Ignoring public officials, that seems a very American view on how to treat criminals.
If someone is caught for a petty crime 15 years ago, should it be returned against a search history now if they have never committed another offence?
The law as it stands in most of Europe doesn't delete the record of such a crime having happened, but does hide that information to encourage offenders to rehabilitate and become a non-criminal and regular member of society. Without the prospect of ever being able to live normally once an indiscretion has occurred, what would motivate an offender to stop offending? There's a sweet spot between the first crime and the third petty crime in which you could deter someone from that life of crime, but after that point and after a jail sentence you are unlikely to reform that person. But without the option of rehabilitation you are unlikely to reform *any* offender.
This would also allow nation states to use the increasing threat of police intrusion as a deterrence and counter-opposition tool. Any arrest and any record that can be made to stick would reverberate forwards in time affecting that person in numerous ways... if petty offences cannot be forgotton or moved on from.
Once you accept that for some petty crimes (i.e. drunk and disorderly on a stag do that got out of hand, or something equally likely that it could entrap almost anyone) the search engine should reflect the sensible law that states this should be forgotten by almost everyone (not those in certain positions)... then where is the line drawn?
At one extreme murderers should not be forgotten, nor convicted rapists... but at the other end speeding offences, drunk and disorderly, shoplifting, those shouldn't upend a life. Somewhere between those points is the fuzzy line where stuff on one side should be forgotten, other stuff remembered.
Before this ruling Google ignored that line and treated everyone to the joy of living forever with the consequences of their actions without ever being able to make good. After this ruling, Google are forced to apply some basis for allowing some people to move on.
Then of course... where to start with public officials. Those who wish the world to be a better place and work towards it don't deserve a lack of privacy. They certainly need to be transparent in their roles and to sustain trust in their position, but these are different things. A fuzzy line appears once more, intrusions on the identity of the children of a public official is too much, they never voluntarily agreed to give up a level of privacy, and yet no questioning of the financial situation of an official is too little as their trust should be earned and not presumed.
In both cases, either extreme (no privacy nor right to be forgotten, full privacy and past deleted) is clearly wrong.
Install Rockbox (open source firmware for MP3 players) on the Sansa Clip+. Configure to record on the Sansa Clip+ microphone in.wav format. Give a Sansa Clip+ to every person you want to record the audio for. Have every person start recording at roughly the same time, leave for 5 hours.
Gather all Sansa Clip+s at the end of the session, and extract the.wav file. 10-participants = 10-track equivalent audio recording of the session.
Mix and fade between the tracks to isolate the audio of single conversations between participants.
He basically has created a relatively inexpensive and reliable way to get this audio. Much like using multiple Go Pro cameras to record action of sports events beats out using professional equipment (and in some ways has become professional equipment). He's arguing that the Sansa Clip+ together with the Rockbox open source firmware, is a better solution than using professional radio mic's and then having recording equipment receive those signals and store them on disk for editing later.
I've no idea how "crowdsourced" fits into this though, nor how this is anything more than an advert even though the solution is a little interesting. It's useful enough and potentially cheap that you might imagine giving everyone at a Ted one of these as the conversations caught off-record might be even more valuable than the sessions.
I was afraid that my girl might find it difficult to use or overly technical, but once I explained how it worked and supported her through the setup of it, it's been working brilliantly.
Basically any new machine that you connect to Gmail from requires not just your password (something you know) but also the code generated from the supplied app (on our Android phones - something you have).
The key to internet security is to always have 2 out of the 3 following things: 1) something you know (passwords, answers to secret questions, etc) 2) something you have (physical keys, dongles, RSA SecurID) 3) something you are (biometrics, fingerprints, etc)
Google as yet, are the only major provider of email offering security that can use 2 factor auth by the something you know and something you have.
It's really worth turning it on, just for peace of mind.
You know the moon is moving away from Earth at a verifiable few centimetres a year? Well if you extrapolate backwards it's obvious that the dinosaurs are extinct because the moon hit them on the head... doosh! That'd make you extinct pretty fast.
