Hrm, interesting. So you say you want to shut out the foreign workers? I think what will happen then is something like this: I can't hire in the US because I do not find the people, so I will not only give the job to a person of foreign origin but no, I will also ship the whole job overseas. And with it I will ship all the wages that this foreigner would have spent in the US. Well done. Wake up dude!
You must live close to a distribution center. So you already have a good deal, you do not need this one. As others pointed out, everyone should decide whether this is a good deal for them or not.
Normally the people who'd fall for these scams remove themselves from the Genepool (www.darwinawards.com), but sometimes Darwin sends them off to Nigeria, first.
Well, you actually can do the same thing with SRP, but it is harder to maintain. You can set your default rule to disallow all and make exceptions (like trusting a certain number of certs). Follow the link that I posted in my previous post and read through it. It is pretty neat technology and for managed environments extremely powerful. But it is a lot of work to maintain a "disallow all" environment for machines that change a lot like a home machine.
No, this is not true. What you do is you explicitly distrust a certificate for example from Gator. You do not distrust the Root Certificate (for example from Verisign). So this only affects software that was signed with the gator Cert. I sure don't hope that you install device drivers from Gator...
In Windows XP there is a feature called Software Restriction Policies (SRP, see here). This feature allows you to deny software to run based on Certificates (and Path, and Hash, and Zone for MSI). Since all the Spyware installers use signed Active-X "drive-by" installers this is an effective way to kill them. This, however, is an arms race. You need to collect the certs you want to invalidate first (upon first encounter of a spyware safe their cert into a file and disallow it). You can find the feature in Control Panel->Administrative Tools->Local Security Policy. Have fun!
If Windows would do this to your drive there would be a public outcry. Here on/. it is more like "ah well, shit happens, it's mentioned in the errata so suck it up and get over it".
Hmmmm, when I go to redhat.com I count 56 Patches (give or take one or two in case I did not count correctly) for this year across all kinds of programs(applicable to RH9 though, but Netscape for example is absent). Now when I go to microsoft.com/security the current count is 45. And this also includes lots of Programs like SQL and other Operating Systems(!)etc. So, hmmm, I would say that Redhat looses that game if you just count. I would happily do the same counting if RHE 3 was not brand new and has no entry on RH's security page. However, you cannot just count security vulnerabilities. That does not get you anywhere. But, IMHO, I would not state that Linux is necessarily more secure. There are plenty of wholes there, too.
Now, congratulations to the Chinese to jumping over this first hurdle of space exploration, but as the article also points out, their designs are based on 36 year old designs (with some upgrades). Now that this is done, how fast will they advance? Can they move full steam ahead, go to the Moon, to Mars, etc? Or will it take them another 15 years to do the next step?
I AM MR. DARL MCBRIDE CURRENTLY SERVING AS THE PRESIDENT AND CHIEF EXECUTIVE OFFICER OF THE SCO GROUP, FORMERLY KNOWN AS CALDERA SYSTEMS INTERNATIONAL, IN LINDON, UTAH, UNITED STATES OF AMERICA. I KNOW THIS LETTER MIGHT SURPRISE YOUR BECAUSE WE HAVE HAD NO PREVIOUS COMMUNICATIONS OR BUSINESS DEALINGS BEFORE NOW.
MY ASSOCIATES HAVE RECENTLY MADE CLAIM TO COMPUTER SOFTWARES WORTH AN ESTIMATED $1 BILLION U.S. DOLLARS. I AM WRITING TO YOU IN CONFIDENCE BECAUSE WE URGENTLY REQUIRE YOUR ASSISTANCE TO OBTAIN THESE FUNDS.
IN THE EARLY 1970S THE AMERICAN TELEPHONE AND TELEGRAPH CORPORATION DEVELOPED AT GREAT EXPENSE THE COMPUTER OPERATING SYSTEM SOFTWARE KNOWN AS UNIX. UNFORTUNATELY THE LAWS OF MY COUNTRY PROHIBITED THEM FROM SELLING THESE SOFTWARES AND SO THEIR VALUABLE SOURCE CODES REMAINED PRIVATELY HELD. UNDER A SPECIAL ARRANGMENT SOME PROGRAMMERS FROM THE CALIFORNIA UNIVERSITY OF BERKELEY DID ADD MORE CODES TO THIS OPERATING SYSTEM, INCREASING ITS VALUE, BUT NOT IN ANY WAY TO DILUTE OR DISPARAGE OUR FULL AND RIGHTFUL OWNERSHIP OF THESE CODES, DESPITE ANY AGREEMENT BETWEEN AMERICAN TELEPHONE AND TELEGRAPH AND THE CALIFORNIA UNIVERSITY OF BERKELEY, WHICH AGREEMENT WE DENY AND DISAVOW.
