Energy cannot be created nor destroyed. There's a finite quantity of it in this universe, and it's not changing. Of course, Planet Earth is constantly gaining energy on a daily basis thanks to the generosity of The Sun.
It shouldn't come as a surprise that any form of energy capture, no matter how you do it is going to take energy out of the environment and that as a result changes the environment. I'm pretty sure if we had massive solar panels all over the place, that'd effect the temperature by taking sunlight that would have heated the ground and diverting it. There's no free source of energy, you've gotta take it from somewhere!
This filing seems to be a little over-hyped here on Slashdot. It most clearly says what Novell's board of directors thought they were agreeing to... but is that what they actually got themselves into? Seeing that statement in a contract signed by both sides would hold a whole lot more value if that can be found.
Owners of small domains, beware: no more computerless vacations that last more than 4 days at a time!
This advice is a bit extreme... you can rest easy so long as you turn on domain locking at your registrar. That'll default all requests for transfer to a fail until it's removed... so all you need to do is keep your password to your domain registrar accout from falling into enemy hands.
Maybe this is a good time to educate the casual website operator about the domain locking feature, and what it's useful for. The new system's assumption is if your domain is unlocked, you're sending out a signal that you're intending for a transfer to happen soon. Maybe the rules should have locking as a default-on thing, but they don't so it's buyer beware for now.
I'm sure everybody who reads Slashdot has been in the position of being asked by their non-geek friends and family about potential purchases... so the customers that Best Buy sees as losers may have a bunch of profitable customers behind them that they could very easily send to Circuit City instead. I wonder if Best Buy's models take that into account.
Best Buy recently changed the terms of their "Reward Zone" package to make it harder to earn certificates, and one specific tactic they are using is deducting the value of rebates from what they count towards earning a certificate. So, picking up a "Free after rebate" deal is now worthless according to their program.
Seriously why does this need a new story? What was wrong with the update posted to the previous article summary?
Because in journalism there's a tradition of printing retractions for mistakes made on page A1 on a future page A1 in order to give the takeback as much exposure as the mistake. Slashdot leveled a rather serious charge of censorship against Google that quickly was proven not to be true.
Furthermore, there's a new piece of news coming out of this mess: Google's being quite slow on the refresh of the image search database.
This just goes to show that/. groupthink isn't always on target, and Google isn't the all-spidering oracle we think it is either.
Google's image search is not to be confused with Google's news search. If you search for Lyndie England against the news search, one of the pictures in question comes up in a thumbnail next to the first set of results. Google had plently of coverage of the Abu Ghraib story on its news pages, and its web search also has plenty of coverage of the topic. If Google was intentionally censoring, you think they woulda tagged all their search engines in the process.
For Google to be 6-months or more behind on reindexing their image storage to me seems about right. The link rot on the image search is starting to get annoying, but we've seen worse from the likes of Alta Vista in the past. Webcrawling seems simple but it's a very bandwidth intense process, and that means it costs money. Image spidering is even more expensive because pictures take up a whole lot more bitspace than HTML docs.
So, move that Slashdot story from earlier today from the Censorship category to the Almighty Buck category. That's the real reason why the pictures weren't there.
I use ExxonMobil's Speedpass from time to time, but I don't quite see why the same thing needs to be attached into a cell phone. Isn't an RFID chip on a keychain enough to do the job?
Perhaps there needs to be a legal definition of spyware
The problem with that is that we'd end up with a law that looks like CAN-SPAM. No law can protect users from agreeing to an EULA they don't fully read... there's no way any law is going to keep WhenU from doing what they're doing since they're one of the "ethical" types that always discloses what they're doing.
One problem that these anti-spyware programs are bound to run into is claims that a "spyware" program is a "legitimate business to consumer marketing connection enabler" by its makers. Afterall, in most cases the user has "agreed" to allow these programs to run by installing something without fully reading the terms of service.
That may be the reason why this group caved... not that money changed hands, but the threat of a lawsuit was waived around.
US election data doesn't compress into simple numbers very easily. I'd recommend those traveling use either a car-mounted or handheld radio... using the radio in AM mode would be highly recommended in most areas because news format stations are typically found there, although there are a few FM news/talk stations in existance.
First off. Expect to know nothing useful until polls close. It's US media tradition not to release exit poll data or make winner projections until the polls in any given state are closed under the theory that early victory news might discurage turnout and affect the outcome. Therefore, don't bother looking for results during the daytime. Nobody's going to be projecting a winner until well into primetime. The only major site that might break this tradition is The Drudge Report, but its unknown what kind of info Drudge will get.
Then there's the complexity of the Electoral College system. Really, there isn't one election happening tomorrow, there's fifty state elections plus one more for D.C. over which slate of electors to send forward. Having a running total of the national popular vote is not useful data because that's data that doesn't lead to anything.
