Take Code Red.The problem is not that Microsoft products are insecure. Code Red exploits a flaw for which the patch was available a month ago.
This is a good point. I really like the Mac OS X solution and which that other unix variants would adopt a similar solution. At scheduled intervals, the machine will contact a central database at Apple looking for software updates. The user may select one or more. These are then downloaded and automatically installed (usually without requiring a reboot). If a security hole is found, a patch is made available on the server and 'average' users should pick it up eventually.
Before readers get too caught up in the details, there are some potential drawbacks to this scheme. One: the centralized server means that Apple gets to control which 3rd party tools can be updatd. Two: it might be possible to spoof the server IP and send out fake updates. There are solutions to each of these. The key thing is that updates are easy and largely automatic.
Yeah, I read the DSL Reports article before choosing Telocity. My decision was either them or Verizon or the local cable company, so I really only had two choices. Telocity won out because of the guarenteed static IP. The cable company was roughly the same price, was home to lots of script kiddies, and didn't promise any better service.
Telocity did take several weeks to get up the connection, but I've had no complaints since then. Not exactly a ringing endorsement, I'll admit, but with so many companies folding, the choices these days are few.
With Covad filing for bankruptcy and Rhythms doing the same, I'd like to put in a plug for DirectTV DSL (formerly Telocity). They have resonable prices and are owned by Hughes Electronics so presumably they're a more stable...right? One more inportant advantage, they provide static IP addresses.
I'm honestly not sure what to think here, but do I have a right to my voice?
Yes, you do. That is until you sign a contract as an aspiring actor/actress with no leverage which requires that you sign over future rights to the studio.
There should be some interesting legal cases over the next 3-5 years.
Last week at the Oreilly Open Source conference, I heard two examples of TTS singing from Carnegie Mellon University and the University of Colorodo. Unfortunately, I don't have any links I can refer you to. Let's just say, they were very rough, but quite humourous.
For what it's worth, SpeechWorks International licensed an earlier version of the AT&T synthesizer. You can find demos here. The version in the NYT seems to have been developed with different constraints. Many TTS engines are designed to achieve real time play back or to use limited amounts of CPU. For instance, synthesized speech during game play should only use 5% or maybe 10% of the processor. Whereas a system for Hollywood may demand considerable CPU power to produce small utterances (say 100 CPU seconds per second of speech). This is completely acceptable for many purposes where perceived quality is the primary criteria.
There is also an open source TTS engine called Festival, developed at the University of Edinburgh and at Carnegie Mellon University. You can find out more here. Or, just download the source.
If any Mozilla developers are listening, I have a request. I'd like a version which displays a visible icon everytime I log onto a IIS server. Then, if I double click the icon, it could list a selection of 'counter measures' such as CodeRed which I might deploy. These might use a plug-in architecture and be downloadable from sites using other browsers.
Thanks. I can see that a lot of work went into the benchmarking and appreciate the efforts. I've been surveying several firewall vendors and welcome this additional data.
An interesting article. I also enjoyed the Theories in DoS at the same site. However, I was disappointed that the firewall benchmarking PDF at http://antioffline.com/sec.bencharks.pdf went 404.
While my reply may start wandering off topic, I think your comments deserve some response. It's great to see a serious critique of Open Source development and its limitations. I certainly agree that Open Source is frequently imitative rather than innovative. I also agree that the most innovative projects require rare expertise that is often difficult to obtain and may be diluted to mediocrity by having too many fingers in the pot. I personally favor strong moderation of Open Source initiatives.
However, there are some real benefits that are worth mentioning. The product of these efforts will approximate the desires and goals of its developers (who are invariably also users). Commercial software, conversely, represents a best guess of the customer demands as understood by marketing, is then often coded by developers who haven't talked to more than a few live users (if any), and as a result often, not surprisingly, misses the mark. With open source, the goals of the developers may not be compatible with the 'general public'. But the software is more readily adaptable because you as an individual user can change it or integrate it into a larger effort. A second area which I feel often gets ignored is the symbiosis between open source and standards efforts. It is possible for standards to be defined and evolve among a small set of corporations, but the feedback gained by releasing an open specification (preferentially with a working implementation) is extremely important for resolving differences of interpretation.