IN THE YEAR 1984 A CHANGE OF REGIME IN MY COUNTRY ALLOWED THE AMERICAN TELEPHONE AND TELEGRAPH CORPORATION TO MAKE PROFITS FROM THESE SOFTWARES.
IN THE YEAR 1990 OWNERSHIP OF THESE SOFTWARES WAS TRANSFERRED TO THE CORPORATION UNIX SYSTEM LABORATORIES. IN THE YEAR 1993 THIS CORPORATION WAS SOLD TO THE CORPORATION NOVELL. IN THE YEAR 1994 SOME EMPLOYEES OF
NOVELL FORMED THE CORPORATION CALDERA SYSTEMS INTERNATIONAL, WHICH
BEGAN TO DISTRIBUTE AN UPSTART OPERATING SYSTEM KNOWN AS LINUX. IN THE YEAR 1995 NOVELL SOLD THE UNIX SOFTWARE CODES TO SCO. IN THE YEAR 2001 OCCURRED A SEPARATION OF SCO, AND THE SCO BRAND NAME AND UNIX CODES WERE ACQUIRED BY THE CALDERA SYSTEMS INTERNATIONAL, AND IN THE FOLLOWING YEAR THE CALDERA SYSTEMS INTERNATIONAL WAS RENAMED SCO GROUP, OF WHICH I CURRENTLY SERVE AS CHIEF EXECUTIVE OFFICER.
MY ASSOCIATES AND I OF THE SCO GROUP ARE THEREFORE THE FULL AND RIGHTFUL OWNERS OF THE OPERATING SYSTEM SOFTWARES KNOWN AS UNIX. OUR ENGINEERS HAVE DISCOVERED THAT NO FEWER THAN SEVENTY (70) LINES OF OUR VALUABLE AND PROPRIETARY SOURCE CODES HAVE APPEARED IN THE UPSTART OPERATING SYSTEM LINUX. AS YOU CAN PLAINLY SEE, THIS GIVES US A CLAIM ON THE MILLIONS OF LINES OF VALUABLE SOFTWARE CODES WHICH COMPRISE THIS LINUX AND WHICH HAS BEEN SOLD AT GREAT PROFIT TO VERY MANY BUSINESS ENTERPRISES. OUR LEGAL EXPERTS HAVE ADVISED US THAT OUR CONTRIBUTION TO THESE CODES IS WORTH AN ESTIMATED ONE (1) BILLION U.S. DOLLARS.
UNFORTUNATELY WE ARE HAVING DIFFICULTY EXTRACTING OUR FUNDS FROM THESE COMPUTER SOFTWARES. TO THIS EFFECT I HAVE BEEN GIVEN THE MANDATE BY MY COLLEAGUES TO CONTACT YOU AND ASK FOR YOUR ASSISTANCE. WE ARE PREPARED TO SELL YOU A SHARE IN THIS ENTERPRISE, WHICH WILL SOON BE VERY PROFITABLE, THAT WILL GRANT YOU THE RIGHTS TO USE THESE VAULABLE SOFTWARES IN YOUR BUSINESS ENTERPRISE. UNFORTUNATELY WE ARE NOT ABLE AT THIS TIME TO SET A PRICE ON THESE RIGHTS. THEREFORE IT IS OUR RESPECTFUL SUGGESTION, THAT YOU MAY BE IMMEDIATELY A PARTY TO THIS ENTERPRISE, BEFORE OTHERS ACCEPT THESE LUCRATIVE TERMS, THAT YOU SEND US THE NUMBER OF A BANKING ACCOUNT WHERE WE CAN WITHDRAW FUNDS OF A SUITABLE AMOUNT TO GUARANTEE YOUR PARTICIPATION IN THIS ENTERPRISE. AS AN ALTERNATIVE YOU MAY SEND US THE NUMBER AND EXPIRATION DATE OF YOUR MAJOR CREDIT CARD, OR YOU MAY SEND TO US A SIGNED CHECK FROM YOUR BANKING ACCOUNT PAYABLE TO "SCO GROUP" AND WITH THE AMOUNT LEFT BLANK FOR US TO CONVENIENTLY SUPPLY.
