I could swear that I laughed a lot reading the books. Didn't I? In this trailer the only things that appear to be intended to be "funny" are people getting hit with things, falling down, etc. I suppose I shouldn't be surprised.
I guess response time depends on what platform you are on. Mozilla has not released a single fix for the Mac OS X version of Firefox and so all the known security holes remain unpatched for it. It's not clear to me if there have been any fixes for the Windows version. The only thing I've read is that such do exist for the Linux version. Has the Windows version had "hot fixes"? In any case, at least for Mac OS X, the response time by Mozilla has been truly abysmal.
That is exactly why the story is fucking posted here.
Hey Sherlock - what do you suppose was the purpose of my message? Was it to report the flaw in Safari? Or was it to report the flaw in Mail.app and many other mail programs on many platforms, that in concert with the Safari/Firefox/Opera flaw makes for a heady brew, and to note one possible, and easy, fix for it? No such flaw is noted on secunia.com, in fact there is no Mail.app listing on that site at all. Perhaps it is noted elsewhere, but I haven't been able to find it. Nor do I see it mentioned in the/. article, but maybe I'm just not enough of a Sherlock to find it there?
With phishing on the rise, this is a major problem. Let's hope Apple and the others can address it quickly. When you combine this problem with the ability for imposter emails to have a link that looks like an address to, for example, paypal, but that really goes to another site, the potential for phishing scams is substantial. Indeed that Mail.app (and other non-text-only mail programs, not just Apple's nor just Mac OS X) flaw ought to be recorded somewhere as a security flaw so it would be addressed. Recently I've received two fairly realistic bogus emails that purported to be from ebay and had fake URLs that led to an obviously-not-an-ebay-URL site (once you got there), but if they had taken advantage of this IDN flaw too, they could much more easily trick people into thinking it was legit.
It seems to me that the Mail.app flaw could easily be addressed by having a check to make sure that any link with anything that looks like a URL in the text of message matches with the actual link, and if it doesn't, putting up a warning when you click on it, displaying the actual URL and asking for verification that you want to visit it, noting that it may be a scam.
Those holes that are in your windows box when you plug it into the net already have patches written for them.
It doesn't take a long look at Secunia's listings for Microsoft software to see that gaping ("highly critical") holes from literally years back have not been patched yet. In the case of MSIE, for example, there is a "highly critical" and unpatched flaw from August 2003 that allows arbitrary code execution on the victims machine just be visiting a web site. This is possible because Microsoft allows any web site to install anything signed by Microsoft without user intervention or even notification, even if it contains unpatched flaws that the perpetrator then takes advantage of. So in the case of this attack, the malicious site installs a flawed Visual Studio ActiveX plugin without the users knowledge that it then exploits to run arbitrary code on the victims machine. And how is this the fault of the box makers again? This is just one example, not only of an old and major unpatched security flaw, but of a mind bogglingly stupid policy that makes Microsoft Windows insanely insecure.
Aside from life-extension repairs, the mission would also replace two instruments (one not really an instrument) with two brand new instruments providing greatly increased capability. Wide Field Camera 3 (WFC3) will replace Wide Field Planetary Camera 2 (WFPC2), and Cosmic Origins Spectrograph (COS), will replace the no longer needed corrective optics of COSTAR (the corrective optics are now incorporated into the individual instruments). To call this strictly a repair missing is a wild understatement.
I have not seen this. I just tried starting up Firefox and no pop-up update was presented, no link below the toolbar. I do see now that there is a "Software Update" feature in the preferences, but even running this manually turns up no updates. I'm running it on Mac OS X.
The only official release of Firefox is 1.0. There are a number of outstanding security flaws in Firefox 1.0 as reported by Secunia and none have been addressed yet. I don't know if there is a nightly release that fixes these flaws, but even if there is, those are not the releases that Mom and Pop download, and it is that type of user that tends to be affected most by security flaws. Doesn't the Firefox/Mozilla team need to release a version 1.0.1 that fixes these flaws sooner rather than later? Unfortunately there is no 1.0.1 on the road map, and version 1.1 is not scheduled to be released until June, if it is on time. By then the oldest unpatched flaw, from August 2004, will be 10 months old! While the severity of current flaws is nowhere near MSIE territory, the age of unpatched flaws will be getting into MSIE territory (well, somewhat, anyway.)
