How do *you* know the contents of simoniker's rejected story submission?
I know the original contents because - if you look at the posted story - it was written by me. That's what's weird about it. It shows up as rejected when I log in. I'm just wondering if it's yet another symptom of the various 500 errors. Another gremlin: my previous comment was submitted even though I clicked the preview button to check for any errors. When I clicked the submit button after only one preview, the response from the server was that the form had already been used and submitted. It didn't include everything that I wrote, but I figured why bother with another comment hat was substantially the same.
Correction to post: the $12 billion is not new money, but will be diverted from other NASA programs to the manned Moon/Mars program.
I know this comment may be somewhat OT but I had to add a comment. Anyone know what's going on with this? Maybe related to the many 500-class errors I've been getting lately?
Well it's about time Microsoft got Internet users to do something active while sitting in front of our computers! So when does the MSN (r) Stationary Bike (tm) - complete with gel-filled Soft Pedals (tm) for barefoot Internet surfing - go on sale?:)
The word you are looking for is peddles as in "to sell." Soft-peddles = to soft-sell (no Tainted Love here):)
Every other trusted CA certificate, including Verisign's replacement, is going to expire at some point, potentially causing similar problems (most likely not on the same scale though, as Verisign has become the defacto standard root CA).
Certificate expiry is not the issue. As you have correctly stated, every certificate will expire. It's how the expiry is handled that is the issue. In this case it was handled poorly. The average end-user doesn't know anything about online security more than, "Is the lock on my browser open or closed?"
You've really hit on the core of my comment with the section I've bolded above. Verisign knows its status and the role it plays in Internet trust and secure transactions. Thousands of users were probably affected by this as some of the stories in this thread allude to. How much did that cost? I suppose that Verisign can be unrepentant when it has a de facto monopoly. It doesn't absolve the IT admins who should have done their jobs better, but Verisign is hardly blameless in this.
As mentioned above, the CRL issue is what keyed me (no pun intended) to the code-signing incident. That was in fact a failure of Verisign's operational policies, procedures, and practices. A single point of failure derailed Verisign's certificates. That's a design flaw. PKI has its fair share of issues, but you can't chalk that one up exclusively to PKI.
While not an identical problem, an essential element of why those certificates were potentially harmful was also because of a problem with the CRL checking. Verisign didn't support CRL distribution points in their certificates and you all remember the problems that ensued.
It's unbelievable that Verisign which claims to be in the business of Internet security and SSL/TLS digital certificates - the dominant company with 95%+ market share - could let their Root Certificate Authority expire, then force its users to effectively patch their systems by importing the new certificate for the root CA after the fact. That's just bad engineering.
You allowed someone to look at secure FILES on your system?
No. Kindly read more closely before leaping to the conclusion that I let anyone look at files, let alone highly sensitive ones that required serious encryption.
It might be helpful if Microsoft would... do some real risk analysis of the security risks associated with Windows.
How do you know that they haven't already done a thorough risk analysis?
Any business (not just Microsoft) tends to hold that type of information very closely. Beyond general, boilerplate statements about business risks that public companies must include in their regulatory filings, any business doesn't want to broadcast to the world what its main weakness is.
michael, not to nitpick on the slightly altered headline, but the "Beagle 2 Probe Lands" is little inaccurate. They just don't know if it landed - that's why they are hoping to receve the landing confirmation signal.
From the article:
The worst case scenario is that Beagle has crashed and is lying in fragments strewn across the Martian surface.
Well, I suppose that could be considered a landing of sorts.:)
what eating peas has to do with encyprtion? I'm totally lost.
Shirky means that using encryption is good for you and that's the approach that proponents (Cypherpunks) have used, even though using encryption has historically been difficult and an unpleasant experience for the average user. Hence the "eat your peas" reference, similar to parents who try to get children to eat vegetables which they find distasteful (an unpleasant dining experience).
This actually was reported yesterday in Japan (here), but I could not find any article in English until now.
