Yeah, but after all the back-slapping and laughing-themselves-silly, somebody is going to get the bright idea that a security audit would be a great marketing tool. "You should hire us because we're secure. Really -- just ask !" And some customers will notice.
Read the article. It was a single mistake -- leaving a firewall down after performing a transfer of data from one server to another. But, why would you need to take down a firewall to transfer data? Set up a VPN, or better yet, use hard drives and old-fashioned sneakernet to transfer the data.
What the vendor really needed was a security audit by an external security firm. I bet you will see more of that in its competitors (or ex-competitors).
We is not only behind in science. We is also illiterate. Most varmints nevah read enny classic texts. An' ah will probably make at least one spellin' erro' in this hyar post. Th' problem is lack of stan'ardized curriculum, dawgone it. Almost ev'ry nashun thet is cited as an example of someone we "pow'ful sh'dn't be behind but still are" has a stan'ard curriculum in science, math an' hoominities. We haftao much local opposishun t'it fum all-too-pow'ful skoo marm's unions. This hyar is not meant t'start cornservative vs liberal debate (even though ah happened t'menshun skoo marm's unions). Most of th' time in K-12 a program fo' ejoocaytin' varmints on over a period of 12 years is designed by skoo marms who kin't plan fo' mo'e than 1 year. They doesn't haf th' time o' th' backgroun' t'see "th' trimenjus pitcher" of whar their particular class fits in th' ovahall ejoocayshun. A separeete bureaucracy (thar, now yo' kin't accuse me of bein' too cornservative) of experts on development c'd does a much better job of it by designin' an' tweakin' a curriculum fo' th' entire nashun. China does it. So does Russia an' so does ev'ry European country.
"Also I would like to add everytime something cool comes out like this the article is all good until the bottom where they have to go and say it's good for street signs and advertising"
How else do you expect private enterprise to pay for additional development? One of the first rules of capitalism is this: if it offers no profit, it has no future. Cutting-edge technology tends to be used by either the military, the pr0n industry, or the advertising industry. The latter is the safest to mention in a public venue.
There were a few other very minor flaws in the book. For instance, in the information about the reviewer, "MySQL" is misspelled. In the Table of Contents, the "Available Toolbar Buttons" line appears to be one font size too small, and thus inconsistent with the other subsection heads. All of these weaknesses are of little consequence and could be fixed in the next edition.
These are problems, but jeez -- why mention them in a book review? And he left out whether or not the colors in the logo were 100% accurate to Joomla's CMYK specifications....
I've used Typo3, Joomla, and Drupal. I would say that Joomla is the easiest to set up and use, but it also less customizable (although it seems to have more e-commerce plugins than some of the others). If it does what you need it to, Joomla is great. I haven't used PHP-Nuke in years but my impression is that (again) Joomla is superior in ease of use and inferior in flexibility.
The CMS Matrix has a summary of features (which can be compared against other CMS systems in its list).
It's still on his desk, right where he left it
on
3 Ton Meteorite Stolen
·
· Score: 2, Funny
According to this article, the meteorite went missing last June, but they only reported it now. HELLO? It's still on Lavbin's desk, right where he left it, but his desk is actually MORE MESSY than mine.
To quote from the Schneier column you mention: "A patched buffer overflow doesn't mean that there's one less way attackers can get into your system; it means that your design process was so lousy that it permitted buffer overflows, and there are probably thousands more lurking in your code."
Well, Bruce, it means BOTH things: it's one less way attackers can get into the system AND the design process was lousy.
You suggested that my attitude was that patches will fix everything. Not hardly. Read the context: I'm saying that ATI will patch this particular hole, but the VASTLY MORE IMPORTANT question is how many other supposedly securely-signed drivers have similar holes? You think ATI is alone in this? Or even that this is the only hole in ATI's code? Of course not. So this isn't really news about ATI. It's news about Microsoft's supposed "secure drivers" process being a joke. I'm sure we knew that already, but here is hard proof.
That's true. I would hope that Microsoft could roll this into its "critical updates" -- not that ALL users would get it, but it should cover a big spread.
Seems like the real concern is not that ATI's code opens a security hole. You know ATI will patch it. A more important question is, how many other securely-signed drivers, etc., have similar holes? How many drivers are there in a typical Windows Vista system, anyway?
