but if either or both of these differences are really trivial where are all the examples of this being done?
Exactly! I read the patent application pretty thoroughly. Not only have I never seen what was actually being described done (certainly not done in any generalized works-with-any-regexp kind of way), but the idea behind it would require an interesting variant of regexp that examines not the full pattern, but POTENTIAL patterns. That is, "this string doesn't match this regexp... YET. But it might in the future -or- it never will and here's why." That doesn't seem too trivial to me.
Seems like you need to read more. You completely missed the point of the patent. The idea is not to validate a field against a regexp. That's easy. This patent will check to see if a partial string will EVER be able to match a regexp and if not indicate what prevents it. (See line 0007 of the application).
Let's take email addresses: These will validate DURING typing: cmdr_ta cmdr_taco cmdr_taco@sla cmdr_taco@slashdot
This will fail DURING typing: cmdr_taco@slashdot,
In addition, the "," will be highlighted as preventing the regular expression from ever being able to match. (Line 0009)
I, personally, have never seen that on any web form with anything complex, like an email address. Sure, I've seen it on very simple things like "number only" fields and I see full-field checks all the time. Even your code is a full-field check, which has the added ugliness of failing while typing in something valid.
I don't know if this is patentable or if there is prior art (even if I've personally never seen it as described in this patent), but its not what you present it to be.
The movie finished, the director said "ok, now lets go for a beer to forget this" and got an ovation.
You've obviously never been to the Alamo Drafthouse. You don't have to GO to get a beer. You can get beers delivered right to your seat while watching the movie. (They call it DRAFTHOUSE for a reason, you know.)
This leaves another option -- they were all completely wasted.
You know, or should know at any rate, that language changes over time. The correct definition of a word is the one that people actually understand. Like it or not, when people say "hacked" in this context, people understand that it means "illicitly and illegally accessing a computer system". I understand that, everyone else understands that, and therefore -- like it or not -- it is now the definition of the word.
When are YOU ever going to get that the definition has evolved and changed? YOU are the one clinging to a deprecated and archaic definition of the word that only a very small percentage of the population knows, and an even smaller percentage actually cares about.
Why is everyone assuming that Microsoft can do only one thing at a time? Microsoft is a damned big company and, you know what? They can do multiple things at once.
Right now, Microsoft's operating system units are focusing their energies on overcoming the bad press from Vista (Mojave Experiment), shunting the effectiveness of the Mac v. PC ads, and putting oil in the hype machine for the release Windows 6.1 --- err 7. The fact that Microsoft is hiring a single guy -- ONE GUY -- to look the open source competition stuff, is hardly "ditching what is most likely one of the biggest competitors".
Fact is, Microsoft is looking at ALL their competitors, which is *exactly* what they should be doing. Linux might not be a Desktop threat today. What about in 5 years? What about 10? Microsoft is smart enough to think that far ahead.
Funny thing is that this actually had the reverse effect for a friend of mine. This friend was a big privacy, anti-nanny-government guy UNTIL he discovered that Verizon sells a phone that will let him track where his 14 year old son is.
Suddenly, he thought this was the best thing ever and signed up right away, gave the phone to his son for his birthday, and -- of course -- opted not to tell him about the tracking feature on his birthday present.
I never did understand why UAC prompts get such a bad rap but the incessant sudo prompts in GNOME and KDE are considered the height of security.
To twist your words: If you look at Linux as a whole, it is incredibly stupid that after the user selects some option, like adjust the screen resolution, the computer will pop up a dialog asking the user to enter his password to prove he is indeed the one who selected the option. (I know its to elevate privs, but the distinction is academic)
What's going on in India right now is no different than what went on the US in the late 90's with the dot-com boom. During the boom, demand far, far outstripped supply so people who could barely *spell* HTML were being hired as web designers and 90% of them were incompetent.
Same thing is happening in India right now, with approximately the same results. I have a feeling that one of the fallouts of this global credit crunch is that, just like the eventual dot-BOMB in 2000 and 2001, India is going face a major market correction.
The bottom line is that this is not an "India" thing or a "US" thing. It's a basic Economics 101 thing. Let's try not to make it too personal.
Why are you assuming the question is in regards to a website? The text mentions the project as a "large software product". There's not even an implication that this is product a website.
Outbound firewalls are for people who don't know what they're doing
What an incredibly ignorant and stupid thing to say.
I definitely know what I'm doing and I use my outbound firewall to its fullest extent. Having the ability to proactively determine what software can and can't touch the network, be it establishing a connection or binding to a port, in conjunction with a proper hardware solution provides not only good protection, but also serves as an early warning system when an unknown program attempts to go to an unknown site for an unknown reason.
