I did not say I just assert, I have a plan in place for dealing with overflow and underflow errors. Having a large enough counter is of course necessary as well. I do both, and when there is something that can be done to mitigate the overflow, it is.
Then the Sims are broken, not the OS. One should always strive to write one's software such that it runs with the least user privelidge required to perform its duty.
I did not get that impression from the post at all. I seemed to me like the author was making the argument that code signing was a good idea as one aspect of a multi-layered approach to security and then pointing out how IE compares against that measure and how Firefox compares against that measure. You may attack the facts he uses for those comparisions, or his original premise. It sounds like you are trying to attack the original premise by restating in a very simplified and incorrect manner in an attempt to confound your readers.
I think that the intended audience of the post are informed developers. The author makes a good point about just one facet of a many faceted approach to security: the design of browsers in their support of digitally signed downloads. The author argues that digitally signed downloads are a good idea for average users, secure default choices are a good idea for average users, well designed dialogs which discplay the information necessary to make a trust decisions are a good idea for average users. The author then goes on to point out the headway that IE has made in implementing those ideals and where Firefox falls short. I find the piece a valid critique and constructive criticism which can serve to improve the products developers write, be they Firefox, IE, another browser, or something else altogether.
Signing does mean sh*t when certain things are true, which he does point out in his post:
1) All downloads which install binaries should be signed. 2) Signatures should be checked, and the results should be displayed to the user so that he or she may make a trust decision. 3) The default action suggested to users who know not what they are doing should be to cancel the operation.
Security is a many layered onion; the best results are achieved when there are multiple levels of defense:
1) Downloaded binaries should be signed 2) Defaults should be secure 3) Code should have few exploitable vulnerabilities -- which Firefox may well have fewer than IE, the years of pounding on Firefox to find them just haven't occured yet 4) Usability design also needs to account for security concerns--like displaying the information necessary to make an informed trust decision to the user 5) Users should not run with privledges above that which they need
I think this is enough, I hope I clarified my opinion on why code signing is not the end all and be all of security, but one more layer in a well designed security strategy. Firefox would be a better browser to apply more of these principles.
Microsoft applications, much more so than third-party applications, behave well when installed and run as a non-Administrator account. In fact, in the last three years, every problem I've had with using software on my machine due to it being written with poor assumptions (like access to every registry key, folder, etc) has been with non-Microsoft software. I don't run as Administrator and have no problem with it.
I totally agree! Comparing any kernel code--be it Linux, Windows, Mach, BSD, Hurd, or any other--to user-level code is a poor comparison. Kernels are tested more thoroughly, written by more competent individuals, and bugs are discovered sooner and easier due to the critical nature of the algorithms working correctly.
If you use English (or other language of choice) for your passphrases, the number of combinations can be greatly reduced by applying filters based on grammatical and n-gram probabilities.
I would use English (or other language of choice) as starting point for my passphrase, but then alter certain characters by including numbers, symbols, mispellings, and grammatical mistakes.
Let me remove some of the mystery and point out items that can be found outside of Japan easily. I am not addressing some points because you might be right that they are Japan-only as far as I can tell, but I don't know everything so someone else might like to point out the ones I missed.
Mugtop coffee filters - Check out the Melitta One Cup Coffee maker, fits on top of most any cup - Bodum makes a one cup travel French Press
Vending machines with hot and cold drinks - In the UK they have the KLIX 450 hot and cold drink vending machine
2D barcodes (see QR Codes) - Many shipping companies all over the world use 2-D matrix codes
Replica plastic food for restaurant displays (think about it... ) - Many companies around the world make plastic food, like Fax Foods, Inc in California. I have not seen much of it used in restaurants where I've been, but it might be a socialogical reason rather than the "good idea" not being available.
A fast and efficient rail network - France, Switzerland, Germany, many other places
Could you explain what you mean by tainted in these scenarios? For both the search "Open Exchange" and the search "Open Exchange and Linux" I get results I think are reasonable.
To say that the results are tainted implies to me that the software adjusts results in an abritrary manner set by a human who wishes to censor content or promote unrelated content. That's a pretty strong accusation based on two searches (with which I don't see a problem) and not knowing the implementation. Perhaps with enough data points, some facets of the implementation become apparent and a stronger case can be made, but I don't see that here.
Yes, we get Stock Awards, purchase price of $0, and ESPP (Employee Stock Purchase Plan) to buy at a discount up to a certain precenage of your annual salary. The awards are for signing up and then each review cycle for good performance.
Pretty depressing. Let me life people's spirits. I work for a large software company. I love my job. The code I write is new and interesting, real R&D. My teamates are almost all bi-lingual, many tri-lingual or better. Our meetings are few. I can close the door to my office and write code however I want. We have little paper shuffling. Direction comes down from the top, status goes up from the bottom, and ideas come from anywhere in the organization. The tools we use are our own business, whatever makes us most productive. Our hours are flexible. The projects are challenging. Our pay is above average and the benefits are in the top tier of companies nationwide. I love my job. It's nothing like that portrayed above. I guess it all depends on what you find.