I've moved a site from Linode New Jersey to Linode London, UK because the target audience are in London ( http://www.lfgss.com/ ).
However in Google Webmaster Tools the page load time increased, suggesting that the measurements are being calculated from US datacentres, even though for the target audience the speed increased and page load time decreased.
I would like to see Google use the geographic target preference and to have the nearest datacentre to the target be the one that performs the measurement... or better still to have both a local and remote datacentre perform every measurement and then find a weighted time between them that might reflect real-world usage.
Otherwise if I'm being sent the message that I am being penalised for not hosting close to a Google datacentre from where the measurements are calculated, then I will end up moving there in spite of the fact that this isn't the right thing for my users.
If you allow the user to have multiple shopping lists, and then take each list to the checkout rather than a basket... then one-click doesn't apply, right?
In the UK there is a chain of brick and mortar stores called Argos. You don't have a shopping trolley, cart or basket... you have a bit of paper on which you write the codes of the items you want and you take that to the checkout and then once paid someone gets them from the warehouse and brings them to the counter near the exit.
You can have multiple lists, and pay separately. Thus, this is not a shopping cart.
By taking the idea of shopping lists online it's feasible that the multiplicity of lists breaks the existing cart definition enough to allow one-click.
Actually one-click becomes even easier then... as it's just one of many lists that you have... a buy-now list, a buy-later list... a gift-list... etc.
Having worked in the industry for over a decade, the secret motto is "This would be a great business if wasn't for the bands".
The view is generally that they are prima-donnas that dislike selling their product and think they're artists.
Now they've updated it to be both the bands and consumers you have to wonder whether they've realised what they're admitting... that they're just an intermediary.
Effectively it gives the ISP the ability to remove the adverts that fund 60% of our costs and replace them with adverts for which they would receive the entire revenue stream.
My site is funded by adverts (60%) merchandise (30%) and donations (10%).
I'm fairly sure that the community would step up and purchase more stuff and donate more, but I don't think it's realistic that this could be sustained, whereas the advertising revenue is reasonably constant.
I believe that if Phorm becomes ubiquitous that I would have to question seriously how to find the website, and would probably have to remove all adverts and to seek to have the costs covered exclusively through other means. As I'm unsure of the feasibility of this, I would have to say that in my case the loss of that revenue would threaten my ability to continue running the site, especially under the risk of redundancy in the near/mid future.
I've already implemented the Phorm opt-out cookies, and written to my local MP (who couldn't care less from the generic response I got), so it's great to see the EU step up where the UK seems to have failed.
If you get arrested, and they charge you some for some piddling small offense, then you've just gone and screwed your freedom to travel permanently.
Any trip this Briton would make to the USA or another country will now not be eligible under Visa Waiver Programs as a criminal record (when not a driving offence) requires that you obtain a visa to travel. The US embassy visa process takes 31 weeks from end to end (starting to gather pre-requisites through to obtaining a B1/B2 visa in your passport).
And to go through that process I'd have to give a foreign government far more information than that which I would have had to give the people at Terminal 5.
Civil disobedience in this day and age just marks you negatively for the rest of your life. Unless the action is large and total, it just wouldn't work. And most people don't want to fight, they want to get on their plane and reach their destination.
I personally think we've long ago crossed the line into being a surveillance world. All countries, not just the UK.
When I go to the US my details are taken, my fingerprints, photos, credit card numbers that were used to book the flight, which hotel I'm staying at, departure date, hire car details.
It already is the case that every move I make I consider the possible future ramifications of that move and how any action now might affect me in 15 years time.
This all reminds me of the Stasi. We're all spying on each other now, and all of that data business and government hold and will use against use. Be it credit refusal, travel restrictions, political control. We're already there.
The tools are already in existence to secure communications, and they are already in use. The flaw in the system is not the domain names or secure connections but the users who are deceived into accessing other sites and to give up personal details..safe will not end deceptive practices, especially when success = money.
Education is the way to secure users, that and banks and other entities that really require security to actually employing some decent security.
