> You make the bed you sleep in.. Lik-Sang chose to go outside the > bounds of their contract, and are trying to ride high on a ton of > anti-sony fanboy diatribe.
I'm trying to figure out how a company 'rides high' on 'being put out of business through lawsuits'.
Wikipedia has an entry for "full disclosure" but none for "responsible disclosure."
It may be because 'full disclosure' has meaning in the security community, while 'responsible disclosure' does not.
All 'responsible disclosure' is is a set of general ethics and courtesy that security researchers give programmers/companies/entities in order to make an orderly repair of a vulnerability. It is a function of 'full disclosure', not something in of itself.
Slightly related: I've read things that liken 'full disclosure' to yelling "Fire!" in a crowded theater. I tend to think it of yelling "Fire!" in a theater made of flash paper doused in gasoline, while one of the jugglers is preparing to light his flaming torches.
In other words, yelling 'FIRE!' is permissible, if there is actually a high likelyhood of fire...
> If you're running the mail servers for a business, how prudent is it > to run a spam filter in the first place?
Many businesses feel that they have a responsibility to block a certain amount of spam, especially porn spam.
> RBLs are notorious (especially SpamAssassin) for blacklisting entire > domains when only a small subset of those users are actually > sending spam.
Um.... SpamAssassin != a RBL. It is a spam filter that uses multiple algorithms to try to identify spam. RBL's are *ONE* source of information, and is almost never used as the sole determinator of spam/ham decisions in the SpamAssassin config.
> If you're running your own mail server at home, then a whitelist > would probably be more useful than a blacklist since you already > know who you want to contact you.
From: old_friend@newemail.com Subject: New Job
Hey! I just started at this new company and they have a job you'd love. Let me know soon,
of
PS.. You might want to update your email address for me. This is my new primary email.
Whitelists have limited usefullness in email except as a another source of information to your filter. Gmail does an excellent job of this, IMHO.
> But you gotta hand it to the Unix folks for making the task of > setting up a spam filter this difficult. I am curious how difficult > it would be to set up a spam filter on an Exchange server.
Damn near impossible, short of purchasing a package. Exchange traditionally isn't the worlds friendliest package to interface with directly.
In most corporate environments, spam filtering happens offbox before it reaches the email servers and is frequently done by an appliance. Same for anti-virus.
CowboyNeal *DOES* know that Mike was a writer on the show from season 1 on, and the head writer starting season 2, right.
That's one thing that I've never understood about the Joel vs Mike thing.... The writing staff was pretty much the same for both (with the huge exception of Frank Conniff leaving. Things were never quite as.... surreal afterward).
Have you ever seen the paperwork for a secret clearance? Yeesh! They want everything - and I mean everything - for the past 5 years.
Having just done this ('secret' clearance), it wasn't that bad. It was 3 double sided pages of work history, where you lived, family, arrest record... Really, it was no more information than I've seen on many job applications.
The state tax refund is treated as "additional" income because it wasn't taxed to begin with. It's withheld from your net paycheck and, therefore, not taxed as income at that time. When you get it back via refund, it goes back in the "taxable income" column and is then taxed - after the fact.
You are taxed on adjusted gross salary (in the state that does it to me), minus non-taxable items like 401k and health insurance. Adjusted gross on my check includes the witholding.
As a test, my pretax section of my W2 + the taxable salary in my W2 = Total Gross Salary. State and federal taxes are not in the pre-tax line item.
I commonly use the 'effective' figure for 3DES, just so people don't go "128-bit AES/Blowfish/CAST is okay.... 168-bit 3DES MUST BE BETTER!". People who whould would add up the bits usually know better...:)
Another factor is encryption sophistication. If 256-bit triple-DES or similar techniques are used then decryption could require supercomputer-levels of cracking.
