I use it because its a better browser. It has more (and better) features than the competition. THAT is why I use it and recommend it to those who ask, not because of its security track record.
What would it take? Someone who REALLY REALLY cares about this stuff or someone with a lot of money.
Ever notice how the open source community is full of really cool 90% finished products? People like to spend their spare time doing stuff thats fun, not mundane crap that occupies 10% of software development.
If you need applications like a grammar checker or that other 10% of "cool" software to be built, you will most likely have to pay someone to do it.
Grr. I'm not arguing against them in general. We write them for our backend components. Writing them for a GUI or Web module however takes more time than its worth.
Writing JUnit tests for Web and GUI applications can be as time consuming, and usually more time consuming than writing the application itself.
Can anyone recommend a good framework for testing these components?
Re:JUnit and the people who don't use it...
on
An Early Look at JUnit 4
·
· Score: 3, Insightful
Unit testing for web apps has a long way to go. Normally, writing junit tests is less then or equal to the amount of work in writing the actual code. Writing unit tests for web applications is vastly more complex and time consuming.
Don't companies already advertise in games anyway? I thought I remember something about Half Life 2 containing advertisements on the walls. Maybe that was The Sims. Can anyone back this up?
Anyway, more on topic: I don't think its cut and dried situation, I think that disclosing a bug immediately can be good in one situation but harmful in another.
For a company the size of Microsoft, sitting on a bug for 6 months to a year may be the time it takes to adequately test their patches. Remember, for years they strived to make their software work with everything under the sun and make it backwards compatible with everything under the prehistoric sun. Its conceivable that creating a patch that is thoroughly testing (at Microsoft?:)) could take sometime.
From what I understand, a good "hacker" in the sense that he uses the word should probably be:
- Attentive to detail.
- Patient.
Finding bugs in software requires a lot of patience and attention to detail because often times you have to manipulate time and memory to get what you want..over and over and over again.
That said, FINDING bugs is tricky. Using or modifiying a POC off of bugtraq is not so hard.
Like, I said, its not feasible for 99% of the user community, just because someone is doing it doesn't mean everyone can.
From http://plasticbugs.com/index.php?p=241:
I have been hacking the Gimp for weeks and it's finally ready.
...
What made this project especially difficult is that there isn't one file that holds all of Gimp's tool names and menu structure. I've modified hundreds of files and combed thousands of lines of code to make this version of Gimp a reality. This work pales in comparison to real coding, but for a hack like me, it required a lot of learning and work.
And thats just for moving the menu widgets around.
I'm sick of this tired old "fix it yourself" argument.
Obviously, you're not a professional software developer otherwise you would see the utter stupidity of making such a statement.
To be able to make even minor modifications to a major software project could possibly takes MONTHS of prep work. Its not like opening up a book and fixing a spelling mistake, you need to understand the ins and outs of the module you're working on and the modules that depend on it. And thats assuming that the code is well documented and there is other supporting documentation
What he is talking about is most likely a major undertaking, not something some guy off the street can fix over the weekend off the latest CVS trunk.
In short, please stop repeating that tired old argument, its not feasible for 99% of the user community for any particular application and it makes you sound like an arrogant prick.
When was the last time you saw lots of jobs for mainframe techs? The jobs that are out there are filled.
CS degrees should be about Computer Science theory and understanding. The rest is just syntax and training.
The skills they DO teach are the ones that they are most likely going to use in the "real world" at that time. Aside from giving a student a well-rounded education, colleges are also responsible for giving the student skills that will apply once they enter the workforce.
I don't understand the practical applications of this attack outside the realm of academia.
So they can steal your mail? If they've stolen it, why not just open it and read the pin?
If someone is targetting you to steal your money, they would have to steal the pin number and then check back every day to see if the card came. Doesn't seem very practical to me.
If they're putting these images out on a public website, how can they be upset when people view the images? It doesn't matter if they're found in a search engine or if someone browses to the site, they're out in the open.
Smells like someone is up to some clever marketing.
Slashdot Mirror
I use it because its a better browser. It has more (and better) features than the competition. THAT is why I use it and recommend it to those who ask, not because of its security track record.
The mice should feel right at home.
/I'm from there.
Somewhat on topic is the issue of fragmenting. For a while, if an application or OS didn't do something you like, the common response was:
- Dont like it? Fork it! - Dont like it? Roll your own!
Problem is that it leads to a lot of confusion and fragmentation within the community that confuses the hell out of outsiders.
I think consolidation is a good thing and folks should work together more often rather then just splintering a code base.
(Note, fragmentation CAN be a good thing in the cases like Security Knoppix or RTLinux)
Anyone know of any webmail services that allow GPG?
What would it take? Someone who REALLY REALLY cares about this stuff or someone with a lot of money.
