"Indivo is the original personally controlled health record (PCHR) system. A PCHR enables an individual to own and manage a complete, secure, digital copy of her health and wellness information. Indivo integrates health information across sites of care and over time. Indivo is free and open-source, uses open, unencumbered standards, and is actively deployed in diverse settings, in particular our own Children's Hospital Boston and the Dossia Consortium."
Mod parent up. I also work for a non-evil email marketing company, and the opt-out link DEFINITELY works. You can opt out of commercial email, and not all commercial email is spam.
I can't speak for anyone else, but I stopped running my own mail server when free webmail services got as fast, convenient, and effective at blocking spam. There's no real benefit to running my own server that outweighs the administration effort at this point.
Filter traffic at network perimeters Because the ability to spoof IP addresses is necessary to conduct these attacks, administrators should take care to filter spoofedaddresses at the network perimeter. IETF Request for Comments(RFC) documents RFC 2827, RFC 3704, and RFC 3013 describe best currentpractices (BCPs) for implementing this defense. It is important to understand your network's configuration and service requirements before deciding what changes are appropriate.
So...is this REALLY that serious? Is anyone NOT already doing this? I'm incredibly skeptical of big, sensational security alerts like this.
So the summary of this anecdote is that you provided a citation for a factual error on a protected page, and it was corrected by an editor? That sounds like a success to me.
If you can't provide a citation to correct the second issue, then it doesn't belong. That goes both ways though...if there's a fact on the page that doesn't have a supporting citation, it should be cited or removed.
Wikipedia has very clear and internally consistent policies and rules, and the vast majority of complaints I see about it are from people who haven't bothered to read or understand them.
Right. I had to get up in the morning at ten o'clock at night half an hour before I went to bed, drink a cup of sulphuric acid, work twenty-nine hours a day down mill, and pay mill owner for permission to come to work, and when we got home, our Dad and our mother would kill us and dance about on our graves singing Hallelujah./python
"Crap, it's going to fly into the crane, I need to kill it," Carmack recalls thinking. He fired his railgun into the vehicle several times before grabbing a nearby quad damage and finishing it off with a rocket. "It made a fireball that would make any Hollywood movie proud," Carmack says.
YES!
Re:Do you also own a cat with a diamond collar?
on
Failing Our Geniuses
·
· Score: 1
I have to disagree with you on that. For me it was not a waste of time. It was actively harmful. I got extremely good grades about the first six years of elementary, degrading after that, going into mediocrity and failure later on. You see, I never learned discipline because I wasn't given assignments that challenged me early on. This is also due to a lack of drive on my part, but the school system is also to blame as they never thought I might need a different kind of help. When I started getting mediocre grades, I was described as a "bright, promising student who needs to live up to his potential." I kept completing the occasional assignment which I happened to have an interest in in a competent manner, prompting more of that kind of comment. I've largely failed to live up to this supposed potential.
Amazing...this is just about exactly my story as well, and I'm still playing catch-up.
Now do you call or fold? Not knowing what the hell happened to get me into this mess on the river, I probably fold and resolve to play better on future hands.
I also file away the little nugget of knowledge that this player pushes when checked to on the river.
"Practically any time I hear a large software system discussed I hear "X is a #%@!in mess,"
I get that with reading the next line you get the context, but was I the only one taken aback at this seemingly blatant flame of our beloved X? Yeah, it's like "X is a #%@!in mess, and this code ain't so hot either!"
The article is based on an incorrect and/or outdated idea of what a blog is. Specifically, "Blog postings will always be commodity content: there's a limit to the value you can provide with a short comment on somebody else's comments," which implies that a blog posting is necessarily that "short comment on somebody else's comments." There's no reason why a blog can't contain exclusively postings that meet the "in-depth content."
