(posting to undo an accidental moderation. I meant to moderate your post informative, not overrated)
I've got the very same problem here. I'm using Ubuntu Dapper (6.06), which is a long-term service release (LTS). It's supposed to be supported by the Ubuntu team for 5 years; guess they'll have to create their own security patches for FF2 from now on.
As a web developer (among other things) I'm all for getting people to use newer browsers, but FF2 doesn't feel old enough to be abandoned yet. Like a lot of other people, I can't upgrade. I'm stuck with an older GTK version on Dapper, and neither FF3 nor Prism will run here; I'm using XP on VirtualBox to do testing with FF3. Compiling FF from source (and collecting the required libraries/versions) is not trivial, and I'm not going to waste time on getting this to work with every new update.
All in all, I think Mozilla called the end-of-life for FF2 *far* too soon. We're going to see a backlash for this decision soon.
A friend of mine recently told me they were using lava lamps in different colors as a low-tech indicator for problems with the automatic overnight test/build process. A developer would enter the office in the morning and immediately notice an eerie yellow glow, which meant that the test suite for project #2 didn't complete successfully. He'd know he'll have to look into that even before checking his email (after making some coffee, reading Slashdot and doing the rest of his early morning routine). Might be a bit too geeky for customers, but from what I heard, it works quite well.
Changing "prior art" to "prior artwork" paints an interesting picture of a potential courtroom exchange...
"I would like to present Exhibit A, "Motherboard Descending a Staircase" by Ed Picasso, painted in January 2006..
Picasso? Does this make sense? No! Ladies and gentlemen of this supposed jury, it does not make sense! If Chewbacca lives on Endor, you must acquit! The defense rests.
I pretty much agree with what you wrote. Just as an addendum, here's a very recent example of a successful cooperation between a person who discovered a security vulnerability (John Resig) and the software vendor (Apple):
Thats because you have set your User-Agent to Google Bot. Without it, you wont be able to scroll all the way down and see the answers
No, I didn't mess with my UA string.
I think I see what's going on, now. You *can* see the answers at the bottom if you click on a Google search result (HTTP_REFERER is Google), but they'll hide the answers if you enter the URL directly or click on a link on a different site (just tested with Wikipedia). This is one messed-up site...
You can still see all the answers if you scroll all the way down to the bottom. I suspect they did this in order to avoid being blacklisted by Google. Why anyone would pay for that "service" is beyond me.
You have to give the vendor at least a chance to get the bug fixed.
No, you don't. For all we know, some black-hat hacker may have already found this vulnerability and be actively exploiting it.
It's the same old discussion every time. There are arguments for and against releasing vulnerabilities without notifying the vendor in advance, I know, but from a developer's standpoint (and from a user's), it's preferrable to give at least a grace period before releasing the details.
The advantages of releasing immediately are:
Users can be told about possible workarounds.
There's a better chance of the vendor releasing a patch/fix in a timely manner.
You can show off your l33t zero-day skillz.
The disadvantages are:
Any black-hat who hadn't noticed the problem now knows about it and can write an exploit.
The entire user base is immediately at risk from script kiddies. If there was no exploit of the bug in the wild, there soon will be.
The vendor does not get time to send a security alert and workaround instructions to its registered users or to its security mailing list.
The vendor may have to rush the bugfix release before proper testing and QA is complete.
In this specific case, the Zimbra users are definitely worse off, unless they happen to read Holden Karau's blog (or Slashdot). But maybe Holden will get his t-shirt now, so that's ok.
First of all, I don't see any reason why this would be on the Slashdot front page. Many vulnerabilities like this one are discovered every day, and many are more critical and interesting, and concern products that are more widely used than Zimbra. Just take a look at Bugtraq to see a few samples.
More importantly, we shouldn't promote any random blogger who posts about security vulnerabilities to get t-shirts from Yahoo:
For anyone from Yahoo! reading this, I'm still waiting for the shirt I was promised from the first time I reported a vulnerability, but its all good:)
There's such a thing as responsible disclosure, and that's not blogging happily about everything you find, on a Friday no less, and then mentioning in passing that "At the time of the writing Yahoo! security has been notified." You have to give the vendor at least a chance to get the bug fixed.
I'm in central Europe and have no special connection to the US, apart from reading the news and sites like Slashdot. I scored 78.79% on the test, which had some _very_ US-centric questions, so an average score of 77.77% for Americans does seem a bit low, especially for elected officials.
The additional pseudo-vowel "y" on the left didn't help to find longer words in the English dictionary; I got the same results that were already posted.
Those are old word files from Dapper, though. Maybe the newer distros come with even longer words.
Very interesting, I hadn't heard of that before. The linked article is quite old, do you have any more recent information about the switch? Is it still on?