Courtesy of the Rejected Post Machine:
NTT DoCoMo: Linux-based 3G Mobile Phones in 2004
* 2003-12-02 11:59:33 NTT DoCoMo: Linux-based 3G Mobile Phones in 2004 (articles,pilot)(rejected)
Reuters cites a confidential source as saying that NTT DoCoMo will offer its customers Linux-based 3G mobile phones in 2004. DoCoMo has apparently sent specifications to handset manufacturers and DoCoMo supplier NEC has said that it will offer Linux-based phones by 2004. If true, the report would indicate a shift from the dominant TRON and Symbian-based handsets.
This was also submitted yesterday morning, but I guess Reuters wasn't considered authoritative enough until the English version of the Japanese story. =)
I don't know anyone who works (or worked) in the North American technology industry that works a 40-hour week. Officially those may be the working hours stated in the job description but, in practice, 50-75 hours per week is the norm for anyone I ever met. That doesn't count travel time for those who travel as part of their jobs (sales engineers, etc).
Most salaried tech workers are implicitly (often explicitly) expected to work more hours than they are officially paid for.
It's part of the reason that technology salaries are/were so 'high' compared to other professions.
2003-11-17 08:56:08 Comdex 2003 Opens with Bill Gates Talking Security (articles,comdex) (rejected)
Bill Gates delivered a keynote speech on Sunday evening to open COMDEX, as he has done for the last 20 years. Interesting parts of his security-heavy speech include Microsoft's research budget, with Gates saying that this year Microsoft 'will spend $6.8 billion in R&D, that's double what we spent five years ago;' admitting that tools which scan for stack or buffer overruns and other security problems 'are tools that we're not applying in our development process;' that security is 'certainly the largest thing that we're doing;' but waffled on security/patch management with this statement: 'Now, to really provide security, the software has to be kept up to date and the software updates have to be clearly partitioned so that things that are just optional and new features are kept separate from the hopefully increasingly rare updates that relate to security issues that have really thoroughly been checked to make sure they won't cause any regression.' Gates continued on about Trustworthy Computing, security, spam, firewalls, policy controls, XML, 'Seamless Computing' and the long-delayed Longhorn. There was also a parody of the Matrix starring Bill Gates as Morpheus and Steve Ballmer as Neo, with the Matrix represented by Linux-selling IBM consultants and the Real World as Windows-based. You can read the full text of Bill Gates' speech from COMDEX (with demos from three other Microsofties) or view the entire presentation online (56kbps low | 100 kbps med | 300 kbps high) for the next week. A warning though: the speech is over an hour long.
rsidd wrote: Same NYT article, different spin this time. Perhaps it takes slashdotters that long to read the article. Or have the good folks at the SMH read it and interpret it for them.
Perhaps. By the same token, perhaps the moderators should bother reading the article before erroneously modding comments down as offtopic or instead of following the first mod like lemmings.
Then again, there was no Google link to the article referred in both today's and Friday's posts, so I suppose it's too much to ask for them to bother moderating knowledgeably. Even if you hover above the NYT link, you can plainly see that both are pointing to the same article.
No, this is not a troll. Just stating what should be obvious to all.
Yes, it is a duplicate. The links above refer to the same story. For details you can read my previous post about this, the relevant portion of which I have appended here for convenience.
Microsoft and Google: Partners or Rivals?
The New York Times Technology reports that Microsoft and Google were in partnership/takeover discussions during the last two months, in part due to the competitive threat that Google poses to Microsoft. 'Microsoft - desperate to capture a slice of the popular and ad-generating search business - approached Google.' Ultimately Google founders Sergey Brin and Larry Page decided to go the initial public offering (IPO) route. How different might things be if Google had agreed to be acquired by Microsoft? Looks like we'll never know. This also puts some of the search industry frenzy and acquisition activities into a differentcontext. Fittingly, here's a Google link to the article.
I shall quote from the original NYT article referred to in the post above (same as Friday's), emphasis added.
According to company executives and others briefed on the discussions, Microsoft - desperate to capture a slice of the popular and ad-generating search business - approached Google within the last two months to discuss options, including the possibility of a takeover.
While the overture appears to have gained little traction - Google indicated that it preferred the initial offering route, the executives said - it demonstrates the enormous importance that Google represents as both a competitive threat to Microsoft and as Silicon Valley's latest hope for a new financial boom....
Google recently started wheedling down a long list of investment banks it approached earlier this month about underwriting the offering, which could be worth from $15 billion to $25 billion, the executives said....
