Sez who? Why with Google Earth:World of WarCraft edition, you can search for the nearest Gold Miners and Exp Exercisers and subcontract your boring work to them. And with Google Spy Satellite: WOW edition, you can keep tabs on your partners to make sure they're not having WOWSex.
You are ignorant. Show me one unmanned offshore oil rig, and I'll split the salvage rights with you.
The engineers on oil rigs 2 months/1month rotations (or similar).
Please don't come up with unsupportable examples.
Even more importantly - why the fuck are you guys so interested in doing extra overtime? If the equipment/situation is so critical, the organization should be paying for enough hands to cover the problem.
Please don't let dogma stop you from thinking critically, or, you know, actually going out to find out what the issue is. It is extremely easy to find out if the price of SMS messages should be elastic or not:
1) google 2) sms is text. text is data. What is the data rate? Why is sms treated differently from data? 3) why can't I get a sms->data and data->sms tool on phones?
And please, phone companies subsidize my phone usage by charging sms monkeys more? You're kidding right? Seriously?!
How can you tell? Was it caused by a lack of quality in their processes? Did some programmer post his private key in some hacker board? Without details, you simply can't tell.
Bleh. I've worked for multiple Fortune 100 companies, and for the most part, issues such as these do not make the radar of these companies. The most trouble you'll get is out of a few disgruntled users. Once a contract is signed, unless you pissed off the top brass, you typically have no problems.
OTOH, I'll disagree with you. Full disclosure means just that. At this point, they have not even said that they're going to disclose anything else, and it reflects poorly on you to go defend them.
So, you're saying your quality production filesystems include known bugs because other filesystems may have unknown bugs? When other filesystems not only do not have these bugs, but also do not have the bugs listed in the Criticism section in the wiki I had posted earlier?
I'm glad you don't work for me.
No wonder Microsoft is able to sew up the market like this. 65000 known issues in the release of windows 2000? *pshaw* It's just as good as other systems because the other systems have unknown bugs.
At first, I thought you were just being the devil's advocate.
But if you call the discussion on the Risks Digest as long rants without substance, then you are obviously a moron. Go enjoy sticking your head in the sand.
Before I terminate this conversation, I will point out one more thing. If you (or anyone reading this thread) ever want to find out more about why authenticode sucks, and why activex sucks (whether you personally click yes or no) from a security point of view, just use Google.
It is nearly impossible to hit this bug while useing the performance enhanced mode and even if you do hit it there is no data loss or security issues involved
I would never deploy a file system in production. I know of no sysadmin who would. And who says theres no data loss? You just lost the data that was going to be written to the second file.
Reiserfs has signicant issues, including the corruption that is possible when you store an image of the filesystem in the filesystem. Doesn't anyone read wiki anymore? http://en.wikipedia.org/wiki/ReiserFS and look for the Criticism section. HOW TO FUCK CAN THIS BE CONSIDERED PRODUCTION QUALITY?!
Good for you. But who's talking about you? If you tell me you never used Outlook in Preview mode, and you never click on any hotlinks in Outlook, and never Preview any attachments, how is Outlook insecure, I'll tell you good for you too. But Outlook is still an insecure piece of crap (well, not so much in 2008).
When I posted the links, I am talking about the actual design itself as being something that cannot be secured. Why do you keep telling me *YOU* don't do X. Do I care about what you do or do not do?
And yes ActiveX *IS* a security problem. There's no sandbox. If it is signed (and any stolen credit card can be used to "sign"/buy a cert - so where's that identity huh?), then any web page you go to can call an installed activex component.
Hence, the activex things that HP/Compaq and so on installed, that later turned out to have buffer overflows - well, guess what, any malicious page can check for, and call those locally installed activex components, and buffer overflow them, and you're owned.
In the past, it used to be that any signed activex will download automatically, unless you're browsing at the highest security level (oh yeah, even IE allows you to NOT let any activex run - why doesn't Chrome do that huh?) but I have no idea what Microsoft has done lately.
www.digicrime.com has some dated, but still useful criticisms of activex and authenticode
http://catless.ncl.ac.uk/php/risks/search.php?query=authenticode has Bob Atkinson saying really stupid things about Authenticode, and being slapped silly by anyone with anything more than a cursory interest in security. Microsoft basically said - we don't care about security - a broken screen saver has a higher priority than any security issues. And this is from the guy who is supposed to be in charged of designing a *SECURE SYSTEM*????????
Slashdot Mirror
2) It's a freaking terminal server. How many wireless terminal servers have you seen?
Sez who? Why with Google Earth:World of WarCraft edition, you can search for the nearest Gold Miners and Exp Exercisers and subcontract your boring work to them. And with Google Spy Satellite: WOW edition, you can keep tabs on your partners to make sure they're not having WOWSex.
And debugging threads is easy? Oh boy, talk about a crack pipe.
Unless you wrote your own wireless driver, I highly doubt so.
You are ignorant. Show me one unmanned offshore oil rig, and I'll split the salvage rights with you.
The engineers on oil rigs 2 months/1month rotations (or similar).
Please don't come up with unsupportable examples.
Even more importantly - why the fuck are you guys so interested in doing extra overtime? If the equipment/situation is so critical, the organization should be paying for enough hands to cover the problem.
The nuclear station that went down due to slammer wasn't because they did not have firewalls.
Typically, it's the authorized users who're the biggest problems.