Granted, outbound firewalls are not perfect. If a whitelisted application is compromised, then it this firewall doesn't provide much protection. This is why outbound firewalls should be but one of several items in your security toolbox.
However, to wave your hand and claim they are only for people who don't know what they are doing shows a level of arrogance that usually gets corrected only after you are compromised.
When Hernando Cortez arrived in Mexico, he ordered his ships to be burned. As there was no turning back, no options left open other than to proceed ahead, his men were incredibly well motivated.
I'm going to propose that having the shuttle program intact is possibly the biggest hindrance to advancement. As long as it is there, any viable alternatives are so easily canceled by Congress whenever they need an influx of cash by cutting NASA's budget, just as they've done dozens of times before over the last couple of decades.
However, with the Shuttle program completely disassembled, their ships burned as it were, and the embarrassment that would be seen that the United States has no viable space program while China and India are out doing spacewalks, Congress will be well motivated to make sure that NASA has all the funding they need. While it could just be the romantic in me, or simply wishful thinking, this provision might perhaps bring in a golden age of space that we've not seen since the race to the moon with the Russians in 1969.
Dead on the money. gustavrelief.com is a TRACKER. It pulls up the red cross website in a full frame and tracks in the main.
When you unload their page, it'll attempt a popup back to their site with (?p=2<m=x) appended. Using lynx, it looks like this is a bunch of ads with links, but I can't tell what's behind those links (I click on them and nothing appears to happen inside lynx).
I looked all over Comcast's website and no where -- not one place -- is their Internet service advertised as "unlimited".
In fact, there are numerous links on several pages that take you to their terms and conditions where Comcast has a full section (Section III) entitled "Network Management and Limitations on Bandwidth Consumption". I'll grant you it doesn't say specifically "250GB" anywhere in there, but that's a lot different than the falsehood of claiming "they advertise that it is unlimited!" when they don't.
it makes absolutely no sense to me why you think plaintext http is somehow better than at least passive eavesdropper-resistant self-signed ssl.
Don't put words in my mouth. I never said anything even remotely close to this. If you are going to argue my points, make sure they are at least my points.
The point is this: Unless you KNOW who you are speaking to, encrypting it is simply not secure. It isn't. Period. End of story. Is it more secure then nothing? Of course it is and I never said it wasn't. However, that doesn't make it good either.
The original post said "I don't care who I'm talking to, I just want it encrypted". To me, that's saying "I have a secret that I want to tell someone. I don't care who! Just someone random. However, I don't want anyone ELSE to hear. Just this random person who could be absolutely anyone. Bad guy. Good guy. Doesn't matter. I don't care." That's absolutely stupid.
ISP packet inspection is exactly why not caring about authentication undermines your whole security. There was another post here that discussed how an ISP (in his post, a business) set up a web proxy that spoofed EVERY certificate going through it -- establishing a nice man-in-the-middle system. Everyone who thought they were accessing the web securely had all their data examined at in plain text. (In his case, it was to "look for company secrets" being emailed out).
Now, let's put this in the context of the whole damned article. When the browser sees something wonky with a certificate, it makes you jump through hoops before accepting it. This is a Good Thing(tm) for all the reasons I mentioned above. Users need to know that their security is not as strong as it may appear and they can't trust that the website is who they claim to be. People like you and croddy might not care about that, but that's your problem to deal with.
If he doesn't care who he is communicating with, why would he care if anyone else is listening? This whole line of argument makes absolutely no sense to me.
No, I use SSL to obscure my messages from people in between me and the server. If I want to verify the party to whom I'm speaking, I'll go over there myself with a 6-pack.
Wow. Just. Wow....if you haven't verified the person to whom you are speaking, how do you know you aren't talking to a third person between you and your intended server?
That's called a man-in-the-middle attack, son, and it's becoming an increasingly popular technique.
Slashdot Mirror
but if either or both of these differences are really trivial where are all the examples of this being done?
Exactly! I read the patent application pretty thoroughly. Not only have I never seen what was actually being described done (certainly not done in any generalized works-with-any-regexp kind of way), but the idea behind it would require an interesting variant of regexp that examines not the full pattern, but POTENTIAL patterns. That is, "this string doesn't match this regexp... YET. But it might in the future -or- it never will and here's why." That doesn't seem too trivial to me.
Seems like you need to read more. You completely missed the point of the patent. The idea is not to validate a field against a regexp. That's easy. This patent will check to see if a partial string will EVER be able to match a regexp and if not indicate what prevents it. (See line 0007 of the application).