What's that thing again? You're only secure is you have two out of three of the following; Something you know, something you have, and something you are. Many financial institutions continue to base their entire security on just one of those things, of course this is made a mockery of with the aid of a little social engineering.
Any book out there is merely a collection of public-domain words, it's the arrangement or them into a single collection that is copyrighted.
A database is little difference.
There is of course time and effort spent in creating the collection, and some of the interpretation could be argued to be a creative effort in and of itself.
A map is public-domain knowledge, but the compiled article is copyrighted. It's hard to imagine why this database should be exempt from copyright when every other instance of compiled public knowledge I can think of right now is copyrighted.
It's a problem with web services that comes from an assumption that JavaScript cross-domain security is in place.
When you surface data via Xml web services, you can only call the web service on the domain that the JavaScript calling it originates from. So if you write your web services with AJAX in mind exclusively, then you have made the assumption that JavaScript is securing your data.
The problem is created at two points: 1) When you rely on cookies to perform the implicit authentication that reveals the data. 2) When you allow rendering of the data in JSON which bypasses JavaScript cross-domain security.
This can be solved by doing two things: 1) Make one of the parameters to a web service a security token that authenticates the request. 2) Make the security token time-sensitive (a canary) so that a compromised token does not work if sniffed and used later.
The security token should be gathered by authenticating the user according to a mechanism that the user controls. Think of the way that the Flickr API asks you to grant an application access to your data.
Anyhow, use the noscript extension in Firefox to ensure that your data is not compromised, as you will be able to choose to block the script from running, and in doing so prevent others from gaining access to your data.
The Internet Exporer alternative is to disable JavaScript, but few people ever do this because too few sites (especially Web2.0 sites) degrade gracefully when JavaScript is disabled.
The 25-year-old... died on Sept. 8 from head injuries he received Sept. 2 when [the driver] hit him with her car because she was downloading ring tones to her cell phone instead of paying attention to driving.
Until we get autonomous vehicles that can take us from A to B without a driving having to pay attention, can we stop surrounding the driver with every means under the sun to not be paying attention.
In the case of DRM, the system is setup to block comprised clients at the server level immediately.
In the case of DRM, backup DRM methods are already pre-written and ready to ship.
As soon as a system is compromised, the existing method is deactivated, servers notified to deny licenses, and the new system is delivered via the servers.
They are able to 'patch' this so quickly because they already had it written months, if not years, ago. Just like when this one gets compromised, they will be able to 'patch' as fast because they already have the next backup DRM method already on the shelf waiting.
They know this is a game with those who circumvent DRM, and a game which requires time for each DRM method to be circumvented. So they build a store of different methods of DRM and when one is circumvented they release the next. The game continues... and time is currently on the side of Microsoft as they have their next few moves on the shelf ready.
Hi, I was going to avoid this little flamewar as I have a biased viewpoint*, but I feel compelled to address this ditty:
"Sharepoint offers unlimited hierarchy. The big problem in Sharepoint is security. You can set security on a respository but not on folders or documents. As far as I can determine, Windows authentication is required. This can be a real problem in a large corporation where various parts of the business have their own domains or active directory trees that aren't configured to trust the other domains or directories. Also, documents are differentiated and versioned entirely based on filename."
This was true of WSS v2 (as reviewed). However, WSS v3 offers true item level security across all lists (including documents), across all sites.
We were given the simple scenario of: "Bill G didn't like the idea that the board level minutes were accessible by any sysadmin with access to the site."
It's a fair point, who would trust WSS as a document repository if there is no security around some of the most sensitive documents in an organisation.
As a result, we now have per-item permission, audit trails, etc.
On the permissioning, the next version uses Kerberos by default, and not NTLM. This is also true of the latest service pack version of WSS v2. So Windows Auth is *not* an absolute given, you get to choose... and Kerberos is what you get by default now.
Document versioning remains similar... with versions of a document being seperate items in a WSS list. However this need not be an achilles heal, you could add work flow to check for a unique identifier on an Office XML document, and if not present, prompt the user to enter it... and if present look for existing documents and version based on the property rather than the filename. Having Windows Workflow Services available with such a rich set of hooks means that gripes like this can easily be resolved, and at the same time document management can be enhanced, as you could enforce organisation wide document numbering policies.