If it were me, I wouldn't buy it. Why? I have several Griffin products and the thing that is common between all of them is that the software sucks to start with and the software never really gets fixed. Case in point - I have a Griffin PowerMate USB rotary controller. To this day it does not work properly with multiple users in Mac OS X. By this I mean *both* there being more than one account on the system with each account logged in to at different times, as well as greater issues with having multiple accounts logged in at the same time (fast user switching.)
In the former case the issue is relatively minor, but still annoying. In some accounts rotating the knob to adjust system volume does not provide visual or audible feedback. In other accounts it does. Relatively minor, but still very annoying.
In the case of fast user switching it's a substantial problem. What happens is that the software continues to run even in the background accounts, the net result is that using the PowerMate produces unpredictable results. You can see the volume go up and then jump to some entirely different volume because it's adjust both in your account, and the one in background, fighting for control. Or you might be rotating to move "play head" in iMovie, but at the same time it changes system volume. Etc. Even more fun with 3 or more accounts logged in!
It's not like Fast User Switching (introduced in 10.3) was just released. They should have had this fixed long ago, and the best I could get out of Griffin's difficult to contact tech support was that they were aware of the problem but couldn't say when (perhaps not even if) it will be resolved.
Buyer beware of anything Griffin makes that involves software that they write. I know I won't be buying any more Griffin products no matter how cool they sound.
Not burying functionality into invisible menus is good UI design. Context menus should replicate functionality that can be accessed through visible controls.
Then it's too bad Apple doesn't follow that design philosophy either. In iPhoto, for example, the only ways to "Open in External Application" are via context menu, or to change a setting in the preferences to make double-click result in opening in an external application or to drag a photo out of iPhoto and onto another application. There is no such functionality in the normally visible menus (speaking of version 4 - I haven't seen version 5, yet.)
There are numerous examples of it in a variety of Apple developed applications. How about "Open Link in new Window/Tab" in Safari? This can only be done either via context menu or keyboard shortcut. No normal menu item.
Or my favorite: iTunes' "Copy to Play Order". This is only available in the context menu and only when right-clicking/control-clicking a playlist in the sources pane. Nobody even understands what that command does, let alone how to invoke it!:)
It is not always the case that having the functionality also in the main menu is desirable. Do we really want the main menubar cluttered up with commands such as "Copy to Play Order"? At some point the basics get to be cumbersome and so some commands are best left hidden. I don't think Apple has the balance figured out yet either.
I recently completed downloading a Redhat Fedora DVD image via bittorrent. This DVD image is smaller than most current SD DVD movies, let alone movies in some future HD format. It took nearly 24 hours to complete over my DSL connection. Given that, and that torrents are suppose to be efficient, isn't it completely ludicrous to suggest that a viable movie download service, especially an HD one (!!), could exist with current technology?
The Cube did have some other issues and aspects of poor design. Take, for example, the decision to put all the ports on the *bottom*. This is very inconvenient. The mini's are all on the back, but it's pretty easy to flip a mini this way and that with one hand. The cube was a two hander. Another design flaw of the Cube was the touch sensitive power button on top. I have a colleague in the office who got a Cube back them and had to put a sign on top of his cube reading "Do Not Touch!" Why? Because the first thing anyone did when they saw the Cube was to touch it. On the top. Oops.
Firefox = Security. Or does it?
on
Firefox In Print
·
· Score: 1
Where are the security updates? To date, not a single Firefox security flaw, as reported by Secunia, has been fully dealt with, and only one has even been partly resolved. Even the first security flaw, from August 2004, has not been addressed by the Firefox developers. In the mean time Apple has no remaining unpatched security flaws in Safari, after the latest security update, and has historically patched discovered flaws in a timely fashion. Firefox is in no way as horrendous as Internet Explorer, of course, but what is it about Firefox's open source development process that is preventing them from patching known flaws? Is the open source process really working, or is it hindering the development process? How long will it be before the known Firefox security flaws are fixed and how many more security flaws will be found in the mean time?
