I use an unregistered card. Albertsons in CA accepts these. So, they know that *someone* buys whatever I buy, and perhaps they also have associated my name and credit card # with the Albertson's card.
But they don't have my permission to do anything with the data, nor do they have an address.
Could the owner of an existing dmoain name in one of the exiting new.net domains sue someone who registers the same domain name with the new ICANN-approved registrar under trademark law?
So , for a Ford or GM or whatever, it may well make sense to pay the few thousand dollars for their various primary domains and then not have to worry about it.
Or do they? What kind of process do you put in place now to make sure that the domain name gets renewed in 100 years time? It's probably easier to manage a process that requires renewal more frequently.
Of course that presumes that the domain name is still relevent in 100 years time. But if it is not, anyone who took up their offer sure overpaid for it!
.. you can block the referrer header with a suitable Squid configuration. What's more recent versions of Squid allow you to configure this is a fine-grained manner: blocking the referrer header by default by allowing it for specific sites.
Imagine that I run a site with adult content (I don't, but just for the sake of discussion let's imagine I do). Imagine that sites with adult content are required by law to exist only within the.xxx domain. and I comply by hosting my adult site with a ".xxx" domain name.
Now, some person bent on mischief registers a ".com" domain name that points to my website.
Am I in trouble here? Who committed the offence?
Now, imagine, I pay some person in Nigeria cash to set up domain names in ".com" that point to my website and continue to do so as each domain name is taken down.
So much potential for abuse by or against adult webmasters.
RTFA... the machine prints a paper ballot after each voter completes the process. So unless the machines are systematically compromised there shouldn't be an issue.
But isn't a systematic compromise the main concern? How do you know that the code has not been written to detect a real ballot day (by dates, or the number of votes cast) and then alter both the electronic and paper count?
The point is that the count cannot be certified because there are steps in the process that are resistent to certification.
Actually, I heard the reverse: by putting up the sign, you are acknowledging that you know your dog is dangerous and thus, you acted negligently by not securing the dog.
By not putting up the sign, you can later argue that you did not know that the dog was a risk. Obviously, this will only work once.
But how are they going to know what's in your car? Its not like they open the hood and check compression ratios, etc on cars that do inspections
Here in parts of CA, we have the dreaded SMOG II program which requires testing on a rolling road. Parts of Texas require inspections in which the inpector opens the hood and looks at what equipment is fitted. OK, so the last time I had a car inspected in TX, my car was sufficiently old that the book did not have any diagrams, so the inpectors did not notice the lack of the proper smog equipment (previous owner had removed it). Parts of TX also have tailpipe testing.
So that's 2 large states that I know about and NY is probably the same.
The funny thing is, here in CA, we don't have routine inspections for dangerous vehicles. Cars can be falling apart, have no brakes, etc, yet there is no inspection/testing system to identify these.
Nothing is stopping you from opening up the hood of your car (YET), throwing out the fuel injection, and putting in a carberator, distributor cap and a mechanical gas petal line
Nothing, that is, apart from federal and state laws on the subject. Go check it out -- altering the smog control and fuelling systems is clearly illegal on cars built since emission regulations were introduced.
Well, to be totally precise, if you don't want to run your car on a public highway, then you can probably modify it to your heart's content.
So everyone could get on their ass for slow patching instead?
Look, they patched a hole in a relatively decent period of time. They then patched additional issues quickly as well.
An alternative explanation that fits the known facts is that Microsoft did not expend sufficient resources investigating the problem and fixing it. Time has nothing to do with it if they did a lousy job in the first case.
Spinning multiple fixes within a day of each other benefits no-one. Microsoft should be expected to:
1. Do it within a reasonable time
2. Get it right first time
With the resources avaialable to Microsoft, expecting this is not unreasonable.
Perhaps nearly every network enabled software developer should be criticised for the same?
Clearly multiple vulnerabilities exist and are discovered. My issue is that if a new patch is released one day after the first patch was released, it appears that insufficient investigation went into the first problem. One might also want to question the level of quality control that went into the second patch.
Any action on a developers part, especially a proactive one, should be commended.
I agree that Microsoft should be commended for putting out the second patch and not ignoring the issue.