I see the Open Source movement filling niches lacking commercial viability and turning existing technologies into commodities. An innovative product like Photoshop may define a market and effectively set a standard for a few years. But over time, the cost of creating a competing product falls. Whether an open source effort such as the GIMP comes a long or the technology gets assimilated into a large operating system, eventually these technologies become an expected part of the computer experience. I remember when word processors were examples of exotic software. Now many introductions to programming walk you though developing one as a simple tutorial. As technologies mature, I strongly endorse Open Source initiatives because they keep software alive and growing to meet the demand of modern users.
Thanks. After reading it, I even scanned it again specifically looking for links to the company. Guess I never though to check the non-underlined text!
But back in reality, a bevy of local scientists has discovered that humans can also use lasers to stamp holograms onto the eye.
In what way are these holograms? Holograms use interference patterns to store information. This seems like simple vector graphics.
The Nomad's release this year will be the first commercial introduction of the retinal-scanning technology, which does not block the user's vision.
Yet the prototype from the article does seem to block out most of the wearer's vision. I'd appreciate confirmation or a denial from anyone who has played with one of these units.
For more information, I tried http://www.microvision.com but that only leads to an unrelated Tampa Bay, Florida, US company.
What I really want to know is what the point of this puzzle is. With SETI@Home, we know the odds are poor, but there is at least some noble purpose. With RC5-64, there may not be much real point (after all - we know it can eventually be broken) but the power of massively parallel efforts for code breaking is further demonstrated. With the Golomb Ruler task, the computing power is going to an immediately useful task.
So, someone tell me, why do I want to waste cycles promoting someone else's movie???
How amusing! When after many years of playing these games I finally complain, the game designers beat me to it.
When I wrote this, I was thinking of the Ultima series and Myth and many fantasy books. I have not played Diablo (as you might have guessed) and the lead-in left me with an 'oh no, not again' sense.
Does anyone else find it strange that after defeating the big bad evil overlord (who clearly did not read the manual detailing that position) and scattering his forces across creation, some minor figure always somehow manages to assemble a much more impressive force for the sequel (and yet still not read that manual)? I mean, its not like giant armies of darkness are easy to assemble - hell knows I've tried.
Sure...but playtesting is key to making it a balanced world. And the attention spans of you players are short. You've got to have a compelling story to keep the users paying the access fees.
I'd settle for recieving a cubic centimeter of flesh for each spam message sent. This way, spammers can send me as many trash emails as they wish, but the costs are a bit more personal.
Television has the limitation that, while you can interrupt the viewing experience, you don't know that the viewer actually saw the advertisement. The internet does not have this limitation. For a high demand environment such as a gameshow, the next logical step is to quiz the participant about the content of the ad.
Blatent questions like 'What product was being sold' will not work. But imagine the more subtle ones. For instance, set a scene - Two girls are sitting down at a bar drinking a name brand beverage. Add some action - a handsome may walks by; from the front, he looks good but his shirt shows large iron burn on the back. Then ask the user for input - which response would be funniest: (A) I'd never date a guy who can't iron (B) I always dump <competing beverage brand> on my clothes when they start to burn or (C) at least <beverage brand> tastes good and looks good. The user may be forced to pay attention and possibly identify with the characters in the ad.
I recognize that many Australians are concerned about where Mi is going to land. I've looked into the matter. Despite losing to CBS in the most recent Nielsen ratings, ABC does not intend to crash Mir into Australia to wipe out the cast of Survivor II. Any suggestions to the contrary are completely and utterly false.
Actually, CNN is doing it to boost it's own ratings.
I mean knowing NOT to run an executable from a computer you don't know SHOULD be common sense no?
It was only a few years ago that, as a system administrator, I reassured users that there was no possibly way they could get a virus from reading email. This was in response to the GoodTimes 'virus'. Little did I suspect that our, um, good friends at Microsoft would allow Outlook to run scripts.
You can't assume that only executables will spread viruses in future. However, this isn't the main point. If users hear that they may get a virus using a particular P2P network - even if they have to be morons to catch it - how many will avoid the P2P network anyway?
Slashdot Mirror
Take Code Red.The problem is not that Microsoft products are insecure. Code Red exploits a flaw for which the patch was available a month ago.
This is a good point. I really like the Mac OS X solution and which that other unix variants would adopt a similar solution. At scheduled intervals, the machine will contact a central database at Apple looking for software updates. The user may select one or more. These are then downloaded and automatically installed (usually without requiring a reboot). If a security hole is found, a patch is made available on the server and 'average' users should pick it up eventually.
