I think it is responsible to report a bug to a vendor and give them a reasonable amount of time to produce a patch. On the other hand, the general public should be provided with proper information about the comparative security of various vendors, to be able to make an informed decision when buying hardware.
They do however expect you to play by the rules. Even if you are the person who found a bug, you are expected to let Engineers fix the bug before you release the information.
Do you mean their rules or "fair" rules. The general public has an interest to know about vulnerabilities; it's in Cisco's interest to put a lid on them. If Cisco provides a patch within a few weeks and gives disclosure at that time it's fine with me, but we shouldn't give Cisco the opportunity to keep serious bugs under wraps for years and years.
I smell a Cisco cover up operation that went seriously wrong.
My suggestion is to buy some good-resolution satelite images (a few meters) and have your girlfriend draw her map using that. You can use a GPS receiver to calibrate the satelite image to actual coordinates.
I think that a handheld (Palm) would be more convenient for measurements than a laptop. Handheld and GPS receiver do fit in your pocket and they have less moving parts than a laptop.
Bruce Schneier suggests product liability for software vendors and that makes a lot of sense. The Internet would be a much saner place if systems would not have a 50% chance of being 0wn3d within 20 minutes of being connected.
What is done here is "window dressing". What helps combat crime is increasing the chance to get caught. Will this proposal do anything about that? No, it only helps to fill up prisons with potential security experts...
Okay, if you run a warez site and get arrested, that's what you deserve. However I'ld like to know whether all of the sites are as 'illegal' as the ESA claims; it's not uncommon that law enforcement makes mistakes in assessing copyright status of works.
There is an US theory that anything that happens on the Internet can be proscecuted in the US... I don't think that a French judge will extradict a Frenchman maintaining a French website to the US for proscecution. Besides, what indentification of individuals did they obtain: I don't think that the name 'poopdeville' by itself will cause the arrest of a certain Slashdot poster.
So, millions of tax money have been spent on investogation of a relatively small offence and much, much more will be spent on procecution. Should I be happy now?
2. The world does not need more than the 4 billion addresses available with IPv4.
Think VOIP: it would be nice if my "Mobile communicator", home PC and work PC could be directly accessed from all over the world. With 6 billion people on earth, I estimate a demand for 18 billion IP addresses.
3. IPv6 addresses are too large.
Moore's law: The capacity problems will be solved in a few years. And routers don't need to keep full routing tables (they never did!)
4. The IPv6 header is too large.
Network speeds have boomed... 8 Mbit ADSL is affordable and available nearly everywhere in the Netherlands. When you redo your computation with a MTU of 1500 (ethernet), overhead increases by a bit more than a %.
I see a lot of reasons to go IPv6, especially now China (1.3 billion people) and India (1 billion people) get connected.
General rules for planes are the same as for ships. The law of the country of registration of the vehicle are leading: an US plane is considered US territory when in international airspace.
When a plane crosses the airspace of another country it has to abide the regulations of that country.
The Register has an interesting article with a quote from the EU commissioner:
"I remain determined to ensure that all elements of the Decision are properly implemented. This includes the ability for developers of open source software to take advantage of the remedy."
In a DUI case the conviction depends on the numbers that the breathalyser produces. There could be some additional evidence like "the defendent could not walk straight", but essentially someone is convicted on the results of the breath analysis.
If there are problems with the procedures and/or the equipment used, the evidence loses its value and in a DUI case someone could get acquitted. I'ld say that a defendent has a significant interest in knowing how the equipment works.
If the working of the equipment is not essential for a conviction, why bother with the details? Why analyse the full US phone system if the case hinges on witness declarations and a financial trace? Yes, the details of phone-tap equipment should be public to prevent tampering with the records, but not the irrelevant details of switching equipment.
The suggestion is that the "total GHz" count of processors running distributed.net on power is 2.8% (11%/4) compared to P4's. The average P4 comes with inflated clockspeeds over 3 GHz, while Apple sells a lot of laptops at well under 2GHz speed, let's say 1.5 GHz average. Assuming that P4's have double clockspeed than G4's I arrive at 5.5% (11%/2).
As I said, this is just a datapoint and the quality of the distributed.net Power client may attract Mac users, just as the 5% "various" is high for a distributed computing project. Most projects provide clients for only a few platforms. All signs are that Mac use is still a single digit percentage.