Further complexing things is that there's also hundreds of Congressional races tomorrow because every seat in the House of Representatives and one-third of the Senate come up for re-election as they do every two years. The control of the majority of both of those bodies will be in play tomorrow as well. And let's not forget that many states have ballot question issues and local offices in play as well.
So... when you add it all up there's over 500 seperate races of national importance to consider tomorrow. No small text screen can do it justice... use radio and TV and let them explain it one by one. Sit back, and relax... the pundits will be on all night because there's going to be a lot for them to talk about.
The cookie file gets invalidated... but the problem is if you log back in, instead of getting a new value in your new cookie, apparently you get the same old value again. And worse yet, even if you don't log in again, bringing back that old cookie from the dead is all that's needed to log in.
It's not the experation date on the cookie that's the problem, it's the fact that their database still assocates "your cookie" with your account even if there's no authorized cookie in circulation.
The articles reveal that the basic design of the bug is to snatch the victim's cookie, and then the hacker can use that cookie to get into the account forever more. That cookie will always lead to the victim's account no matter what... even if they log out, even if they change their password, the cookie will still be valid authentication.
The XSS part is just an example of a way to steal the user's cookie. Clearly, any other way you can think of to grab a cookie file would work just as well.
It's a surprisingly bad design by Google standards. By assigning an forever-good cookie value each users account, it eliminates the need to re-login at home after using GMail at a public terminal, but the problem is if that cookie value ever falls into enemy hands the account is compromised and cannot be re-secured. Re-assigning the cookie value at each logon is the more traditional way of securing such things, although that means users who hop between more than one computer or even browser would have re-authenticate every time they changed.
Unfortnately, the exploit affects mostly the userbase in the USA so the Canadian Government couldn't be bothered to write a patch law...
USA/Canada not that bad...
on
Press freedom
·
· Score: 3, Insightful
Here's what they had to say about the USA and Canada
The two North American giants score well
A police raid in Canada on the home of journalist Juliet O'Neil and the national regulatory authority's stand against the pan-Arab radio station Al-Jazeera and the local station CHOI FM downgraded the country to
18th place. Violations of the privacy of sources, persistent problems in granting press visas and the arrest of several journalists during anti-Bush demonstrations kept the United States (22nd) away from the top
of the list.
Really, we're being accused of minor things in the grand scheme of things... the top of the list contries are just small enough to be lucky to have not had any incidents.
Using SMTP as our default e-mail system has got to go...
SMTP is wide open to the kind of attack that is being discussed here. Since there's no authentication of the sender, anybody can send out messages with the "From:" address of the desigated victim, and can smear their reputation into being anything from a spammer to a pornographer.
The only surprise to me is that it took the bad guys this long to make the connection into this being something to make extortion threats over. It's not like this was a well-hidden problem with SMTP, sender spoofing has been done by spammers and phishers for years.
We need to retire this standard and find a better way to move e-mail with the ability to authenticate that the claimed sender is the real sender. It'd solve this problem and a whole bunch of other ones at the same time.
The answer to that is on page 2 of the article... Hilary Rosen, former chair and CEO of the Recording Industry Association of America, is a business and political commentator on CNBC and an adviser to media and technology companies.
I think the idea would be to replace the entire in-dash display console with an LCD monitor that replicates the speedometer and odometer, but can also replace the non-descriptive "Check Engine" light with a scrolling message that gives exact information about the sensed problem instead of requiring somebody with a special chip-reader tool to extract that error message.
For those who haven't bothered to mouse-over that foot icon attached to the story, it's indicates that this story has been attached to a category known as "It's Funny. Laugh". That's the reason why this story made Slashdot.
For instance, Kerry and Edwards have missed something like 80% of the votes on the Senate floor this year.
That stat has been caused by the Republicans who control the Senate. They saw to it that most floor votes would happen while the Democratic presidential-wannabe senators would be out of town, and would suspend floor activity any time they were in town. In short, they made it intentionally hard to campaign and get in on the recorded votes, not knowing which Dem Senator would win, but making sure to muck all of their records.
That's not a perfect solution, because a pardon for any given crime can't be issued before the crime happens. Therefore, he can "suspend" but not fully get rid of the law.
No, if he wanted to he could RIGHT NOW introduce a bill in the Senate to do it.
He has not. What does that tell you?
It tells me that he's busy on the campaign trail and not wasting his time trying to write bills he knows wouldn't pass given the current Senate configuration.
Slashdot Mirror
Energy cannot be created nor destroyed. There's a finite quantity of it in this universe, and it's not changing. Of course, Planet Earth is constantly gaining energy on a daily basis thanks to the generosity of The Sun.