At least Microsoft can say (with some truth) that it's not THEIR software which introduces the problem! (it actually is, of course, but not directly)
My wife recently went back to graduate school. Her seven-year-old laptop does everything she needs it to. It's a Mac PowerBook G3 (black case with Firewire, a.k.a. Apple's "Pismo" architecture) running at 400mhz, with 640mb of RAM, running the latest version of OS X (10.4.10) -- yes, Apple officially supports 10.4.x on Pismo systems (no XPostFacto required).
My wife uses the entire Microsoft Office suite for school; Photoshop CS 2 and iPhoto v5 run slowly on it, but she rarely uses them so it's not a big deal. She never plays games on it. The only irritation is that some courses now require using online multimedia, and certain Flash and streaming video pages are a little choppy (but let's face it, Flash on the Mac/PowerPC architecture has always been slower than it should have been). It's got built-in WiFi, USB and Firewire. I have added a bigger hard drive and more RAM to it over the years (six gigabytes dries up real fast with iPhoto) but the system is still chugging along. The main problem is that the LCD backlighting is growing dimmer with time, so the screen is getting harder to read. Other than that, there have never been any problems with it.
The Lombard and Pismo designs have dual hot-swappable bays: one for the battery and one for drives (DVD came with it, but we bought a used 250mb Zip for the bay a few years back). But -- and this is the coolest part -- you can put a second battery in the drive bay instead, netting nearly ten hours of real-time use. I miss that with my PowerBook G4... lucky to get three hours off of a full charge.
I had hoped that Microsoft would one day support P2P.
You're missing the point. They ARE supporting P2P networks. Once they've ruined all the others with this viral DRM stuff, they'll launch their own P2P network that works slightly better/faster/nicer, and proclaim themselves as saving the day!
As Douglas Adams said, "The idea that Bill Gates has appeared like a knight in shining armor to lead all customers out of a mire of technological chaos neatly ignores the fact that it was he, who by peddling second-rate technology, led them into it in the first place."
It's as if the terrorists WANT to keep the Republicans in office.
Of course they do. The current Republican administration is making America look especially stupid and arrogant and greedy and unscrupulous to the rest of the world. If your goal was to ruin America, it's in your best interest to keep these people in charge of it. As the old phrase goes, "Give them enough rope and they will hang themselves."
I am hardly suggesting that all Republicans are stupid, arrogant, etc. (Nor am I suggesting that anyone should be hanged.) There are just as many people in other parties who match this description. But the current presidential administration happens to fill these roles with gusto. Let's hope the next election turns out well.
I take it that you've never had to support the Intel ProSet software in a large business environment.
No, I haven't, so I will defer to your expertise in this. I was simply commenting on the apparent feature differences: the Intel card covers 802.11 flavors "a" and "g", while the Dell only supports "g" (according to the specs I pulled from the Dell site).
Sounds like GIMP lacks good print preview or print tiling mechanisms. Tiling is when the program prints out the image across multiple pages, with overlap on each page, so that you can cut out and assemble the pages into one larger printed image. I'm betting it lacks slicing, too, which is something Photoshop/ImageReady excel at -- taking a large image and blocking off areas to be saved as different image files, each with its own file name and type (GIF, JPG, PNG) and compression settings. This is invaluable for web design. (If GIMP does this, that's cool.)
From the presentation slides, it seems like 200 people have installed it (netting "over 100,000 commands" in the log files). Obviously more will do so in response to the Slashdot article (and appropriate web pollination)... but aren't these self-selected geeks already? How are you going to get non-geeks to install this instead of the regular GIMP (assuming you convinc them to take a look at it)?
Furthermore, how does this help determine what GIMP isn't doing properly? I mean, if you have various tools at your disposal, and GIMP sucks at doing X, then you might do half your work in GIMP and the other half in another app. So all the usability problems around X won't show up in the logs -- almost a kind of self-denial.
I use Photoshop on a nearly daily basis. Last time I tried GIMP it was not ready for professional print design, to be sure, and only probably good enough for desktop publishing or Web graphics. How about Pantone or CMYK support? Non-destructive layer effects? Variable-sized brushes? Actually useful text formatting?
