Isn't that what Microsoft was saying would happen if Windows wasn't required to be preloaded on every computer in America? Do you feel bad proving them right?
Start with the CLI, back when I started work on appleII and dos machines, CLI was all there was.. and it was a good thing, because I learned early on, that you don't ask "what am I supposed to do", but rather "what can I do".
What I learned from starting on a CLI was that if you type everything correctly, nothing happens. You only get feedback if you do something wrong. This was not only excellent preparation for a career in computers but also for dealing with women...
The world's largest PC maker had persuaded Gov. Gray Davis to veto an innovative e-waste measure in October. Encouraged by HP's shift, state Sen. Byron Sher, D-San Jose, author of the defeated bill, resubmitted e-waste legislation Monday, the opening day of the new legislative session.
How sad is it that this hugely important piece of legislation is not swayed by the voters but rather by the money required to buy them.
Despite the fact that this rather funny article on CHAP claims that reverse-MD5'ing a password is hard, any one way hash is going to be hit hard by a decent dictionary attack, especially since you get to go offline and attack it with as much computing power as you want.
Well, Intel and Apple. Notice that the license is "OSI approved" rather than GPL? This means that code contributed to the CDSA can be pulled into closed source projects, unlike OpenSSL code which must remain free.
Nomination for Best Diagram Ever. I really wish my "Introduction to MicroProcessors" had had something like that; instead we were drowned in the whiteboard handwavings of a man with an accent I could hardly understand. Maybe this guy should spin this off into a book, make a killing selling it to Undergrad CS students lost in space...
This opens the door to massive corruption if insecure firms pay off security reporters.
Your argument is that this open change in their disclosure policy is a slippery slope to behind-the-scenes cash-for-silence deals. In my mind, the threat of such deals is not influenced whatsoever by the open and stated policy of ISS but rather by their corporate ethics. ISS and other security companies which deal with the government gain vast swaths of revenue due to the fact that they retain their integrity by laying out rules and following them. A single deal of the type that you mention would put the profits of the entire company and all its public shareholders at risk.
In short, I believe your hypothesis is unfounded.
Consider the irony of the fact that even though the disclosure of new vulnerabilities is now confidential, the method of notification will most likely be unencrypted email.
Have you noticed that they pick their targets? Slashdot posted the Black Friday list too but so far they haven't been threatened - probably because Wal-Mart is scared of going up against a real corporation like Andover.net. They're picking on people they believe are weak enough to buckle under to the DMCA.
Slashdot Mirror
Isn't that what Microsoft was saying would happen if Windows wasn't required to be preloaded on every computer in America? Do you feel bad proving them right?
Hahahah! That's so dumb!
What would you have recommended as a backup solution?
Combined with another 500 anecdotes and trended, this could be useful data!
What I learned from starting on a CLI was that if you type everything correctly, nothing happens. You only get feedback if you do something wrong. This was not only excellent preparation for a career in computers but also for dealing with women...
...the kind who are likely to go out and earn $80,000/yr in a post-90s economy.
Holy crap, you're teaching future RIAA lawyers?!? How could you?
Right. So, TuxRacer Mon-Thursday, Friday Esc-X-doctor?
That's interesting. Let me create, then, an "ancient Chinese secret":
while true; do wget http://site.intermittent.com;sleep 60;done
How sad is it that this hugely important piece of legislation is not swayed by the voters but rather by the money required to buy them.
It makes me ill.
Robert, great point.
Despite the fact that this rather funny article on CHAP claims that reverse-MD5'ing a password is hard, any one way hash is going to be hit hard by a decent dictionary attack, especially since you get to go offline and attack it with as much computing power as you want.
In short, bad idea.
Any chance we'll see StackGuard for Sparc architecture?
Well, Intel and Apple. Notice that the license is "OSI approved" rather than GPL? This means that code contributed to the CDSA can be pulled into closed source projects, unlike OpenSSL code which must remain free.
Avoid at all costs, I say.
Nomination for Best Diagram Ever. I really wish my "Introduction to MicroProcessors" had had something like that; instead we were drowned in the whiteboard handwavings of a man with an accent I could hardly understand. Maybe this guy should spin this off into a book, make a killing selling it to Undergrad CS students lost in space...
This opens the door to massive corruption if insecure firms pay off security reporters.
Your argument is that this open change in their disclosure policy is a slippery slope to behind-the-scenes cash-for-silence deals. In my mind, the threat of such deals is not influenced whatsoever by the open and stated policy of ISS but rather by their corporate ethics. ISS and other security companies which deal with the government gain vast swaths of revenue due to the fact that they retain their integrity by laying out rules and following them. A single deal of the type that you mention would put the profits of the entire company and all its public shareholders at risk. In short, I believe your hypothesis is unfounded.
Consider the irony of the fact that even though the disclosure of new vulnerabilities is now confidential, the method of notification will most likely be unencrypted email.
- "That's not a vulnerability."
- "That vulnerability is purely theoretical"
- "We're not fixing it, and if you release information about it, we'll sue you."
- "What's a vulnerability?"
- "la la la la la la la la la"
In short, any response to the lines of "go ahead, we ain't fixing it".As with anything ISS says, I recommend waiting for precedent before predicting that they're going to treat anyone fairly. Hopefully you are correct.
Have you noticed that they pick their targets? Slashdot posted the Black Friday list too but so far they haven't been threatened - probably because Wal-Mart is scared of going up against a real corporation like Andover.net. They're picking on people they believe are weak enough to buckle under to the DMCA.
Good for Tim. Let's support him.