It shouldn't come as a surprise that any form of energy capture, no matter how you do it is going to take energy out of the environment and that as a result changes the environment. I'm pretty sure if we had massive solar panels all over the place, that'd effect the temperature by taking sunlight that would have heated the ground and diverting it. There's no free source of energy, you've gotta take it from somewhere!
This filing seems to be a little over-hyped here on Slashdot. It most clearly says what Novell's board of directors thought they were agreeing to... but is that what they actually got themselves into? Seeing that statement in a contract signed by both sides would hold a whole lot more value if that can be found.
Owners of small domains, beware: no more computerless vacations that last more than 4 days at a time!
This advice is a bit extreme... you can rest easy so long as you turn on domain locking at your registrar. That'll default all requests for transfer to a fail until it's removed... so all you need to do is keep your password to your domain registrar accout from falling into enemy hands.
Maybe this is a good time to educate the casual website operator about the domain locking feature, and what it's useful for. The new system's assumption is if your domain is unlocked, you're sending out a signal that you're intending for a transfer to happen soon. Maybe the rules should have locking as a default-on thing, but they don't so it's buyer beware for now.
I'm sure everybody who reads Slashdot has been in the position of being asked by their non-geek friends and family about potential purchases... so the customers that Best Buy sees as losers may have a bunch of profitable customers behind them that they could very easily send to Circuit City instead. I wonder if Best Buy's models take that into account.
Best Buy recently changed the terms of their "Reward Zone" package to make it harder to earn certificates, and one specific tactic they are using is deducting the value of rebates from what they count towards earning a certificate. So, picking up a "Free after rebate" deal is now worthless according to their program.
Seriously why does this need a new story? What was wrong with the update posted to the previous article summary?
Because in journalism there's a tradition of printing retractions for mistakes made on page A1 on a future page A1 in order to give the takeback as much exposure as the mistake. Slashdot leveled a rather serious charge of censorship against Google that quickly was proven not to be true.
Furthermore, there's a new piece of news coming out of this mess: Google's being quite slow on the refresh of the image search database.
This just goes to show that /. groupthink isn't always on target, and Google isn't the all-spidering oracle we think it is either.
Google's image search is not to be confused with Google's news search. If you search for Lyndie England against the news search, one of the pictures in question comes up in a thumbnail next to the first set of results. Google had plently of coverage of the Abu Ghraib story on its news pages, and its web search also has plenty of coverage of the topic. If Google was intentionally censoring, you think they woulda tagged all their search engines in the process.
For Google to be 6-months or more behind on reindexing their image storage to me seems about right. The link rot on the image search is starting to get annoying, but we've seen worse from the likes of Alta Vista in the past. Webcrawling seems simple but it's a very bandwidth intense process, and that means it costs money. Image spidering is even more expensive because pictures take up a whole lot more bitspace than HTML docs.
So, move that Slashdot story from earlier today from the Censorship category to the Almighty Buck category. That's the real reason why the pictures weren't there.
I use ExxonMobil's Speedpass from time to time, but I don't quite see why the same thing needs to be attached into a cell phone. Isn't an RFID chip on a keychain enough to do the job?
Perhaps there needs to be a legal definition of spyware
The problem with that is that we'd end up with a law that looks like CAN-SPAM. No law can protect users from agreeing to an EULA they don't fully read... there's no way any law is going to keep WhenU from doing what they're doing since they're one of the "ethical" types that always discloses what they're doing.
One problem that these anti-spyware programs are bound to run into is claims that a "spyware" program is a "legitimate business to consumer marketing connection enabler" by its makers. Afterall, in most cases the user has "agreed" to allow these programs to run by installing something without fully reading the terms of service.
That may be the reason why this group caved... not that money changed hands, but the threat of a lawsuit was waived around.
The networks never broadcasted exit polling data before the polls in any given area were closed... that started well before the 2000 debacle.
Handicappers are calling the Senate as 50-54 Republicans
:)
I'll take the under on there being 104 Senators at the end of the night.
Are you sure Wednesday's newspaper will have the winner? It didn't the last go around...
US election data doesn't compress into simple numbers very easily. I'd recommend those traveling use either a car-mounted or handheld radio... using the radio in AM mode would be highly recommended in most areas because news format stations are typically found there, although there are a few FM news/talk stations in existance.
First off. Expect to know nothing useful until polls close. It's US media tradition not to release exit poll data or make winner projections until the polls in any given state are closed under the theory that early victory news might discurage turnout and affect the outcome. Therefore, don't bother looking for results during the daytime. Nobody's going to be projecting a winner until well into primetime. The only major site that might break this tradition is The Drudge Report, but its unknown what kind of info Drudge will get.