Before readers get too caught up in the details, there are some potential drawbacks to this scheme. One: the centralized server means that Apple gets to control which 3rd party tools can be updatd. Two: it might be possible to spoof the server IP and send out fake updates. There are solutions to each of these. The key thing is that updates are easy and largely automatic.
Gee, why didn't some of the other dot.com outfits try doubling their prices? It makes as much sense as their other business models....
Uh, they did. The problem is that twice zero is still zero. So, it didn't help much.
Yeah, I read the DSL Reports article before choosing Telocity. My decision was either them or Verizon or the local cable company, so I really only had two choices. Telocity won out because of the guarenteed static IP. The cable company was roughly the same price, was home to lots of script kiddies, and didn't promise any better service.
Telocity did take several weeks to get up the connection, but I've had no complaints since then. Not exactly a ringing endorsement, I'll admit, but with so many companies folding, the choices these days are few.
With Covad filing for bankruptcy and Rhythms doing the same, I'd like to put in a plug for DirectTV DSL (formerly Telocity). They have resonable prices and are owned by Hughes Electronics so presumably they're a more stable...right? One more inportant advantage, they provide static IP addresses.
I'm honestly not sure what to think here, but do I have a right to my voice?
Yes, you do. That is until you sign a contract as an aspiring actor/actress with no leverage which requires that you sign over future rights to the studio.
There should be some interesting legal cases over the next 3-5 years.
Last week at the Oreilly Open Source conference, I heard two examples of TTS singing from Carnegie Mellon University and the University of Colorodo. Unfortunately, I don't have any links I can refer you to. Let's just say, they were very rough, but quite humourous.
For what it's worth, SpeechWorks International licensed an earlier version of the AT&T synthesizer. You can find demos here. The version in the NYT seems to have been developed with different constraints. Many TTS engines are designed to achieve real time play back or to use limited amounts of CPU. For instance, synthesized speech during game play should only use 5% or maybe 10% of the processor. Whereas a system for Hollywood may demand considerable CPU power to produce small utterances (say 100 CPU seconds per second of speech). This is completely acceptable for many purposes where perceived quality is the primary criteria.
There is also an open source TTS engine called Festival, developed at the University of Edinburgh and at Carnegie Mellon University. You can find out more here. Or, just download the source.
If any Mozilla developers are listening, I have a request. I'd like a version which displays a visible icon everytime I log onto a IIS server. Then, if I double click the icon, it could list a selection of 'counter measures' such as CodeRed which I might deploy. These might use a plug-in architecture and be downloadable from sites using other browsers.
Thanks for listening.
The first gradstudent to develop a serious quantum computer is gonna pick up a lot of cash.
Thanks. I can see that a lot of work went into the benchmarking and appreciate the efforts. I've been surveying several firewall vendors and welcome this additional data.
An interesting article. I also enjoyed the Theories in DoS at the same site. However, I was disappointed that the firewall benchmarking PDF at http://antioffline.com/sec.bencharks.pdf went 404.
While my reply may start wandering off topic, I think your comments deserve some response. It's great to see a serious critique of Open Source development and its limitations. I certainly agree that Open Source is frequently imitative rather than innovative. I also agree that the most innovative projects require rare expertise that is often difficult to obtain and may be diluted to mediocrity by having too many fingers in the pot. I personally favor strong moderation of Open Source initiatives.
However, there are some real benefits that are worth mentioning. The product of these efforts will approximate the desires and goals of its developers (who are invariably also users). Commercial software, conversely, represents a best guess of the customer demands as understood by marketing, is then often coded by developers who haven't talked to more than a few live users (if any), and as a result often, not surprisingly, misses the mark. With open source, the goals of the developers may not be compatible with the 'general public'. But the software is more readily adaptable because you as an individual user can change it or integrate it into a larger effort. A second area which I feel often gets ignored is the symbiosis between open source and standards efforts. It is possible for standards to be defined and evolve among a small set of corporations, but the feedback gained by releasing an open specification (preferentially with a working implementation) is extremely important for resolving differences of interpretation.