KINDLY TREAT THIS REQUEST AS VERY IMPORTANT AND STRICTLY CONFIDENTIAL. I HONESTLY ASSURE YOU THAT THIS TRANSACTION IS 100% LEGAL AND RISK-FREE.
Windows 2000 was certified at Level 4 vs. Level 2 for Linux. While it is a start, Linux has still(!) not achieved CC evaluation at the same standard as Windows.
It all started with David Chaum's DigiCash and it was very promising. The patents and the technology however are owned by InfoSpace today and are collecting dust. The Blind Signature patent will become available soon, though, and somebody might pick it up. Then there was CyberCash (with Cybercoin), and they went belly up. Then there was Millicent, they died, too. Amir Herzberg (see here) used to be very active in the space but also gave up. Then there was Stefan Brands' system (see here) which never really saw the light in an implementation. Stefan used to work at DigiCash with Chaum (but they did not really mix) and then moved on to ZeroKnowledge where he left from a couple of years ago. This is just a brief recollection of things, I am sure I missed a lot, but they all failed. And this should tell us something...
Head... Will... Explode... Flashback... 199x... Internet Bubble... Nooooooooooooooooooooooooooooooooooooooo, leave me alone. Do NOT EVER TRY A MICROPAYMENT A G A I N! Just don't.
Ah well, it only took so long for the first H1-B troll to show up. I will bite then...
H1-B: First of all, you are mixing two things in your post. H1-B (temporary workers) and Outsourcing to a foreign country. Let's go one by one: You are competing on a global scale against other, qualified applicants. They are supposed (and yes I am sure there are black sheep who do not follow the rules) to be paid at an equivalent rate and I have to say that this is at least true for the company I work at. At this large IT company people who interview candidates are not allowed to ask them about their legal status (and you'd be in deep shit if you'd do), this is totally in the hand of HR. Money however is handled by the hiring manager who does not know what status the applicant has (H1, Green Card, Citizen). Hence there is pretty little room to hire "for cheap", you just hire the best. Period. And if you cannot compete, well, tough luck. Now over to outsourcing. This IMHO is indeed a scary trend that is going to bite back. Some people already mentioned "your employees are your own customers on an economic scale", there are also quality issues. It is hard to follow up with bugs, design issues, etc. The company I work for does most of the design here in the US and very small parts are outsourced. This is ok on a small scale but if this catches on...
are Software Restriction Policies (SRP). These policies allow an admin to manage software execution based on for example the hash of the binary. AFAIK they were first introduced with Windows XP (see here).
While I agree with your post it is not true that H1's cannot look for another job. An H1 Visa is transferable. The hiring company just has to go through the same paperwork and you are hired. You do not have to leave the country.
Opera knew earlier about them. From a Bugtraq post: For the five advisories posted today concerning Opera 7, I have not seen and information on when and how Opera Software was notified of the problems, and if they were/when planning for a fixed release.
I would like to throw in another mechanism to inoculate yourself against this and other ones. It is a little bit of a catch-up game though. When you encounter one of these nasties for the first time (and you get the dialogue where you can choose to trust this cert) take the cert and export it into a file. Now go to Local Security Policies (in Administrative Tools) and create a so-called Software Restriction Policy. Choose a cert rule, browse to the cert you saved earlier, and create a disallowed rule. Now if you encounter anything from for example Gator Inc. again that was signed using the same cert (and they only have a limited number of those) it will never be allowed.
Slashdot Mirror
Hrm, interesting. So you say you want to shut out the foreign workers? I think what will happen then is something like this: I can't hire in the US because I do not find the people, so I will not only give the job to a person of foreign origin but no, I will also ship the whole job overseas. And with it I will ship all the wages that this foreigner would have spent in the US. Well done. Wake up dude!
You can also go to Amazon and donate from there.
Building 40 is (or used to be?) the home of networking and other core groups. No better place to start a Virus infection than in networking, no?
You must live close to a distribution center. So you already have a good deal, you do not need this one. As others pointed out, everyone should decide whether this is a good deal for them or not.
