Gruber is probably somewhat biased in favour of the Mac as a platform but certainly has no compunctions about taking Apple to task for their flaws either.
"if these guys can find holes in a few hours, why can't Apple?"
David Maynor has a track record as a publicity whore first and legitimate security researcher second, so whether Maynor has actually found as many bugs as he claims to have found here is up for debate until he provides some more substantial proof. He also has a giant ax to grind after Apple embarrassed him in the AirPort bug fiasco. I'd take anything he says with a grain of salt until he gives me ample reason to trust him again.
Nice policy, by the way: find bugs and don't ever report them to Apple. Because last time you claimed to have reported a bug, Apple exposed you as a liar, so now you just don't bother. That's brilliant. We need more people in the world with that kind of attitude. And Maynor wonders why people don't take him seriously as a "security researcher". The Blogspot-based announcement doesn't help either. That's like your company e-mail address being @hotmail.com.
Thor Larholm, on the other hand, may well have found a legitimate bug. What with this being beta software and all, that's not too incredibly surprising. Equally serious bugs have been found in release versions of Firefox and IE, so I'm not sure what the big deal is here. If Safari 3 ships with these vulnerabilities still unfixed, then people should worry.
You're telling me that some Christians believe in evolution? Hmm, so if you're willing to compromise on evolution, why not gay marriage?
Some Christians -- in my experience, those who believe that evolution is a perfectly valid explanation for how we got here -- are also willing to compromise on gay marriage. Those who are unwilling to compromise on evolution are also generally those unwilling to tolerate the concept of "marriage" involving two *people* who agree to love each other unconditionally and without end, without specifying the genders of the people involved.
This seems like a very bad strawman argument thrown out for marginal comedic effect, which is fine if that's all it is, but if you're serious, you didn't think it through very well. I hate to ruin the joke, but I had to say something.
The end result is that people will still be spending more time in airliners.
You make it sound like routing around a thunderstorm actually adds a significant amount of time to the flight, as compared to spending several hours on the ground waiting for the weather at a destination to clear up.
For en-route weather, the additional time spent in flight is minimal (on the order of seconds to a few minutes, occasionally as much as 10-15 minutes). For weather at the destination airport, there isn't anything that can be done once the holding fuel is burned anyway -- the flight has to divert to its alternate unless the destination airport has become an option (not the case most of the time).
This software will not affect the amount of time people spend in the airplane at the alternate one bit. Yes, it may increase the time they spend *airborne* by some immeasurably small percentage, but it's more likely to *decrease* the overall time spent in the aircraft, since its whole purpose is to reduce ground delays at the departure airport.
Disclaimer: I work in the industry, so I might possibly have a clue what I'm talking about.
Call me ignorant, but I thought laws were intended to protect somebody/something. Specifically, in this case, the law clearly seems to be intended to protect the owner of the wireless network from malicious activity. If the owner of the coffee shop didn't feel wronged, why is the prosecutor still pressing charges? This law isn't protecting anyone from anything in this case, especially since neither the cop nor the store owner had any idea there was any law being broken.
It also bothers me tremendously that the police chief felt the need to find a law against this and charge the guy with *something*. I know the Sparta area, and I'm pretty sure the chief of police has better things to do with his time, like, say, investigate local citizens who murder their friends with an ax and videotape the whole thing, and then show the videotape to another friend six months later. (I shit you not, this actually happened there about eight years ago or so.) Western Michigan in general also has a huge meth problem. I'm sure there are some local meth cooks who need a shakedown. Go after them.
I wouldn't exactly call it "bragging", especially in light of the other sections on that page wherein he explains quite thoroughly the wikistalker element that no one has yet mentioned. I've been active on WP for 2.5 years now, and I remember Essjay from way back. I wouldn't say we've ever had much interaction, but I remember the username, and while I'm nowhere near as active as he is, I don't recall him ever using his fake credentials as an argument in support of a decision of any kind. The credentials appear to have been used entirely as a cover for real life so that the crazy stalker portion of society (which seems to be more prominent online; go figure!) wouldn't be able to track him down.
Do I agree with hiding your identity in the way that he did? Not really -- why not just claim you're a 24-year-old living in your parents' basement in Nevada? It's no less believable than saying the same about Kentucky.;)
Do I have a problem with what he did? Not really.
Slashdot is, as usual, blowing this WAY out of proportion. The only thing that's even remotely "wrong" about this is that he claimed academic credentials he didn't have. If nothing else, it shows a lack of respect for the effort required to gain a PhD, but that's hardly worthy of a story on Slashdot (or any other news site).
