Care to elaborate on this? I'm just sitting here looking at the source code for the Oracle listener, so maybe you can tell me which part of the listener will ensure that the database on a machine secured inside the network and not directly accessible from the outside can be accessed?
Here are 66 potential exploits for Oracle listeners, take your pick.
Just because the listener is accessible on port 1521 from the outside, doesn't mean the database itself is directly available.Depending on what identification method is set up, you may have to identify yourself to the listener first using one of many ID schemes before the listener will connect you to the database itself which may be well protected behind a firewall.
The only difference between the listener being accessible from the outside and the database being directly available, my friend, is time. And of the 2 DBs he was testing for MS SQL and Oracle, not very much time...
For instance, I'm a testing person, but not a content person (i.e., I design towards what the stats tell me, as well as the actual wording and structure of the exam...I always work with someone who understands the content areas from a very advanced level and can deal with that end). One of the last MC exams I was helping validate, I knew NOTHING about the content -- it was a medical exam. First thing I did was go through the entire exam, read all the questions quickly, and see if logic could remove any of the answers. Statistically, I would have gotten a 20% by random means, but in this case, I received somewhere around 43% (if I remember correctly). The educated guess is a BIG part of these things...you aren't just measuring content knowledge, but application and that means if someone can raise the bar, they might actually do well in the real world.
If you knew NOTHING (your words) and you could get 43% through logic, in what SHOULD have been 20%, then I think you prove the author's point even more. How good is a 5-choice multiple choice test if someone with ZERO knowledge can score 43% by applying logic/common sense ? It sounds like what you are describing is the exact opposite of an educated guess
If, for example, the underlying design of your product allows for a minor, difficult to exploit security hole, it is probably not worth it to spend the time and money to redesign the product. More likely, your choices would be either a.) live with the (small) vulnerability, or b.) scrap the product entirely. emphasis mine
When we get there, you can make analogies like that, in the mean time let's deal with more realistic situations. For the most part, nobody is that worried about "minor, difficult to exploit security hole"s. Usually the holes that we spend time discussing are either full blown remote root exploits, or steps in privilege escalation expolits or whatever.
In the context of the Olympics, you can have perfect Olympic security by simply not having any Olympics.
That is the equivalent of a Denial Of Service Attack. Destroying something is not the same as securing it. And definitely not the definition of securing it perfectly. Find a different analogy, that one doesn't work here.
I won't even touch the "spending too much on security is no better than spending too little on security" part...
OMFG, that will be terrible! I bet the US will SHUT DOWN SLASHDOT. Now excuse me while I go look at prego-nazi-porn in one window while writing about how much of a TERRORIST GWB is.
Frankly I am amazed at your comments above...I mean, where do you find this prego-nazi-porn ? No really, where do you find that?
Two wrongs don't make a right. The hacker is a criminal, and the University (employee that did the hacking) is a criminal. It's that simple.
That's the problem with oversimplification, it simply isn't that simple. Say someone starts punching me, and I start punching them back. Do 2 wrongs make a right, or am I just defending myself ?
Clearly the University was trying to safeguard its' mail server, from someone on the university network. You seem to have missed all that when you boiled it down to 2 equal wrongs. While there is still a good argument against what the University did, it really isn't that simple.
...Security? Again, lots of sentiment that reflects our sins from the past, but the reality is that we're not only "pretty serious" about security but are also leading in many areas....
HaaaaaaHaaaaaa, that was funny until I realized you were "pretty serious", then it was absolutely HYTSTERICAL
I really get tired of these quantum leap suppositions from scientists who can't predict the weather this week much less over the next millennium.
It is just like when I can predict that you will post something totally ignorant and likely offensive, although I can't say what it will be exactly, or when you will do it.
I lived in Sydney, outside of the CBD, worked in the CBD and only had 1 car between my wife and I. She used it to commute, and I used public transportation (ferry, btw, which was an awesome way to commute).
Sydney has great public transportation, and that's what makes it so pedestrian friendly.
I thought about it and thought that your comment would make sense if he was a politician...I don't know much about him, so maybe he is and your comment makes perfect sense...
I suppose at some level you can always argue that you personall disagree with copyright, or with the big record labels and trade groups, or that artists are abused in the current system, or that politicians' hands are in the pockets of the industry, and so on and so on and so on.
But it still continues to ignore basic thing: even if you erase all that, do you still believe that the creator of a work should have some rights to that work, including the choice of how much to ask in return for that work?
Nice work. Effectively what you are saying is "ignoring all your arguments against my opinion, what is your argument against my opinion".
