Full disclosure is important, "MS Product" or not. Obviously Bind is critical software, but what's next? A pay-only, gag-ordered Linux kernel security group? Apache issuing statments like "new security vulnerability discovered... information available in 2 weeks"?
A private, NDA'ed 'club' for TLD admins is not going to save Bind from security issues. It will do no good if Joe Haxor is 'auditing' code at 3am and finds a new bug. It will do no good when Bob Sysadmin finds a security hole, unless he decides to submit to this closed information flow and tell no one else.
Most of all, what if my cousin or your neighbor can write a patch in an hour, whereas the Bind Club sits on it, with its limited membership, until a week later when the exploit is already publicized and being used en masse by scriptkiddies? I'd choose any number of people in the Open Source community over Paul Vixie and company to entrust the security of my nameserver to. Harried sysadmins need to know where the security faults lie, if nothing else.
The answer, once again, is obviously not simply muting security warnings, particularly if the flaw is being exploited in the field.
The problem here is not the flow of security and bug information, but the existence of unaudited, unfixed security holes.
In the end, this is only going to exclude some incredibly valuable folks who could be doing a much better job at auditing and patching the code. Neither will it do anything to slow down bugtraq postings, which frequently originate from attacks or information coming from the cracker realm.
I hate to be picky, but seeing "stenography" (2 : shorthand especially written from dictation or oral discourse) posted repeatedly as the subject line is making me laugh.
It's a book about masked data, not how to dictate your boss' correspondence.;)
And yes, you're right, that evolution is a theory should be taught right alongside the concept that "god" is a theory too.
Okay back to some actual concepts behind science instead of this inane discussion that just rehashes years of net creation vs. evolution debate...
In the context of scientific vocabulary, the claims of your average human religion are not theories, but untestable conjectures, not even attaining the rank of hypothesis due to the fact that they are not capable of being disproved.
Neo-Darwinian evolution isn't called a "theory" because it is just another idea about how life developed. It is given the label precisely for the opposite reason. It is a hypothesis that is consistent with extensive empirical data, unlike a mere conjecture or hypothesis.
Science thrives because it uses what Sagan referred to as a "boloney detector", sieving out the far-fetched idle conjectures and starry-eyed tales, leaving behind demonstrable phenomena and ideas on how they work. It's a hierarchy:
Law (long-standing theory)
Theory (hypothesis 'proven' by empirical data)
Hypothesis (disprovable conjecture)
Conjecture (any old possibility you can dream up)
It's a shame when scientifically-educated people forget the fundamental paradigms, methods, and procedures that make science. If you forget what sets ideas apart from each other, then calculating the energy of a falling object by counting flying pink unicorns is as valid as using Newtonian calculations.
Slashdot Mirror
Full disclosure is important, "MS Product" or not. Obviously Bind is critical software, but what's next? A pay-only, gag-ordered Linux kernel security group? Apache issuing statments like "new security vulnerability discovered... information available in 2 weeks"?
A private, NDA'ed 'club' for TLD admins is not going to save Bind from security issues. It will do no good if Joe Haxor is 'auditing' code at 3am and finds a new bug. It will do no good when Bob Sysadmin finds a security hole, unless he decides to submit to this closed information flow and tell no one else.
Most of all, what if my cousin or your neighbor can write a patch in an hour, whereas the Bind Club sits on it, with its limited membership, until a week later when the exploit is already publicized and being used en masse by scriptkiddies? I'd choose any number of people in the Open Source community over Paul Vixie and company to entrust the security of my nameserver to. Harried sysadmins need to know where the security faults lie, if nothing else.
The answer, once again, is obviously not simply muting security warnings, particularly if the flaw is being exploited in the field.
The problem here is not the flow of security and bug information, but the existence of unaudited, unfixed security holes.
In the end, this is only going to exclude some incredibly valuable folks who could be doing a much better job at auditing and patching the code. Neither will it do anything to slow down bugtraq postings, which frequently originate from attacks or information coming from the cracker realm.
I hate to be picky, but seeing "stenography" (2 : shorthand especially written from dictation or oral discourse) posted repeatedly as the subject line is making me laugh.
;)
It's a book about masked data, not how to dictate your boss' correspondence.
Say it with me... Ste-gan-o-gra-phy
Okay back to some actual concepts behind science instead of this inane discussion that just rehashes years of net creation vs. evolution debate...
In the context of scientific vocabulary, the claims of your average human religion are not theories, but untestable conjectures, not even attaining the rank of hypothesis due to the fact that they are not capable of being disproved.
Neo-Darwinian evolution isn't called a "theory" because it is just another idea about how life developed. It is given the label precisely for the opposite reason. It is a hypothesis that is consistent with extensive empirical data, unlike a mere conjecture or hypothesis.
Science thrives because it uses what Sagan referred to as a "boloney detector", sieving out the far-fetched idle conjectures and starry-eyed tales, leaving behind demonstrable phenomena and ideas on how they work. It's a hierarchy:
Law
(long-standing theory)
Theory
(hypothesis 'proven' by empirical data)
Hypothesis
(disprovable conjecture)
Conjecture
(any old possibility you can dream up)
It's a shame when scientifically-educated people forget the fundamental paradigms, methods, and procedures that make science. If you forget what sets ideas apart from each other, then calculating the energy of a falling object by counting flying pink unicorns is as valid as using Newtonian calculations.