I'm not sure I really advocate holding a proverbial gun to someones head. I'm just not much of an activist in that regard.
Maybe not a threat so much as a response rating? Surely tracking data on responsiveness would yield long term value in addressing these problems. Couple that data with the line item fixes and vulnerability time lines as well as threat values should show a negative or positive history with regards to quality assurances.
Honestly, I'm sure something like this has to exist already doesn't it? It would seem like a sensible enough idea anyway. I'm also not speaking from the perspective of when an issue becomes public to fix. I'm speaking of simply tracking the issue from notice, notification to patch.
It may not be the best avenue from the consumer stand point, but it would be a gentle start.
Your argument fails for the exact same reason you cited for mine.
Where do you get your data and how do you know an uncovered exploit is not being actively used.
YOU DON'T...
Exactly at what point did I say research materials must be placed immediately? I didn't did I? That wasn't a mistake as I wasn't advocating the release of exploitable vulnerabilities immediately.
You failed to read my post, you failed to interpret what little you did read and ultimately gave off a gunshot reaction to some thought you formed in your head. Maybe a little more reading next time before you troll eh?
I was advocating a sliding window based on the problem at hand. Severe holes are just that for a reason and if a problem is so gaping that it must be addressed in some fashion then perhaps two months is not the answer. We have seen unofficial patches from others and we have seen vulnerability work arounds from others then the official vendor.
The problem with setting any reasonably lengthy period of time is that it results in that much more infection and use. Basically, this grants any purchaser of a 0 day exploit roughly a 2 month window of opportunity to use their new found investment.
Where as there may not be a patch to solve the problem, but perhaps there is a significant work around that could avoid some trouble.
This is exactly why it is difficult to assign a window of disclosure to such issues. Not too terribly long ago, some of the larger firms managed to get together and settle on a 30 day notice.
Also, you might also remember that a little company called Cisco was sitting on a vulnerability for quite a while until someone when psychotic over the deal.
In the grand scheme of things it comes down to protecting your image. It almost seems like the policy on vehicle recalls. Unless X number of issues arise... just don't deal with it. However, if it becomes substantially used or finds the public eye... it suddenly becomes a much larger problem.
Honestly, an arbitrary date is rather inflexible and a system that takes in effect the impact of the bug needs to be used. Pump out tons of crap software? That isn't exactly the problem of the common man, but rather the problem of the organization's software development model.
Organizations and individual people lose time and money to support these industry bug shields. Again, a case by case determination depending upon the level of potential harm.
The final thoughts were that no modern air conditioning system should vastly impact gas mileage.
They even tested it on some SUV and came out with very similar gas mileage. (Windows down actually caused slightly more loss).
I'm sure someone will chime in here and clear this up a bit. I was just a bit confused when the article claimed air conditioning was a gas hog. (Note, on an older car I had when I kicked in the AC I really did feel the engine jump to compensate, but this was ages ago.)
Just because someone doesn't care does not imply they feel they are beyond the law. I'm sure there are plenty of potential crimes just lying in wait, but they really don't want to be incarcerated. On a different note, not every one can be a basketball star and not everyone can be a CEO either (or insert glorious position). Perhaps he lacks the real ambition it takes to pursue his sociopathic goals in life! (Can't blame a guy if he doesn't try!)
No, I'm afraid our sociopath friend just doesn't have what it takes to be the cream of the crop, but for God's sake don't destroy the man's dreams!
On another note, perhaps he should purchase my new set of audio books.... "Realizing Your True Socio-Self!"
I think I just wrote a great sketch comedy! STAY AWAY SNL... IT's MINE!
Everyone seems to forget that they were found to be a Monopoly in both EU and US.
On the European side, they were found to be illegally abusing their monopolistic powers.
On the US side, basically a few people sued them and nothing really big came from it. (Of course this is the summary and you can go read all the archives regarding this long ordeal.)
So yes, when some raging abuse of a corporation has grown out of control... the government steps in and evens things out a little bit.
Well, there is the unenlightened summary of why monopolies can be beaten with a stick and it's alright.
(It's turkey day, I'll leave it to someone else to go into a discussion about the benefits of interoperability and monopolistic standards.)