It's ok that you don't agree with some of the arguments against the RIAA, but to nullify them and ask for some other nebulous argument is a little one-sided. And while you make some good points, you have set the table for a very lop-sided debate. Unfortunately, in my eyes, you cannot simply boil the whole debate to a simple yes or no question of whether the creator has rights.
Yet why should she be killed when there were people who were willing to take care of her?
I'll bite too. Because that was her wish? At least as far as the courts could determine, so that's what they had to go with...
This was a lose/lose situation no matter what.
Re:Patents are not what they are supposed to be.
on
Paul Graham on Patents
·
· Score: 2, Informative
What they really wanted to do was to entice people to publish their trade secrets so that their innovations wouldn't be lost to the public when the inventors died.
I really don't know what I'm talking about, but this is Slashdot, so i won't let that stop me;)
But I think the idea was not so much to get their ideas when they died, but at the time people were inventing machinery that could be reverse engineered very easily. Patents were issued so that a competitor couldn't simply by a widget, take it apart, then mass produce it at the expense of the inventor.
Talk about a flamebait article. The two concepts are not mutually exclusive...
As has been mentioned here before, Evolution and ID are mutually exclusive. The basic line of ID is that Evolution is impossible, so it must have been a higher being. If you are going to input on this topic, I suggest you have a basic understanding of the issue.
The guys argument may not have been delicately articulated, but its still a valid point. "Linux advocates" can hardly make negative comment about MS product range when in the Linux world the choice is even broader.
I think the reason that this is being debated as a valid point, is because with Linux you have options, with Microsoft versions, you just have limitations. OSS and MS are different paradigms, and Microsoft's paradigm is to cripple their products built-in functionality to offer something a little bit more cost competitive.
I don't think anyone is just "whining" about what ID people believe. I think the lash back is because ID people are trying to force schools to teach ID in science class. Which is quite a different thing...
Slashdot Mirror
3. ????
4. Profit !!1!
And what you imply as the pinnacle of their accomplishments was created 12-15 years ago, and has not significantly changed since.
I mean agreed Zune isn't their pinnacle, but it is recent, and he could have said vista which has to be a far bigger flop then zune.
That being said, I'm not saying they have not innovated at all, but you might be giving them more credit then they deserve.
Care to elaborate on this? I'm just sitting here looking at the source code for the Oracle listener, so maybe you can tell me which part of the listener will ensure that the database on a machine secured inside the network and not directly accessible from the outside can be accessed?
Here are 66 potential exploits for Oracle listeners, take your pick.
http://search.securityfocus.com/swsearch?sbm=%2F&metaname=alldoc&query=oracle+listener&x=8&y=7
Just because the listener is accessible on port 1521 from the outside, doesn't mean the database itself is directly available.Depending on what identification method is set up, you may have to identify yourself to the listener first using one of many ID schemes before the listener will connect you to the database itself which may be well protected behind a firewall.
The only difference between the listener being accessible from the outside and the database being directly available, my friend, is time. And of the 2 DBs he was testing for MS SQL and Oracle, not very much time...
For instance, I'm a testing person, but not a content person (i.e., I design towards what the stats tell me, as well as the actual wording and structure of the exam...I always work with someone who understands the content areas from a very advanced level and can deal with that end). One of the last MC exams I was helping validate, I knew NOTHING about the content -- it was a medical exam. First thing I did was go through the entire exam, read all the questions quickly, and see if logic could remove any of the answers. Statistically, I would have gotten a 20% by random means, but in this case, I received somewhere around 43% (if I remember correctly). The educated guess is a BIG part of these things...you aren't just measuring content knowledge, but application and that means if someone can raise the bar, they might actually do well in the real world.
If you knew NOTHING (your words) and you could get 43% through logic, in what SHOULD have been 20%, then I think you prove the author's point even more. How good is a 5-choice multiple choice test if someone with ZERO knowledge can score 43% by applying logic/common sense ? It sounds like what you are describing is the exact opposite of an educated guess
If, for example, the underlying design of your product allows for a minor, difficult to exploit security hole, it is probably not worth it to spend the time and money to redesign the product. More likely, your choices would be either a.) live with the (small) vulnerability, or b.) scrap the product entirely. emphasis mine
When we get there, you can make analogies like that, in the mean time let's deal with more realistic situations. For the most part, nobody is that worried about "minor, difficult to exploit security hole"s. Usually the holes that we spend time discussing are either full blown remote root exploits, or steps in privilege escalation expolits or whatever.
That is the equivalent of a Denial Of Service Attack. Destroying something is not the same as securing it. And definitely not the definition of securing it perfectly. Find a different analogy, that one doesn't work here.
I won't even touch the "spending too much on security is no better than spending too little on security" part...