The best I could give him was that Linux is a hobby OS and Windows is an OS driven by business interests.
Linux a "hobby OS"? Under what rock have you been hiding? Sure, Linux did start off as a hobby, but do you really think that companies such as IBM contribute to it as a hobby? My company and many large companies use Linux in mission-critical applications.
In the end, he wasn't interested in switching to Linux or anything, but he hoped that its influence was going to get Microsoft off their rear ends and improve their product
Unfortunately it is that very attitiude that will keep Microsoft from improving its product. If people won't switch, what incentive does Microsoft have to improve?
There have been a lot of complaints that the CAN-SPAM acto does not make filtering easy, but, I think that bayean filters may be quite effective if trained properly.
The physical address of a spammer is more difficult to change cheaply and, if trained properly, will find it's way into bayean databases.
I guess we will see over time.
Incidentally, my mailserver (and my company's mailservers) reject any emails with "bluestreammedia.com" in the body and have done so for some time.
I thought that in the US, the truth was an absolute defense against libel?
I believe that in the UK and other countries, that might not be the case.
In the UK, truth is an absolute defense against libel. I think the major difference is that, in the UK, one does not have to prove that the libel was malicious, merely that it the statements were false and that you suffered because of the falsehood.
Mr. Mohammed was a victim of his own sloppiness, said a senior European intelligence official. He was meticulous about changing cellphones, but apparently he kept using the same SIM card.
Since it's the SIM card that identifies the (GSM) phone, changing the handset but putting the old SIM card in is a pretty stupid thing to do if you don't want to be tracked. What the terrorist should have done was the reverse: change the SIM card, but use the same phone.
Well, probably. Some GSM expert will probably now correct me saying that the phone can also be identified independently of the SIM card!
And Yahoo will give paying clients detailed reports on when its users click on their sites and will help those sites improve their listings.
So does this mean that Yahoo is going to munge the URL that is returned from a search so that webmasters can't make sense of the REFERRER headers from their logfiles? Or do they just think that webmasters simply don't realize that this information is available?
I'm disappointed that FreeS/WAN is not going to be developed. I guess
John Gilmore has lost interest, or decided to stop funding it. Note: who really funds FreeS/WAN is not public (and I do not know), but John Gilmore is widely believed to be one of the major forces behind it.
I tried to set up OE. In fact, I did have it working, sort of. The problem is that a box running OE presently needs to use another machine as it's nameserver (or at least, use another machine's nameserver in preference to a local process). There was talk of fixing this through a port 53 passthrough, but I don't think this ever happened.
Also, OE requires the use of the TXT field. There are many other projects also proposing to use this field (well, a few anti-SPAM proposals), so conflicts could arise in the future.
However, I hope that Ken Bantoff will be successful with Openswan. My company uses FreeS/WAN for a VPN solution to provide secure WAN access between international sites.
I suspect the SSL-based alternatives may have problems with the tcp-over-tcp problem is the link is not good.
But they don't have my permission to do anything with the data, nor do they have an address.
Could the owner of an existing dmoain name in one of the exiting new.net domains sue someone who registers the same domain name with the new ICANN-approved registrar under trademark law?
Or do they? What kind of process do you put in place now to make sure that the domain name gets renewed in 100 years time? It's probably easier to manage a process that requires renewal more frequently.
Of course that presumes that the domain name is still relevent in 100 years time. But if it is not, anyone who took up their offer sure overpaid for it!
Surely only the NT-derived OSes -- ie. not Win98/ME?
.. you can block the referrer header with a suitable Squid configuration. What's more recent versions of Squid allow you to configure this is a fine-grained manner: blocking the referrer header by default by allowing it for specific sites.
Now, some person bent on mischief registers a ".com" domain name that points to my website.
Am I in trouble here? Who committed the offence?
Now, imagine, I pay some person in Nigeria cash to set up domain names in ".com" that point to my website and continue to do so as each domain name is taken down.
So much potential for abuse by or against adult webmasters.
But isn't a systematic compromise the main concern? How do you know that the code has not been written to detect a real ballot day (by dates, or the number of votes cast) and then alter both the electronic and paper count?
The point is that the count cannot be certified because there are steps in the process that are resistent to certification.
