Think of it like someone standing on a street corner shouting "Hey! The combination to the safe at the back of Sears is 1-2-3-4-5! That's 1-2-3-4-5 for the safe at Sears, folks! They also leave the Port St. Entrance unlocked at night!".
It's a bit different because Sears isn't a bank. What is in their safe is their own - they aren't holding onto money for other people. It would be more like someone standing on the street corner shouting "Hey! I know the combination to the safe a Fleet and it's easy enough to figure out that somebody with bad intentions could walk right in at night and take your money if you keep it there." You have a point, though - I hereby amend my original suggest such that you contact the company in question before putting them on a list of confirmed infected servers and give them some reasonable amount of time to take down their infected servers (say 48 hours). If they refuse, then I feel that you have a public responsibility to let others know. All IIS servers should be listed as potentially infected, though, until the companies publicly warrant that they are secure (this would be a separate list from the confirmed infected).
And this is a good thing... because? Why the hell shouldn't these companies be exposed as unable to keep their servers secure, and why the hell shouldn't they be angry at Microsoft for their buggy software?
Because it will make MSFT go down? That's an awful reason, but probably the true one.
These companies should be forced to take responsibility for infecting their customers' PCs: it's the only way they'll be likely to be more careful in future.
I absolutely agree. They should not be allowed to feign security like this. I smell a lawsuit.
Hey, somebody should code up a PHP script (or PERL, etc) that lets you type in a URL and it then inspects the given server to let you know if it is potentially infected with this exploit. Since they won't release a list of servers, there would be no choice but to list all servers running vulnerable versions of IIS as potentially infected. Then spread the word. If the vulnerability checker gets a high enough profile then this will serve as a strong incentive for companies to switch from IIS because they will otherwise be flagged as potentially insecure.
Another thought - if any bank or institution that you use is running IIS, write them and ask them to certify that they are not infected. Let them know that if they do not guarantee that their servers are not compromised by this exploit, you will be transferring your account to an institution which uses servers that don't have such an abysmal security record.
WHY NOT? I've been trying to think of a reason NOT to list the sites infected, but I can't think of a good one.
They are probably not listing the sites in order to prevent (or minimize) a consumer backlash from consumers againts the sites and then a subsequent backlash from the companies against Microsoft. I tell you what - if I found out that any of my banks were irresponsible enough to be running infected servers like this I would immediately move my accounts elsewhere. I'd also be very eager to participate in any class action lawsuit against said institutions. If you don't know how to drive you stay off the road. If you don't know how to keep your servers secure, stay the hell off the Internet. My banks have a fiduciary responsibility to protect my money and if they are knowingly running an infected server, I would consider that a breach of their responsibility, and I would hope that the courts agree. This is like a brick and mortar bank keeping money and records on location when it knows that the locks on the doors don't work!
2) A reality TV show about astronaut candidates. This long-running series, run by one of the major networks, would give a human face and personality to space flight. I'm not talking about people being voted off or anything stupid like that, but an unvarnished look at how astronauts are trained and selected.
To whomever moderated my original post as flamebait, I think you may have misunderstood my comparison of Bush to Jar Jar binks. I was not insinuating that they are both bumbling idiots, I merely meant that they both have floppy ears and funny accents.
It didn't take a Jar Jar character in the US Senate when it voted to give Bush the power to wage war
Some would argue that Bush is the Jar Jar character - they certainly have a lot of similarities. Perhaps Ashcroft is Palpatine. He seems a lot more like an evil mastermind.
I suspect a benefit/social security fiddle of some sort...
If ever there was cut and dried example of why we need to raise the retirement age for social security benefits, Yoda is it. He went on to milk the system for a good 3 - 4 hundred years and now, as you so insightfully pointed out, we discover that he easily could have worked at least 200 - 300 more years. If the baby boomers don't kill the social security system for us, the Jedi certainly will - raise the retirement age now!
Well, we can't all vote for Rep. Boucher. Unless Diebold voting machines are being used to tally the votes, of course.
Ah, this is why Slashdot should start supporting Diebold instead of constantly lambasting them. Then come November, the nation will stand in awe of the first president to ever by elected by a write in campaign, and all the lobbying groups will scramble to figure out how to best curry the favor of this hitherto unknown Cowboy Neal.
Wouldn't you be afraid that "loving a gay robot" might make your backdoor somehow vulnerable to his exploit, so to speak?
That would depend on whether the robot is a top or bottom. If you don't want to expose your backdoor to trojans, just be sure to look for a big endian robot. Macs are big endian, which shouldn't come as a surprise since they have always been pretty gay. Now if only Apple would start making robots. Just so long as they stick to giving hand jobs and blow jobs - it frightens me to think of a robot offering me a "steve" job.
Disclaimer: I am a very happy Mac owner (iBook) - this is in no way an anti-Mac post.
The recursion I don't understand either - all the professional programmers I know say it's useless and is likely to fill up the stack memory and crash the program.