Ouch. Technobabble at its worst.
a) Triple DES is 112-bit encryption.
b) If you are using strong encryption, like a 256-bit AES cypher, no number of supercomputers are going to 'crack' it, whether it's 14 or 90 or 900 days, unless it's a really bad implementation.
c) One would HOPE that the police would have evidence before they start impounding things. But this is about 'fishing' for evidence for 'suspected' terrorists. "You look like a terrorist, so we'll impound your things in the hope that we'll find something". So much for presumption of evidence (which I believe holds true in the UK as well.
Things like this make me sad. Just another way for the authorities to 'protect' it's citizens by making that sure they can see all and know all. Welcome to the Panopticon.
Funny. I rarely hear Linux-oriented people (including myself) badmouth *BSD. I don't think I've *EVER* heard anyone really badmouth BSD. It's a great, solid operating system, which tends to be fairly conservative in its goals and design decisions. I would never say anything negative about someone just because *BSD was their OS of choice.
I wish the opposite were true. Linux is a solid, popular, full-featued *nix clone with a different design philosophy. It also works very well. I wish that some of the *BSD people would just deal with it and get on with their lives.
Says you. I could see the point of many dashboard widgets being simple, easy to access utilities. My 'killer app' would be the calculator.
However, calculators don't work in a vacume. I would want it to be visible while I am working in my other application (say OpenOffice), so that I can use it in conjunction with my main app.
Yes, yes. I know that OSX has a perfectly functional calculator appliation. The point is that I don't want to hunt the dang thing down to use it. I want it in a place where it's easily available (and I don't mean the limited real estate of the dock).
Having the OPTION of making a dashboard widget 'sticky' to the desktop (at least temporarily) would be very desirable, indeed. And it should be as easily banished to the Dashboard layer, so that the Dashboard engine no longer sucks up CPU cycles.
And if you don't mind me saying so, "You don't want them to." smacks of hubris to me. You don't know exactly what I want, do you?
Funny how a country where no state-religion is allowed by the constitution has more opressive religious-control than a country with an official religion whereby the head of state is also head of the religion.
Disneyland doesn't count as a 'country', and the 'Church of Mouse' isn't an offical religion.
The 'good' is that it keeps closed source vendors honest.
The 'full disclosure' idea came about because of the frustration of sysadmins finding security holes, and not being able to get the vendor to take it seriously.
Good 'full disclosure' first notifies the vendor, and then if within a reasonable time the vendor takes no action or there is no response you disclose to something like BugTraq.
It's been the reason that Microsoft and other vendors take such bugs VERY seriously. But they would be more than happy if it all just went away, or was criminialized.
You decide which is more valuable: A company keeping their PR image spotless, or getting serious software bugs fixed.
Except now I have a system that rips the CD (yes, by copying from the OSX cd filesystem, which is EXACTLY how iTunes does it, BTW), converts it to flac (with track info) for archival, and then batch converts everything to aac, all nicely scripted out.
Lots of work upfront, but I have a very efficient ripping system now, with long term, lossless archival.
And all so I was guarenteed not to be locked into a semi-proprietary format.
I love my Apple, but Apple the company could do some things better, IMHO.
The flac maintainer has my patches, and hopefully a much better version of my AIFF support patch will make it into one of the next versions of FLAC. It was really a trivial hack to get it to work, once I knew what I was looking for.
And I decided to use AAC/MP4 just to see if I could. i could have just as easily modified my scripts to use LAME instead. I guess I just like to make things hard.
My scripts are definately in the 'works for me' category. Maybe someday I'll put some work into them, make them do something interesting, and then put them up somewhere. For now, they're nothing special.
Which would be great....if it worked for me. Which it doesn't. I read the bit on MacUpdate when I started this whole process, and Quicktime will not recognize.flac files as a valid format.
I've read reports where the quicktime component works and where it doesn't. It seems a bit spotty.
Slashdot Mirror
Unless you are moving large amounts of data over an unreliable network. rsync can recover a failed transfer; tar cannot.
Somebody must have bought some Sony stock.... 'investorelite' indeed.