Also the article was too long can someone give me a link to a blog that has a summary
I dunno... we had Deloitte consultants come in before, and the one girl was really hot. I don't know why they were here or what they did but I don't think it matters. +5, true dat
There are lots of annoying words, but the thing that really makes me seeth is the hanging statement, a common reflexive response used by fools. To me, it reads 'savour my words, reflect upon them, I speak from the highest altar of knowledge.' Or in short, 'I am a self-important asshat'. An example: Reasonable question: 'I was thinking of buying xyz processor, would anyone be able to suggest a good motherboard' Asshat response: 'I didn't know anyone would buy an xyz processor...' Sorry, crap example I know but the minute you go looking for one of these loathsome phrases you can't find one. I think generally people use this to try to sound polite, rather than condescending. "I didn't know anyone would buy an xyz processor..." is much more gentle than "if you spent 12 seconds doing your research, you'd know that the xyz processor is ridiculously overpriced and tends to catch fire. Obviously you have no idea what you're doing!"
Maybe you should think a little more and judge a little less...
For what its worth, I'm in the other 20%. I have no illusions that I am the best hacker I've ever met, or even the 47th best. I produce code which, on a great day, has bits of brilliance, on a good day, is solid and worksmanlike, and on a bad day is junk which I'll have to replace the next day... just like almost every other programmer I have ever met. I think your ability to recognize this puts you above average, at least. The problem with the worst programmers (or worst IT people in general) is their inability to recognize what (and how much) they don't know.
Patents are a crappy way to lock up the fix for a vulnerability. 10 years from now, it's vanishingly unlikely that your discovery will still be relevant. If it is, you've got better things to do with it than sell it to bottom-feeders.
Here's a better idea: copyright law. Copyright is immediate.
Here's what you do:
Find a vulnerability --- anything; say, memory corruption in some OS service --- and devise a third-party patch for it.
Publish the patch. Only the patch.
But before you do, wrap the patch up in a DRM scheme. An in-kernel, interrupt-hooking virtual machine with an encrypted instruction set should do nicely. It's worth the work; you'll be doing this over and over again. You want people to sweat to figure out how your patch works.
Alert the world to your discovery. You're a hero! You can root any computer on the Internet!
Don't publish the details of the vulnerability. No, wait, don't even allow the details to be published. If anyone figures out how your patch works, sue them under the DMCA. Especially if it's the vendor.
The vendor will, of course, claim they have the right to reverse-engineer your "intellectual property" for security and interoperability purposes. Let the courts decide. In the mean time: nice of them to establish some precedent.
Points to anyone who can prove to me that this doesn't qualify as "responsible disclosure".
Slashdot Mirror
Can't believe nobody has mentioned Indivo yet. http://indivohealth.org/
"Indivo is the original personally controlled health record (PCHR) system. A PCHR enables an individual to own and manage a complete, secure, digital copy of her health and wellness information. Indivo integrates health information across sites of care and over time. Indivo is free and open-source, uses open, unencumbered standards, and is actively deployed in diverse settings, in particular our own Children's Hospital Boston and the Dossia Consortium."
Mod parent up. I also work for a non-evil email marketing company, and the opt-out link DEFINITELY works. You can opt out of commercial email, and not all commercial email is spam.
I can't speak for anyone else, but I stopped running my own mail server when free webmail services got as fast, convenient, and effective at blocking spam. There's no real benefit to running my own server that outweighs the administration effort at this point.
Oh yeah, who needs entropy anyway? This is the equivalent of the "what's your favorite color" security question.
Of course, I look forward to the day when I can get into 50% of Myspace accounts by selecting the latest Kanye West jam.
This is exactly it, nice summary. Not sure why you're not +5 yet.
This is from the advisory.
Filter traffic at network perimeters
Because the ability to spoof IP addresses is necessary to conduct
these attacks, administrators should take care to filter spoofedaddresses at the network perimeter. IETF Request for Comments(RFC)
documents RFC 2827, RFC 3704, and RFC 3013 describe best currentpractices (BCPs) for implementing this defense. It is important to
understand your network's configuration and service requirements
before deciding what changes are appropriate.
So...is this REALLY that serious? Is anyone NOT already doing this? I'm incredibly skeptical of big, sensational security alerts like this.
The potential security implications of this kind of make me queasy.
So the summary of this anecdote is that you provided a citation for a factual error on a protected page, and it was corrected by an editor? That sounds like a success to me.