Let's take email addresses:
These will validate DURING typing:
cmdr_ta
cmdr_taco
cmdr_taco@sla
cmdr_taco@slashdot
This will fail DURING typing:
cmdr_taco@slashdot,
In addition, the "," will be highlighted as preventing the regular expression from ever being able to match. (Line 0009)
I, personally, have never seen that on any web form with anything complex, like an email address. Sure, I've seen it on very simple things like "number only" fields and I see full-field checks all the time. Even your code is a full-field check, which has the added ugliness of failing while typing in something valid.
I don't know if this is patentable or if there is prior art (even if I've personally never seen it as described in this patent), but its not what you present it to be.
The movie finished, the director said "ok, now lets go for a beer to forget this" and got an ovation.
You've obviously never been to the Alamo Drafthouse. You don't have to GO to get a beer. You can get beers delivered right to your seat while watching the movie. (They call it DRAFTHOUSE for a reason, you know.)
This leaves another option -- they were all completely wasted.
Instead, test it formally, with double blinds, hoping that it works (so you don't subconsciously suppress data).
Been done. In fact, it was done by a 9 year old girl (and again at age 11), who basically pwned them:
http://en.wikipedia.org/wiki/Emily_Rosa
Oh get off your 133tist high-horse.
You know, or should know at any rate, that language changes over time. The correct definition of a word is the one that people actually understand. Like it or not, when people say "hacked" in this context, people understand that it means "illicitly and illegally accessing a computer system". I understand that, everyone else understands that, and therefore -- like it or not -- it is now the definition of the word.
When are YOU ever going to get that the definition has evolved and changed? YOU are the one clinging to a deprecated and archaic definition of the word that only a very small percentage of the population knows, and an even smaller percentage actually cares about.
P.S. Same goes for "piracy".
Why is everyone assuming that Microsoft can do only one thing at a time? Microsoft is a damned big company and, you know what? They can do multiple things at once.
Right now, Microsoft's operating system units are focusing their energies on overcoming the bad press from Vista (Mojave Experiment), shunting the effectiveness of the Mac v. PC ads, and putting oil in the hype machine for the release Windows 6.1 --- err 7. The fact that Microsoft is hiring a single guy -- ONE GUY -- to look the open source competition stuff, is hardly "ditching what is most likely one of the biggest competitors".
Fact is, Microsoft is looking at ALL their competitors, which is *exactly* what they should be doing. Linux might not be a Desktop threat today. What about in 5 years? What about 10? Microsoft is smart enough to think that far ahead.
Funny thing is that this actually had the reverse effect for a friend of mine. This friend was a big privacy, anti-nanny-government guy UNTIL he discovered that Verizon sells a phone that will let him track where his 14 year old son is.
Suddenly, he thought this was the best thing ever and signed up right away, gave the phone to his son for his birthday, and -- of course -- opted not to tell him about the tracking feature on his birthday present.
I never did understand why UAC prompts get such a bad rap but the incessant sudo prompts in GNOME and KDE are considered the height of security.
To twist your words: If you look at Linux as a whole, it is incredibly stupid that after the user selects some option, like adjust the screen resolution, the computer will pop up a dialog asking the user to enter his password to prove he is indeed the one who selected the option. (I know its to elevate privs, but the distinction is academic)
Couldn't agree with you more.
What's going on in India right now is no different than what went on the US in the late 90's with the dot-com boom. During the boom, demand far, far outstripped supply so people who could barely *spell* HTML were being hired as web designers and 90% of them were incompetent.
Same thing is happening in India right now, with approximately the same results. I have a feeling that one of the fallouts of this global credit crunch is that, just like the eventual dot-BOMB in 2000 and 2001, India is going face a major market correction.
The bottom line is that this is not an "India" thing or a "US" thing. It's a basic Economics 101 thing. Let's try not to make it too personal.
ISPs are well know to *fold* at the slightest sign of a lawsuite. As to why the RIAA *has no shame* at all *and keeps on doing* things like this?
[Dave Bowman voice:] My god.... its full of stars!!
Richard Branson can build you a space ship for less than that, he did it to win the X-Prize.
I think that Paul Allen and Burt Rutan might take issue with that statement.
Why are you assuming the question is in regards to a website? The text mentions the project as a "large software product". There's not even an implication that this is product a website.
Time to broaden your horizons methinks.
don't want to work properly on my work system (ie 6 forever, I'm afraid)
It's all part of The Master Plan(tm). The tags don't work properly at your job, so that maybe you will.
Outbound firewalls are for people who don't know what they're doing
What an incredibly ignorant and stupid thing to say.