I'm wondering if there's a local aspect to the packaging strategy as well. In the EU, if a seller uses redundant packaging material, he has an obligation to either (a) take back all the packaging that isn't necessary to protect the product, or (b) pay what amounts to a monthly packaging tax. Most retailers still opt for (b), but at least in my country they're required to offer you a way to dispose of the excess packaging before you leave the store.
As for Amazon, I've hardly ever seen them use too much packaging. Their packets are made of recycled carton and open by pulling on a paper strap. Everything inside is exactly how I want it. I *want* the DVD cases, and the toy boxes! Getting your Legos in a bag is quite different from getting them in a flashy designed box - six sides with pictures that can show you different ways of assembling the parts.
They could get rid of the plastic wraps around the individual items, no big deal, but that's been done before, and is not news-worthy.
By the way... sometimes there's stuff in those packages that you didn't order. I got small packets of gummy bears a few times, and a "complimentary book" (twice). All in all, I can't complain.
Data-protection laws (most likely the Privacy Act of 1974 is one of them) prevent the sharing of information between agencies that would make that possible.
Thanks for the explanation. This is quite different in my country; we do have a federal registry of citizens, and (as far as I know) information can and will be shared between different federal and state agencies.
We're still a free country.
I also live in what's we call a free country, but over here citizenship gives you a number of rights as well as a number of duties. One of those duties is to take part in general elections (nothing at all happens if you don't). Another duty is half a year of military service for men (or civilian alternatives), and this one can't easily be avoided.
If, for whatever reason, you don't want to vote (maybe you think all the candidates suck), you're not required to do so. [..] if you vote, you only get to pick between Giant Douche and Turd Sandwich. If you want neither of them, there's no way to register that opinion.)
A better way to demonstrate your disagreement with the choices is to give an invalid vote (blank, for example, or with a freestyle message). That way your vote will be counted as part of the group who cares enough about the political system to participate in the election. If you don't vote, you get counted in together with those who just can't be bothered.
Of course this only works if the ballots and the voting process are simple enough not to produce a significant number of invalid votes on their own.
It is illegal not to register to vote in this country, although many people choose not to for various reasons and avoid punishment.
Bullshit. Lots of people don't register to vote, and there is no legal requirement to do so - although there should be.
I've always wondered what all that "registering to vote" business in the US was about. Where I live, as long as you're a citizen, you're automatically registered. You don't have to do anything special; about four weeks before an election, they even send you a letter containing directions to the voting booths closest to your place of residence. Voting is also "compulsory" (it's considered one of the citizen's duties), but nothing will happen if you don't go (for whatever reason).
[..] I do know that 'his' was used as the neutral/unspecified gender pronoun as well as the masculine pronoun
So was "they". The Wikipedia link the OP posted states that "[r]ecognized writers have used they, them, themselves, and their to refer to singular nouns such as one, a person, an individual, and each since the 1300s."
Those that think women are denigrated by the use of "his" (eg "If a soldier lays down his arms...") should really wonder why they think so little of women that they might need the rules of grammar to be changed to promote them.
It's even worse in German (and probably in related languages as well), where the word "man" is used as an indefinite pronoun. It does not have any gender connotations at all, even though it obviously originated in the word "Mann" (man). Nevertheless, in the past ten years some writers have decided that using the pronoun "man" was not gender neutral enough, so they invented replacements with varying degrees of absurdity:
"mensch" (meaning "man" as in "human")
"man/frau"
or just "frau" for texts with a predominantly female readership
Needless to say, this makes their texts hard to read, and is not widely accepted. In fact, it rather accomplished the opposite of what they aimed for, by creating a strong aversion against gender-neutral speech generally, even in people like me who were open to the idea of a reasonable degree of gender-neutrality (where possible).
The song that the violin sample is from is the Andrew Oldham Orchestra's version of The Last Time. What really bugs me about the lawsuit is that the Verve actually did clear the sample! They had the right to use it in their song, but in the copyright holder's opinion (and the court's), they used too much of it. Go figure.
Slashdot Mirror
If you want a really embarrassing picture on your driver's license, you could always move to Virginia:
http://www.youtube.com/watch?v=owvO640ODwA
(posting to undo an accidental moderation. I meant to moderate your post informative, not overrated)
I've got the very same problem here. I'm using Ubuntu Dapper (6.06), which is a long-term service release (LTS). It's supposed to be supported by the Ubuntu team for 5 years; guess they'll have to create their own security patches for FF2 from now on.