Re:Real time EIRS incident maps.
on
Verified Voting
·
· Score: 1
I have two questions:
1) How are "voter wanted to know contact information for county clerks office" an "incident?" Was he denied the information?
2) How are calls to verify one is registered in King County, WA related to the Florida Primary?
What did the soldiers killed execution style in Iraq last weekend solve? Did anything change? Was there a huge outcry? Will it change the political situation of this country?
In the featured top connected schools, #15 went to Kansas State Uni. The image shows students and instructor using Table PCs. Tablets have great utility in education.
When the identity is broadcast when not demanded, people who have no right to demand your identity can see it. Do you want to carry something broadcasting your identity as say an American in the middle of a town in Iran, say during a time of anti-American protest?
I will agree if we are talking about consumer releases that it was only recently that home users could enjoy the benefits of file permissions. It's a hard to balance between providing protection and letting users do their work, considering most of them don't know how to configure file security.
"Of course, all this seems silly as linux has had proper file permission settings forever whereas Windows has just recently added that feature."
Windows has had proper file permission settings since Windows NT 3.5 shipped September 1994. Slackware 1.0 (I consider this the first viable installable distribution) shipped August 1993. That's a whole year different. Percentage wise, Linux has had proper file permission settings 10% longer than Windows.
Not to mention, Windows ACL are more fined grained than what most Linux distributions offer.
To preempt the argument that Windows defaults are insecure: I am comparing the technical abilities of the systems out of the box; which are the tools an administrator may use to configure what he feels are "proper file permission settings."
Fair enough, but I was replying to your statement "They get email with the viruses, and Outlooks actually does the runnning part of it. Come to think of it, Outlook does the downloading, too. But it's THOSE people's email, so it must be THEIR fault, or at least the fault of the people who sent the email, and definitly, certainly NOT Microsoft's fault, so there."
That statement was made in the present and it sounded to me like you were refutting Mr. Gates' comment by citing a current example. Mr. Gates was making a comment about the present.
I can agree with you about track records and them being based on the past, but I disagree with you using events of the past as if they are events of the present to refute a statement made about the present.
Slashdot Mirror
Ice is already very reflective. In fact, the majority of the sun's light is reflected by clouds and ice.
I did not say I just assert, I have a plan in place for dealing with overflow and underflow errors. Having a large enough counter is of course necessary as well. I do both, and when there is something that can be done to mitigate the overflow, it is.
I check all my arithmetic variables--regardless of size--for overflow and underflow. Doesn't everyone?
Then the Sims are broken, not the OS. One should always strive to write one's software such that it runs with the least user privelidge required to perform its duty.
I did not get that impression from the post at all. I seemed to me like the author was making the argument that code signing was a good idea as one aspect of a multi-layered approach to security and then pointing out how IE compares against that measure and how Firefox compares against that measure. You may attack the facts he uses for those comparisions, or his original premise. It sounds like you are trying to attack the original premise by restating in a very simplified and incorrect manner in an attempt to confound your readers.
I think that the intended audience of the post are informed developers. The author makes a good point about just one facet of a many faceted approach to security: the design of browsers in their support of digitally signed downloads. The author argues that digitally signed downloads are a good idea for average users, secure default choices are a good idea for average users, well designed dialogs which discplay the information necessary to make a trust decisions are a good idea for average users. The author then goes on to point out the headway that IE has made in implementing those ideals and where Firefox falls short. I find the piece a valid critique and constructive criticism which can serve to improve the products developers write, be they Firefox, IE, another browser, or something else altogether.
Signing does mean sh*t when certain things are true, which he does point out in his post:
1) All downloads which install binaries should be signed.
2) Signatures should be checked, and the results should be displayed to the user so that he or she may make a trust decision.
3) The default action suggested to users who know not what they are doing should be to cancel the operation.
Security is a many layered onion; the best results are achieved when there are multiple levels of defense:
1) Downloaded binaries should be signed
2) Defaults should be secure
3) Code should have few exploitable vulnerabilities -- which Firefox may well have fewer than IE, the years of pounding on Firefox to find them just haven't occured yet
4) Usability design also needs to account for security concerns--like displaying the information necessary to make an informed trust decision to the user
5) Users should not run with privledges above that which they need
I think this is enough, I hope I clarified my opinion on why code signing is not the end all and be all of security, but one more layer in a well designed security strategy. Firefox would be a better browser to apply more of these principles.
You could have just set them to not run as a user with administrator priveledges.
Microsoft applications, much more so than third-party applications, behave well when installed and run as a non-Administrator account. In fact, in the last three years, every problem I've had with using software on my machine due to it being written with poor assumptions (like access to every registry key, folder, etc) has been with non-Microsoft software. I don't run as Administrator and have no problem with it.
Microsoft employees get private offices.