I definitely know what I'm doing and I use my outbound firewall to its fullest extent. Having the ability to proactively determine what software can and can't touch the network, be it establishing a connection or binding to a port, in conjunction with a proper hardware solution provides not only good protection, but also serves as an early warning system when an unknown program attempts to go to an unknown site for an unknown reason.
Granted, outbound firewalls are not perfect. If a whitelisted application is compromised, then it this firewall doesn't provide much protection. This is why outbound firewalls should be but one of several items in your security toolbox.
However, to wave your hand and claim they are only for people who don't know what they are doing shows a level of arrogance that usually gets corrected only after you are compromised.
This is an application for a patent and not a patent itself.
Even better then! It's an idea for patenting the process of patenting ideas!
It'll be interesting to watch this snake eat itself.
Congratulations! You get the prize today for not reading TFA.
"printer on fire" was #8.
Sorry you couldn't out-133t the article today. Collect your prize at the door.
Your crap English skills
I'm betting his English skills are better than your Russian skills.
When Hernando Cortez arrived in Mexico, he ordered his ships to be burned. As there was no turning back, no options left open other than to proceed ahead, his men were incredibly well motivated.
I'm going to propose that having the shuttle program intact is possibly the biggest hindrance to advancement. As long as it is there, any viable alternatives are so easily canceled by Congress whenever they need an influx of cash by cutting NASA's budget, just as they've done dozens of times before over the last couple of decades.
However, with the Shuttle program completely disassembled, their ships burned as it were, and the embarrassment that would be seen that the United States has no viable space program while China and India are out doing spacewalks, Congress will be well motivated to make sure that NASA has all the funding they need. While it could just be the romantic in me, or simply wishful thinking, this provision might perhaps bring in a golden age of space that we've not seen since the race to the moon with the Russians in 1969.
Dead on the money. gustavrelief.com is a TRACKER. It pulls up the red cross website in a full frame and tracks in the main.
When you unload their page, it'll attempt a popup back to their site with (?p=2<m=x) appended. Using lynx, it looks like this is a bunch of ads with links, but I can't tell what's behind those links (I click on them and nothing appears to happen inside lynx).
I looked all over Comcast's website and no where -- not one place -- is their Internet service advertised as "unlimited".
In fact, there are numerous links on several pages that take you to their terms and conditions where Comcast has a full section (Section III) entitled "Network Management and Limitations on Bandwidth Consumption". I'll grant you it doesn't say specifically "250GB" anywhere in there, but that's a lot different than the falsehood of claiming "they advertise that it is unlimited!" when they don't.
it makes absolutely no sense to me why you think plaintext http is somehow better than at least passive eavesdropper-resistant self-signed ssl.
Don't put words in my mouth. I never said anything even remotely close to this. If you are going to argue my points, make sure they are at least my points.
The point is this: Unless you KNOW who you are speaking to, encrypting it is simply not secure. It isn't. Period. End of story. Is it more secure then nothing? Of course it is and I never said it wasn't. However, that doesn't make it good either.
The original post said "I don't care who I'm talking to, I just want it encrypted". To me, that's saying "I have a secret that I want to tell someone. I don't care who! Just someone random. However, I don't want anyone ELSE to hear. Just this random person who could be absolutely anyone. Bad guy. Good guy. Doesn't matter. I don't care." That's absolutely stupid.
ISP packet inspection is exactly why not caring about authentication undermines your whole security. There was another post here that discussed how an ISP (in his post, a business) set up a web proxy that spoofed EVERY certificate going through it -- establishing a nice man-in-the-middle system. Everyone who thought they were accessing the web securely had all their data examined at in plain text. (In his case, it was to "look for company secrets" being emailed out).
Now, let's put this in the context of the whole damned article. When the browser sees something wonky with a certificate, it makes you jump through hoops before accepting it. This is a Good Thing(tm) for all the reasons I mentioned above. Users need to know that their security is not as strong as it may appear and they can't trust that the website is who they claim to be. People like you and croddy might not care about that, but that's your problem to deal with.
If he doesn't care who he is communicating with, why would he care if anyone else is listening? This whole line of argument makes absolutely no sense to me.
No, I use SSL to obscure my messages from people in between me and the server. If I want to verify the party to whom I'm speaking, I'll go over there myself with a 6-pack.
Wow. Just. Wow. ...if you haven't verified the person to whom you are speaking, how do you know you aren't talking to a third person between you and your intended server?
That's called a man-in-the-middle attack, son, and it's becoming an increasingly popular technique.
The worldwide mortality rate of 9.5/100,000/year
Except for the fact that you are TWO orders of magnitude off. The worldwide crude mortality rate is 9.6 per 1000 per year, not 100,000.