Dude! Stop with all the acronyms please! (I'm European)
Wow. I had no idea that Europeans couldn't Google acronyms. Did Google firewall your nation or something?
I tried:
Better, possession of un-taxed National Fostering Association items.
Especially if anything is select fire and made after '86 since the only non-mil and non-low earth orbit that can possess such are Friend for Life holders with the Society of Toxicologists to deal in National Flute Association stuff....
Nope - you didn't mention time horizon in your article. Top tip - describing finite things as infinite is bad style.
What seem to have wanted to say is
1) that the number of bugs in a non-trivial piece of software is sufficiently large that they will probably not all be found before the software is obsolete. Which is dull but probably mostly true (given the wriggle room in "non-trivial" and "probably")
2) that offering a bug bounty because of this large latent pool of bugs is pointless.
This second one is just not valid because
1) bug bounties encourage reporting of bugs 2) not all bugs are equal - there are different costs for finding them in a particular product and a bug bounty will encourage people to find and report the easier ones. 3) There are finitely many black-hats. As the easy-to-find bugs in the pool are exhausted then the cost per bug to the black-hat increases in this product.
At this point the black hat has a choice - pursue finding harder bugs in product A (which has a bounty) or go for the easy to find bugs in product B (which doesn't). Blackhats are running a business - they will go for the return on investment in product B.
This neglects the very large positive advantages of reporting which others have covered earlier (discovery of systematic issues, healthy ecosystem of investigators, disincentive to black-hats).
At this point your "bug bounties are useless" falls apart because it neglects the fact that black-hats are running a business - spending $10million to find a bug in Apache will not happen because the blackhats cannot get a return on their investment. They will spend $10k looking for exploits in Flash, or PDF, or other low hanging fruit.
1 either continent (North America or S. America) of the western hemisphere 2 or the Americas the lands of the western hemisphere including North, Central, & S. America & the W. Indies 3 United States of America
Some commentators are OK, some are dire for the sports. The nadir, the very worst, is Mark Lawrenson (football, or soccer for the former colonists) - just unspeakably bad and has never said anything of note or interest during any football game (he does more than the Olympics, so his uselessness is of vast scope).
The one I really don't get is the commentary opening and closing ceremonies. Why on earth do they think the artistic part of the ceremony needs commentary at all? Some idiot warbling "Here's Kenneth Branaugh giving Caliban's speech from the tempest" over Caliban's speech from The Tempest. Why? Do they feel the need to interject things like "Oh course, Jason Bourne is played by Matt Damon, whose first film role was in Mystic Pizza" during a tense chase sequence in the film?
I can just about (if I were being charitable) see the point of a bit of background for the more ceremonial parts of the event - flag carriers and that sort of thing. But even there - the crowd in the stadium get by perfectly well on the stadium announcers, so just be quiet.
In the UK there are a few ways of getting the broadcasts: OTA (aka Freeview), Sky (commercial Sat), FreeSat, Cable, and internet streaming. We've got Freesat, and there were 25 additional HD channels (taking the number of Olympic HD channels up to about 27). All free. It was an embarrassment of riches. Bit of a gap in the fencing - lets to to live weightlifting, via the beach volleyball.
For example the opening ceremony you could have 1) Normal with commentary 2) Without commentary 3) Captioned commentary for the deaf
You simply could not pay for this anywhere else in the world.
Tell me - would you turn in a fellow programmer for, to pick an example at random, making unapproved changes to a production network, such as adding an old hub to a network?
"Mr Einstein's assertion that the photoelectric effect is due to "quanta" of light strains belief. Maxwell's theory already describes light."
-- Someone on Slashdot in 1905
The equivalence principle - the equality of inertial and gravitational masses - is one of the mysteries of physics: no really compelling explanation with why it is the case is generally agreed, just that it is true to a very impressive number of decimal places.
But look through the list of tests and spot the one thing they have in common: they all test matter.
So Hajdukovic's assertion here is, I think, really elegant: take something that everyone supposes is true in areas it hasn't been tested, and assume it is false in those areas. In this case antimatter has the same inertial mass but different gravitational mass from matter. How would the universe be different if this was the case? And, so far as had been modelled, it is almost identical, except that (using a simple model) this allows you to derive the Tully-Fisher relation for the rotation of galaxies.