I have to note that the PowerPC client for distributed.net is very good, a single 1.2 GHz G4 performs on par with a dual 2.4 GHz P4. So, these statistics suggest that ~5.5% of the CPUs is running Mac OS X.
Don't be suprised if these x-ray naked pictures make it to the web. If someone can steal Star Wars Revenge of the Sith, before it made it to theaters, then someone will get these pics on the web.
Hmmm... just a small hack with a WiFi webcam and the TSA could be embarrased enough to remove these intrusive scanners.
Can you imagine what will happen to the RIAA and friends when the judges collectively decide that fair damages to illegal file sharing are comparable to the $0.99 per song you pay at most websites. When it becomes clear that you save 90% of the RIAA settlement offer by going to court...
I guess the RIAA will be far less motivated to hunt P2P filesharers.
(RIAA style bluffing works differently in Europe. Laws are different, lawsuits are generally cheaper than in the US)
I am pretty happy with my iBook (where do you find an affordable Unix laptop?), but even Apple hardware can crash hard. Within a month after I bought my iBook it crashed (memory corruption). Unfortunately it wrote some bad data to the harddisk, corrupting the file system. A week later the system wouldn't boot anymore (except in single user mode) with fsck telling me that I was on my own here. The system works fine again after a reinstall...
I prefer the very unhyped way that Google launches its services, when they are ready! It seems that Microsoft marketing allready has caught up with Google Maps, now it's time for the programmers to do their job. What is more important, bug-free functionality or the launch date?
although it was a terrible unethical article (and I really felt for PJ yesterday), isn't getting rid of MOG a bit like sacking Ronald McDonald?
There have been problems between the Linux World editors and sys-con about O'Gara's stories for several months. Yesterdays article was the last drop/straw that forced the break.
Why doesn't the package builder sign the package with his personal key? This has the additional advantage that you can trace problems to individuals and/or broken keys.
The core group of developers should cross-sign all of their public keys; they can then sign the keys of the people that are allowed to make "official" distributions. From then on it is just a matter of key management: distribute the "trusted" public keys and revoke keys when people leave the project.
Yet another theory is that the Universe was created as term work, for which God got a barely passing grade. (What else would you expect for a six-day hack.) Next semester He went on with different courses and forgot about us.
"The saga illustrates one of the perils of online forums, the "echo chamber" effect. Many participants join a forum to have beliefs re-affirmed, and context is often a casualty. It's also a characteristic of the "information age" that facts are often applauded regardless of whether they make sense in a particular context."
A brilliant explanation of how something becomes "fact" on the Internet. I wouldn't say The Register's article is really an indictment of Groklaw, but perhaps it would be better if Groklaw let the courts decide this particular case.
We will let the courts decide; but there needed to be a place to rectify the FUD SCO spouted about Linux. The best way to fight FUD is to provide the facts, even if they are not 100% in your favour. If Groklaw seems biassed in the SCO-IBM case, that is because the facts support IBM's view of the case.
One of Groklaw's missions is to provide access to the available information so that the reader can form his own opinion. We feel we are quite successfull with that; even SCO uses our archive of legal documents.
There are more "minor" geological issues the creationists have to deal with. If you take a look at the mid-Atlantic ridge: Europe and America separate at the rate of 4 cm/year. Which would give a separation of 240 meters in 6000 years. I'ld say they are off by a factor of 10000 at least. (I'ld like to have a creationist explanation about the magnetic patterns in the ocean crust, other than God did it to make us think.)
I didn't see them claiming copyrights on the works. Furthermore, these are legal documents (half of them produced by TSG's lawyers) and as such "in the public domain". Of course, I'ld love to see attribution of Groklaw, Tuxrocks, PJ or Frank, but I don't think that the current TSG management has the required amount of sportmanship to do so.
In my opinion it isn't worth to go to court for it; the publicity is a far sweeter reward.
Slashdot Mirror
They do however expect you to play by the rules. Even if you are the person who found a bug, you are expected to let Engineers fix the bug before you release the information.
Do you mean their rules or "fair" rules. The general public has an interest to know about vulnerabilities; it's in Cisco's interest to put a lid on them. If Cisco provides a patch within a few weeks and gives disclosure at that time it's fine with me, but we shouldn't give Cisco the opportunity to keep serious bugs under wraps for years and years.