According to Johnny's own post, this bug a) requires a netcat UDP listener on the victim box; and b) requires TWO Wi-Fi cards to be installed on the victim box.
Oh, and c) can only be used (so far as we know right now) to trigger a crash, nothing more.
So how is this news again? Honestly, what are the odds the above configuration can be achieved, either by malicious attack or by social engineering? I'll be the first to admit I'm no security expert, but from what he's just described, the absolute worst-case we're looking at here is a crash, and even triggering that requires me to run untrusted software AND hardware on my machine!
This is a complete crock. There's no news story here. Hell, the uproar that drunkenbatman caused a while back with his Safari Image of Doom was more warranted.
The best part about those complainants on OS X is that IE 4 doesn't even *run* on OS X, and never has (unless that guy is trying to run IE 4 in Classic, which must be unbelievably painful to watch).
I'd say you can safely ignore anyone running IE on a Mac. Seriously, the last major update for IE on the Mac was in 2002. If you can't be arsed to update even once in four years (to a FREE piece of software, no less!), then you probably can't be arsed to buy my product/service that I'm advertising on my site, so I don't want you for a customer anyway.
Then again, I'm a crusty developer type with the luxury of not giving half a crap about whether I'm breaking a site for IE users. I've been known to break sites for IE users intentionally, in fact, which is something the Web could really use a lot more of.
Whether he wanted it or not, he has achieved widespread Internet notoriety and his name is known by hundreds of thousands of people the world over.
Dude, I'm sorry, but if Slashdotters are asking about the identity of a so-called "Internet celebrity", this claim is extremely dubious. If there's anything Slashdotters are known for, it's being total Internet geeks, but if more than one has to ask this question -- and if the OP hadn't posted it, I was going to -- the guy clearly isn't THAT famous. "Thousands" of people the world over might be accurate; "hundreds of thousands" is almost certainly not.
It's extremely unlikely that any of these individuals meets Wikipedia standards for notability.
Maybe TMO could start an "iPod Death Watch" to go along with their "Apple Death Watch", which, IIRC, is up to something like 60 now.
No, I didn't dignify the glaring fearmongering of The Age by reading TFA. That was exactly what they wanted you to do, and Slashdot fell for it, hook, line, and sinker.
Of course -- and I haven't read the WP entry -- if such a phrase had been inserted into the article without citing proper and reliable sources, it should never have been allowed to stand. Wikipedia calls the sort of language used above "weasel terms", since it doesn't say who's doing the accusing or on what grounds, and says such phrasing should be avoided.
But it's awfully difficult to prove that the people who may or may not have John's article on their watchlists have a responsibility to uphold the above policies, much less prove that Wikipedia as a whole is responsible. A lawsuit probably isn't the best idea here, since it's going to draw the conspiracy theorists out of the woodwork and quite possibly make the problem worse.
Ironically, in Firefox, that same color indicates a secured site.
More importantly, it has for something like a year and a half; same with Camino (uses different code to do it, didn't get it automatically from the Fx update that introduced it).
Memo to submitter: when "one of the first" means "fourth or fifth in a field of about six", you need to find a different phrase, or stop accepting paychecks with Ballmer's signature on them.
As for a non-lifesupport example, I've notice that some EULAs mention that the software is not to be used in control systems within nuclear power plants.
Or air traffic control facilities. That's the other really common one.
Of course, why anyone in ATC has any business running AOL Instant Messenger on their radar screen is utterly beyond me.
Not to defend bestiality, but you can't honestly think it's rape every time a female dog gets mated, can you? Whether the animal doing the mating is another dog or a human isn't *entirely* relevant.
The sad part is that I actually had someone ask me if they couldn't do this to charge a battery via solar panels -- at night, the battery would power some LEDs that shone on the panel to recharge it at night...
You presume his life was necessary in the first place. I'm gonna go with no. The overwhelmingly vast majority of people are utterly, indescribably insignificant in the grand scheme of things.
This guy was no different.
As another poster so adroitly pointed out, there are something like a quarter of a million people who die every single day in this world. Put in a time-averaged perspective, that's about three people every single second of the day. In the time it takes me to compose a sentence in this post, 30 or 40 people have died.
And you're going to try to say you feel sadness for each and every one of these people?
Bullshit.
I feel sadness for innocent people who die in terrorist attacks. I feel sadness for people who die after long bouts with cancer whilst their loved ones watch them waste away. I feel sorry for people who are murdered because they wore the wrong colour shirt in the wrong part of town.