They won't sniff drugs (well, maybe catnip) but Lifestyle Pets sells the "Ashera" line of housecats. It costs a mere $22K (or $28K if you want expedited processing) plus $1500 shipping -- and, according to their FAQ, "All Ashera kittens are provided with a Certificate of Authenticity that will include an image of each kitten's DNA 'fingerprint'."
If Microsoft ever gets into this business, we'll be in real trouble. "I'm sorry, sir, we need to ensure that your copy of Microsoft Puppy is not pirated. Can you read me the 500-character DNA fingerprint off of your Certificate of Authenticity?"
Slashdot Mirror
Oops, that should have been: "just ask <security audit firm>!". Curse those HTML tag interpreters...
Yeah, but after all the back-slapping and laughing-themselves-silly, somebody is going to get the bright idea that a security audit would be a great marketing tool. "You should hire us because we're secure. Really -- just ask !" And some customers will notice.
Read the article. It was a single mistake -- leaving a firewall down after performing a transfer of data from one server to another. But, why would you need to take down a firewall to transfer data? Set up a VPN, or better yet, use hard drives and old-fashioned sneakernet to transfer the data.
What the vendor really needed was a security audit by an external security firm. I bet you will see more of that in its competitors (or ex-competitors).
Read the article, bottom of the page: "Mira's tail is only visible in ultraviolet light, and does not show up in visible light."
Let me correct that for you:
There you go.
"Also I would like to add everytime something cool comes out like this the article is all good until the bottom where they have to go and say it's good for street signs and advertising"
How else do you expect private enterprise to pay for additional development? One of the first rules of capitalism is this: if it offers no profit, it has no future. Cutting-edge technology tends to be used by either the military, the pr0n industry, or the advertising industry. The latter is the safest to mention in a public venue.
These are problems, but jeez -- why mention them in a book review? And he left out whether or not the colors in the logo were 100% accurate to Joomla's CMYK specifications....
I've used Typo3, Joomla, and Drupal. I would say that Joomla is the easiest to set up and use, but it also less customizable (although it seems to have more e-commerce plugins than some of the others). If it does what you need it to, Joomla is great. I haven't used PHP-Nuke in years but my impression is that (again) Joomla is superior in ease of use and inferior in flexibility.
The CMS Matrix has a summary of features (which can be compared against other CMS systems in its list).
According to this article, the meteorite went missing last June, but they only reported it now. HELLO? It's still on Lavbin's desk, right where he left it, but his desk is actually MORE MESSY than mine.
To quote from the Schneier column you mention: "A patched buffer overflow doesn't mean that there's one less way attackers can get into your system; it means that your design process was so lousy that it permitted buffer overflows, and there are probably thousands more lurking in your code."
Well, Bruce, it means BOTH things: it's one less way attackers can get into the system AND the design process was lousy.
You suggested that my attitude was that patches will fix everything. Not hardly. Read the context: I'm saying that ATI will patch this particular hole, but the VASTLY MORE IMPORTANT question is how many other supposedly securely-signed drivers have similar holes? You think ATI is alone in this? Or even that this is the only hole in ATI's code? Of course not. So this isn't really news about ATI. It's news about Microsoft's supposed "secure drivers" process being a joke. I'm sure we knew that already, but here is hard proof.
That's true. I would hope that Microsoft could roll this into its "critical updates" -- not that ALL users would get it, but it should cover a big spread.
Seems like the real concern is not that ATI's code opens a security hole. You know ATI will patch it. A more important question is, how many other securely-signed drivers, etc., have similar holes? How many drivers are there in a typical Windows Vista system, anyway?
At least Microsoft can say (with some truth) that it's not THEIR software which introduces the problem! (it actually is, of course, but not directly)
Read 'em yourselves: EU's official statement and Intel's official response.
Totally agreed.
My wife recently went back to graduate school. Her seven-year-old laptop does everything she needs it to. It's a Mac PowerBook G3 (black case with Firewire, a.k.a. Apple's "Pismo" architecture) running at 400mhz, with 640mb of RAM, running the latest version of OS X (10.4.10) -- yes, Apple officially supports 10.4.x on Pismo systems (no XPostFacto required).