As a web developer (among other things) I'm all for getting people to use newer browsers, but FF2 doesn't feel old enough to be abandoned yet. Like a lot of other people, I can't upgrade. I'm stuck with an older GTK version on Dapper, and neither FF3 nor Prism will run here; I'm using XP on VirtualBox to do testing with FF3. Compiling FF from source (and collecting the required libraries/versions) is not trivial, and I'm not going to waste time on getting this to work with every new update.
All in all, I think Mozilla called the end-of-life for FF2 *far* too soon. We're going to see a backlash for this decision soon.
A friend of mine recently told me they were using lava lamps in different colors as a low-tech indicator for problems with the automatic overnight test/build process. A developer would enter the office in the morning and immediately notice an eerie yellow glow, which meant that the test suite for project #2 didn't complete successfully. He'd know he'll have to look into that even before checking his email (after making some coffee, reading Slashdot and doing the rest of his early morning routine). Might be a bit too geeky for customers, but from what I heard, it works quite well.
3. Voice input
Speech to text is still pretty bad. Some examples of problems it still struggles with are handling different accents, background noise.
Ack. Imagine trying to tell a computer to go to Slashdot.
I'd rather just double the killer delete select all...
You object to Ed, but not 2006? ;-)
Changing "prior art" to "prior artwork" paints an interesting picture of a potential courtroom exchange...
"I would like to present Exhibit A, "Motherboard Descending a Staircase" by Ed Picasso, painted in January 2006..
Picasso? Does this make sense?
No! Ladies and gentlemen of this supposed jury, it does not make sense! If Chewbacca lives on Endor, you must acquit!
The defense rests.
What if it turns out they are just like us?
I wouldn't worry about that too much. At this very moment, there are several millions of Neanderthals among us, both male and female.
CJ
I pretty much agree with what you wrote. Just as an addendum, here's a very recent example of a successful cooperation between a person who discovered a security vulnerability (John Resig) and the software vendor (Apple):
Clickjacking iPhone Attack
Thats because you have set your User-Agent to Google Bot. Without it, you wont be able to scroll all the way down and see the answers
No, I didn't mess with my UA string.
I think I see what's going on, now. You *can* see the answers at the bottom if you click on a Google search result (HTTP_REFERER is Google), but they'll hide the answers if you enter the URL directly or click on a link on a different site (just tested with Wikipedia). This is one messed-up site...
Hope that helps,
CJ
You can still see all the answers if you scroll all the way down to the bottom. I suspect they did this in order to avoid being blacklisted by Google. Why anyone would pay for that "service" is beyond me.
You have to give the vendor at least a chance to get the bug fixed.
No, you don't. For all we know, some black-hat hacker may have already found this vulnerability and be actively exploiting it.
It's the same old discussion every time. There are arguments for and against releasing vulnerabilities without notifying the vendor in advance, I know, but from a developer's standpoint (and from a user's), it's preferrable to give at least a grace period before releasing the details.
The advantages of releasing immediately are:
The disadvantages are:
In this specific case, the Zimbra users are definitely worse off, unless they happen to read Holden Karau's blog (or Slashdot).
But maybe Holden will get his t-shirt now, so that's ok.
CJ
First of all, I don't see any reason why this would be on the Slashdot front page. Many vulnerabilities like this one are discovered every day, and many are more critical and interesting, and concern products that are more widely used than Zimbra. Just take a look at Bugtraq to see a few samples.
More importantly, we shouldn't promote any random blogger who posts about security vulnerabilities to get t-shirts from Yahoo:
There's such a thing as responsible disclosure, and that's not blogging happily about everything you find, on a Friday no less, and then mentioning in passing that "At the time of the writing Yahoo! security has been notified." You have to give the vendor at least a chance to get the bug fixed.
CJ
The low average scores really are surprising.
I'm in central Europe and have no special connection to the US, apart from reading the news and sites like Slashdot. I scored 78.79% on the test, which had some _very_ US-centric questions, so an average score of 77.77% for Americans does seem a bit low, especially for elected officials.
CJ
Using a German keyboard layout, the longest non-composite words in /usr/share/dict/ngerman are
gestrafftester
gestrafftestes
verbesserbarer
verbesserbares
(14 letters each)
The additional pseudo-vowel "y" on the left didn't help to find longer words in the English dictionary; I got the same results that were already posted.
Those are old word files from Dapper, though. Maybe the newer distros come with even longer words.
CJ
Konqueror is still using their own KHTML, but they're working on switching over to Apple's fork, eventually.
Very interesting, I hadn't heard of that before. The linked article is quite old, do you have any more recent information about the switch? Is it still on?
CJ
Any anyway, "Science" already has a better "alternative to an intelligent creator".
All hail to His Noodly Appendages!
(it's been proven by Science!)
RAmen.
Yeah, but Polly wasn't able to come back as a zombie 3 days later before being miracled into wine and crackers.