I sure as shit do not feel one whit of sympathy or sadness for some professional asshat whose goal in life was to annoy the holy hell out of everyone on the Internet. Do you know how much Russian-language spam I've gotten this year? I don't speak or read a word of Russian, but I have to deal with this guy's drivel every goddamn day, and you want me to feel fucking sad because someone beat his worthless ass to death in his apartment?
How about I start shitting on your porch -- and the porch of everyone in your neighbourhood, village, town, city, and state -- every day for the next 10 years? When you and your 10 million friends get done cleaning it off after the 3650th day, and someone fucking snaps and beats me to death, I utterly DEMAND you feel remorse for my unnecessary death.
Never mind that my sole purpose and goal in life at that point was to piss you off. You had goddamn better feel remorse that you're not going to get your porch shit on tomorrow.
People like you are the reason people like him are allowed to continue existing.
Evolutionary pressures have largely been removed from every population you mention, including humans. In the cases of our so-called "pets," selective breeding has been used to further enhance various traits.
With the enormous advances in veterinary and medical care in the last 200 years, genetic disorders that were formerly universally fatal can now often be treated in infancy. By treating them, allowing them to survive to reproductive age, and thus allowing the formerly deleterious mutation to be passed on through procreation, no pressure exists to remove such a mutation from the population.
Not sure what your point is. If you're saying that Slashdot was six days late to the party, well, yeah, surprise surprise. But if you're saying the guy just aped a Make hack and then got it posted on Slashdot, no. The guy who wrote the article Make blogged is the same guy who wrote the Slashdot story you're reading right now. Both link to
I mostly agree with you there. I wouldn't rule out the costs of manufacture, though; it appears chitosan is currently produced by de-acetylation of natural chitin, which can't be all that cheap if they're using crustaceans for their supply.
Slashdot Mirror
All you need to know about Maynor, from the level-headed and well-spoken John Gruber:
http://daringfireball.net/search?q=maynor
Gruber is probably somewhat biased in favour of the Mac as a platform but certainly has no compunctions about taking Apple to task for their flaws either.
p
"if these guys can find holes in a few hours, why can't Apple?"
David Maynor has a track record as a publicity whore first and legitimate security researcher second, so whether Maynor has actually found as many bugs as he claims to have found here is up for debate until he provides some more substantial proof. He also has a giant ax to grind after Apple embarrassed him in the AirPort bug fiasco. I'd take anything he says with a grain of salt until he gives me ample reason to trust him again.
Nice policy, by the way: find bugs and don't ever report them to Apple. Because last time you claimed to have reported a bug, Apple exposed you as a liar, so now you just don't bother. That's brilliant. We need more people in the world with that kind of attitude. And Maynor wonders why people don't take him seriously as a "security researcher". The Blogspot-based announcement doesn't help either. That's like your company e-mail address being @hotmail.com.
Thor Larholm, on the other hand, may well have found a legitimate bug. What with this being beta software and all, that's not too incredibly surprising. Equally serious bugs have been found in release versions of Firefox and IE, so I'm not sure what the big deal is here. If Safari 3 ships with these vulnerabilities still unfixed, then people should worry.
p
You're telling me that some Christians believe in evolution? Hmm, so if you're willing to compromise on evolution, why not gay marriage?
Some Christians -- in my experience, those who believe that evolution is a perfectly valid explanation for how we got here -- are also willing to compromise on gay marriage. Those who are unwilling to compromise on evolution are also generally those unwilling to tolerate the concept of "marriage" involving two *people* who agree to love each other unconditionally and without end, without specifying the genders of the people involved.
This seems like a very bad strawman argument thrown out for marginal comedic effect, which is fine if that's all it is, but if you're serious, you didn't think it through very well. I hate to ruin the joke, but I had to say something.
p
The end result is that people will still be spending more time in airliners.
You make it sound like routing around a thunderstorm actually adds a significant amount of time to the flight, as compared to spending several hours on the ground waiting for the weather at a destination to clear up.
For en-route weather, the additional time spent in flight is minimal (on the order of seconds to a few minutes, occasionally as much as 10-15 minutes). For weather at the destination airport, there isn't anything that can be done once the holding fuel is burned anyway -- the flight has to divert to its alternate unless the destination airport has become an option (not the case most of the time).
This software will not affect the amount of time people spend in the airplane at the alternate one bit. Yes, it may increase the time they spend *airborne* by some immeasurably small percentage, but it's more likely to *decrease* the overall time spent in the aircraft, since its whole purpose is to reduce ground delays at the departure airport.
Disclaimer: I work in the industry, so I might possibly have a clue what I'm talking about.
The parent makes a very good point.