I only have a few mild parsers checking the integrity of the message. A good deal of security comes in just how the contents of the variables are handled.
However, I didn't go completely gung hoe on security because the server barfs out a relay denied message when attempting to send to anything other then the local domains.
The only weakness I'm aware of is the possibility for mass mailings using the web form. ie, I have put no constraints on how many messages could be sent at any time. If it becomes a problem I can go back and retool it a bit. (Nothing extravagant as it only gets about 5 uses a week)
In any event, I'm sure there are better free scripts out there and anyone can implement a web form. Me, writing my own was to toy around and attempt to avoid any security threats that might hit a popular package.
Slashdot Mirror
Oh and to start off on your whole mis-rant there...
It's common sense...
The longer a problem persists the worse it will become.
I'm not sure I really advocate holding a proverbial gun to someones head. I'm just not much of an activist in that regard.
Maybe not a threat so much as a response rating? Surely tracking data on responsiveness would yield long term value in addressing these problems. Couple that data with the line item fixes and vulnerability time lines as well as threat values should show a negative or positive history with regards to quality assurances.
Honestly, I'm sure something like this has to exist already doesn't it? It would seem like a sensible enough idea anyway. I'm also not speaking from the perspective of when an issue becomes public to fix. I'm speaking of simply tracking the issue from notice, notification to patch.
It may not be the best avenue from the consumer stand point, but it would be a gentle start.
Your argument fails for the exact same reason you cited for mine.
Where do you get your data and how do you know an uncovered exploit is not being actively used.
YOU DON'T...
Exactly at what point did I say research materials must be placed immediately? I didn't did I? That wasn't a mistake as I wasn't advocating the release of exploitable vulnerabilities immediately.
You failed to read my post, you failed to interpret what little you did read and ultimately gave off a gunshot reaction to some thought you formed in your head. Maybe a little more reading next time before you troll eh?
I was advocating a sliding window based on the problem at hand. Severe holes are just that for a reason and if a problem is so gaping that it must be addressed in some fashion then perhaps two months is not the answer. We have seen unofficial patches from others and we have seen vulnerability work arounds from others then the official vendor.
In any event, please troll else where.
The problem with setting any reasonably lengthy period of time is that it results in that much more infection and use. Basically, this grants any purchaser of a 0 day exploit roughly a 2 month window of opportunity to use their new found investment.
Where as there may not be a patch to solve the problem, but perhaps there is a significant work around that could avoid some trouble.
This is exactly why it is difficult to assign a window of disclosure to such issues. Not too terribly long ago, some of the larger firms managed to get together and settle on a 30 day notice.
Also, you might also remember that a little company called Cisco was sitting on a vulnerability for quite a while until someone when psychotic over the deal.
In the grand scheme of things it comes down to protecting your image. It almost seems like the policy on vehicle recalls. Unless X number of issues arise... just don't deal with it. However, if it becomes substantially used or finds the public eye... it suddenly becomes a much larger problem.
Honestly, an arbitrary date is rather inflexible and a system that takes in effect the impact of the bug needs to be used. Pump out tons of crap software? That isn't exactly the problem of the common man, but rather the problem of the organization's software development model.
Organizations and individual people lose time and money to support these industry bug shields. Again, a case by case determination depending upon the level of potential harm.
Actually, I'm not going to chastize them for the change, but rather laugh at them for not fixing that clause a long time ago.
It's just plain dumb to have a license that can be retroactively changed by anyone other then you.
Think about it in terms of common sense.
Would you trust your benevolent dictator or hedge your bets to ensure a path chosen by you.
I thought MythBusters covered this one.
The final thoughts were that no modern air conditioning system should vastly impact gas mileage.
They even tested it on some SUV and came out with very similar gas mileage. (Windows down actually caused slightly more loss).
I'm sure someone will chime in here and clear this up a bit. I was just a bit confused when the article claimed air conditioning was a gas hog. (Note, on an older car I had when I kicked in the AC I really did feel the engine jump to compensate, but this was ages ago.)
Ads make my life better.... just like this crack pipe.
Each puff brings improvement and happines to my world! Just like commercials!
Shhh, if HP knew we were modifying their laptops they would probably sue the hell out of all of us hax0rs.
