9 2002, so there may have been items earlier.
MS needs to be able to change the file formats to add new features. Besides, they haven't changed many of the formats in a while; Word 97/2000/XP file formats are the same. They're also moving away from some proprietary formats (HLP to HTML). Release them, yes, but don't freeze them.
OK, your script parses Google's HTML output today, but what about a year from now when Google changes its output, to say, XHTML or plain text or something. How well will your script work then? Although the Google API could change tommorow like some companies' , in general APIs are more stable. I haven't looked at their API, but I'm guessing it's also easier to develop against their API, and it should be less processor- and network-intensive.
HTTP/1.1 302 Object movedd ll/login.jsp
Location: https://ecommunity.unisys.com/cgi-bin/ecommunity.
Cache-control: private
Content-Type: text/html
Set-Cookie: ASPSESSIONIDQQQGQQBP=APFPPLEBEICMKODOONNOMLJH; path=/
Date: Fri, 29 Mar 2002 15:20:14 GMT
Server: Microsoft-IIS/4.0
The ASPSESSIONID shows that they are using ASP. You are correct about the IIS4, obviously.
Still, this does sound like promising technology.
In this case, "private" means only that a non-government entity is bringing the suit. It does not mean that the suit is supposed to be a secret. You can't keep a lawsuit like this secret (AFAIK, IANAL).
I know, this is Slashdot, and not everybody has Windows. I'm just trying to do a little public service here and point out that you don't need to spend the big bucks to buy Office to view .DOC files. You need to spend the big bucks to buy Windows. :)
Another question is, if MS is forced to produce an Office for Linux, what's to keep them from making something that totally sucks, then blaming it on Linux? I doubt that the states can define some objective measure of quality for MS to meet before shipment, and if they do, then MS will contend that they can't reach this level. IANAL, but I can't think of any other cases where a court or settlement has ordered the creation of a product.
I would strongly recommend that anyone running wu-ftpd update their systems ASAP. It sounds like you will. Others won't, and will get rooted.
I would not say, though, that Google is making the webmasters' mistakes obvious. Google doesn't notify webmasters, "Hey, you're an idiot. Fix your site". Furthermore, if I'm a webmaster who thinks there might be some sensitive info from my site in Google, how do I use Google to find it? OK, I could figure out how to search Google for pages only from my site that contain "passwords" or something like that, but that's a bit much for a clueless webmaster to do. If he thought that might reveal a problem, he should know where to look without checking Google. I'm not faulting Google; it's not Google's responsibility to hit webmaster with the clue stick.
Unless McGraw's statement was taken hopelessly out of context (which is quite likely), he's an idiot. It's not Google's responsibility to think about security of other people's sites.
However, the overall picture is still grim. Looking at the cash flow from operating activities (minus 19M) and the current assets-current liabilities (97M - 33M) of 64M means about 3 quarters more before LNUX runs out of cash, assuming that the company gets no more financing. These are not numbers to warm a skeptic's heart. I like Slashdot/SF/etc as much as the next guy, but I'd update my resume if I were you.
Knowing a competitor's production costs is helpful, but knowing how to minimize your own is what's really important.
Actually NeuLevel is a subsidiary of NeuStar. Or the other way around. The print edition of the NY Times mentioned this. The short online version here does not.
Well, you "forgot" to mention the OEM sales channel:_ channelbusiness.htm
OEM $1,819 $1,984
Apparently, the OEM channel is too opaque to be region-based, which isn't very surprising. And of course total revenue:
Total revenue $5,766 $6,126
But yes, Asia-Pacific did go down significantly year-over-year. And that is interesting. And the URL is here: http://www.microsoft.com/msft/earnings/FY02/Q02_1
The latest IIS buffer overflow and Unicode exploits that resulted in Code Red/NIMDA had patches that were available months beforehand. Clueful (OK, very clueful) admins had patched their systems by the time Code Red was released.
And on an offtopic note, I think that the Unicode exploit would have happened in a pretty bare-bones IIS install; IIRC, the only way to really protect against it before the patch was to install IIS onto its own drive.
At least the guy doesn't ignore that there are problems:
I know I'm preaching to the anti-choir here, but he has a point.