Normally the people who'd fall for these scams remove themselves from the Genepool (www.darwinawards.com), but sometimes Darwin sends them off to Nigeria, first.
Well, you actually can do the same thing with SRP, but it is harder to maintain. You can set your default rule to disallow all and make exceptions (like trusting a certain number of certs). Follow the link that I posted in my previous post and read through it. It is pretty neat technology and for managed environments extremely powerful. But it is a lot of work to maintain a "disallow all" environment for machines that change a lot like a home machine.
No, this is not true. What you do is you explicitly distrust a certificate for example from Gator. You do not distrust the Root Certificate (for example from Verisign). So this only affects software that was signed with the gator Cert. I sure don't hope that you install device drivers from Gator ...
In Windows XP there is a feature called Software Restriction Policies (SRP, see here). This feature allows you to deny software to run based on Certificates (and Path, and Hash, and Zone for MSI). Since all the Spyware installers use signed Active-X "drive-by" installers this is an effective way to kill them. This, however, is an arms race. You need to collect the certs you want to invalidate first (upon first encounter of a spyware safe their cert into a file and disallow it). You can find the feature in Control Panel->Administrative Tools->Local Security Policy. Have fun!
If Windows would do this to your drive there would be a public outcry. Here on /. it is more like "ah well, shit happens, it's mentioned in the errata so suck it up and get over it".
Hmmmm, when I go to redhat.com I count 56 Patches (give or take one or two in case I did not count correctly) for this year across all kinds of programs(applicable to RH9 though, but Netscape for example is absent). Now when I go to microsoft.com/security the current count is 45. And this also includes lots of Programs like SQL and other Operating Systems(!)etc. So, hmmm, I would say that Redhat looses that game if you just count. I would happily do the same counting if RHE 3 was not brand new and has no entry on RH's security page. However, you cannot just count security vulnerabilities. That does not get you anywhere. But, IMHO, I would not state that Linux is necessarily more secure. There are plenty of wholes there, too.
My $.02
Now, congratulations to the Chinese to jumping over this first hurdle of space exploration, but as the article also points out, their designs are based on 36 year old designs (with some upgrades). Now that this is done, how fast will they advance? Can they move full steam ahead, go to the Moon, to Mars, etc? Or will it take them another 15 years to do the next step?
DEAR SIR/MADAM:
I AM MR. DARL MCBRIDE CURRENTLY SERVING AS THE PRESIDENT AND CHIEF EXECUTIVE OFFICER OF THE SCO GROUP, FORMERLY KNOWN AS CALDERA SYSTEMS INTERNATIONAL, IN LINDON, UTAH, UNITED STATES OF AMERICA. I KNOW THIS LETTER MIGHT SURPRISE YOUR BECAUSE WE HAVE HAD NO PREVIOUS COMMUNICATIONS OR BUSINESS DEALINGS BEFORE NOW.
MY ASSOCIATES HAVE RECENTLY MADE CLAIM TO COMPUTER SOFTWARES WORTH AN ESTIMATED $1 BILLION U.S. DOLLARS. I AM WRITING TO YOU IN CONFIDENCE BECAUSE WE URGENTLY REQUIRE YOUR ASSISTANCE TO OBTAIN THESE FUNDS.
IN THE EARLY 1970S THE AMERICAN TELEPHONE AND TELEGRAPH CORPORATION DEVELOPED AT GREAT EXPENSE THE COMPUTER OPERATING SYSTEM SOFTWARE KNOWN AS UNIX. UNFORTUNATELY THE LAWS OF MY COUNTRY PROHIBITED THEM FROM SELLING THESE SOFTWARES AND SO THEIR VALUABLE SOURCE CODES REMAINED PRIVATELY HELD. UNDER A SPECIAL ARRANGMENT SOME PROGRAMMERS FROM THE CALIFORNIA UNIVERSITY OF BERKELEY DID ADD MORE CODES TO THIS OPERATING SYSTEM, INCREASING ITS VALUE, BUT NOT IN ANY WAY TO DILUTE OR DISPARAGE OUR FULL AND RIGHTFUL OWNERSHIP OF THESE CODES, DESPITE ANY AGREEMENT BETWEEN AMERICAN TELEPHONE AND TELEGRAPH AND THE CALIFORNIA UNIVERSITY OF BERKELEY, WHICH AGREEMENT WE DENY AND DISAVOW.