*Sigh* The astroturf is getting mighty tall these days.
> You make the bed you sleep in.. Lik-Sang chose to go outside the
> bounds of their contract, and are trying to ride high on a ton of
> anti-sony fanboy diatribe.
I'm trying to figure out how a company 'rides high' on 'being put out of business through lawsuits'.
Darl? Is that you?
Except that they do no hold the trademark on the words 'pod' or 'podcast'.
I think your reality check bounced.
It may be because 'full disclosure' has meaning in the security community, while 'responsible disclosure' does not.
All 'responsible disclosure' is is a set of general ethics and courtesy that security researchers give programmers/companies/entities in order to make an orderly repair of a vulnerability. It is a function of 'full disclosure', not something in of itself.
Slightly related: I've read things that liken 'full disclosure' to yelling "Fire!" in a crowded theater. I tend to think it of yelling "Fire!" in a theater made of flash paper doused in gasoline, while one of the jugglers is preparing to light his flaming torches.
In other words, yelling 'FIRE!' is permissible, if there is actually a high likelyhood of fire...
Okay. I'll bite.
> If you're running the mail servers for a business, how prudent is it
> to run a spam filter in the first place?
Many businesses feel that they have a responsibility to block a certain amount of spam, especially porn spam.
> RBLs are notorious (especially SpamAssassin) for blacklisting entire
> domains when only a small subset of those users are actually
> sending spam.
Um.... SpamAssassin != a RBL. It is a spam filter that uses multiple algorithms to try to identify spam. RBL's are *ONE* source of information, and is almost never used as the sole determinator of spam/ham decisions in the SpamAssassin config.
> If you're running your own mail server at home, then a whitelist
> would probably be more useful than a blacklist since you already
> know who you want to contact you.
From: old_friend@newemail.com
Subject: New Job
Hey! I just started at this new company and they have a job you'd love. Let me know soon,
of
PS.. You might want to update your email address for me. This is my new primary email.
Whitelists have limited usefullness in email except as a another source of information to your filter. Gmail does an excellent job of this, IMHO.
> But you gotta hand it to the Unix folks for making the task of
> setting up a spam filter this difficult. I am curious how difficult
> it would be to set up a spam filter on an Exchange server.
Damn near impossible, short of purchasing a package. Exchange traditionally isn't the worlds friendliest package to interface with directly.
In most corporate environments, spam filtering happens offbox before it reaches the email servers and is frequently done by an appliance. Same for anti-virus.
Fixing long-standing bugs =! Standards compliance.
jf
CowboyNeal *DOES* know that Mike was a writer on the show from season 1 on, and the head writer starting season 2, right.
That's one thing that I've never understood about the Joel vs Mike thing.... The writing staff was pretty much the same for both (with the huge exception of Frank Conniff leaving. Things were never quite as.... surreal afterward).
jf
Having just done this ('secret' clearance), it wasn't that bad. It was 3 double sided pages of work history, where you lived, family, arrest record... Really, it was no more information than I've seen on many job applications.
And the check took about 5 days.
I *NEVER* put my skill points into Mercantile. You're much better off putting more points into Block or Athletics... maybe even Acrobatics.....
Oh. Wait. You're not playing Obvlion, are you?
You are taxed on adjusted gross salary (in the state that does it to me), minus non-taxable items like 401k and health insurance. Adjusted gross on my check includes the witholding.
As a test, my pretax section of my W2 + the taxable salary in my W2 = Total Gross Salary. State and federal taxes are not in the pre-tax line item.
I commonly use the 'effective' figure for 3DES, just so people don't go "128-bit AES/Blowfish/CAST is okay.... 168-bit 3DES MUST BE BETTER!". People who whould would add up the bits usually know better... :)
Ouch. Technobabble at its worst.
a) Triple DES is 112-bit encryption.
b) If you are using strong encryption, like a 256-bit AES cypher, no number of supercomputers are going to 'crack' it, whether it's 14 or 90 or 900 days, unless it's a really bad implementation.
c) One would HOPE that the police would have evidence before they start impounding things. But this is about 'fishing' for evidence for 'suspected' terrorists. "You look like a terrorist, so we'll impound your things in the hope that we'll find something". So much for presumption of evidence (which I believe holds true in the UK as well.