Please don't let dogma stop you from thinking critically, or, you know, actually going out to find out what the issue is. It is extremely easy to find out if the price of SMS messages should be elastic or not:
1) google
2) sms is text. text is data. What is the data rate? Why is sms treated differently from data?
3) why can't I get a sms->data and data->sms tool on phones?
And please, phone companies subsidize my phone usage by charging sms monkeys more? You're kidding right? Seriously?!
It depends on how pregnant that Bristol is.
OK, bad bad taste. My coat's the one full of shot.
He has a book out on it...
gdr
How can you tell? Was it caused by a lack of quality in their processes? Did some programmer post his private key in some hacker board? Without details, you simply can't tell.
Bleh. I've worked for multiple Fortune 100 companies, and for the most part, issues such as these do not make the radar of these companies. The most trouble you'll get is out of a few disgruntled users. Once a contract is signed, unless you pissed off the top brass, you typically have no problems.
OTOH, I'll disagree with you. Full disclosure means just that. At this point, they have not even said that they're going to disclose anything else, and it reflects poorly on you to go defend them.
Wow. You should be working in the elections - why debate the issues when you dismiss a person.
Even better - redhat might suck, but all the other companies suck even more, so it's still ok...
I have just lost a little more hope in this world.
So, you're saying your quality production filesystems include known bugs because other filesystems may have unknown bugs? When other filesystems not only do not have these bugs, but also do not have the bugs listed in the Criticism section in the wiki I had posted earlier?
I'm glad you don't work for me.
No wonder Microsoft is able to sew up the market like this. 65000 known issues in the release of windows 2000? *pshaw* It's just as good as other systems because the other systems have unknown bugs.
OK, so I made a typo. "I would never deploy this file system in production."
Happy now?
At first, I thought you were just being the devil's advocate.
But if you call the discussion on the Risks Digest as long rants without substance, then you are obviously a moron. Go enjoy sticking your head in the sand.
Before I terminate this conversation, I will point out one more thing. If you (or anyone reading this thread) ever want to find out more about why authenticode sucks, and why activex sucks (whether you personally click yes or no) from a security point of view, just use Google.
It is nearly impossible to hit this bug while useing the performance enhanced mode and even if you do hit it there is no data loss or security issues involved
I would never deploy a file system in production. I know of no sysadmin who would. And who says theres no data loss? You just lost the data that was going to be written to the second file.
Reiserfs has signicant issues, including the corruption that is possible when you store an image of the filesystem in the filesystem. Doesn't anyone read wiki anymore? http://en.wikipedia.org/wiki/ReiserFS and look for the Criticism section. HOW TO FUCK CAN THIS BE CONSIDERED PRODUCTION QUALITY?!
because it is nearly impossible to hit this bug
Is this the current standard for a
?
Good for you. But who's talking about you? If you tell me you never used Outlook in Preview mode, and you never click on any hotlinks in Outlook, and never Preview any attachments, how is Outlook insecure, I'll tell you good for you too. But Outlook is still an insecure piece of crap (well, not so much in 2008).
When I posted the links, I am talking about the actual design itself as being something that cannot be secured. Why do you keep telling me *YOU* don't do X. Do I care about what you do or do not do?
can't put some combinations of files into a directory
IDGI. How is that
"production quality filesystem"
Which would imply a security hole in them, and not in ActiveX
You need to educate yourself on Authenticode first before discussing whether ActiveX is insecure by design. I have already posted the links.
Does not seem to be a way to disable currently.
And yes ActiveX *IS* a security problem. There's no sandbox. If it is signed (and any stolen credit card can be used to "sign"/buy a cert - so where's that identity huh?), then any web page you go to can call an installed activex component.
Hence, the activex things that HP/Compaq and so on installed, that later turned out to have buffer overflows - well, guess what, any malicious page can check for, and call those locally installed activex components, and buffer overflow them, and you're owned.
In the past, it used to be that any signed activex will download automatically, unless you're browsing at the highest security level (oh yeah, even IE allows you to NOT let any activex run - why doesn't Chrome do that huh?) but I have no idea what Microsoft has done lately.
www.digicrime.com has some dated, but still useful criticisms of activex and authenticode
http://catless.ncl.ac.uk/php/risks/search.php?query=authenticode has Bob Atkinson saying really stupid things about Authenticode, and being slapped silly by anyone with anything more than a cursory interest in security. Microsoft basically said - we don't care about security - a broken screen saver has a higher priority than any security issues. And this is from the guy who is supposed to be in charged of designing a *SECURE SYSTEM*????????
So, JUST SAY NO to ActiveX
Since I believe ActiveX to have shitty security, why would I be using that or want to use that?
Since you wouldn't be using it, why do you care that it exists in the browser?
Are you being deliberately thick? If ActiveX is a security problem, having it in your browser makes your browser insecure.
Riiiiiiight.
That's why we see Nintendo rushing in to drop the price on Wii.
You also believe that even though you lose money on each unit, but you can make it up on volume, right?
Since I believe ActiveX to have shitty security, why would I be using that or want to use that?
And yes, it should refuse to support it. After all, it's not going to support it on linux and osx. Why should it cripple itself on windows?
Does it matter how good or bad it is, when you type in:
about:plugins
and the first thing you see is:
ActiveX Plug-in
File name: activex-shim
ActiveX Plug-in provides a shim to support ActiveX controls