IN THE YEAR 1984 A CHANGE OF REGIME IN MY COUNTRY ALLOWED THE AMERICAN TELEPHONE AND TELEGRAPH CORPORATION TO MAKE PROFITS FROM THESE SOFTWARES.
IN THE YEAR 1990 OWNERSHIP OF THESE SOFTWARES WAS TRANSFERRED TO THE CORPORATION UNIX SYSTEM LABORATORIES. IN THE YEAR 1993 THIS CORPORATION WAS SOLD TO THE CORPORATION NOVELL. IN THE YEAR 1994 SOME EMPLOYEES OF
NOVELL FORMED THE CORPORATION CALDERA SYSTEMS INTERNATIONAL, WHICH
BEGAN TO DISTRIBUTE AN UPSTART OPERATING SYSTEM KNOWN AS LINUX. IN THE YEAR 1995 NOVELL SOLD THE UNIX SOFTWARE CODES TO SCO. IN THE YEAR 2001 OCCURRED A SEPARATION OF SCO, AND THE SCO BRAND NAME AND UNIX CODES WERE ACQUIRED BY THE CALDERA SYSTEMS INTERNATIONAL, AND IN THE FOLLOWING YEAR THE CALDERA SYSTEMS INTERNATIONAL WAS RENAMED SCO GROUP, OF WHICH I CURRENTLY SERVE AS CHIEF EXECUTIVE OFFICER.
MY ASSOCIATES AND I OF THE SCO GROUP ARE THEREFORE THE FULL AND RIGHTFUL OWNERS OF THE OPERATING SYSTEM SOFTWARES KNOWN AS UNIX. OUR ENGINEERS HAVE DISCOVERED THAT NO FEWER THAN SEVENTY (70) LINES OF OUR VALUABLE AND PROPRIETARY SOURCE CODES HAVE APPEARED IN THE UPSTART OPERATING SYSTEM LINUX. AS YOU CAN PLAINLY SEE, THIS GIVES US A CLAIM ON THE MILLIONS OF LINES OF VALUABLE SOFTWARE CODES WHICH COMPRISE THIS LINUX AND WHICH HAS BEEN SOLD AT GREAT PROFIT TO VERY MANY BUSINESS ENTERPRISES. OUR LEGAL EXPERTS HAVE ADVISED US THAT OUR CONTRIBUTION TO THESE CODES IS WORTH AN ESTIMATED ONE (1) BILLION U.S. DOLLARS.
UNFORTUNATELY WE ARE HAVING DIFFICULTY EXTRACTING OUR FUNDS FROM THESE COMPUTER SOFTWARES. TO THIS EFFECT I HAVE BEEN GIVEN THE MANDATE BY MY COLLEAGUES TO CONTACT YOU AND ASK FOR YOUR ASSISTANCE. WE ARE PREPARED TO SELL YOU A SHARE IN THIS ENTERPRISE, WHICH WILL SOON BE VERY PROFITABLE, THAT WILL GRANT YOU THE RIGHTS TO USE THESE VAULABLE SOFTWARES IN YOUR BUSINESS ENTERPRISE. UNFORTUNATELY WE ARE NOT ABLE AT THIS TIME TO SET A PRICE ON THESE RIGHTS. THEREFORE IT IS OUR RESPECTFUL SUGGESTION, THAT YOU MAY BE IMMEDIATELY A PARTY TO THIS ENTERPRISE, BEFORE OTHERS ACCEPT THESE LUCRATIVE TERMS, THAT YOU SEND US THE NUMBER OF A BANKING ACCOUNT WHERE WE CAN WITHDRAW FUNDS OF A SUITABLE AMOUNT TO GUARANTEE YOUR PARTICIPATION IN THIS ENTERPRISE. AS AN ALTERNATIVE YOU MAY SEND US THE NUMBER AND EXPIRATION DATE OF YOUR MAJOR CREDIT CARD, OR YOU MAY SEND TO US A SIGNED CHECK FROM YOUR BANKING ACCOUNT PAYABLE TO "SCO GROUP" AND WITH THE AMOUNT LEFT BLANK FOR US TO CONVENIENTLY SUPPLY.