I will be the first to complain about the WSS v2 featureset, and some of it's limitations - just try and customise a template;) - however the vast majority of issues that I had with WSS v2 have been resolved in WSS v3. In fact, only one issue remains in my mind: Cross-site querying using web services. The scenario being multiple Project Workspaces created from the same template, how do you query all high impact Issues across all Projects? At the moment and in the future, the answer is to build your own web service and use the object model to go through each site... an answer which isn't really desirable given that it would produce more SQL queries under the bonnet than is really necessary.
Anyhow, the majority of WSS problems are resolved in the beta's for WSS v3 issued just a few days ago.
Here's hoping I didn't just breach a load of NDA's by declaring that WSS v3 is actually not as bad as v2!
* Declaration of interest: I'm a member of the Content & Collaboration Developer Advisory Council for Microsoft, basically one of a group of about 20 or 30 people representing major partners who get early access to and are able to give early feedback and advice on the Windows Sharepoint Services range of products.
I am actually doing very much the same... abandoning support for MS crapware to all family members and friends.
The reason will be simple: I don't use Vista, and I have no idea how to solve whatever problem you're experiencing.
You see, I'm moving to Ubuntu or Mepis (I still have a whole year or two to make my mind up! Maybe something new will come along) once Windows XP looks like it's drawing close to it's death.
I look at Ubuntu bi-monthly now, and I like what I see. Is it yet at the point where I want to make it my primary system? Nope... I'm day to day Windows still. But each time I look, more of those nagging doubts have evaporated, more of those features and usability tweaks I want have appeared.
By the time I have to face the question of what my next operating system will be, it will no longer be a single answer (whatever the next M$ system is), it will be a choice between a Linux (Ubuntu or Mepis are most likely), and Vista. And given the way that those answers are evolving (hey, Linux need do nothing so long as DRM crapware infests Vista!)... it looks like Linux is going to win hands down.
And in switching... I get to abandon all technical support to anyone on Windows, and let them know that if they want to use Linux, I'll happily help them with whatever problems they have, as I will be in a place to be able to help them.
Most buyers are dumb. They glaze over when they see a bargain and a good salesman can shift the car before anyone is aware what has happened. You put an advert in the paper version of loot.com and by the time the buyer knows what has happened the seller is nowhere to be found.
You'd never resell via a garage, but to realise 75% of the trade value of a stolen car is an enormous margin and makes the hassle of the above procudure worth doing.
1) Take a written off car, buy it from a scrap yard (with papers) before it is marked as being destroyed by DVLA, but after insurance has paid out to the original owners.
2) Steal identical new car.
3) Use the plates, chassis numbers and papers from the written off car and transfer them to the new car.
4) ???
5) Profit!
Actually, 4 is to sell the stolen car as a repaired written-off car. Usually for only 75% of the trade value.
Re:Hard to admit, but that is quite clever
on
Sober Code Cracked
·
· Score: 4, Insightful
"why do talented people waste their abilities on viruses?"
Money? Acclaim (within a small community)? Politics?
I would guess money. Spam pays very well, and a lot of viruses and worms have had monetary ulterior motives, as always, follow the money.
Slashdot Mirror
Ignoring public officials, that seems a very American view on how to treat criminals.
If someone is caught for a petty crime 15 years ago, should it be returned against a search history now if they have never committed another offence?
The law as it stands in most of Europe doesn't delete the record of such a crime having happened, but does hide that information to encourage offenders to rehabilitate and become a non-criminal and regular member of society. Without the prospect of ever being able to live normally once an indiscretion has occurred, what would motivate an offender to stop offending? There's a sweet spot between the first crime and the third petty crime in which you could deter someone from that life of crime, but after that point and after a jail sentence you are unlikely to reform that person. But without the option of rehabilitation you are unlikely to reform *any* offender.