This is good science - clever thinking, clear assumption, simple test (well, conceptually simple), and a useful light played upon some of the roots of physics. In this case we've extended the equivalence principle way beyond the areas where there is experimental support for it.
One reporter and the private investigator have already gone to prison for this: I think wrong-doing has been proved beyond a reasonable doubt by convictions in a criminal court.
In addition News International have setup up a ~£20million fund to pay compensation to those who they have admitted they hacked. I think wrong-doing have been proved beyond a reasonable doubt by a confession and an apology.
What is up for debate here is exactly how evil and corrupt they are - it has been proved that they are evil and corrupt already.
OK - we have a keylogger that is plainly visible in the windows directory on his machine and.... that's it. Where is the rest of the evidence? It phones home - I presume he has wireshark traces in the acticle with IP addresses that are owned by Samsung.... Nope. Any network traces showing the activity?.... Nope. Naturally he bought another laptop and, without attaching it to any network, discovered the same keylogger.... Nope. Now he has announced this lots of people have looked at their Samsung laptops and found the keylogger... Nope.
But wait - he has the admission of the company itself! Well, actually, a junior helpdesk driod who probably had no idea what he was actually talking about and was just agreeing with him to get him off the phone. Because the alternative is that every junior helpdesk droid in Samsung knows about the highly illegal secret keylogger that is install on every laptop, but none of them thought "I'm tired of being a helpdesk droid, I think a class action suit is a better way of making a living".
There is also nonsense statements - "the keylogger is completely undetectable": Really? Apart from the c:/windows/SL directory, the entries in the registry and everything else that will make any sensible AV product go beserk that is.
No they didn't - they started off with the four elements of air, earth, fire and water. Then they realised that there were maybe a score of "elements" (even the concept was vague), and there was no systematic organisation or predictive value from it. This took a few hundred years. Most importantly they did not realise the that properties of the elements repeat themselves (which is where the concept of the periodic part of the name comes from).
The comment that they created a "fairly accurate periodic chart" is risible.
This for some reason is at 5 interesting despite being completely wrong.
What happened was that at the original pretrial hearings the Judge struck out the defence of honest opinion, which would have been a defence against the BCA's claim of libel (not an absolute defence - if the BCA could establish that the opinion was based on malice then it could prevail).
What Simon Singh did win was the appeal against this judgement. Faced with the extemely strong likelyhood that Singh had a suitable defence the BCA withdrew.
He had an earlier win as well by winning the rigth to appeal after having it rejected twice.
Apart from it being unethical, suddenly you have a criminal conspiracy where a lot of people know the truth you are trying to hide. Not wise, and they'll be screwed because not many people would want to be involved in a criminal conspiracy to help their employer.
There is also the question in their minds about what the German government knew already. If they don't give back any data or give back fake data that is not consistent with what the government already know - they are screwed.
Finally, even if the government does not know anything apart from what is in the public domain, the challenges of trying to fake enough data to be convincing would be immense, and it would be fairly straightforward for the Government to spot the fraud if there was anything less than a stellar job done. And, once more, they're screwed. And faking the data is another conspiracy - see point one.
So it would be extremely difficult and risky to try and cover it up. And they would have no real benefit - people (like me) who think they are unethical already won't change our opinion, and others, who have a more positive view, will not particularly change theirs. So the downsides of their limited confession are small.
They may or may not be evil, but they ain't stupid.
Although some of your points are valid, I think you missed one of the most important issues regarding the entire story: Google were frank about their mess-up.
Not initially - they originally said:
"Networks also send information to other computers that are using the network, called payload data, but Google does not collect or store payload data."
This was wrong and was in response to claims that Google was collecting payload data. The thought this could be in error is ridiculous. First they'd have to accidently collect the data, and then they'd have to accidently not notice even when they went to look for it.
They only (finally) admitted they were collecting payload data when the German government asked for the collected data to audit exactly what was being collected.
Here Google had many options:
1) They could have found about the error and deleted all information the moment the Germans started inquiring - nobody would have known anything. If asked - do like the politician, deny
That would have been fatal - the German government was either on a fishing expedition or already knew what was being collected. For Google to have deliberately deleted data in response to a Government request would have been insane - going to prison, massive fines and "they're evil" type of insanity.
