Is it ethical to, having enough knowledge to suspect there's a vulnerability, to withhold that knowledge from those in a position to fix it? You're keeping many other innocent people at risk with our silence. Software developers make mistakes all the time. There are lots of other people in the world skilled at finding those mistakes. Some of these will use those to attempt to profit, while others want to protect innocent people. It seems strange that you attempt to discount the work of all of the people in that second category. These are the guys that keep the number of 0days down. If they win, you get a monthly security patch from your vendor. If they lose, you get services taken down for weeks due to break-ins and lots of ugly work arounds.
Well, that's an interesting idea, of everyone having a home server. It's certainly an alternative. However, it requires a computer to be on 24-7, which winds up being somewhat expensive. I've not deleted a single thing since starting to use my gmail account, and still have under a gig of data on it. It's more than enough storage for my e-mail.
Well there are multiple reasons to use webmail instead of a desktop client. One of the most convenient is that all my mail is very quickly accessible from any machine connected to the internet, without any setup of an IMAP client necessary. Also, it's search performance is actually faster than most thick clients I've used for e-mail. Finally, the freeness of the mail storage space it offers is nice.
I used to use thunderbird to access my ISP's POP mail, but have now gone to strictly webmail for my e-mail needs. The specific reasons I switched are: search performance, mail-file management between reformatting and multiple machines, the lack of connection to an ISP for hosting, and the UI is actually nicer than any mail client I've used (this last one is a personal preference thing, though).
So they propose shaking two devices to prove that the synchronization is intentional. Why not just use a tiny plug? It seems like it should be fairly easy to build in a standardized contact surface with a few conductors on it (4 should be enough, looking at something like USB). Then if you want to sync 2 devices, touch them together.
Just because someone purchased a song from somewhere does not mean they were the one to upload. There would still be a burden of proof on the record companies, especially if the computer owned by the person was in a botnet/otherwise pwned, or if the person had ever lost an mp3 player.
Someone issued your public/private key combo, and probably required your identity when they provided it to you. That someone knows your private key. Not necessarily. The voting machine can generate the key pair, and sign it with its own certificate. Then it gives you the private key in a printout. The machine doesn't need to know who's voting at it, just that it is some voter.
but, for something like a blog post where the user is composing the markup on your server, that's when XML parsing shines. you can use the user's browser to parse their markup into a DOM structure, then have a function that goes through the DOM and creates a valid XML document string. upload that XML document string to the server and do the XML parsing and reformatting server-side.
Okay. Now this assumes that users can write valid XML. What do you do if the user doesn't close a tag? Besides, you still have the problem of determining what is and is not safe to display.
I think border guards care less about citizens of their country than others. Thus the USA Border Patrol will let you off easier than a Canadian and vice versa.
How is there no downtime? If one of the non-parity drives fails, don't you need to rebuild the array before it can be used, or do controllers allow the reading of it (or even writing) while rebuilding one of the drives?
I see multiple ideas here. First, automating of submission handling. This is a good thing. All it does is reduce errors and speed up grading.
Second is automated testing. This is good for when you can test for the program working in general and also for specific errors you anticipate. However, this automated testing should NOT just be plugged in as a grade. Instead, a thorough review of the code should be performed. Not only does this help provide better feedback, but it helps you to spot cheating. Finally, there are those programs that just won't run properly for one reason or another. These are the fun ones. When I was a TA I first downgraded them due to the failure to submit the program in fully working order, then did what I could to get it to run, and based an additional deduction on what I did (or not, in the case of ambiguities in specifications). If I still could not get it to work, I made a severe deduction and let the students schedule a time to meet with me so that they could demonstrate what their program did.
What if I want to actually have a non-user-based literal in a query: i.e. in a check for whether a user has access to a function. SELECT... FROM users where username=? and userlevel in('admin','moderator') or something like that? Your idea makes coding that a lot more annoying. Here's another example: display active admins: select... from online_users,users where online_users.last_activity > (current timestamp - 10 minutes) and online_users.userid=users.userid and users.userlevel='admin' Nothing input-driven, but still a text literal.
Slashdot Mirror
Is it ethical to, having enough knowledge to suspect there's a vulnerability, to withhold that knowledge from those in a position to fix it? You're keeping many other innocent people at risk with our silence. Software developers make mistakes all the time. There are lots of other people in the world skilled at finding those mistakes. Some of these will use those to attempt to profit, while others want to protect innocent people. It seems strange that you attempt to discount the work of all of the people in that second category. These are the guys that keep the number of 0days down. If they win, you get a monthly security patch from your vendor. If they lose, you get services taken down for weeks due to break-ins and lots of ugly work arounds.
