I don't know if you realize that I'm not the guy you initially responded to so I'm not required to address your main point since that's not one I wanted to discuss. I just wanted to help you out a little by pointing out something you didn't seem to know. *blink*
How did China hack Google? It started with targeted social engineering, getting an employee to follow a link which exploited IE6. It escalated from there. Sure, it can be targeted.
From the first line of your link to responsible disclosure:
Responsible disclosure is a computer security term describing a vulnerability disclosure model. It is like full disclosure, with the addition that all stakeholders agree to allow a period of time for the vulnerability to be patched before publishing the details.
MS will never agree to a timeline. It's against their policy. They have repeatedly sat on reports for months and years while doing nothing, finally blaming the professional when he gives up and goes public. How can anyone enter into responsible disclosure with them when they won't meet half way?
I'm going to kind-of defend the guy, but keep in mind that I don't really know what happened any more than you do.
He contacted MS and asked them to commit to a 60-day timeline, which MS refused to do as always. Despite requiring "responsible disclosure" in order for any credit to go to the security professional, MS never agrees to an important part of the real responsible disclosure: a timeline for a fix. Instead, on several occasions, they've waited for six months or even years, baiting the reporter with "we're working on it." Finally, the white hat gives up on MS, discloses the vuln, and is creamed by MS and in the press. A patch is almost always released quickly and is claimed to have been "in testing" for some time.
Since this appears to be Microsoft's method of dealing with its version of "responsible disclosure," I can see getting stonewalled and saying "Screw it! MS won't deal with me and I'm going to get flamed anyway in sixty days when I release the details."
When I first started working in developing countries, I had to get that concept into my head.
Me: Why don't the workers have the proper tools for the job? They'll be more efficient.
Owner: Because the difference in efficiency and the low labor cost mean that the tool won't pay for itself for five years. For the the same amortized cost, we can just hire seven more workers and get higher production, anyway.
I get where you're coming from: choice is bad, especially when it involves MP3 players, TVs, and phones. I get it, but I don't agree. This is about making hardware vendors' lives easier, not application developers'.
They stated that most users average less than 2GB. The very important parts are italicized. From their statement, I'd guess that the average user will see several overage charges a year as their usage fluctuates above and below the limit. The result? AT&T will make more money than they do now. You can be sure they've already run the numbers to make sure that's the case.
Don't forget that you can sell electricity back to the grid in the U.S. To continue our analogy with 3G service, I could go home, connect my phone to my wired Internet, and put my phone into some sort of promiscuous mode to offer more local bandwidth to AT&T, then get my bill lowered by the amount I gave back.;)
I wait for the day when there are five or six (non-colluding) carriers, and they charge me $5/mo for service plus unit charges for calls, data, and texts, just like electricity. As long as there's enough downward pressure on pricing, the customer will be better off than now.
ChromeOS is certainly not for devs, but Google is a SaaS company, and just about every service they offer fits in the browser. I'm not surprised that they are moving to ChromeOS where possible. Signed, self-healing, stateless, and disposable. In other words, it's a thin client.
Slashdot Mirror
I see you got the talking point memo Jobs put out this week.
It'll just be in the driver EULA and no one will ever read it, but all will agree.
I'm thinking it was with the invention of TV. If you change "looking" to "listening," then you can go all the way back to early radio.
I don't know if you realize that I'm not the guy you initially responded to so I'm not required to address your main point since that's not one I wanted to discuss. I just wanted to help you out a little by pointing out something you didn't seem to know. *blink*
It's still a supported product. They can't really ignore security problems until it's unsupported. They decide the timeline for that support.
How did China hack Google? It started with targeted social engineering, getting an employee to follow a link which exploited IE6. It escalated from there. Sure, it can be targeted.
From the first line of your link to responsible disclosure:
Responsible disclosure is a computer security term describing a vulnerability disclosure model. It is like full disclosure, with the addition that all stakeholders agree to allow a period of time for the vulnerability to be patched before publishing the details.
MS will never agree to a timeline. It's against their policy. They have repeatedly sat on reports for months and years while doing nothing, finally blaming the professional when he gives up and goes public. How can anyone enter into responsible disclosure with them when they won't meet half way?
I'm going to kind-of defend the guy, but keep in mind that I don't really know what happened any more than you do.
He contacted MS and asked them to commit to a 60-day timeline, which MS refused to do as always. Despite requiring "responsible disclosure" in order for any credit to go to the security professional, MS never agrees to an important part of the real responsible disclosure: a timeline for a fix. Instead, on several occasions, they've waited for six months or even years, baiting the reporter with "we're working on it." Finally, the white hat gives up on MS, discloses the vuln, and is creamed by MS and in the press. A patch is almost always released quickly and is claimed to have been "in testing" for some time.
Since this appears to be Microsoft's method of dealing with its version of "responsible disclosure," I can see getting stonewalled and saying "Screw it! MS won't deal with me and I'm going to get flamed anyway in sixty days when I release the details."
Just my opinion of how it may have worked out.
When I first started working in developing countries, I had to get that concept into my head.
Me: Why don't the workers have the proper tools for the job? They'll be more efficient.
Owner: Because the difference in efficiency and the low labor cost mean that the tool won't pay for itself for five years. For the the same amortized cost, we can just hire seven more workers and get higher production, anyway.
I'm a master of the obvious. It's my special ability.
p>Well... while he may be a moron, for all intensive purposes, you're an asshole.
Ha ha. That's funny. I assume you were baiting someone (like me).
I get where you're coming from: choice is bad, especially when it involves MP3 players, TVs, and phones. I get it, but I don't agree. This is about making hardware vendors' lives easier, not application developers'.
Thanks for the laugh. I had that on 8 track in the 70s.
They stated that most users average less than 2GB. The very important parts are italicized. From their statement, I'd guess that the average user will see several overage charges a year as their usage fluctuates above and below the limit. The result? AT&T will make more money than they do now. You can be sure they've already run the numbers to make sure that's the case.
Home wired Internet is not 3G.
Don't forget that you can sell electricity back to the grid in the U.S. To continue our analogy with 3G service, I could go home, connect my phone to my wired Internet, and put my phone into some sort of promiscuous mode to offer more local bandwidth to AT&T, then get my bill lowered by the amount I gave back. ;)
I think you've just invented the time-share for housing.
I wait for the day when there are five or six (non-colluding) carriers, and they charge me $5/mo for service plus unit charges for calls, data, and texts, just like electricity. As long as there's enough downward pressure on pricing, the customer will be better off than now.
And here I thought you were just an RC fan.
That does not exist, by design software has flaws - human design of million lines.
The last line of your Hailu has too many syllables. Here. LMFTFY:
That does not exist,
by design software has flaws -
million line design.
If you're going to use a Slashdot meme, you've got to be more careful to conform.
You're welcome.
No stress! Cheers.
Indeed. My face is red. Too many replies (above my threshold) yesterday. ;)
ChromeOS is certainly not for devs, but Google is a SaaS company, and just about every service they offer fits in the browser. I'm not surprised that they are moving to ChromeOS where possible. Signed, self-healing, stateless, and disposable. In other words, it's a thin client.
Yeah. It's just the browser. Schmidt is still moving toward thin clients.
You misread me. I was confirming the rumor and offering an opinion as to which distro they might be settling on.