2) They could have issued a short statement claiming that they independently found an error and fixed it, without disclosing too much details.
That would have been untenable - they just happen to find out after they had threatened with an audit.
3) They could have issued a long statement admitting that they started the investigation after the German inquiry, etc
So they did the only vague credible course of action left open to them
We keep asking companies to be honest about their practices and mistakes, but when they do admit wrongdoing, we bash them on/. and then promise not to use their services.
The problem is that few believe they are being honest - acccidently collecting hundreds of gigs of data and not noticing either after you've processed your (our) data or after you've said you've checked and there is defintely no data there.
I'll leave with a final thought - Google claimed that they have never used the data in any product. Given that they claim they didn't even know they had the data until recently how can they possibly make the categorical and emphatic claim that they had never used it in any product. I'd have believed a statement that they didn't believed they had used the data, but were currently auditing to make sure or something. But another straight denial? It makes them look like a six year old caught with their hand in the cookie jar - every answer given to cast themselves in the best possible light with only a vague connection with the truth.
My favourite Greenpeace press release contained the following sentence:
"In the twenty years since the Chernobyl tragedy, the world's worst nuclear accident, there have been nearly [FILL IN ALARMIST AND ARMAGEDDONIST FACTOID HERE]"
If you read the bottom of page two/top of page three you'll see that Childs actually sent an email saying "I know you all are trying to figure out how I can get into this network." which demonstrates that he knowing caused a denial of service (the service being the ability to administrate the network).
This keep cropping up in this thread, and I don't know why. The policy is online, and does not contain the word "Mayor", or the phrase "designated agent", or any of the many other things that are supposedly in it. So he did not follow policy in this respect.
What is in the policy is the actual policy for system level passwords, and the enable password for network kit is definitely a system level password. It states:
"All production system-level passwords must be part of the security administered global password management database."
Simple, clear, and Childs was definitely in breach of it: only he has these enable passwords, and did not put them in the database.
For him to argue that the rules for personal passwords applied to system-level passwords and take it to ridiculous extremes - well, this was always bound to end in tears.
This is straight up bullshit, I don't know if you live in Klan Country but I have lived within the US in California and Arizona and I'm not sure if a more diverse set of people live anywhere else in the world.
I would say England is more diverse - in London there are more than 300 different languages spoken in schools (and an estimated 700 spoken in all). For comparison in Los Angeles there are 92 spoken in schools (and 224 in all).
I agree though - anyone who thinks the US is not open to other cultures has strange opinions.
I love it. Gullibility by design (TM), the new prescription. The disturbing part of the equation is that price is part of the effect, so I'd expect that a 50$ pill could have a bigger placebo effect than a 5$ pill of identical composition, provided that the patients know it.
This is in fact true - more expensive placebos are more effective than cheaper ones (well, ones that the patient believe are more expensive).
Because it was named after the company that sponsored it.. The "World" newspaper, as far as I remember. It could just as easily have been the times series or the enquirer series or any other paper you care to mention.
If you find our tactics heavy handed or obtrusive then I think you might have a skewed and excessively open expectation of what should be allowed on a network.
Not really - I just think you have a unwarranted faith in the effectiveness of antivirus products to prevent abberent behaviour. The best AV does not detect all malware, and no AV will do well against zeroday attacks. A better policy (for the clueless user who got themselves into the situation in the first place) would be to ensure that the machine is patched automatically, it has automatically updating antivirus software, and probably something against spyware installed too. Basically if you are going to take it upon youself to insist that the user installs security software (to the point of bringing in a receipt from a "professional") do it properly.
Slashdot Mirror
Dude! Stop with all the acronyms please! (I'm European)
Wow. I had no idea that Europeans couldn't Google acronyms. Did Google firewall your nation or something?
I tried:
Better, possession of un-taxed National Fostering Association items.
Especially if anything is select fire and made after '86 since the only non-mil and non-low earth orbit that can possess such are Friend for Life holders with the Society of Toxicologists to deal in National Flute Association stuff....