The company is considering selling about a 10 to 15 percent stake to the public, which is expected to raise more than $2 billion to be used to invest in the business and generate wealth for its employees, venture capitalists and early investors.
I think we should rename Sundays on Slashdot Duplication Day.
This is the same story that was posted on Friday.
I know that Sydney is on the other side of the International Date Line from New York, but this is a three-day old story!
Sorry, but the headline and description are totally misleading. I don't care which submission was posted on this story, but at least get it right. A merger would have meant that Microsoft effectively controlled the Internet, at least until someone came along with a better technology. Here's the post that I originally submitted:
Microsoft and Google: Partners or Rivals?
The New York Times Technology reports that Microsoft and Google were in partnership/takeover discussions during the last two months, in part due to the competitive threat that Google poses to Microsoft. 'Microsoft - desperate to capture a slice of the popular and ad-generating search business - approached Google.' Ultimately Google founders Sergey Brin and Larry Page decided to go the initial public offering (IPO) route. How different might things be if Google had agreed to be acquired by Microsoft? Looks like we'll never know. This also puts some of the search industry frenzy and acquisition activities into a differentcontext. Fittingly, here's a Google link to the article.
I think some of the confusion and errors may have been introduced in editing... but maybe not. Maybe the full original post will help clarify things for everyone who was confused.
Slashdot Mirror
How do *you* know the contents of simoniker's rejected story submission?
I know the original contents because - if you look at the posted story - it was written by me. That's what's weird about it. It shows up as rejected when I log in. I'm just wondering if it's yet another symptom of the various 500 errors. Another gremlin: my previous comment was submitted even though I clicked the preview button to check for any errors. When I clicked the submit button after only one preview, the response from the server was that the form had already been used and submitted. It didn't include everything that I wrote, but I figured why bother with another comment hat was substantially the same.
Correction to post: the $12 billion is not new money, but will be diverted from other NASA programs to the manned Moon/Mars program.
Also, the online chat transcript with NASA Chief Scientist/Astronaut Dr. John Grunsfeld discussing U.S. Space Policy is now online.
That's weird - simoniker slightly different headline but the rest of it is identical to the submitted post.
I know this comment may be somewhat OT but I had to add a comment. Anyone know what's going on with this? Maybe related to the many 500-class errors I've been getting lately?
Well it's about time Microsoft got Internet users to do something active while sitting in front of our computers! So when does the MSN (r) Stationary Bike (tm) - complete with gel-filled Soft Pedals (tm) for barefoot Internet surfing - go on sale? :)
The word you are looking for is peddles as in "to sell." Soft-peddles = to soft-sell (no Tainted Love here) :)
Every other trusted CA certificate, including Verisign's replacement, is going to expire at some point, potentially causing similar problems (most likely not on the same scale though, as Verisign has become the defacto standard root CA).
Certificate expiry is not the issue. As you have correctly stated, every certificate will expire. It's how the expiry is handled that is the issue. In this case it was handled poorly. The average end-user doesn't know anything about online security more than, "Is the lock on my browser open or closed?"
You've really hit on the core of my comment with the section I've bolded above. Verisign knows its status and the role it plays in Internet trust and secure transactions. Thousands of users were probably affected by this as some of the stories in this thread allude to. How much did that cost? I suppose that Verisign can be unrepentant when it has a de facto monopoly. It doesn't absolve the IT admins who should have done their jobs better, but Verisign is hardly blameless in this.
As mentioned above, the CRL issue is what keyed me (no pun intended) to the code-signing incident. That was in fact a failure of Verisign's operational policies, procedures, and practices. A single point of failure derailed Verisign's certificates. That's a design flaw. PKI has its fair share of issues, but you can't chalk that one up exclusively to PKI.
This vaguely reminds me of the fraudulent Verisign / Microsoft code-signing digital certificates that Verisign issued a few years back.
While not an identical problem, an essential element of why those certificates were potentially harmful was also because of a problem with the CRL checking. Verisign didn't support CRL distribution points in their certificates and you all remember the problems that ensued.
I found security researcher Gene Spafford's comments on the PKI / Verisign issue interesting, which were picked up in Bruce Schneier's Crypto-Gram. Schneier's comments on the incident as well as the Microsoft response are also worth reading.