Actually, in the case of the 512 MB option, Apple's price on that is quite reasonable at $75. The best I could find elsewhere was only a few dollars less, and then you had to add shipping, making the 3rd party price actually higher than Apple's upgrade price and you'd have to install it yourself. I suppose you might be able to sell the old 256 MB module then, but is that really worth the effort? The 1 GB option is an entirely different story, even with the reduced pricing.
Doh! Yep, dumb mistake. kB vs. kb. OK, I see that that is much better than dialup. I still, though, often (not always) see better speeds with regular downloads than I do with torrents, at least so far, and definitely downloading via HTTP/FTP does not effect the network as much (it does slow it down, just not as much.) Oh, and yes I believe my Verizon DSL connection is asynchronous, so perhaps that is the issue, at least with resulting download speeds.
I've tried several mac clients and have found that Azureus by far works the best of the ones I've tried including the BitTorrent one. This seems mainly due to Azureus allowing me to set an upload limit - without that my home 802.11b network seems to get completely saturated with upload, leaving no room for download.
Even after playing around with the specific limit set, the best download speeds I see perhaps rival the best regular download speeds I've seen from a direct ftp or http server. More typically I see what I'm seeing now, trying to download a copy of RedHat Fedora - something on par with a fast dial-up connection at 28 to 40 kB/ps. Am I suppose to be excited by this?
Moreover, when I run Azureus, even if the download speeds (and upload speeds reported for that matter) I see are absolutely pathetic, it slows down my entire 802.11b network so that everybody suffers, contradicting claims that torrents are efficient. On the contrary they seem insanely inefficient.
So what exactly is the point of torrents? They don't seem to result in faster downloads, they require me to provide an upload, they bring my 802.11b network to its knees even when the download/upload speeds are pathetic, and if I try to run Azureus at work I get a call from a (friendly) tech support guy warning me that the network techs are getting very upset that "someone" is running bittorrent (or equivalent.)
So (aside from downloading/sharing hacked software), what is the point of going through all this trouble? I'd rather just click a link in a browser and download the file at what seemingly would be similar or better speeds, and wouldn't get tech support upset.
Since when is PCMag an audiophile magazine? I'm no audiophile either, but the last thing I would have thought about my mini is that it had poor bass response. If anything, when listening with my headphones (admittedly inexpensive, but well rated Koss phones) there might be a bit too much bass, but I blame that on the headphones, not the mini.
In any case, mostly I listen, not via headphones, but via line-out hooked up to the car stereo. My car stereo isn't great and the car listening environment is inherently sucky, but it doesn't suck with the iPod any more than with CD. And that's my glowing review of the iPod mini.
Competitive gaming industries race to the NHL to work out a deal with them.
I've played it. I put the the game in and it showed a rerun of the Simpsons.
It depends on what games you want to play
on
Mac mini Dissection
·
· Score: 1
I run MacMAME on my old PowerMac G4 Dual-533 with Nvidia GeForce 2 MX. It runs great, and MacMAME does not get any benefit from multiple processors, so it's a single 533 to it. I can play all but the very most modern games in MacMAME very well on this system. The Mac mini blows away my system in all but hard drive speed so it should handle it all with aplomb. If I actually gave a crap about UT 23 or Doom 12, maybe I'd look at a faster, more expensive system or even a PC just for games, but I don't. Probably if I wanted a game-only system I'd get a PS/2 anyway. To me the old games are more reliably fun, and still more original and they don't take up nearly as much time either.
Slashdot Mirror
I could swear that I laughed a lot reading the books. Didn't I? In this trailer the only things that appear to be intended to be "funny" are people getting hit with things, falling down, etc. I suppose I shouldn't be surprised.