Nope - you didn't mention time horizon in your article. Top tip - describing finite things as infinite is bad style.
What seem to have wanted to say is
1) that the number of bugs in a non-trivial piece of software is sufficiently large that they will probably not all be found before the software is obsolete. Which is dull but probably mostly true (given the wriggle room in "non-trivial" and "probably")
2) that offering a bug bounty because of this large latent pool of bugs is pointless.
This second one is just not valid because
1) bug bounties encourage reporting of bugs
2) not all bugs are equal - there are different costs for finding them in a particular product and a bug bounty will encourage people to find and report the easier ones.
3) There are finitely many black-hats. As the easy-to-find bugs in the pool are exhausted then the cost per bug to the black-hat increases in this product.
At this point the black hat has a choice - pursue finding harder bugs in product A (which has a bounty) or go for the easy to find bugs in product B (which doesn't). Blackhats are running a business - they will go for the return on investment in product B.
This neglects the very large positive advantages of reporting which others have covered earlier (discovery of systematic issues, healthy ecosystem of investigators, disincentive to black-hats).
At this point your "bug bounties are useless" falls apart because it neglects the fact that black-hats are running a business - spending $10million to find a bug in Apache will not happen because the blackhats cannot get a return on their investment. They will spend $10k looking for exploits in Flash, or PDF, or other low hanging fruit.
You're right - I can only offer my unreserved apologies to the cockroaches.
If only you'd used there again, then you would have had two theres in your post.
That's true - the Spanish speakers.
And your dictionary compilers:
America
1 either continent (North America or S. America) of the western hemisphere
2 or the Americas the lands of the western hemisphere including North, Central, & S. America & the W. Indies
3 United States of America
from http://www.merriam-webster.com/dictionary/america
Why would you need vacuum tubes? You're in deep space surrounded by it - no need to keep it in tubes any more.
Some commentators are OK, some are dire for the sports. The nadir, the very worst, is Mark Lawrenson (football, or soccer for the former colonists) - just unspeakably bad and has never said anything of note or interest during any football game (he does more than the Olympics, so his uselessness is of vast scope).
The one I really don't get is the commentary opening and closing ceremonies. Why on earth do they think the artistic part of the ceremony needs commentary at all? Some idiot warbling "Here's Kenneth Branaugh giving Caliban's speech from the tempest" over Caliban's speech from The Tempest. Why? Do they feel the need to interject things like "Oh course, Jason Bourne is played by Matt Damon, whose first film role was in Mystic Pizza" during a tense chase sequence in the film?
I can just about (if I were being charitable) see the point of a bit of background for the more ceremonial parts of the event - flag carriers and that sort of thing. But even there - the crowd in the stadium get by perfectly well on the stadium announcers, so just be quiet.
And breathe
In the UK there are a few ways of getting the broadcasts: OTA (aka Freeview), Sky (commercial Sat), FreeSat, Cable, and internet streaming. We've got Freesat, and there were 25 additional HD channels (taking the number of Olympic HD channels up to about 27). All free. It was an embarrassment of riches. Bit of a gap in the fencing - lets to to live weightlifting, via the beach volleyball.
For example the opening ceremony you could have
1) Normal with commentary
2) Without commentary
3) Captioned commentary for the deaf
You simply could not pay for this anywhere else in the world.
Tell me - would you turn in a fellow programmer for, to pick an example at random, making unapproved changes to a production network, such as adding an old hub to a network?
"Mr Einstein's assertion that the photoelectric effect is due to "quanta" of light strains belief. Maxwell's theory already describes light."
-- Someone on Slashdot in 1905
The equivalence principle - the equality of inertial and gravitational masses - is one of the mysteries of physics: no really compelling explanation with why it is the case is generally agreed, just that it is true to a very impressive number of decimal places.
But look through the list of tests and spot the one thing they have in common: they all test matter.
So Hajdukovic's assertion here is, I think, really elegant: take something that everyone supposes is true in areas it hasn't been tested, and assume it is false in those areas. In this case antimatter has the same inertial mass but different gravitational mass from matter. How would the universe be different if this was the case? And, so far as had been modelled, it is almost identical, except that (using a simple model) this allows you to derive the Tully-Fisher relation for the rotation of galaxies.