This would also allow nation states to use the increasing threat of police intrusion as a deterrence and counter-opposition tool. Any arrest and any record that can be made to stick would reverberate forwards in time affecting that person in numerous ways... if petty offences cannot be forgotton or moved on from.
Once you accept that for some petty crimes (i.e. drunk and disorderly on a stag do that got out of hand, or something equally likely that it could entrap almost anyone) the search engine should reflect the sensible law that states this should be forgotten by almost everyone (not those in certain positions)... then where is the line drawn?
At one extreme murderers should not be forgotten, nor convicted rapists... but at the other end speeding offences, drunk and disorderly, shoplifting, those shouldn't upend a life. Somewhere between those points is the fuzzy line where stuff on one side should be forgotten, other stuff remembered.
Before this ruling Google ignored that line and treated everyone to the joy of living forever with the consequences of their actions without ever being able to make good. After this ruling, Google are forced to apply some basis for allowing some people to move on.
Then of course... where to start with public officials. Those who wish the world to be a better place and work towards it don't deserve a lack of privacy. They certainly need to be transparent in their roles and to sustain trust in their position, but these are different things. A fuzzy line appears once more, intrusions on the identity of the children of a public official is too much, they never voluntarily agreed to give up a level of privacy, and yet no questioning of the financial situation of an official is too little as their trust should be earned and not presumed.
In both cases, either extreme (no privacy nor right to be forgotten, full privacy and past deleted) is clearly wrong.
tl:dr Recipe for recording the audio of multiple individuals in a large crowd.
Ingredients:
Sandisk Sansa Clip+ MP3 Player - http://www.sandisk.co.uk/products/sansa-music-and-video-players/sandisk-sansa-clipplus-mp3-player
Rockbox - http://www.rockbox.org/
Instructions:
Install Rockbox (open source firmware for MP3 players) on the Sansa Clip+. Configure to record on the Sansa Clip+ microphone in .wav format. Give a Sansa Clip+ to every person you want to record the audio for. Have every person start recording at roughly the same time, leave for 5 hours.
Gather all Sansa Clip+s at the end of the session, and extract the .wav file. 10-participants = 10-track equivalent audio recording of the session.
Mix and fade between the tracks to isolate the audio of single conversations between participants.
He basically has created a relatively inexpensive and reliable way to get this audio. Much like using multiple Go Pro cameras to record action of sports events beats out using professional equipment (and in some ways has become professional equipment). He's arguing that the Sansa Clip+ together with the Rockbox open source firmware, is a better solution than using professional radio mic's and then having recording equipment receive those signals and store them on disk for editing later.
I've no idea how "crowdsourced" fits into this though, nor how this is anything more than an advert even though the solution is a little interesting. It's useful enough and potentially cheap that you might imagine giving everyone at a Ted one of these as the conversations caught off-record might be even more valuable than the sessions.
Have you guys not tried the 2 factor authentication yet?
http://googleblog.blogspot.com/2011/02/advanced-sign-in-security-for-your.html
I was afraid that my girl might find it difficult to use or overly technical, but once I explained how it worked and supported her through the setup of it, it's been working brilliantly.
Basically any new machine that you connect to Gmail from requires not just your password (something you know) but also the code generated from the supplied app (on our Android phones - something you have).
The key to internet security is to always have 2 out of the 3 following things:
1) something you know (passwords, answers to secret questions, etc)
2) something you have (physical keys, dongles, RSA SecurID)
3) something you are (biometrics, fingerprints, etc)
Google as yet, are the only major provider of email offering security that can use 2 factor auth by the something you know and something you have.
It's really worth turning it on, just for peace of mind.
You know the moon is moving away from Earth at a verifiable few centimetres a year? Well if you extrapolate backwards it's obvious that the dinosaurs are extinct because the moon hit them on the head... doosh! That'd make you extinct pretty fast.
Cold hard science here guys... it's undeniable.
Whenever you read something like "more than 369 signatures" it really just means "370 signatures"
Where are the measuring *from*?
I've moved a site from Linode New Jersey to Linode London, UK because the target audience are in London ( http://www.lfgss.com/ ).