Ever notice how the open source community is full of really cool 90% finished products? People like to spend their spare time doing stuff thats fun, not mundane crap that occupies 10% of software development.
If you need applications like a grammar checker or that other 10% of "cool" software to be built, you will most likely have to pay someone to do it.
Grr. I'm not arguing against them in general. We write them for our backend components. Writing them for a GUI or Web module however takes more time than its worth.
Writing JUnit tests for Web and GUI applications can be as time consuming, and usually more time consuming than writing the application itself.
Can anyone recommend a good framework for testing these components?
Unit testing for web apps has a long way to go. Normally, writing junit tests is less then or equal to the amount of work in writing the actual code. Writing unit tests for web applications is vastly more complex and time consuming.
Meh. Its a hiccup on sf, not my php code. It does that from time to time.
Don't write it.
/I kid because I love.
Verified? Its the internet. Reminds me of a quote from The Simpsons:
Lisa:Dad, you can't post that on the internet, you don't even know if its true!
Don't companies already advertise in games anyway? I thought I remember something about Half Life 2 containing advertisements on the walls. Maybe that was The Sims. Can anyone back this up?
Interesting enough, Tom Siebel, the founder of Siebel, was once an ex-Oracle exec. I believe he left under less than pleasant terms.
Shouldn't it be who is responsible?
:)) could take sometime.
Anyway, more on topic: I don't think its cut and dried situation, I think that disclosing a bug immediately can be good in one situation but harmful in another.
For a company the size of Microsoft, sitting on a bug for 6 months to a year may be the time it takes to adequately test their patches. Remember, for years they strived to make their software work with everything under the sun and make it backwards compatible with everything under the prehistoric sun. Its conceivable that creating a patch that is thoroughly testing (at Microsoft?
See here for why its a bad (and extremely annoying) idea to make every other word in the summary a link.
From what I understand, a good "hacker" in the sense that he uses the word should probably be:
- Attentive to detail.
- Patient.
Finding bugs in software requires a lot of patience and attention to detail because often times you have to manipulate time and memory to get what you want..over and over and over again.
That said, FINDING bugs is tricky. Using or modifiying a POC off of bugtraq is not so hard.
Like, I said, its not feasible for 99% of the user community, just because someone is doing it doesn't mean everyone can. From http://plasticbugs.com/index.php?p=241:
...
I have been hacking the Gimp for weeks and it's finally ready.
What made this project especially difficult is that there isn't one file that holds all of Gimp's tool names and menu structure. I've modified hundreds of files and combed thousands of lines of code to make this version of Gimp a reality. This work pales in comparison to real coding, but for a hack like me, it required a lot of learning and work.
And thats just for moving the menu widgets around.
I'm sick of this tired old "fix it yourself" argument.
Obviously, you're not a professional software developer otherwise you would see the utter stupidity of making such a statement.
To be able to make even minor modifications to a major software project could possibly takes MONTHS of prep work. Its not like opening up a book and fixing a spelling mistake, you need to understand the ins and outs of the module you're working on and the modules that depend on it. And thats assuming that the code is well documented and there is other supporting documentation
What he is talking about is most likely a major undertaking, not something some guy off the street can fix over the weekend off the latest CVS trunk.
In short, please stop repeating that tired old argument, its not feasible for 99% of the user community for any particular application and it makes you sound like an arrogant prick.
Slashdot should have a "Schaudenfraude" modifier.
When was the last time you saw lots of jobs for mainframe techs? The jobs that are out there are filled.
CS degrees should be about Computer Science theory and understanding. The rest is just syntax and training.
The skills they DO teach are the ones that they are most likely going to use in the "real world" at that time. Aside from giving a student a well-rounded education, colleges are also responsible for giving the student skills that will apply once they enter the workforce.
In the immortal words of Dr. Nick's Diet:
// On my way to the ATM machine.
"If you're unsure about something, rub it against a piece of paper. If the paper turns clear, its your window to weight gain!"
Have fun eating greasy chicken and stealing PIN numbers
/ Thats right, I said PIN Number.
I don't understand the practical applications of this attack outside the realm of academia.
So they can steal your mail? If they've stolen it, why not just open it and read the pin?
If someone is targetting you to steal your money, they would have to steal the pin number and then check back every day to see if the card came. Doesn't seem very practical to me.
If they're putting these images out on a public website, how can they be upset when people view the images? It doesn't matter if they're found in a search engine or if someone browses to the site, they're out in the open.
Smells like someone is up to some clever marketing.
Rumors for nerds. Stuff that may turn out to matter tomorrow.
Are most spammers spamming for their own business like this guy did
I was under the impression that most of the spammers were "for hire" by marketing firms, companies, mafias, etc.