This is good science - clever thinking, clear assumption, simple test (well, conceptually simple), and a useful light played upon some of the roots of physics. In this case we've extended the equivalence principle way beyond the areas where there is experimental support for it.
One reporter and the private investigator have already gone to prison for this: I think wrong-doing has been proved beyond a reasonable doubt by convictions in a criminal court.
In addition News International have setup up a ~£20million fund to pay compensation to those who they have admitted they hacked. I think wrong-doing have been proved beyond a reasonable doubt by a confession and an apology.
What is up for debate here is exactly how evil and corrupt they are - it has been proved that they are evil and corrupt already.
OK - we have a keylogger that is plainly visible in the windows directory on his machine and.... that's it. Where is the rest of the evidence? It phones home - I presume he has wireshark traces in the acticle with IP addresses that are owned by Samsung.... Nope. Any network traces showing the activity? .... Nope. Naturally he bought another laptop and, without attaching it to any network, discovered the same keylogger.... Nope. Now he has announced this lots of people have looked at their Samsung laptops and found the keylogger... Nope.
But wait - he has the admission of the company itself! Well, actually, a junior helpdesk driod who probably had no idea what he was actually talking about and was just agreeing with him to get him off the phone. Because the alternative is that every junior helpdesk droid in Samsung knows about the highly illegal secret keylogger that is install on every laptop, but none of them thought "I'm tired of being a helpdesk droid, I think a class action suit is a better way of making a living".
There is also nonsense statements - "the keylogger is completely undetectable": Really? Apart from the c:/windows/SL directory, the entries in the registry and everything else that will make any sensible AV product go beserk that is.
No they didn't - they started off with the four elements of air, earth, fire and water. Then they realised that there were maybe a score of "elements" (even the concept was vague), and there was no systematic organisation or predictive value from it. This took a few hundred years. Most importantly they did not realise the that properties of the elements repeat themselves (which is where the concept of the periodic part of the name comes from).
The comment that they created a "fairly accurate periodic chart" is risible.
This for some reason is at 5 interesting despite being completely wrong.
What happened was that at the original pretrial hearings the Judge struck out the defence of honest opinion, which would have been a defence against the BCA's claim of libel (not an absolute defence - if the BCA could establish that the opinion was based on malice then it could prevail).
What Simon Singh did win was the appeal against this judgement. Faced with the extemely strong likelyhood that Singh had a suitable defence the BCA withdrew.
He had an earlier win as well by winning the rigth to appeal after having it rejected twice.
(With apologies to Monty Python's Four Yorkshiremen sketch)
When I were a lad it were the Three Yorkshiremen sketch.
On't radio.
Apart from it being unethical, suddenly you have a criminal conspiracy where a lot of people know the truth you are trying to hide. Not wise, and they'll be screwed because not many people would want to be involved in a criminal conspiracy to help their employer.
There is also the question in their minds about what the German government knew already. If they don't give back any data or give back fake data that is not consistent with what the government already know - they are screwed.
Finally, even if the government does not know anything apart from what is in the public domain, the challenges of trying to fake enough data to be convincing would be immense, and it would be fairly straightforward for the Government to spot the fraud if there was anything less than a stellar job done. And, once more, they're screwed. And faking the data is another conspiracy - see point one.
So it would be extremely difficult and risky to try and cover it up. And they would have no real benefit - people (like me) who think they are unethical already won't change our opinion, and others, who have a more positive view, will not particularly change theirs. So the downsides of their limited confession are small.
They may or may not be evil, but they ain't stupid.
Although some of your points are valid, I think you missed one of the most important issues regarding the entire story: Google were frank about their mess-up.
Not initially - they originally said:
"Networks also send information to other computers that are using the network, called payload data, but Google does not collect or store payload data."
This was wrong and was in response to claims that Google was collecting payload data. The thought this could be in error is ridiculous. First they'd have to accidently collect the data, and then they'd have to accidently not notice even when they went to look for it.
They only (finally) admitted they were collecting payload data when the German government asked for the collected data to audit exactly what was being collected.