Sweet Zombie Jesus!
/farnsworth
Try this:
/^1?$|^(11+?)\1+$/) ? "prime" : "";
sub is_prime {
return (("1" x shift) !~
}
for my $i (1..30) {
printf "%3d: %s\n", $i, is_prime($i);
}
CJ
("1" x $n) !~ /^1?$|^(11+?)\1+$/
Backreferences are fun!
CJ
I'm wondering if there's a local aspect to the packaging strategy as well. In the EU, if a seller uses redundant packaging material, he has an obligation to either (a) take back all the packaging that isn't necessary to protect the product, or (b) pay what amounts to a monthly packaging tax. Most retailers still opt for (b), but at least in my country they're required to offer you a way to dispose of the excess packaging before you leave the store.
As for Amazon, I've hardly ever seen them use too much packaging. Their packets are made of recycled carton and open by pulling on a paper strap. Everything inside is exactly how I want it. I *want* the DVD cases, and the toy boxes! Getting your Legos in a bag is quite different from getting them in a flashy designed box - six sides with pictures that can show you different ways of assembling the parts.
They could get rid of the plastic wraps around the individual items, no big deal, but that's been done before, and is not news-worthy.
By the way... sometimes there's stuff in those packages that you didn't order. I got small packets of gummy bears a few times, and a "complimentary book" (twice). All in all, I can't complain.
CJ
Data-protection laws (most likely the Privacy Act of 1974 is one of them) prevent the sharing of information between agencies that would make that possible.
Thanks for the explanation. This is quite different in my country; we do have a federal registry of citizens, and (as far as I know) information can and will be shared between different federal and state agencies.
We're still a free country.
I also live in what's we call a free country, but over here citizenship gives you a number of rights as well as a number of duties. One of those duties is to take part in general elections (nothing at all happens if you don't). Another duty is half a year of military service for men (or civilian alternatives), and this one can't easily be avoided.
If, for whatever reason, you don't want to vote (maybe you think all the candidates suck), you're not required to do so. [..] if you vote, you only get to pick between Giant Douche and Turd Sandwich. If you want neither of them, there's no way to register that opinion.)
A better way to demonstrate your disagreement with the choices is to give an invalid vote (blank, for example, or with a freestyle message). That way your vote will be counted as part of the group who cares enough about the political system to participate in the election. If you don't vote, you get counted in together with those who just can't be bothered.
Of course this only works if the ballots and the voting process are simple enough not to produce a significant number of invalid votes on their own.
CJ
It is illegal not to register to vote in this country, although many people choose not to for various reasons and avoid punishment.
Bullshit. Lots of people don't register to vote, and there is no legal requirement to do so - although there should be.
I've always wondered what all that "registering to vote" business in the US was about. Where I live, as long as you're a citizen, you're automatically registered. You don't have to do anything special; about four weeks before an election, they even send you a letter containing directions to the voting booths closest to your place of residence. Voting is also "compulsory" (it's considered one of the citizen's duties), but nothing will happen if you don't go (for whatever reason).
CJ
[..] I do know that 'his' was used as the neutral/unspecified gender pronoun as well as the masculine pronoun
So was "they". The Wikipedia link the OP posted states that "[r]ecognized writers have used they, them, themselves, and their to refer to singular nouns such as one, a person, an individual, and each since the 1300s."
Those that think women are denigrated by the use of "his" (eg "If a soldier lays down his arms ...") should really wonder why they think so little of women that they might need the rules of grammar to be changed to promote them.
It's even worse in German (and probably in related languages as well), where the word "man" is used as an indefinite pronoun. It does not have any gender connotations at all, even though it obviously originated in the word "Mann" (man). Nevertheless, in the past ten years some writers have decided that using the pronoun "man" was not gender neutral enough, so they invented replacements with varying degrees of absurdity:
Needless to say, this makes their texts hard to read, and is not widely accepted. In fact, it rather accomplished the opposite of what they aimed for, by creating a strong aversion against gender-neutral speech generally, even in people like me who were open to the idea of a reasonable degree of gender-neutrality (where possible).
CJ
The song that the violin sample is from is the Andrew Oldham Orchestra's version of The Last Time. What really bugs me about the lawsuit is that the Verve actually did clear the sample! They had the right to use it in their song, but in the copyright holder's opinion (and the court's), they used too much of it. Go figure.
Source: http://en.wikipedia.org/wiki/Bitter_Sweet_Symphony
CJ
Domain Name: GOLDENCASINO.COM
Registrant:
Commonwealth of Kentucky
Michael Brown (secretaryofjustice@ky.gov)
I call him Gamblor, and it's time to snatch our mothers from his neon claws!