DVD comes with duck tape and instructions on how to install onto your computer's DVD drive.
...down to here. Good thing I've got my scroll wheel set to quintuple speed - a must have setting for any red-blooded slashdotter!
to scroll all the way down here. Good thing I've go "Turbo"
I guess response time depends on what platform you are on. Mozilla has not released a single fix for the Mac OS X version of Firefox and so all the known security holes remain unpatched for it. It's not clear to me if there have been any fixes for the Windows version. The only thing I've read is that such do exist for the Linux version. Has the Windows version had "hot fixes"? In any case, at least for Mac OS X, the response time by Mozilla has been truly abysmal.
Hey Sherlock - what do you suppose was the purpose of my message? Was it to report the flaw in Safari? Or was it to report the flaw in Mail.app and many other mail programs on many platforms, that in concert with the Safari/Firefox/Opera flaw makes for a heady brew, and to note one possible, and easy, fix for it? No such flaw is noted on secunia.com, in fact there is no Mail.app listing on that site at all. Perhaps it is noted elsewhere, but I haven't been able to find it. Nor do I see it mentioned in the /. article, but maybe I'm just not enough of a Sherlock to find it there?
With phishing on the rise, this is a major problem. Let's hope Apple and the others can address it quickly. When you combine this problem with the ability for imposter emails to have a link that looks like an address to, for example, paypal, but that really goes to another site, the potential for phishing scams is substantial. Indeed that Mail.app (and other non-text-only mail programs, not just Apple's nor just Mac OS X) flaw ought to be recorded somewhere as a security flaw so it would be addressed. Recently I've received two fairly realistic bogus emails that purported to be from ebay and had fake URLs that led to an obviously-not-an-ebay-URL site (once you got there), but if they had taken advantage of this IDN flaw too, they could much more easily trick people into thinking it was legit.
It seems to me that the Mail.app flaw could easily be addressed by having a check to make sure that any link with anything that looks like a URL in the text of message matches with the actual link, and if it doesn't, putting up a warning when you click on it, displaying the actual URL and asking for verification that you want to visit it, noting that it may be a scam.
Those holes that are in your windows box when you plug it into the net already have patches written for them.
It doesn't take a long look at Secunia's listings for Microsoft software to see that gaping ("highly critical") holes from literally years back have not been patched yet. In the case of MSIE, for example, there is a "highly critical" and unpatched flaw from August 2003 that allows arbitrary code execution on the victims machine just be visiting a web site. This is possible because Microsoft allows any web site to install anything signed by Microsoft without user intervention or even notification, even if it contains unpatched flaws that the perpetrator then takes advantage of. So in the case of this attack, the malicious site installs a flawed Visual Studio ActiveX plugin without the users knowledge that it then exploits to run arbitrary code on the victims machine. And how is this the fault of the box makers again? This is just one example, not only of an old and major unpatched security flaw, but of a mind bogglingly stupid policy that makes Microsoft Windows insanely insecure.
Steve
I know it isn't because it was sent by my Mom! I don't know where she gets the time to research so many products, but damn do I ever appreciate it!
Aside from life-extension repairs, the mission would also replace two instruments (one not really an instrument) with two brand new instruments providing greatly increased capability. Wide Field Camera 3 (WFC3) will replace Wide Field Planetary Camera 2 (WFPC2), and Cosmic Origins Spectrograph (COS), will replace the no longer needed corrective optics of COSTAR (the corrective optics are now incorporated into the individual instruments). To call this strictly a repair missing is a wild understatement.
I have not seen this. I just tried starting up Firefox and no pop-up update was presented, no link below the toolbar. I do see now that there is a "Software Update" feature in the preferences, but even running this manually turns up no updates. I'm running it on Mac OS X.
Run "Activity Monitor" in /Applications/Utilities/
Click the "System Memory" tab near the bottom. You can also set the Dock Icon to show memory usage if you like via the menus. Select:
There are also a number of third party tools that will show such info. I like "Menu Meters". Get it from macupdate.com or versiontracker.com.