It's unbelievable that Verisign which claims to be in the business of Internet security and SSL/TLS digital certificates - the dominant company with 95%+ market share - could let their Root Certificate Authority expire, then force its users to effectively patch their systems by importing the new certificate for the root CA after the fact. That's just bad engineering.
Yes, end-users need to take some responsibility for their systems, but PKI and related technologies are complex and not for novices. It's no better than the keep-your patches-updated-and-use-a-firewall comment that Bill Gates made a couple of months ago. That's a bandage, not a solution.
Looks like michael achieved the very difficult simultaneous posted/rejected duo.
Here's the rejected post which amounts to a mixed report on the success of the mission, courtesy of Reuters, Space.com and the BBC:
Reuters and the BBC report that the first U.S. Mars Rover - the Spirit - has landed and radioed a confirmation signal, but has since gone silent. NASA/JPL are waiting to learn if it survived. Space.com reports that the Spirit has indeed landed safely.
Oops. Typo.
That should be 10 cents for three minutes, not 1 cent.
My whole point is that the person who started this topic said he decrypted company confidential files.
Relax - you're less likely to blow a gasket. You're getting worked up over something you misread.
You allowed someone to look at secure FILES on your system?
No. Kindly read more closely before leaping to the conclusion that I let anyone look at files, let alone highly sensitive ones that required serious encryption.
LOL! :)
How do you know that they haven't already done a thorough risk analysis?
Any business (not just Microsoft) tends to hold that type of information very closely. Beyond general, boilerplate statements about business risks that public companies must include in their regulatory filings, any business doesn't want to broadcast to the world what its main weakness is.
michael, not to nitpick on the slightly altered headline, but the "Beagle 2 Probe Lands" is little inaccurate. They just don't know if it landed - that's why they are hoping to receve the landing confirmation signal.
From the article:
Well, I suppose that could be considered a landing of sorts. :)
what eating peas has to do with encyprtion? I'm totally lost.
Shirky means that using encryption is good for you and that's the approach that proponents (Cypherpunks) have used, even though using encryption has historically been difficult and an unpleasant experience for the average user. Hence the "eat your peas" reference, similar to parents who try to get children to eat vegetables which they find distasteful (an unpleasant dining experience).
Sorry to ruin your evening by submitting the post!
Seriously, have you spoken with the reporter about this? If it's any consolation I think I fairly summarized the article.
This actually was reported yesterday in Japan (here), but I could not find any article in English until now.
Courtesy of the Rejected Post Machine:
NTT DoCoMo: Linux-based 3G Mobile Phones in 2004
* 2003-12-02 11:59:33 NTT DoCoMo: Linux-based 3G Mobile Phones in 2004 (articles,pilot)(rejected)
Reuters cites a confidential source as saying that NTT DoCoMo will offer its customers Linux-based 3G mobile phones in 2004. DoCoMo has apparently sent specifications to handset manufacturers and DoCoMo supplier NEC has said that it will offer Linux-based phones by 2004. If true, the report would indicate a shift from the dominant TRON and Symbian-based handsets.
This was also submitted yesterday morning, but I guess Reuters wasn't considered authoritative enough until the English version of the Japanese story. =)
I don't know anyone who works (or worked) in the North American technology industry that works a 40-hour week. Officially those may be the working hours stated in the job description but, in practice, 50-75 hours per week is the norm for anyone I ever met. That doesn't count travel time for those who travel as part of their jobs (sales engineers, etc).
Most salaried tech workers are implicitly (often explicitly) expected to work more hours than they are officially paid for.
It's part of the reason that technology salaries are/were so 'high' compared to other professions.