Call me ignorant, but I thought laws were intended to protect somebody/something. Specifically, in this case, the law clearly seems to be intended to protect the owner of the wireless network from malicious activity. If the owner of the coffee shop didn't feel wronged, why is the prosecutor still pressing charges? This law isn't protecting anyone from anything in this case, especially since neither the cop nor the store owner had any idea there was any law being broken.
It also bothers me tremendously that the police chief felt the need to find a law against this and charge the guy with *something*. I know the Sparta area, and I'm pretty sure the chief of police has better things to do with his time, like, say, investigate local citizens who murder their friends with an ax and videotape the whole thing, and then show the videotape to another friend six months later. (I shit you not, this actually happened there about eight years ago or so.) Western Michigan in general also has a huge meth problem. I'm sure there are some local meth cooks who need a shakedown. Go after them.
Essjay brags about how he fooled The New Yorker:
;)
http://www.wikipedia-watch.org/essjay.html
I wouldn't exactly call it "bragging", especially in light of the other sections on that page wherein he explains quite thoroughly the wikistalker element that no one has yet mentioned. I've been active on WP for 2.5 years now, and I remember Essjay from way back. I wouldn't say we've ever had much interaction, but I remember the username, and while I'm nowhere near as active as he is, I don't recall him ever using his fake credentials as an argument in support of a decision of any kind. The credentials appear to have been used entirely as a cover for real life so that the crazy stalker portion of society (which seems to be more prominent online; go figure!) wouldn't be able to track him down.
Do I agree with hiding your identity in the way that he did? Not really -- why not just claim you're a 24-year-old living in your parents' basement in Nevada? It's no less believable than saying the same about Kentucky.
Do I have a problem with what he did? Not really.
Slashdot is, as usual, blowing this WAY out of proportion. The only thing that's even remotely "wrong" about this is that he claimed academic credentials he didn't have. If nothing else, it shows a lack of respect for the effort required to gain a PhD, but that's hardly worthy of a story on Slashdot (or any other news site).
p
Lemme get this straight.
According to Johnny's own post, this bug a) requires a netcat UDP listener on the victim box; and b) requires TWO Wi-Fi cards to be installed on the victim box.
Oh, and c) can only be used (so far as we know right now) to trigger a crash, nothing more.
So how is this news again? Honestly, what are the odds the above configuration can be achieved, either by malicious attack or by social engineering? I'll be the first to admit I'm no security expert, but from what he's just described, the absolute worst-case we're looking at here is a crash, and even triggering that requires me to run untrusted software AND hardware on my machine!
This is a complete crock. There's no news story here. Hell, the uproar that drunkenbatman caused a while back with his Safari Image of Doom was more warranted.
p
The best part about those complainants on OS X is that IE 4 doesn't even *run* on OS X, and never has (unless that guy is trying to run IE 4 in Classic, which must be unbelievably painful to watch).
I'd say you can safely ignore anyone running IE on a Mac. Seriously, the last major update for IE on the Mac was in 2002. If you can't be arsed to update even once in four years (to a FREE piece of software, no less!), then you probably can't be arsed to buy my product/service that I'm advertising on my site, so I don't want you for a customer anyway.
Then again, I'm a crusty developer type with the luxury of not giving half a crap about whether I'm breaking a site for IE users. I've been known to break sites for IE users intentionally, in fact, which is something the Web could really use a lot more of.
p
http://kb.mozillazine.org/Hostperm.1
Have a gander at that.
p
Whether he wanted it or not, he has achieved widespread Internet notoriety and his name is known by hundreds of thousands of people the world over.
Dude, I'm sorry, but if Slashdotters are asking about the identity of a so-called "Internet celebrity", this claim is extremely dubious. If there's anything Slashdotters are known for, it's being total Internet geeks, but if more than one has to ask this question -- and if the OP hadn't posted it, I was going to -- the guy clearly isn't THAT famous. "Thousands" of people the world over might be accurate; "hundreds of thousands" is almost certainly not.
It's extremely unlikely that any of these individuals meets Wikipedia standards for notability.
Someone obviously hasn't been reading John Gruber's latest pieces. Idiots.
Maybe TMO could start an "iPod Death Watch" to go along with their "Apple Death Watch", which, IIRC, is up to something like 60 now.
No, I didn't dignify the glaring fearmongering of The Age by reading TFA. That was exactly what they wanted you to do, and Slashdot fell for it, hook, line, and sinker.
Of course -- and I haven't read the WP entry -- if such a phrase had been inserted into the article without citing proper and reliable sources, it should never have been allowed to stand. Wikipedia calls the sort of language used above "weasel terms", since it doesn't say who's doing the accusing or on what grounds, and says such phrasing should be avoided.