By not putting up the sign, you can later argue that you did not know that the dog was a risk. Obviously, this will only work once.
Here in parts of CA, we have the dreaded SMOG II program which requires testing on a rolling road. Parts of Texas require inspections in which the inpector opens the hood and looks at what equipment is fitted. OK, so the last time I had a car inspected in TX, my car was sufficiently old that the book did not have any diagrams, so the inpectors did not notice the lack of the proper smog equipment (previous owner had removed it). Parts of TX also have tailpipe testing.
So that's 2 large states that I know about and NY is probably the same.
The funny thing is, here in CA, we don't have routine inspections for dangerous vehicles. Cars can be falling apart, have no brakes, etc, yet there is no inspection/testing system to identify these.
Nothing, that is, apart from federal and state laws on the subject. Go check it out -- altering the smog control and fuelling systems is clearly illegal on cars built since emission regulations were introduced.
Well, to be totally precise, if you don't want to run your car on a public highway, then you can probably modify it to your heart's content.
Do they? Or is their webserver just badly configured?
An alternative explanation that fits the known facts is that Microsoft did not expend sufficient resources investigating the problem and fixing it. Time has nothing to do with it if they did a lousy job in the first case.
Spinning multiple fixes within a day of each other benefits no-one. Microsoft should be expected to:
1. Do it within a reasonable time
2. Get it right first time
With the resources avaialable to Microsoft, expecting this is not unreasonable.
Clearly multiple vulnerabilities exist and are discovered. My issue is that if a new patch is released one day after the first patch was released, it appears that insufficient investigation went into the first problem. One might also want to question the level of quality control that went into the second patch.
Any action on a developers part, especially a proactive one, should be commended.
I agree that Microsoft should be commended for putting out the second patch and not ignoring the issue.
But perhaps Microsoft should be criticised for releasing a partial fix earlier? For not investigating the earlier problem with enough dilligence?
Linux a "hobby OS"? Under what rock have you been hiding? Sure, Linux did start off as a hobby, but do you really think that companies such as IBM contribute to it as a hobby? My company and many large companies use Linux in mission-critical applications.
Unfortunately it is that very attitiude that will keep Microsoft from improving its product. If people won't switch, what incentive does Microsoft have to improve?
The physical address of a spammer is more difficult to change cheaply and, if trained properly, will find it's way into bayean databases.
I guess we will see over time.
Incidentally, my mailserver (and my company's mailservers) reject any emails with "bluestreammedia.com" in the body and have done so for some time.
In the UK, truth is an absolute defense against libel. I think the major difference is that, in the UK, one does not have to prove that the libel was malicious, merely that it the statements were false and that you suffered because of the falsehood.
Got any ideas for content? If so, email them to the domain owner.
CA, Questar Corp. and Leggett & Platt plus the recently announced EV1.
Nothing new there.
Since it's the SIM card that identifies the (GSM) phone, changing the handset but putting the old SIM card in is a pretty stupid thing to do if you don't want to be tracked. What the terrorist should have done was the reverse: change the SIM card, but use the same phone.
Well, probably. Some GSM expert will probably now correct me saying that the phone can also be identified independently of the SIM card!
Presently, the URL given in the REFERRER header includes the search query, with most search engines.
So does this mean that Yahoo is going to munge the URL that is returned from a search so that webmasters can't make sense of the REFERRER headers from their logfiles? Or do they just think that webmasters simply don't realize that this information is available?
I tried to set up OE. In fact, I did have it working, sort of. The problem is that a box running OE presently needs to use another machine as it's nameserver (or at least, use another machine's nameserver in preference to a local process). There was talk of fixing this through a port 53 passthrough, but I don't think this ever happened.
Also, OE requires the use of the TXT field. There are many other projects also proposing to use this field (well, a few anti-SPAM proposals), so conflicts could arise in the future.
However, I hope that Ken Bantoff will be successful with Openswan. My company uses FreeS/WAN for a VPN solution to provide secure WAN access between international sites.
I suspect the SSL-based alternatives may have problems with the tcp-over-tcp problem is the link is not good.
I feel exactly the same way. I gave up and used LPRng instead, but I still have not got postscript printing working properly with one printer.