Things like this make me sad. Just another way for the authorities to 'protect' it's citizens by making that sure they can see all and know all. Welcome to the Panopticon.
Which is what the parent said. Read more carefully....
There is an enforced tax in the US on CD Audio media... but not on CD Data media.
Since both are essentially the same, guess which you normally buy?
Funny. I rarely hear Linux-oriented people (including myself) badmouth *BSD. I don't think I've *EVER* heard anyone really badmouth BSD. It's a great, solid operating system, which tends to be fairly conservative in its goals and design decisions. I would never say anything negative about someone just because *BSD was their OS of choice.
I wish the opposite were true. Linux is a solid, popular, full-featued *nix clone with a different design philosophy. It also works very well. I wish that some of the *BSD people would just deal with it and get on with their lives.
jf
> You don't want them to.
Says you. I could see the point of many dashboard widgets being simple, easy to access utilities. My 'killer app' would be the calculator.
However, calculators don't work in a vacume. I would want it to be visible while I am working in my other application (say OpenOffice), so that I can use it in conjunction with my main app.
Yes, yes. I know that OSX has a perfectly functional calculator appliation. The point is that I don't want to hunt the dang thing down to use it. I want it in a place where it's easily available (and I don't mean the limited real estate of the dock).
Having the OPTION of making a dashboard widget 'sticky' to the desktop (at least temporarily) would be very desirable, indeed. And it should be as easily banished to the Dashboard layer, so that the Dashboard engine no longer sucks up CPU cycles.
And if you don't mind me saying so, "You don't want them to." smacks of hubris to me. You don't know exactly what I want, do you?
jf
s/millions/billions/
Answer: Many
Disneyland doesn't count as a 'country', and the 'Church of Mouse' isn't an offical religion.
The 'good' is that it keeps closed source vendors honest.
The 'full disclosure' idea came about because of the frustration of sysadmins finding security holes, and not being able to get the vendor to take it seriously.
Good 'full disclosure' first notifies the vendor, and then if within a reasonable time the vendor takes no action or there is no response you disclose to something like BugTraq.
It's been the reason that Microsoft and other vendors take such bugs VERY seriously. But they would be more than happy if it all just went away, or was criminialized.
You decide which is more valuable: A company keeping their PR image spotless, or getting serious software bugs fixed.
Except now I have a system that rips the CD (yes, by copying from the OSX cd filesystem, which is EXACTLY how iTunes does it, BTW), converts it to flac (with track info) for archival, and then batch converts everything to aac, all nicely scripted out.
Lots of work upfront, but I have a very efficient ripping system now, with long term, lossless archival.
And all so I was guarenteed not to be locked into a semi-proprietary format.
I love my Apple, but Apple the company could do some things better, IMHO.
jf
The flac maintainer has my patches, and hopefully a much better version of my AIFF support patch will make it into one of the next versions of FLAC. It was really a trivial hack to get it to work, once I knew what I was looking for.
And I decided to use AAC/MP4 just to see if I could. i could have just as easily modified my scripts to use LAME instead. I guess I just like to make things hard.
My scripts are definately in the 'works for me' category. Maybe someday I'll put some work into them, make them do something interesting, and then put them up somewhere. For now, they're nothing special.
jf
Which would be great....if it worked for me. Which it doesn't. I read the bit on MacUpdate when I started this whole process, and Quicktime will not recognize .flac files as a valid format.
I've read reports where the quicktime component works and where it doesn't. It seems a bit spotty.
Ah well.
Whoops. That should have 'ogg' in there somewhere....