Here Google had many options:
1) They could have found about the error and deleted all information the moment the Germans started inquiring - nobody would have known anything. If asked - do like the politician, deny
That would have been fatal - the German government was either on a fishing expedition or already knew what was being collected. For Google to have deliberately deleted data in response to a Government request would have been insane - going to prison, massive fines and "they're evil" type of insanity.
2) They could have issued a short statement claiming that they independently found an error and fixed it, without disclosing too much details.
That would have been untenable - they just happen to find out after they had threatened with an audit.
3) They could have issued a long statement admitting that they started the investigation after the German inquiry, etc
So they did the only vague credible course of action left open to them
We keep asking companies to be honest about their practices and mistakes, but when they do admit wrongdoing, we bash them on /. and then promise not to use their services.
The problem is that few believe they are being honest - acccidently collecting hundreds of gigs of data and not noticing either after you've processed your (our) data or after you've said you've checked and there is defintely no data there.
I'll leave with a final thought - Google claimed that they have never used the data in any product. Given that they claim they didn't even know they had the data until recently how can they possibly make the categorical and emphatic claim that they had never used it in any product. I'd have believed a statement that they didn't believed they had used the data, but were currently auditing to make sure or something. But another straight denial? It makes them look like a six year old caught with their hand in the cookie jar - every answer given to cast themselves in the best possible light with only a vague connection with the truth.
TFA is wrong - the most recent hung parliament was 1997 (before the election that year). Second most recent was 1977.
Full details in http://www.parliament.uk/documents/commons/lib/research/briefings/snpc-04951.pdf
My favourite Greenpeace press release contained the following sentence:
"In the twenty years since the Chernobyl tragedy, the world's worst nuclear accident, there have been nearly [FILL IN ALARMIST AND ARMAGEDDONIST FACTOID HERE]"
Yes - the bit in caps is theirs.
If you read the bottom of page two/top of page three you'll see that Childs actually sent an email saying "I know you all are trying to figure out how I can get into this network." which demonstrates that he knowing caused a denial of service (the service being the ability to administrate the network).
This keep cropping up in this thread, and I don't know why. The policy is online, and does not contain the word "Mayor", or the phrase "designated agent", or any of the many other things that are supposedly in it. So he did not follow policy in this respect.
What is in the policy is the actual policy for system level passwords, and the enable password for network kit is definitely a system level password. It states:
"All production system-level passwords must be part of the security administered global password management database."
Simple, clear, and Childs was definitely in breach of it: only he has these enable passwords, and did not put them in the database.
For him to argue that the rules for personal passwords applied to system-level passwords and take it to ridiculous extremes - well, this was always bound to end in tears.
This is straight up bullshit, I don't know if you live in Klan Country but I have lived within the US in California and Arizona and I'm not sure if a more diverse set of people live anywhere else in the world.
I would say England is more diverse - in London there are more than 300 different languages spoken in schools (and an estimated 700 spoken in all). For comparison in Los Angeles there are 92 spoken in schools (and 224 in all).
I agree though - anyone who thinks the US is not open to other cultures has strange opinions.
I love it. Gullibility by design (TM), the new prescription. The disturbing part of the equation is that price is part of the effect, so I'd expect that a 50$ pill could have a bigger placebo effect than a 5$ pill of identical composition, provided that the patients know it.
This is in fact true - more expensive placebos are more effective than cheaper ones (well, ones that the patient believe are more expensive).
http://findarticles.com/p/articles/mi_qn4188/is_20080309/ai_n24918110/
Because it was named after the company that sponsored it.. The "World" newspaper, as far as I remember. It could just as easily have been the times series or the enquirer series or any other paper you care to mention.
Not so - see http://www.snopes.com/business/names/worldseries.asp
If you find our tactics heavy handed or obtrusive then I think you might have a skewed and excessively open expectation of what should be allowed on a network.
Not really - I just think you have a unwarranted faith in the effectiveness of antivirus products to prevent abberent behaviour. The best AV does not detect all malware, and no AV will do well against zeroday attacks. A better policy (for the clueless user who got themselves into the situation in the first place) would be to ensure that the machine is patched automatically, it has automatically updating antivirus software, and probably something against spyware installed too. Basically if you are going to take it upon youself to insist that the user installs security software (to the point of bringing in a receipt from a "professional") do it properly.