The only official release of Firefox is 1.0. There are a number of outstanding security flaws in Firefox 1.0 as reported by Secunia and none have been addressed yet. I don't know if there is a nightly release that fixes these flaws, but even if there is, those are not the releases that Mom and Pop download, and it is that type of user that tends to be affected most by security flaws. Doesn't the Firefox/Mozilla team need to release a version 1.0.1 that fixes these flaws sooner rather than later? Unfortunately there is no 1.0.1 on the road map, and version 1.1 is not scheduled to be released until June, if it is on time. By then the oldest unpatched flaw, from August 2004, will be 10 months old! While the severity of current flaws is nowhere near MSIE territory, the age of unpatched flaws will be getting into MSIE territory (well, somewhat, anyway.)
"Hang up and drink"
If it were me, I wouldn't buy it. Why? I have several Griffin products and the thing that is common between all of them is that the software sucks to start with and the software never really gets fixed. Case in point - I have a Griffin PowerMate USB rotary controller. To this day it does not work properly with multiple users in Mac OS X. By this I mean *both* there being more than one account on the system with each account logged in to at different times, as well as greater issues with having multiple accounts logged in at the same time (fast user switching.)
In the former case the issue is relatively minor, but still annoying. In some accounts rotating the knob to adjust system volume does not provide visual or audible feedback. In other accounts it does. Relatively minor, but still very annoying.
In the case of fast user switching it's a substantial problem. What happens is that the software continues to run even in the background accounts, the net result is that using the PowerMate produces unpredictable results. You can see the volume go up and then jump to some entirely different volume because it's adjust both in your account, and the one in background, fighting for control. Or you might be rotating to move "play head" in iMovie, but at the same time it changes system volume. Etc. Even more fun with 3 or more accounts logged in!
It's not like Fast User Switching (introduced in 10.3) was just released. They should have had this fixed long ago, and the best I could get out of Griffin's difficult to contact tech support was that they were aware of the problem but couldn't say when (perhaps not even if) it will be resolved.
Buyer beware of anything Griffin makes that involves software that they write. I know I won't be buying any more Griffin products no matter how cool they sound.
Then it's too bad Apple doesn't follow that design philosophy either. In iPhoto, for example, the only ways to "Open in External Application" are via context menu, or to change a setting in the preferences to make double-click result in opening in an external application or to drag a photo out of iPhoto and onto another application. There is no such functionality in the normally visible menus (speaking of version 4 - I haven't seen version 5, yet.)
There are numerous examples of it in a variety of Apple developed applications. How about "Open Link in new Window/Tab" in Safari? This can only be done either via context menu or keyboard shortcut. No normal menu item.
Or my favorite: iTunes' "Copy to Play Order". This is only available in the context menu and only when right-clicking/control-clicking a playlist in the sources pane. Nobody even understands what that command does, let alone how to invoke it! :)
It is not always the case that having the functionality also in the main menu is desirable. Do we really want the main menubar cluttered up with commands such as "Copy to Play Order"? At some point the basics get to be cumbersome and so some commands are best left hidden. I don't think Apple has the balance figured out yet either.
I recently completed downloading a Redhat Fedora DVD image via bittorrent. This DVD image is smaller than most current SD DVD movies, let alone movies in some future HD format. It took nearly 24 hours to complete over my DSL connection. Given that, and that torrents are suppose to be efficient, isn't it completely ludicrous to suggest that a viable movie download service, especially an HD one (!!), could exist with current technology?
The Cube did have some other issues and aspects of poor design. Take, for example, the decision to put all the ports on the *bottom*. This is very inconvenient. The mini's are all on the back, but it's pretty easy to flip a mini this way and that with one hand. The cube was a two hander. Another design flaw of the Cube was the touch sensitive power button on top. I have a colleague in the office who got a Cube back them and had to put a sign on top of his cube reading "Do Not Touch!" Why? Because the first thing anyone did when they saw the Cube was to touch it. On the top. Oops.