If you can't provide a citation to correct the second issue, then it doesn't belong. That goes both ways though...if there's a fact on the page that doesn't have a supporting citation, it should be cited or removed.
Wikipedia has very clear and internally consistent policies and rules, and the vast majority of complaints I see about it are from people who haven't bothered to read or understand them.
I just paid!
Instead of hard drive, package contained bobcat. Would not buy again.
http://xkcd.com/325/
Right. I had to get up in the morning at ten o'clock at night half an hour before I went to bed, drink a cup of sulphuric acid, work twenty-nine hours a day down mill, and pay mill owner for permission to come to work, and when we got home, our Dad and our mother would kill us and dance about on our graves singing Hallelujah. /python
I love how FUD articles get posted on the front page, but they would never post something with actual content like this:
Enough With The Rainbow Tables: What You Need To Know About Secure Password Schemes
"Crap, it's going to fly into the crane, I need to kill it," Carmack recalls thinking. He fired his railgun into the vehicle several times before grabbing a nearby quad damage and finishing it off with a rocket. "It made a fireball that would make any Hollywood movie proud," Carmack says.
YES!
I have to disagree with you on that. For me it was not a waste of time. It was actively harmful. I got extremely good grades about the first six years of elementary, degrading after that, going into mediocrity and failure later on. You see, I never learned discipline because I wasn't given assignments that challenged me early on. This is also due to a lack of drive on my part, but the school system is also to blame as they never thought I might need a different kind of help. When I started getting mediocre grades, I was described as a "bright, promising student who needs to live up to his potential." I kept completing the occasional assignment which I happened to have an interest in in a competent manner, prompting more of that kind of comment. I've largely failed to live up to this supposed potential.
Amazing...this is just about exactly my story as well, and I'm still playing catch-up.
You: Pair of 2's, check
Him: Ace-high, all-in
Now do you call or fold? Not knowing what the hell happened to get me into this mess on the river, I probably fold and resolve to play better on future hands.
I also file away the little nugget of knowledge that this player pushes when checked to on the river.
I had this conversation recently, and I really think it's all about goals. Here's a link to my blog post about it.a ls.html
http://tylerkrpata.blogspot.com/2007/06/career-go
I get that with reading the next line you get the context, but was I the only one taken aback at this seemingly blatant flame of our beloved X? Yeah, it's like "X is a #%@!in mess, and this code ain't so hot either!"
The article is based on an incorrect and/or outdated idea of what a blog is. Specifically, "Blog postings will always be commodity content: there's a limit to the value you can provide with a short comment on somebody else's comments," which implies that a blog posting is necessarily that "short comment on somebody else's comments." There's no reason why a blog can't contain exclusively postings that meet the "in-depth content."
Also the article was too long can someone give me a link to a blog that has a summary
The fact that it's distributed as a RAR archive kinda says a lot.
Finally someone made me LOL for real, and me with no mod points.
Maybe you should think a little more and judge a little less...
Tom Ptacek says:
Patents are a crappy way to lock up the fix for a vulnerability. 10 years from now, it's vanishingly unlikely that your discovery will still be relevant. If it is, you've got better things to do with it than sell it to bottom-feeders.
Here's a better idea: copyright law. Copyright is immediate.
Here's what you do:
Find a vulnerability --- anything; say, memory corruption in some OS service --- and devise a third-party patch for it.
Publish the patch. Only the patch.
But before you do, wrap the patch up in a DRM scheme. An in-kernel, interrupt-hooking virtual machine with an encrypted instruction set should do nicely. It's worth the work; you'll be doing this over and over again. You want people to sweat to figure out how your patch works.
Alert the world to your discovery. You're a hero! You can root any computer on the Internet!
Don't publish the details of the vulnerability. No, wait, don't even allow the details to be published. If anyone figures out how your patch works, sue them under the DMCA. Especially if it's the vendor.
The vendor will, of course, claim they have the right to reverse-engineer your "intellectual property" for security and interoperability purposes. Let the courts decide. In the mean time: nice of them to establish some precedent.
Points to anyone who can prove to me that this doesn't qualify as "responsible disclosure".