Shit, just talking like that makes my underground supplier edgy!
All it takes is one person to ruin the fun for everyone I'm afraid.
12+ hour with a camera that size shouldn't be that difficult...
Unfortunately, the power supply upgrade will have to be belt mounted.
I don't know why they made it sound so difficult as we can do 5 hour sprints on a single battery with cameras consuming much much more power.
They must have compiled the kernel with hot pluggable CPU support!
Eh, which aspects...
You failed to support your arguement and appear more like a troll.
Actually, after a second glance.... you are a troll!
I was wondering what to give out for Christmas this year.
Now, if I can just find a reason for work to put me up in enough hotels to collect all those "gifts" for giving.
Thanks SID: 597831! You're the best!
The moment I caught the word "progenitor" in the article.... I couldn't stop thinking about Star Trek.
Oddly, it would seem it was a better waste of my time.
Hal is a GL....
He was magically transformed from the Spectre back to Hal...
Yes, it really was just a poof and I'm not really sure why...
Perhaps a true fan boy can enlighten us...
The GL Corps are back, guardians are back, and pretty much the whole slew is back...
Even Kyle is back as ION again...
Yeah, I never did stop reading Green Lantern and I suppose I mostly kept it as a service to the local comic shop.
3 DEC
I like Starscape better....
I must admit, I was completely giddy during the 200th episode when they did the Farscape scene.
Good times...
Generally, slashdotters seem to abhore myspace...
I'm thinking not the target demographic on this one.
Or mine...
"Fridge, list available meals"
"There are 214 possible combinations."
"Narrow search to something I don't have to cook."
"There are no possible combinations fitting that request."
"Cabinet...."
Because that person just links amazon for placement and pulls a referral fee.
Our documentaries will kick your documentaries ass any day of the week!
(Couldn't resist!)
Eh,
Just because someone doesn't care does not imply they feel they are beyond the law. I'm sure there are plenty of potential crimes just lying in wait, but they really don't want to be incarcerated. On a different note, not every one can be a basketball star and not everyone can be a CEO either (or insert glorious position). Perhaps he lacks the real ambition it takes to pursue his sociopathic goals in life! (Can't blame a guy if he doesn't try!)
No, I'm afraid our sociopath friend just doesn't have what it takes to be the cream of the crop, but for God's sake don't destroy the man's dreams!
On another note, perhaps he should purchase my new set of audio books.... "Realizing Your True Socio-Self!"
I think I just wrote a great sketch comedy! STAY AWAY SNL... IT's MINE!
The rules are different when you are a monopoly.
Everyone seems to forget that they were found to be a Monopoly in both EU and US.
On the European side, they were found to be illegally abusing their monopolistic powers.
On the US side, basically a few people sued them and nothing really big came from it. (Of course this is the summary and you can go read all the archives regarding this long ordeal.)
So yes, when some raging abuse of a corporation has grown out of control... the government steps in and evens things out a little bit.
Well, there is the unenlightened summary of why monopolies can be beaten with a stick and it's alright.
(It's turkey day, I'll leave it to someone else to go into a discussion about the benefits of interoperability and monopolistic standards.)
Yes, I have some exciting non-repetitive porn for you...
Feast your eyes on this....
A half-man half-goat raping an entire campus sorority of devil worshiping pre-med ninjas!
The action never stops!
Oh, you already saw that one before....
Well, I've got nothing.
My suggestion was rather quite simple.
Have it only give the correct answer half of the time.
Then of course, you really wouldn't be sure if it's giving the correct answer at all unless you already knew it.
I only have a few mild parsers checking the integrity of the message. A good deal of security comes in just how the contents of the variables are handled.
However, I didn't go completely gung hoe on security because the server barfs out a relay denied message when attempting to send to anything other then the local domains.
The only weakness I'm aware of is the possibility for mass mailings using the web form. ie, I have put no constraints on how many messages could be sent at any time. If it becomes a problem I can go back and retool it a bit. (Nothing extravagant as it only gets about 5 uses a week)
In any event, I'm sure there are better free scripts out there and anyone can implement a web form. Me, writing my own was to toy around and attempt to avoid any security threats that might hit a popular package.