However in Google Webmaster Tools the page load time increased, suggesting that the measurements are being calculated from US datacentres, even though for the target audience the speed increased and page load time decreased.
I would like to see Google use the geographic target preference and to have the nearest datacentre to the target be the one that performs the measurement... or better still to have both a local and remote datacentre perform every measurement and then find a weighted time between them that might reflect real-world usage.
Otherwise if I'm being sent the message that I am being penalised for not hosting close to a Google datacentre from where the measurements are calculated, then I will end up moving there in spite of the fact that this isn't the right thing for my users.
If you allow the user to have multiple shopping lists, and then take each list to the checkout rather than a basket... then one-click doesn't apply, right?
In the UK there is a chain of brick and mortar stores called Argos. You don't have a shopping trolley, cart or basket... you have a bit of paper on which you write the codes of the items you want and you take that to the checkout and then once paid someone gets them from the warehouse and brings them to the counter near the exit.
You can have multiple lists, and pay separately. Thus, this is not a shopping cart.
By taking the idea of shopping lists online it's feasible that the multiplicity of lists breaks the existing cart definition enough to allow one-click.
Actually one-click becomes even easier then... as it's just one of many lists that you have... a buy-now list, a buy-later list... a gift-list... etc.
Would this be enough?
And the bands.
Having worked in the industry for over a decade, the secret motto is "This would be a great business if wasn't for the bands".
The view is generally that they are prima-donnas that dislike selling their product and think they're artists.
Now they've updated it to be both the bands and consumers you have to wonder whether they've realised what they're admitting... that they're just an intermediary.
I'm extremely concerned by Phorm.
Effectively it gives the ISP the ability to remove the adverts that fund 60% of our costs and replace them with adverts for which they would receive the entire revenue stream.
My site is funded by adverts (60%) merchandise (30%) and donations (10%).
I'm fairly sure that the community would step up and purchase more stuff and donate more, but I don't think it's realistic that this could be sustained, whereas the advertising revenue is reasonably constant.
I believe that if Phorm becomes ubiquitous that I would have to question seriously how to find the website, and would probably have to remove all adverts and to seek to have the costs covered exclusively through other means. As I'm unsure of the feasibility of this, I would have to say that in my case the loss of that revenue would threaten my ability to continue running the site, especially under the risk of redundancy in the near/mid future.
I've already implemented the Phorm opt-out cookies, and written to my local MP (who couldn't care less from the generic response I got), so it's great to see the EU step up where the UK seems to have failed.
HSBC in the UK actually implement their in-bank kiosks using Internet Explorer.
I know this because one of them encountered a script error and showed me the debug dialog.
It would be a gross understatement to say I was unimpressed (and I now bank with someone else, and yes discovering IE powered kiosks was the reason).
Civil disobedience doesn't work any more.
If you get arrested, and they charge you some for some piddling small offense, then you've just gone and screwed your freedom to travel permanently.
Any trip this Briton would make to the USA or another country will now not be eligible under Visa Waiver Programs as a criminal record (when not a driving offence) requires that you obtain a visa to travel. The US embassy visa process takes 31 weeks from end to end (starting to gather pre-requisites through to obtaining a B1/B2 visa in your passport).
And to go through that process I'd have to give a foreign government far more information than that which I would have had to give the people at Terminal 5.
Civil disobedience in this day and age just marks you negatively for the rest of your life. Unless the action is large and total, it just wouldn't work. And most people don't want to fight, they want to get on their plane and reach their destination.
I personally think we've long ago crossed the line into being a surveillance world. All countries, not just the UK.
When I go to the US my details are taken, my fingerprints, photos, credit card numbers that were used to book the flight, which hotel I'm staying at, departure date, hire car details.
It already is the case that every move I make I consider the possible future ramifications of that move and how any action now might affect me in 15 years time.
This all reminds me of the Stasi. We're all spying on each other now, and all of that data business and government hold and will use against use. Be it credit refusal, travel restrictions, political control. We're already there.