OMFG, that will be terrible! I bet the US will SHUT DOWN SLASHDOT. Now excuse me while I go look at prego-nazi-porn in one window while writing about how much of a TERRORIST GWB is.
Frankly I am amazed at your comments above...I mean, where do you find this prego-nazi-porn ? No really, where do you find that?
Two wrongs don't make a right. The hacker is a criminal, and the University (employee that did the hacking) is a criminal. It's that simple.
That's the problem with oversimplification, it simply isn't that simple. Say someone starts punching me, and I start punching them back. Do 2 wrongs make a right, or am I just defending myself ?
Clearly the University was trying to safeguard its' mail server, from someone on the university network. You seem to have missed all that when you boiled it down to 2 equal wrongs. While there is still a good argument against what the University did, it really isn't that simple.
HaaaaaaHaaaaaa, that was funny until I realized you were "pretty serious", then it was absolutely HYTSTERICAL
He's traveling around the WORLD, not through TIME ;)
I'm no software guru but if you just firewall www.microsoft.com, wont it be a cure for all your problems?
Not if it's trying to go to update.microsoft.com ;)
I really get tired of these quantum leap suppositions from scientists who can't predict the weather this week much less over the next millennium.
It is just like when I can predict that you will post something totally ignorant and likely offensive, although I can't say what it will be exactly, or when you will do it.
I lived in Sydney, outside of the CBD, worked in the CBD and only had 1 car between my wife and I. She used it to commute, and I used public transportation (ferry, btw, which was an awesome way to commute).
Sydney has great public transportation, and that's what makes it so pedestrian friendly.
Is Hans Reiser a Democrat or a Republican?
I thought about it and thought that your comment would make sense if he was a politician...I don't know much about him, so maybe he is and your comment makes perfect sense...
(plugging in a Vonage black box doesn't count)
hmm, my vonage "black box" is just a linksys http://www.amazon.com/Linksys-RT31P2-Router-Intern et-Service/dp/B0002V8KWM/sr=8-7/qid=1165436273/ref =pd_bbs_sr_7/105-6940768-1910851?ie=UTF8&s=electro nics
switch with 2 phone jacks for voip. not all that mysterious....
Maybe you haven't noticed, the iPod is actually more compatible with Windows then the Zune is, MS's own product.
So I wouldn't be too worried about Apple tying you in.
I mean Why?
Apple makes good computers that people like, and Dell makes crap.
I suppose at some level you can always argue that you personall disagree with copyright, or with the big record labels and trade groups, or that artists are abused in the current system, or that politicians' hands are in the pockets of the industry, and so on and so on and so on.
But it still continues to ignore basic thing: even if you erase all that, do you still believe that the creator of a work should have some rights to that work, including the choice of how much to ask in return for that work?
Nice work. Effectively what you are saying is "ignoring all your arguments against my opinion, what is your argument against my opinion".
It's ok that you don't agree with some of the arguments against the RIAA, but to nullify them and ask for some other nebulous argument is a little one-sided. And while you make some good points, you have set the table for a very lop-sided debate. Unfortunately, in my eyes, you cannot simply boil the whole debate to a simple yes or no question of whether the creator has rights.
Yet why should she be killed when there were people who were willing to take care of her?
I'll bite too. Because that was her wish? At least as far as the courts could determine, so that's what they had to go with...
This was a lose/lose situation no matter what.
What they really wanted to do was to entice people to publish their trade secrets so that their innovations wouldn't be lost to the public when the inventors died.
I really don't know what I'm talking about, but this is Slashdot, so i won't let that stop me ;)
But I think the idea was not so much to get their ideas when they died, but at the time people were inventing machinery that could be reverse engineered very easily. Patents were issued so that a competitor couldn't simply by a widget, take it apart, then mass produce it at the expense of the inventor.
Talk about a flamebait article. The two concepts are not mutually exclusive...
As has been mentioned here before, Evolution and ID are mutually exclusive. The basic line of ID is that Evolution is impossible, so it must have been a higher being. If you are going to input on this topic, I suggest you have a basic understanding of the issue.
The guys argument may not have been delicately articulated, but its still a valid point. "Linux advocates" can hardly make negative comment about MS product range when in the Linux world the choice is even broader.
I think the reason that this is being debated as a valid point, is because with Linux you have options, with Microsoft versions, you just have limitations. OSS and MS are different paradigms, and Microsoft's paradigm is to cripple their products built-in functionality to offer something a little bit more cost competitive.
I guess he should have added the word theory after Texas A&M everywhere on his resume.
I don't think anyone is just "whining" about what ID people believe. I think the lash back is because ID people are trying to force schools to teach ID in science class. Which is quite a different thing...