I see the Open Source movement filling niches lacking commercial viability and turning existing technologies into commodities. An innovative product like Photoshop may define a market and effectively set a standard for a few years. But over time, the cost of creating a competing product falls. Whether an open source effort such as the GIMP comes a long or the technology gets assimilated into a large operating system, eventually these technologies become an expected part of the computer experience. I remember when word processors were examples of exotic software. Now many introductions to programming walk you though developing one as a simple tutorial. As technologies mature, I strongly endorse Open Source initiatives because they keep software alive and growing to meet the demand of modern users.
Amazing! Someone mentions goat sex and it's not off topic.
Thanks. After reading it, I even scanned it again specifically looking for links to the company. Guess I never though to check the non-underlined text!
But back in reality, a bevy of local scientists has discovered that humans can also use lasers to stamp holograms onto the eye.
In what way are these holograms? Holograms use interference patterns to store information. This seems like simple vector graphics.
The Nomad's release this year will be the first commercial introduction of the retinal-scanning technology, which does not block the user's vision.
Yet the prototype from the article does seem to block out most of the wearer's vision. I'd appreciate confirmation or a denial from anyone who has played with one of these units.
For more information, I tried http://www.microvision.com but that only leads to an unrelated Tampa Bay, Florida, US company.
Anyone else familiar with the paper and dice game from Steve Jackson? There was even a computer version for Apple II once.
It's not that hard - blindness (as in do not stare into laser with remaining eye).
I concur.
What I really want to know is what the point of this puzzle is. With SETI@Home, we know the odds are poor, but there is at least some noble purpose. With RC5-64, there may not be much real point (after all - we know it can eventually be broken) but the power of massively parallel efforts for code breaking is further demonstrated. With the Golomb Ruler task, the computing power is going to an immediately useful task.
So, someone tell me, why do I want to waste cycles promoting someone else's movie???
How amusing! When after many years of playing these games I finally complain, the game designers beat me to it.
When I wrote this, I was thinking of the Ultima series and Myth and many fantasy books. I have not played Diablo (as you might have guessed) and the lead-in left me with an 'oh no, not again' sense.
Thanks for the correction.
Is is just me?
Does anyone else find it strange that after defeating the big bad evil overlord (who clearly did not read the manual detailing that position) and scattering his forces across creation, some minor figure always somehow manages to assemble a much more impressive force for the sequel (and yet still not read that manual)? I mean, its not like giant armies of darkness are easy to assemble - hell knows I've tried.
Sure...but playtesting is key to making it a balanced world. And the attention spans of you players are short. You've got to have a compelling story to keep the users paying the access fees.
I'd settle for recieving a cubic centimeter of flesh for each spam message sent. This way, spammers can send me as many trash emails as they wish, but the costs are a bit more personal.
Television has the limitation that, while you can interrupt the viewing experience, you don't know that the viewer actually saw the advertisement. The internet does not have this limitation. For a high demand environment such as a gameshow, the next logical step is to quiz the participant about the content of the ad.
Blatent questions like 'What product was being sold' will not work. But imagine the more subtle ones. For instance, set a scene - Two girls are sitting down at a bar drinking a name brand beverage. Add some action - a handsome may walks by; from the front, he looks good but his shirt shows large iron burn on the back. Then ask the user for input - which response would be funniest: (A) I'd never date a guy who can't iron (B) I always dump <competing beverage brand> on my clothes when they start to burn or (C) at least <beverage brand> tastes good and looks good. The user may be forced to pay attention and possibly identify with the characters in the ad.
Laugh now while you still can.
I recognize that many Australians are concerned about where Mi is going to land. I've looked into the matter. Despite losing to CBS in the most recent Nielsen ratings, ABC does not intend to crash Mir into Australia to wipe out the cast of Survivor II. Any suggestions to the contrary are completely and utterly false.
Actually, CNN is doing it to boost it's own ratings.
I mean knowing NOT to run an executable from a computer you don't know SHOULD be common sense no?
It was only a few years ago that, as a system administrator, I reassured users that there was no possibly way they could get a virus from reading email. This was in response to the GoodTimes 'virus'. Little did I suspect that our, um, good friends at Microsoft would allow Outlook to run scripts.
You can't assume that only executables will spread viruses in future. However, this isn't the main point. If users hear that they may get a virus using a particular P2P network - even if they have to be morons to catch it - how many will avoid the P2P network anyway?