My original link was: // www . barclaysbank . safe @ mydomain . com /
http :
It's nice to see that slashdot takes care of that anyway.
http://mydomain.com/
;)
.safe will not end deceptive practices, especially when success = money.
I can see this working already
The tools are already in existence to secure communications, and they are already in use. The flaw in the system is not the domain names or secure connections but the users who are deceived into accessing other sites and to give up personal details.
Education is the way to secure users, that and banks and other entities that really require security to actually employing some decent security.
What's that thing again? You're only secure is you have two out of three of the following; Something you know, something you have, and something you are. Many financial institutions continue to base their entire security on just one of those things, of course this is made a mockery of with the aid of a little social engineering.
Any book out there is merely a collection of public-domain words, it's the arrangement or them into a single collection that is copyrighted.
A database is little difference.
There is of course time and effort spent in creating the collection, and some of the interpretation could be argued to be a creative effort in and of itself.
A map is public-domain knowledge, but the compiled article is copyrighted. It's hard to imagine why this database should be exempt from copyright when every other instance of compiled public knowledge I can think of right now is copyrighted.
It's a problem with web services that comes from an assumption that JavaScript cross-domain security is in place.
When you surface data via Xml web services, you can only call the web service on the domain that the JavaScript calling it originates from. So if you write your web services with AJAX in mind exclusively, then you have made the assumption that JavaScript is securing your data.
The problem is created at two points:
1) When you rely on cookies to perform the implicit authentication that reveals the data.
2) When you allow rendering of the data in JSON which bypasses JavaScript cross-domain security.
This can be solved by doing two things:
1) Make one of the parameters to a web service a security token that authenticates the request.
2) Make the security token time-sensitive (a canary) so that a compromised token does not work if sniffed and used later.
The security token should be gathered by authenticating the user according to a mechanism that the user controls. Think of the way that the Flickr API asks you to grant an application access to your data.
Anyhow, use the noscript extension in Firefox to ensure that your data is not compromised, as you will be able to choose to block the script from running, and in doing so prevent others from gaining access to your data.
The Internet Exporer alternative is to disable JavaScript, but few people ever do this because too few sites (especially Web2.0 sites) degrade gracefully when JavaScript is disabled.
Until we get autonomous vehicles that can take us from A to B without a driving having to pay attention, can we stop surrounding the driver with every means under the sun to not be paying attention.
Last post!
That they didn't have the bug pre-patched?
In the case of DRM, the system is setup to block comprised clients at the server level immediately.
In the case of DRM, backup DRM methods are already pre-written and ready to ship.
As soon as a system is compromised, the existing method is deactivated, servers notified to deny licenses, and the new system is delivered via the servers.
They are able to 'patch' this so quickly because they already had it written months, if not years, ago. Just like when this one gets compromised, they will be able to 'patch' as fast because they already have the next backup DRM method already on the shelf waiting.
They know this is a game with those who circumvent DRM, and a game which requires time for each DRM method to be circumvented. So they build a store of different methods of DRM and when one is circumvented they release the next. The game continues... and time is currently on the side of Microsoft as they have their next few moves on the shelf ready.
Hi, I was going to avoid this little flamewar as I have a biased viewpoint*, but I feel compelled to address this ditty:
;) - however the vast majority of issues that I had with WSS v2 have been resolved in WSS v3. In fact, only one issue remains in my mind: Cross-site querying using web services. The scenario being multiple Project Workspaces created from the same template, how do you query all high impact Issues across all Projects? At the moment and in the future, the answer is to build your own web service and use the object model to go through each site... an answer which isn't really desirable given that it would produce more SQL queries under the bonnet than is really necessary.
"Sharepoint offers unlimited hierarchy. The big problem in Sharepoint is security. You can set security on a respository but not on folders or documents. As far as I can determine, Windows authentication is required. This can be a real problem in a large corporation where various parts of the business have their own domains or active directory trees that aren't configured to trust the other domains or directories. Also, documents are differentiated and versioned entirely based on filename."
This was true of WSS v2 (as reviewed). However, WSS v3 offers true item level security across all lists (including documents), across all sites.