But it's awfully difficult to prove that the people who may or may not have John's article on their watchlists have a responsibility to uphold the above policies, much less prove that Wikipedia as a whole is responsible. A lawsuit probably isn't the best idea here, since it's going to draw the conspiracy theorists out of the woodwork and quite possibly make the problem worse.
p
Ironically, in Firefox, that same color indicates a secured site.
More importantly, it has for something like a year and a half; same with Camino (uses different code to do it, didn't get it automatically from the Fx update that introduced it).
Memo to submitter: when "one of the first" means "fourth or fifth in a field of about six", you need to find a different phrase, or stop accepting paychecks with Ballmer's signature on them.
p
As for a non-lifesupport example, I've notice that some EULAs mention that the software is not to be used in control systems within nuclear power plants.
Or air traffic control facilities. That's the other really common one.
Of course, why anyone in ATC has any business running AOL Instant Messenger on their radar screen is utterly beyond me.
p
Not to defend bestiality, but you can't honestly think it's rape every time a female dog gets mated, can you? Whether the animal doing the mating is another dog or a human isn't *entirely* relevant.
p
He won't have to see his mom in any more German scheiße videos...
p
Time to re-name the Dirty Sanchez, methinks. This idea is a real Cleveland steamer, if you ask me. Makes me want to donkey punch Mueller and Gonzalez.
Quick, someone let Mueller know his wife does a great Angry Pirate. (Darn, that one's even beneath Wikipedia...)
p
About time that technology caught up with the Janus Syndicate. *turns around and hits the power button on the N64*...
p
What you just described there is more properly known as a "displaced-emissions vehicle."
p
Laugh it up.
The sad part is that I actually had someone ask me if they couldn't do this to charge a battery via solar panels -- at night, the battery would power some LEDs that shone on the panel to recharge it at night...
p
Unnecessary?
You presume his life was necessary in the first place. I'm gonna go with no. The overwhelmingly vast majority of people are utterly, indescribably insignificant in the grand scheme of things.
This guy was no different.
As another poster so adroitly pointed out, there are something like a quarter of a million people who die every single day in this world. Put in a time-averaged perspective, that's about three people every single second of the day. In the time it takes me to compose a sentence in this post, 30 or 40 people have died.
And you're going to try to say you feel sadness for each and every one of these people?
Bullshit.
I feel sadness for innocent people who die in terrorist attacks. I feel sadness for people who die after long bouts with cancer whilst their loved ones watch them waste away. I feel sorry for people who are murdered because they wore the wrong colour shirt in the wrong part of town.
I sure as shit do not feel one whit of sympathy or sadness for some professional asshat whose goal in life was to annoy the holy hell out of everyone on the Internet. Do you know how much Russian-language spam I've gotten this year? I don't speak or read a word of Russian, but I have to deal with this guy's drivel every goddamn day, and you want me to feel fucking sad because someone beat his worthless ass to death in his apartment?
How about I start shitting on your porch -- and the porch of everyone in your neighbourhood, village, town, city, and state -- every day for the next 10 years? When you and your 10 million friends get done cleaning it off after the 3650th day, and someone fucking snaps and beats me to death, I utterly DEMAND you feel remorse for my unnecessary death.
Never mind that my sole purpose and goal in life at that point was to piss you off. You had goddamn better feel remorse that you're not going to get your porch shit on tomorrow.
People like you are the reason people like him are allowed to continue existing.
And that, my friend, is truly sad.
p
Evolutionary pressures have largely been removed from every population you mention, including humans. In the cases of our so-called "pets," selective breeding has been used to further enhance various traits.
With the enormous advances in veterinary and medical care in the last 200 years, genetic disorders that were formerly universally fatal can now often be treated in infancy. By treating them, allowing them to survive to reproductive age, and thus allowing the formerly deleterious mutation to be passed on through procreation, no pressure exists to remove such a mutation from the population.
p
Not sure what your point is. If you're saying that Slashdot was six days late to the party, well, yeah, surprise surprise. But if you're saying the guy just aped a Make hack and then got it posted on Slashdot, no. The guy who wrote the article Make blogged is the same guy who wrote the Slashdot story you're reading right now. Both link to
http://www.kondra.com/circuit/circuit.html
p
I mostly agree with you there. I wouldn't rule out the costs of manufacture, though; it appears chitosan is currently produced by de-acetylation of natural chitin, which can't be all that cheap if they're using crustaceans for their supply.
p
For a guy who goes on for two paragraphs about the meaning of a word, you'd think you'd have a better grasp on the meaning of the word "brakes."
p