Good god man, I think you mis-spelled "retarded" because "professional" has to be a typo. How exactly would you implement an alpha-beta min-max algorithm without recursion (it's used in chess games, etc.)? A wide range of algorithms (e.g., search algorithms) can also be more clearly written as recurisve functions/methods. Furthermore, memory requirements for recursive algorithms should grow on the same order as stack based iterative algorithms and tail-recursive algorithms can actually run in a constant amount of memory if the runtime environment supports it (ala Lisp). Allow me to demonstrate the ellegance of recursion with this pseudo-code:
function teachRdsmith4 (location, seen) {
if (seen.containsElement(location)) return;
seen.addElement(location);
kick(location);
if (location.isBalls()) {
for (i = 0; i < 5000; i++) {
kick(location);
}
} else if (!location.onBody()) {
return;
} else {
teachRdsmith4(location + 1 inch north);
teachRdsmith4(location + 1 inch south);
teachRdsmith4(location + 1 inch east);
teachRdsmith4(location + 1 inch west);
}
}
teachRdsmith4(randomSpot, new Vector());
Please go use this funtion on your "professional" programmer friends for me.
Colin Powell is involved, next will it be Rumsfeld? What kind of excuse will he find this time?
I think it's pretty obvious to see where this is headed. Powell will declare that the Finnish have been creating Weapons of Microsoft Destruction. It's hard to deny the photographic evidence.
They're really, really, really tiny dots. Too tiny to be scanned and reproduced by the equipment in most people's houses.
Indeed, it's pretty amazing how much information they can fit on those trading cards. For those of you with ultra-high resolution printers, here's the code to Super Mario 3:
In the book, at the end, it was so obvious how they forced it to leave and open ending to then milk more cash in a sequel.
Sadly yes, there is a sequel in the works and I've read bits and pieces of the disappointing script... <***SPOILER ALERT***> They take all the fun out of the story by telling you that Jesus' supernatural powers are the result of an abnormally high midichlorian count. If that wasn't bad enough, there is a new character named Jar Jar The Baptist who seems to do nothing but trip into people who Jesus then has to heal (using his midichlorian powers). Even Natalie Portman couldn't save this movie (not even with all the grits in the world).
Is anyone else annoyed by the amount of story that is given away in trailers now? I guess the production companies must have found that these types of trailers are effective in pulling in audiences to see the movie but it seems to detract from the experience.
Tell me about it. I was all looking forward to seeing The Passion but then <***SPOILER ALERT***> some jackass came up to me on the street and told me about how the main character dies at the end to save humanity. So I told him "hey jackass, thanks for ruining the movie for me. I'm reporting you to the MPAA for pirating the plot and redistributing it to me. I think you owe Mel Gibson an apology and $10." It's just as well that I didn't see it - it sounds like they just ripped off the ending from The Matrix: Revolutions.
all you have to do is touch a "male" and a matching "female" "connector" together.
Ah... if only T-Mobile would set up hotspots for these connectors so that I could get cheap, easy access. I considered getting a dedicated one for my home, but the TCO is too high.
You could just stay at home and earn Indian wages.
The problem with doing that is that US companies would be reluctant to hire US programmers at such low rates because they know that the programmers will quickly vacate once 1) the US job market picks up or 2) the programmers realize they can make more money with less stress by being a plumber, construction worker, or gigolo. The solution: just say you are from India. Do you think they will actually fly over there to check? It's like when hiring managers put down that they require 15 years of J2ME experience, etc. - everybody says that they have it when very few actually do.
Actually, this could probably even be done legitimately. Ostensibly US companies frequently incorporate in other countries for tax purposes, so why not incorporate in India instead? Then you really could pitch your services as outsourcing to an Indian firm. Hey you enterprising Indians over there, somebody could probably make a decent business out of setting up shell corporations for US programmers.
Now i'm going to never get out of debt long enough to afford that penis enlargement.
No worries - there are plenty of ways to get rich quick. For instance, you could mortgage your house for an amazingly low rate. Or you could help a rich Nigerian prince solve his liquidity problems. Before you know it, you'll be rolling in money (and penis).
I guess it's true...mention ANYTHING to do with Linux and it's hailed as newsworthy here.
I think you must have mis-spelled www.cnn.com. I know I make that mistake all the time and wonder why I'm not seeing general purpose news, but then I realize that I accidentally typed slashdot.org. That wacky Taco and his typo-squatting.
Slashdot Mirror
I forgot to mention, that's the same combination as my luggage!
Another thought - if any bank or institution that you use is running IIS, write them and ask them to certify that they are not infected. Let them know that if they do not guarantee that their servers are not compromised by this exploit, you will be transferring your account to an institution which uses servers that don't have such an abysmal security record.
To whomever moderated my original post as flamebait, I think you may have misunderstood my comparison of Bush to Jar Jar binks. I was not insinuating that they are both bumbling idiots, I merely meant that they both have floppy ears and funny accents.
Disclaimer: I am a very happy Mac owner (iBook) - this is in no way an anti-Mac post.
function teachRdsmith4 (location, seen) {
} else if (!location.onBody()) { } else { } }teachRdsmith4(randomSpot, new Vector());
Please go use this funtion on your "professional" programmer friends for me.
From Marge vs. the Monorail
I believe the parent is referring to the "Make Penis Fast!" email, for those that haven't read it yet.
Ah, I get it now. Those "enlarge your penis" spams really do work - if you respond to them, you're nothing but a big dick.
Actually, this could probably even be done legitimately. Ostensibly US companies frequently incorporate in other countries for tax purposes, so why not incorporate in India instead? Then you really could pitch your services as outsourcing to an Indian firm. Hey you enterprising Indians over there, somebody could probably make a decent business out of setting up shell corporations for US programmers.