Then there's the complexity of the Electoral College system. Really, there isn't one election happening tomorrow, there's fifty state elections plus one more for D.C. over which slate of electors to send forward. Having a running total of the national popular vote is not useful data because that's data that doesn't lead to anything.
Further complexing things is that there's also hundreds of Congressional races tomorrow because every seat in the House of Representatives and one-third of the Senate come up for re-election as they do every two years. The control of the majority of both of those bodies will be in play tomorrow as well. And let's not forget that many states have ballot question issues and local offices in play as well.
So... when you add it all up there's over 500 seperate races of national importance to consider tomorrow. No small text screen can do it justice... use radio and TV and let them explain it one by one. Sit back, and relax... the pundits will be on all night because there's going to be a lot for them to talk about.
The cookie file gets invalidated... but the problem is if you log back in, instead of getting a new value in your new cookie, apparently you get the same old value again. And worse yet, even if you don't log in again, bringing back that old cookie from the dead is all that's needed to log in.
It's not the experation date on the cookie that's the problem, it's the fact that their database still assocates "your cookie" with your account even if there's no authorized cookie in circulation.
The articles reveal that the basic design of the bug is to snatch the victim's cookie, and then the hacker can use that cookie to get into the account forever more. That cookie will always lead to the victim's account no matter what... even if they log out, even if they change their password, the cookie will still be valid authentication.
The XSS part is just an example of a way to steal the user's cookie. Clearly, any other way you can think of to grab a cookie file would work just as well.
It's a surprisingly bad design by Google standards. By assigning an forever-good cookie value each users account, it eliminates the need to re-login at home after using GMail at a public terminal, but the problem is if that cookie value ever falls into enemy hands the account is compromised and cannot be re-secured. Re-assigning the cookie value at each logon is the more traditional way of securing such things, although that means users who hop between more than one computer or even browser would have re-authenticate every time they changed.
Unfortnately, the exploit affects mostly the userbase in the USA so the Canadian Government couldn't be bothered to write a patch law...
Here's what they had to say about the USA and Canada The two North American giants score well A police raid in Canada on the home of journalist Juliet O'Neil and the national regulatory authority's stand against the pan-Arab radio station Al-Jazeera and the local station CHOI FM downgraded the country to 18th place. Violations of the privacy of sources, persistent problems in granting press visas and the arrest of several journalists during anti-Bush demonstrations kept the United States (22nd) away from the top of the list. Really, we're being accused of minor things in the grand scheme of things... the top of the list contries are just small enough to be lucky to have not had any incidents.
Using SMTP as our default e-mail system has got to go...
SMTP is wide open to the kind of attack that is being discussed here. Since there's no authentication of the sender, anybody can send out messages with the "From:" address of the desigated victim, and can smear their reputation into being anything from a spammer to a pornographer.
The only surprise to me is that it took the bad guys this long to make the connection into this being something to make extortion threats over. It's not like this was a well-hidden problem with SMTP, sender spoofing has been done by spammers and phishers for years.
We need to retire this standard and find a better way to move e-mail with the ability to authenticate that the claimed sender is the real sender. It'd solve this problem and a whole bunch of other ones at the same time.
who's paying the bitch now?
The answer to that is on page 2 of the article...
Hilary Rosen, former chair and CEO of the Recording Industry Association of America, is a business and political commentator on CNBC and an adviser to media and technology companies.
Basically, she's a professional pundit now.
I think the idea would be to replace the entire in-dash display console with an LCD monitor that replicates the speedometer and odometer, but can also replace the non-descriptive "Check Engine" light with a scrolling message that gives exact information about the sensed problem instead of requiring somebody with a special chip-reader tool to extract that error message.
Why?
For those who haven't bothered to mouse-over that foot icon attached to the story, it's indicates that this story has been attached to a category known as "It's Funny. Laugh". That's the reason why this story made Slashdot.
Why this was done in the first place? Dunno...
For instance, Kerry and Edwards have missed something like 80% of the votes on the Senate floor this year.
That stat has been caused by the Republicans who control the Senate. They saw to it that most floor votes would happen while the Democratic presidential-wannabe senators would be out of town, and would suspend floor activity any time they were in town. In short, they made it intentionally hard to campaign and get in on the recorded votes, not knowing which Dem Senator would win, but making sure to muck all of their records.
That's not a perfect solution, because a pardon for any given crime can't be issued before the crime happens. Therefore, he can "suspend" but not fully get rid of the law.
No, if he wanted to he could RIGHT NOW introduce a bill in the Senate to do it.
He has not. What does that tell you?
It tells me that he's busy on the campaign trail and not wasting his time trying to write bills he knows wouldn't pass given the current Senate configuration.