We were given the simple scenario of: "Bill G didn't like the idea that the board level minutes were accessible by any sysadmin with access to the site."
It's a fair point, who would trust WSS as a document repository if there is no security around some of the most sensitive documents in an organisation.
As a result, we now have per-item permission, audit trails, etc.
On the permissioning, the next version uses Kerberos by default, and not NTLM. This is also true of the latest service pack version of WSS v2. So Windows Auth is *not* an absolute given, you get to choose... and Kerberos is what you get by default now.
Document versioning remains similar... with versions of a document being seperate items in a WSS list. However this need not be an achilles heal, you could add work flow to check for a unique identifier on an Office XML document, and if not present, prompt the user to enter it... and if present look for existing documents and version based on the property rather than the filename. Having Windows Workflow Services available with such a rich set of hooks means that gripes like this can easily be resolved, and at the same time document management can be enhanced, as you could enforce organisation wide document numbering policies.
I will be the first to complain about the WSS v2 featureset, and some of it's limitations - just try and customise a template
Anyhow, the majority of WSS problems are resolved in the beta's for WSS v3 issued just a few days ago.
Here's hoping I didn't just breach a load of NDA's by declaring that WSS v3 is actually not as bad as v2!
* Declaration of interest: I'm a member of the Content & Collaboration Developer Advisory Council for Microsoft, basically one of a group of about 20 or 30 people representing major partners who get early access to and are able to give early feedback and advice on the Windows Sharepoint Services range of products.
I am actually doing very much the same... abandoning support for MS crapware to all family members and friends.
The reason will be simple: I don't use Vista, and I have no idea how to solve whatever problem you're experiencing.
You see, I'm moving to Ubuntu or Mepis (I still have a whole year or two to make my mind up! Maybe something new will come along) once Windows XP looks like it's drawing close to it's death.
I look at Ubuntu bi-monthly now, and I like what I see. Is it yet at the point where I want to make it my primary system? Nope... I'm day to day Windows still. But each time I look, more of those nagging doubts have evaporated, more of those features and usability tweaks I want have appeared.
By the time I have to face the question of what my next operating system will be, it will no longer be a single answer (whatever the next M$ system is), it will be a choice between a Linux (Ubuntu or Mepis are most likely), and Vista. And given the way that those answers are evolving (hey, Linux need do nothing so long as DRM crapware infests Vista!)... it looks like Linux is going to win hands down.
And in switching... I get to abandon all technical support to anyone on Windows, and let them know that if they want to use Linux, I'll happily help them with whatever problems they have, as I will be in a place to be able to help them.
Had a play earlier as I was worried you might be susceptible to a similar thing as the MySpace "Samy is my hero" style XSS attack.
The following was witnessed:
So for all of the basics, the Google Page thingy passes all basic tests on XSS attacks.
Well done :)
I'm even recommended it on my forum already because the security gives me enough peace of mind to not regret doing so.
Most buyers are dumb. They glaze over when they see a bargain and a good salesman can shift the car before anyone is aware what has happened. You put an advert in the paper version of loot.com and by the time the buyer knows what has happened the seller is nowhere to be found.
You'd never resell via a garage, but to realise 75% of the trade value of a stolen car is an enormous margin and makes the hassle of the above procudure worth doing.
Ah the practice known as 'ringing'.
1) Take a written off car, buy it from a scrap yard (with papers) before it is marked as being destroyed by DVLA, but after insurance has paid out to the original owners.
2) Steal identical new car.
3) Use the plates, chassis numbers and papers from the written off car and transfer them to the new car.
4) ???
5) Profit!
Actually, 4 is to sell the stolen car as a repaired written-off car. Usually for only 75% of the trade value.
"why do talented people waste their abilities on viruses?"
Money?
Acclaim (within a small community)?
Politics?
I would guess money. Spam pays very well, and a lot of viruses and worms have had monetary ulterior motives, as always, follow the money.
"Value your freedom or you will lose it, teaches history.
'Don't bother us with politics', respond those who don't want to learn." - RMS
So yes, Slashdot is more 'political' these days. Is it such a bad thing?