Start menu, type "Explorer", right-click Windows Explorer, select "Run as administrator", perform administrative tasks, close explorer window.
Linux Kernel developers use USENET? Strange, I thought they used mailing lists.
Well, that's an interesting idea, of everyone having a home server. It's certainly an alternative. However, it requires a computer to be on 24-7, which winds up being somewhat expensive. I've not deleted a single thing since starting to use my gmail account, and still have under a gig of data on it. It's more than enough storage for my e-mail.
Well there are multiple reasons to use webmail instead of a desktop client. One of the most convenient is that all my mail is very quickly accessible from any machine connected to the internet, without any setup of an IMAP client necessary. Also, it's search performance is actually faster than most thick clients I've used for e-mail. Finally, the freeness of the mail storage space it offers is nice.
I used to use thunderbird to access my ISP's POP mail, but have now gone to strictly webmail for my e-mail needs. The specific reasons I switched are: search performance, mail-file management between reformatting and multiple machines, the lack of connection to an ISP for hosting, and the UI is actually nicer than any mail client I've used (this last one is a personal preference thing, though).
So they propose shaking two devices to prove that the synchronization is intentional. Why not just use a tiny plug? It seems like it should be fairly easy to build in a standardized contact surface with a few conductors on it (4 should be enough, looking at something like USB). Then if you want to sync 2 devices, touch them together.
Crackpot sues YOU!
Just because someone purchased a song from somewhere does not mean they were the one to upload. There would still be a burden of proof on the record companies, especially if the computer owned by the person was in a botnet/otherwise pwned, or if the person had ever lost an mp3 player.
Okay. Now this assumes that users can write valid XML. What do you do if the user doesn't close a tag? Besides, you still have the problem of determining what is and is not safe to display.
I think border guards care less about citizens of their country than others. Thus the USA Border Patrol will let you off easier than a Canadian and vice versa.
How is there no downtime? If one of the non-parity drives fails, don't you need to rebuild the array before it can be used, or do controllers allow the reading of it (or even writing) while rebuilding one of the drives?
Okay, if the copy got sent when it actually got read by a human being? Would that solve that issue?
Okay, would the following be better for you?
Name: ____
E-mail: ____
Subject: ____
Message: _______
Send me a copy of the message [checkbox]
That seems to solve both issues you mentioned.
Uhh... situation B is exactly what Fedex/UPS already do.
doesn't stop entering URLs with IP address instead of hostname
Nice non-sequitir. Read what I was replying to. He quoted an authorization for the use of force in going after the 9/11 terrorists.
I see multiple ideas here. First, automating of submission handling. This is a good thing. All it does is reduce errors and speed up grading.
Second is automated testing. This is good for when you can test for the program working in general and also for specific errors you anticipate. However, this automated testing should NOT just be plugged in as a grade. Instead, a thorough review of the code should be performed. Not only does this help provide better feedback, but it helps you to spot cheating. Finally, there are those programs that just won't run properly for one reason or another. These are the fun ones. When I was a TA I first downgraded them due to the failure to submit the program in fully working order, then did what I could to get it to run, and based an additional deduction on what I did (or not, in the case of ambiguities in specifications). If I still could not get it to work, I made a severe deduction and let the students schedule a time to meet with me so that they could demonstrate what their program did.
So that explains our presence in Afghanistan. Fair enough. What about Iraq?
And how does that allow civil liberties intrusions?
What if I want to actually have a non-user-based literal in a query: i.e. in a check for whether a user has access to a function. SELECT ... FROM users where username=? and userlevel in('admin','moderator') or something like that? Your idea makes coding that a lot more annoying. Here's another example: display active admins: select ... from online_users,users where online_users.last_activity > (current timestamp - 10 minutes) and online_users.userid=users.userid and users.userlevel='admin' Nothing input-driven, but still a text literal.
You need to physically hold the mag stripe to scan it to clone it. Not so for the RFID tag.
to be a proper post-writer, close your b tag.
It's one thing for a site not to "jive with their system". It's another for a site to be built to fool their system.
all of histories' \w+ are tourist attractions today.