I totally agree! Comparing any kernel code--be it Linux, Windows, Mach, BSD, Hurd, or any other--to user-level code is a poor comparison. Kernels are tested more thoroughly, written by more competent individuals, and bugs are discovered sooner and easier due to the critical nature of the algorithms working correctly.
If you use English (or other language of choice) for your passphrases, the number of combinations can be greatly reduced by applying filters based on grammatical and n-gram probabilities.
I would use English (or other language of choice) as starting point for my passphrase, but then alter certain characters by including numbers, symbols, mispellings, and grammatical mistakes.
Let me remove some of the mystery and point out items that can be found outside of Japan easily. I am not addressing some points because you might be right that they are Japan-only as far as I can tell, but I don't know everything so someone else might like to point out the ones I missed.
... )
Mugtop coffee filters
- Check out the Melitta One Cup Coffee maker, fits on top of most any cup
- Bodum makes a one cup travel French Press
Vending machines with hot and cold drinks
- In the UK they have the KLIX 450 hot and cold drink vending machine
2D barcodes (see QR Codes)
- Many shipping companies all over the world use 2-D matrix codes
Replica plastic food for restaurant displays (think about it
- Many companies around the world make plastic food, like Fax Foods, Inc in California. I have not seen much of it used in restaurants where I've been, but it might be a socialogical reason rather than the "good idea" not being available.
A fast and efficient rail network
- France, Switzerland, Germany, many other places
Could you explain what you mean by tainted in these scenarios? For both the search "Open Exchange" and the search "Open Exchange and Linux" I get results I think are reasonable.
To say that the results are tainted implies to me that the software adjusts results in an abritrary manner set by a human who wishes to censor content or promote unrelated content. That's a pretty strong accusation based on two searches (with which I don't see a problem) and not knowing the implementation. Perhaps with enough data points, some facets of the implementation become apparent and a stronger case can be made, but I don't see that here.
Hm, I get:
Results 1-5 of about 5 containing "deander2"
The fact that they put a static text "about" doesn't bother me too much, and it appears they fixed the static "1-10" which did bother me.
Yes, we get Stock Awards, purchase price of $0, and ESPP (Employee Stock Purchase Plan) to buy at a discount up to a certain precenage of your annual salary. The awards are for signing up and then each review cycle for good performance.
Pretty depressing. Let me life people's spirits. I work for a large software company. I love my job. The code I write is new and interesting, real R&D. My teamates are almost all bi-lingual, many tri-lingual or better. Our meetings are few. I can close the door to my office and write code however I want. We have little paper shuffling. Direction comes down from the top, status goes up from the bottom, and ideas come from anywhere in the organization. The tools we use are our own business, whatever makes us most productive. Our hours are flexible. The projects are challenging. Our pay is above average and the benefits are in the top tier of companies nationwide. I love my job. It's nothing like that portrayed above. I guess it all depends on what you find.
I have two questions:
1) How are "voter wanted to know contact information for county clerks office" an "incident?" Was he denied the information?
2) How are calls to verify one is registered in King County, WA related to the Florida Primary?
What did the soldiers killed execution style in Iraq last weekend solve? Did anything change? Was there a huge outcry? Will it change the political situation of this country?
In the featured top connected schools, #15 went to Kansas State Uni. The image shows students and instructor using Table PCs. Tablets have great utility in education.
When the identity is broadcast when not demanded, people who have no right to demand your identity can see it. Do you want to carry something broadcasting your identity as say an American in the middle of a town in Iran, say during a time of anti-American protest?
I will agree if we are talking about consumer releases that it was only recently that home users could enjoy the benefits of file permissions. It's a hard to balance between providing protection and letting users do their work, considering most of them don't know how to configure file security.
Your reply had nothing to do with my comment to the parent posting, the gist of which was Windows XP has malware after a clean install from the CD.
"Of course, all this seems silly as linux has had proper file permission settings forever whereas Windows has just recently added that feature."
Windows has had proper file permission settings since Windows NT 3.5 shipped September 1994. Slackware 1.0 (I consider this the first viable installable distribution) shipped August 1993. That's a whole year different. Percentage wise, Linux has had proper file permission settings 10% longer than Windows.
Not to mention, Windows ACL are more fined grained than what most Linux distributions offer.
To preempt the argument that Windows defaults are insecure: I am comparing the technical abilities of the systems out of the box; which are the tools an administrator may use to configure what he feels are "proper file permission settings."
Fair enough, but I was replying to your statement "They get email with the viruses, and Outlooks actually does the runnning part of it. Come to think of it, Outlook does the downloading, too. But it's THOSE people's email, so it must be THEIR fault, or at least the fault of the people who sent the email, and definitly, certainly NOT Microsoft's fault, so there."
That statement was made in the present and it sounded to me like you were refutting Mr. Gates' comment by citing a current example. Mr. Gates was making a comment about the present.
I can agree with you about track records and them being based on the past, but I disagree with you using events of the past as if they are events of the present to refute a statement made about the present.