Courtesy of the Rejected Post Machine
2003-11-17 08:56:08 Comdex 2003 Opens with Bill Gates Talking Security (articles,comdex) (rejected)
Bill Gates delivered a keynote speech on Sunday evening to open COMDEX, as he has done for the last 20 years. Interesting parts of his security-heavy speech include Microsoft's research budget, with Gates saying that this year Microsoft 'will spend $6.8 billion in R&D, that's double what we spent five years ago;' admitting that tools which scan for stack or buffer overruns and other security problems 'are tools that we're not applying in our development process;' that security is 'certainly the largest thing that we're doing;' but waffled on security/patch management with this statement: 'Now, to really provide security, the software has to be kept up to date and the software updates have to be clearly partitioned so that things that are just optional and new features are kept separate from the hopefully increasingly rare updates that relate to security issues that have really thoroughly been checked to make sure they won't cause any regression.' Gates continued on about Trustworthy Computing, security, spam, firewalls, policy controls, XML, 'Seamless Computing' and the long-delayed Longhorn. There was also a parody of the Matrix starring Bill Gates as Morpheus and Steve Ballmer as Neo, with the Matrix represented by Linux-selling IBM consultants and the Real World as Windows-based. You can read the full text of Bill Gates' speech from COMDEX (with demos from three other Microsofties) or view the entire presentation online (56kbps low | 100 kbps med | 300 kbps high) for the next week. A warning though: the speech is over an hour long.
Wal-Mart, Best Buy, Comcast to Offer Online Music
2003-11-11 13:10:14 Wal-Mart, Best Buy, Comcast to Offer Online Music (articles,music) (rejected)
Wal-Mart will launch its own digital music download service through its Web site later this month. Not to be outdone, Best Buy will also launch an iTunes-type online music store - with the ability to buy through in-store kiosks - based on the MusicNow service (formerly FullAudio). And today Comcast announced music downloads via Real Rhapsody for its 5 million broadband Internet subscribers. The Washington Post's Cynthia L. Webb writes about the online music frenzy and the resultant advertising onslaught due to the sheer number of entrants into the music download market, while Bloomberg's Holly M. Sanders offers an analysis of Walmart's imminent entry into online music, which is significant since Wal-Mart already controls 14 percent of global CD music sales. More at the New York Times (via SeattlePI).
* 2003-11-09 08:06:52 NYT Profiles Steve Linford & Spamhaus Project (articles,spam)
The New York Times Technology's Saul Hansell profiles Spamhaus Project founder Steve Linford, everyone's favorite houseboat-dwelling, anti-spam activist (Google). The longish article also neatly describes the history, issues and new directions spam is taking, and the tactics that spammers are using to limit Spamhaus's effectiveness. Linford is quoted as saying, 'E-mail is the most incredible communication vehicle invented, and it is on the verge of being made useless.' Let's hope he's wrong.
No complaints, just odd. Must be the X-Men bit.
rsidd wrote:
Same NYT article, different spin this time. Perhaps it takes slashdotters that long to read the article. Or have the good folks at the SMH read it and interpret it for them.
Perhaps. By the same token, perhaps the moderators should bother reading the article before erroneously modding comments down as offtopic or instead of following the first mod like lemmings.
Then again, there was no Google link to the article referred in both today's and Friday's posts, so I suppose it's too much to ask for them to bother moderating knowledgeably. Even if you hover above the NYT link, you can plainly see that both are pointing to the same article.
No, this is not a troll. Just stating what should be obvious to all.
Yes, it is a duplicate. The links above refer to the same story. For details you can read my previous post about this, the relevant portion of which I have appended here for convenience.
I shall quote from the original NYT article referred to in the post above (same as Friday's), emphasis added.
QEDI think we should rename Sundays on Slashdot Duplication Day.
This is the same story that was posted on Friday. I know that Sydney is on the other side of the International Date Line from New York, but this is a three-day old story!
Sorry, but the headline and description are totally misleading. I don't care which submission was posted on this story, but at least get it right. A merger would have meant that Microsoft effectively controlled the Internet, at least until someone came along with a better technology. Here's the post that I originally submitted:
Microsoft and Google: Partners or Rivals?
The New York Times Technology reports that Microsoft and Google were in partnership/takeover discussions during the last two months, in part due to the competitive threat that Google poses to Microsoft. 'Microsoft - desperate to capture a slice of the popular and ad-generating search business - approached Google.' Ultimately Google founders Sergey Brin and Larry Page decided to go the initial public offering (IPO) route. How different might things be if Google had agreed to be acquired by Microsoft? Looks like we'll never know. This also puts some of the search industry frenzy and acquisition activities into a different context. Fittingly, here's a Google link to the article.
In case anyone else wants to read some of the other coverage....