Where are the security updates? To date, not a single Firefox security flaw, as reported by Secunia, has been fully dealt with, and only one has even been partly resolved. Even the first security flaw, from August 2004, has not been addressed by the Firefox developers. In the mean time Apple has no remaining unpatched security flaws in Safari, after the latest security update, and has historically patched discovered flaws in a timely fashion. Firefox is in no way as horrendous as Internet Explorer, of course, but what is it about Firefox's open source development process that is preventing them from patching known flaws? Is the open source process really working, or is it hindering the development process? How long will it be before the known Firefox security flaws are fixed and how many more security flaws will be found in the mean time?
Actually, in the case of the 512 MB option, Apple's price on that is quite reasonable at $75. The best I could find elsewhere was only a few dollars less, and then you had to add shipping, making the 3rd party price actually higher than Apple's upgrade price and you'd have to install it yourself. I suppose you might be able to sell the old 256 MB module then, but is that really worth the effort? The 1 GB option is an entirely different story, even with the reduced pricing.
Doh! Yep, dumb mistake. kB vs. kb. OK, I see that that is much better than dialup. I still, though, often (not always) see better speeds with regular downloads than I do with torrents, at least so far, and definitely downloading via HTTP/FTP does not effect the network as much (it does slow it down, just not as much.) Oh, and yes I believe my Verizon DSL connection is asynchronous, so perhaps that is the issue, at least with resulting download speeds.
I've tried several mac clients and have found that Azureus by far works the best of the ones I've tried including the BitTorrent one. This seems mainly due to Azureus allowing me to set an upload limit - without that my home 802.11b network seems to get completely saturated with upload, leaving no room for download.
Even after playing around with the specific limit set, the best download speeds I see perhaps rival the best regular download speeds I've seen from a direct ftp or http server. More typically I see what I'm seeing now, trying to download a copy of RedHat Fedora - something on par with a fast dial-up connection at 28 to 40 kB/ps. Am I suppose to be excited by this?
Moreover, when I run Azureus, even if the download speeds (and upload speeds reported for that matter) I see are absolutely pathetic, it slows down my entire 802.11b network so that everybody suffers, contradicting claims that torrents are efficient. On the contrary they seem insanely inefficient.
So what exactly is the point of torrents? They don't seem to result in faster downloads, they require me to provide an upload, they bring my 802.11b network to its knees even when the download/upload speeds are pathetic, and if I try to run Azureus at work I get a call from a (friendly) tech support guy warning me that the network techs are getting very upset that "someone" is running bittorrent (or equivalent.)
So (aside from downloading/sharing hacked software), what is the point of going through all this trouble? I'd rather just click a link in a browser and download the file at what seemingly would be similar or better speeds, and wouldn't get tech support upset.
Since when is PCMag an audiophile magazine? I'm no audiophile either, but the last thing I would have thought about my mini is that it had poor bass response. If anything, when listening with my headphones (admittedly inexpensive, but well rated Koss phones) there might be a bit too much bass, but I blame that on the headphones, not the mini.
In any case, mostly I listen, not via headphones, but via line-out hooked up to the car stereo. My car stereo isn't great and the car listening environment is inherently sucky, but it doesn't suck with the iPod any more than with CD. And that's my glowing review of the iPod mini.
Competitive gaming industries race to the NHL to work out a deal with them.
I've played it. I put the the game in and it showed a rerun of the Simpsons.
I run MacMAME on my old PowerMac G4 Dual-533 with Nvidia GeForce 2 MX. It runs great, and MacMAME does not get any benefit from multiple processors, so it's a single 533 to it. I can play all but the very most modern games in MacMAME very well on this system. The Mac mini blows away my system in all but hard drive speed so it should handle it all with aplomb. If I actually gave a crap about UT 23 or Doom 12, maybe I'd look at a faster, more expensive system or even a PC just for games, but I don't. Probably if I wanted a game-only system I'd get a PS/2 anyway. To me the old games are more reliably fun, and still more original and they don't take up nearly as much time either.