KINDLY TREAT THIS REQUEST AS VERY IMPORTANT AND STRICTLY CONFIDENTIAL. I HONESTLY ASSURE YOU THAT THIS TRANSACTION IS 100% LEGAL AND RISK-FREE.
Windows 2000 was certified at Level 4 vs. Level 2 for Linux. While it is a start, Linux has still(!) not achieved CC evaluation at the same standard as Windows.
It all started with David Chaum's DigiCash and it was very promising. The patents and the technology however are owned by InfoSpace today and are collecting dust. The Blind Signature patent will become available soon, though, and somebody might pick it up. Then there was CyberCash (with Cybercoin), and they went belly up. Then there was Millicent, they died, too. Amir Herzberg (see here) used to be very active in the space but also gave up. Then there was Stefan Brands' system (see here) which never really saw the light in an implementation. Stefan used to work at DigiCash with Chaum (but they did not really mix) and then moved on to ZeroKnowledge where he left from a couple of years ago. This is just a brief recollection of things, I am sure I missed a lot, but they all failed. And this should tell us something ...
DigiCash's eCash, CyberCash's CyberCoin, Millicent, nCash (NTT), Paybox, ...
... Will ... Explode ... Flashback ... 199x ... Internet Bubble ...
Head
Nooooooooooooooooooooooooooooooooooooooo, leave me alone. Do NOT EVER TRY A MICROPAYMENT A G A I N! Just don't.
Ah well, it only took so long for the first H1-B troll to show up. I will bite then ...
...
H1-B: First of all, you are mixing two things in your post. H1-B (temporary workers) and Outsourcing to a foreign country. Let's go one by one: You are competing on a global scale against other, qualified applicants. They are supposed (and yes I am sure there are black sheep who do not follow the rules) to be paid at an equivalent rate and I have to say that this is at least true for the company I work at. At this large IT company people who interview candidates are not allowed to ask them about their legal status (and you'd be in deep shit if you'd do), this is totally in the hand of HR. Money however is handled by the hiring manager who does not know what status the applicant has (H1, Green Card, Citizen). Hence there is pretty little room to hire "for cheap", you just hire the best. Period. And if you cannot compete, well, tough luck.
Now over to outsourcing. This IMHO is indeed a scary trend that is going to bite back. Some people already mentioned "your employees are your own customers on an economic scale", there are also quality issues. It is hard to follow up with bugs, design issues, etc. The company I work for does most of the design here in the US and very small parts are outsourced. This is ok on a small scale but if this catches on
My $.02
This is what disassemblers were made for ...
G-Spotting. Hmmm, that certainly is some sort of game ...
are Software Restriction Policies (SRP). These policies allow an admin to manage software execution based on for example the hash of the binary. AFAIK they were first introduced with Windows XP (see here).
Hushmail has a challenge/response mechanism for quite a while now. And it works remarkably well ...
While I agree with your post it is not true that H1's cannot look for another job. An H1 Visa is transferable. The hiring company just has to go through the same paperwork and you are hired. You do not have to leave the country.
Opera knew earlier about them. From a Bugtraq post:
4 e4 c94d7495e8166839fd2b242753&threadid=10657
For the five advisories posted today concerning Opera 7, I have not seen and information on when and how Opera Software was notified of the problems, and if they were/when planning for a fixed release.
Alright, after reading:
http://my.opera.com/forums/showthread.php?s=903
and:
http://theregister.co.uk/content/55/29177.html
It looks like Opera Software was notified 1/31, and asked for the announcement to be delayed until 1/6.
Was there a good reason to post the vulnerabilities today rather than thursday?
I can certainly makes those available. Leave me a way to contact you and maybe you can set up a page or something.
I would like to throw in another mechanism to inoculate yourself against this and other ones. It is a little bit of a catch-up game though. When you encounter one of these nasties for the first time (and you get the dialogue where you can choose to trust this cert) take the cert and export it into a file. Now go to Local Security Policies (in Administrative Tools) and create a so-called Software Restriction Policy. Choose a cert rule, browse to the cert you saved earlier, and create a disallowed rule. Now if you encounter anything from for example Gator Inc. again that was signed using the same cert (and they only have a limited number of those) it will never be allowed.
So you are telling me that you did not do your job earlier and did not patch your boxes with patches that are many, many months old?