I smell a Cisco cover up operation that went seriously wrong.
It certainly looks like "witch" is spelled "terrorist" these days. Witches could prove their innocense by drowning when they were thrown in the pond.
I think that a handheld (Palm) would be more convenient for measurements than a laptop. Handheld and GPS receiver do fit in your pocket and they have less moving parts than a laptop.
What is done here is "window dressing". What helps combat crime is increasing the chance to get caught. Will this proposal do anything about that? No, it only helps to fill up prisons with potential security experts...
There is an US theory that anything that happens on the Internet can be proscecuted in the US... I don't think that a French judge will extradict a Frenchman maintaining a French website to the US for proscecution. Besides, what indentification of individuals did they obtain: I don't think that the name 'poopdeville' by itself will cause the arrest of a certain Slashdot poster.
So, millions of tax money have been spent on investogation of a relatively small offence and much, much more will be spent on procecution. Should I be happy now?
I see a lot of reasons to go IPv6, especially now China (1.3 billion people) and India (1 billion people) get connected.
And I need at least 2 IP addresses: One at home and one for my co-loc server...
General rules for planes are the same as for ships. The law of the country of registration of the vehicle are leading: an US plane is considered US territory when in international airspace. When a plane crosses the airspace of another country it has to abide the regulations of that country.
If the working of the equipment is not essential for a conviction, why bother with the details? Why analyse the full US phone system if the case hinges on witness declarations and a financial trace? Yes, the details of phone-tap equipment should be public to prevent tampering with the records, but not the irrelevant details of switching equipment.
As I said, this is just a datapoint and the quality of the distributed.net Power client may attract Mac users, just as the 5% "various" is high for a distributed computing project. Most projects provide clients for only a few platforms. All signs are that Mac use is still a single digit percentage.
X86/Win32 -- 73%
X86/Linux -- 11%
PowerPC/Mac OS X -- 11%
The remaining 5% is divided among dozens of other combinations.p ?project_id=8&view=tco
http://stats.distributed.net/misc/platformlist.ph
I have to note that the PowerPC client for distributed.net is very good, a single 1.2 GHz G4 performs on par with a dual 2.4 GHz P4. So, these statistics suggest that ~5.5% of the CPUs is running Mac OS X.
As a EUropean I feel I have a reason to ignore punitive damages. :-) Statutory damages are slightly different over here too.
I guess the RIAA will be far less motivated to hunt P2P filesharers.
(RIAA style bluffing works differently in Europe. Laws are different, lawsuits are generally cheaper than in the US)
Yes, even a Mac may fail!
I prefer the very unhyped way that Google launches its services, when they are ready! It seems that Microsoft marketing allready has caught up with Google Maps, now it's time for the programmers to do their job.
What is more important, bug-free functionality or the launch date?
There have been problems between the Linux World editors and sys-con about O'Gara's stories for several months. Yesterdays article was the last drop/straw that forced the break.
I honestly thought that the new servers at Ibiblio could handle a Slashdotting... Apologies for the disruption in service this time.
Why doesn't the package builder sign the package with his personal key? This has the additional advantage that you can trace problems to individuals and/or broken keys. The core group of developers should cross-sign all of their public keys; they can then sign the keys of the people that are allowed to make "official" distributions. From then on it is just a matter of key management: distribute the "trusted" public keys and revoke keys when people leave the project.
Yet another theory is that the Universe was created as term work, for which God got a barely passing grade. (What else would you expect for a six-day hack.) Next semester He went on with different courses and forgot about us.
One of Groklaw's missions is to provide access to the available information so that the reader can form his own opinion. We feel we are quite successfull with that; even SCO uses our archive of legal documents.
There are more "minor" geological issues the creationists have to deal with. If you take a look at the mid-Atlantic ridge: Europe and America separate at the rate of 4 cm/year. Which would give a separation of 240 meters in 6000 years. I'ld say they are off by a factor of 10000 at least. (I'ld like to have a creationist explanation about the magnetic patterns in the ocean crust, other than God did it to make us think.)
April 2nd in Australia.
In my opinion it isn't worth to go to court for it; the publicity is a far sweeter reward.