My wife uses the entire Microsoft Office suite for school; Photoshop CS 2 and iPhoto v5 run slowly on it, but she rarely uses them so it's not a big deal. She never plays games on it. The only irritation is that some courses now require using online multimedia, and certain Flash and streaming video pages are a little choppy (but let's face it, Flash on the Mac/PowerPC architecture has always been slower than it should have been). It's got built-in WiFi, USB and Firewire. I have added a bigger hard drive and more RAM to it over the years (six gigabytes dries up real fast with iPhoto) but the system is still chugging along. The main problem is that the LCD backlighting is growing dimmer with time, so the screen is getting harder to read. Other than that, there have never been any problems with it.
The Lombard and Pismo designs have dual hot-swappable bays: one for the battery and one for drives (DVD came with it, but we bought a used 250mb Zip for the bay a few years back). But -- and this is the coolest part -- you can put a second battery in the drive bay instead, netting nearly ten hours of real-time use. I miss that with my PowerBook G4... lucky to get three hours off of a full charge.
You're missing the point. They ARE supporting P2P networks. Once they've ruined all the others with this viral DRM stuff, they'll launch their own P2P network that works slightly better/faster/nicer, and proclaim themselves as saving the day!
As Douglas Adams said, "The idea that Bill Gates has appeared like a knight in shining armor to lead all customers out of a mire of technological chaos neatly ignores the fact that it was he, who by peddling second-rate technology, led them into it in the first place."
...she says the Microsoft Internet is down again even with that forty jiggle-bite thingy you installed.
Of course they do. The current Republican administration is making America look especially stupid and arrogant and greedy and unscrupulous to the rest of the world. If your goal was to ruin America, it's in your best interest to keep these people in charge of it. As the old phrase goes, "Give them enough rope and they will hang themselves."
I am hardly suggesting that all Republicans are stupid, arrogant, etc. (Nor am I suggesting that anyone should be hanged.) There are just as many people in other parties who match this description. But the current presidential administration happens to fill these roles with gusto. Let's hope the next election turns out well.
Nah, mod parent up. Of course, scratched video disks are still less stupid than lost pants.
No, I haven't, so I will defer to your expertise in this. I was simply commenting on the apparent feature differences: the Intel card covers 802.11 flavors "a" and "g", while the Dell only supports "g" (according to the specs I pulled from the Dell site).
And, checking the Windows price again, it's dropped $50 from when I checked it before (for a price difference of $45).
I give up. Maybe if I check again in 20 minutes, Dell's Windows systems really will cost less than Ubuntu.
Sorry, I transposed numbers on the Ubuntu price -- the machine is $774, not $747, so the difference is $95, not $122.
My apologies. But Dell's Ubuntu system is still cheaper.
So Dell's base 1420 with Ubuntu costs $747 with these specs:
Meanwhile, Dell's Windows equivalent has exact same specs, except for these differences:
And the Windows version costs $869. So the Ubuntu version is $122 cheaper and has a better WiFi card.
Remind me again... what did you step in?
Sounds like GIMP lacks good print preview or print tiling mechanisms. Tiling is when the program prints out the image across multiple pages, with overlap on each page, so that you can cut out and assemble the pages into one larger printed image. I'm betting it lacks slicing, too, which is something Photoshop/ImageReady excel at -- taking a large image and blocking off areas to be saved as different image files, each with its own file name and type (GIF, JPG, PNG) and compression settings. This is invaluable for web design. (If GIMP does this, that's cool.)
From the presentation slides, it seems like 200 people have installed it (netting "over 100,000 commands" in the log files). Obviously more will do so in response to the Slashdot article (and appropriate web pollination)... but aren't these self-selected geeks already? How are you going to get non-geeks to install this instead of the regular GIMP (assuming you convinc them to take a look at it)?
Furthermore, how does this help determine what GIMP isn't doing properly? I mean, if you have various tools at your disposal, and GIMP sucks at doing X, then you might do half your work in GIMP and the other half in another app. So all the usability problems around X won't show up in the logs -- almost a kind of self-denial.
I use Photoshop on a nearly daily basis. Last time I tried GIMP it was not ready for professional print design, to be sure, and only probably good enough for desktop publishing or Web graphics. How about Pantone or CMYK support? Non-destructive layer effects? Variable-sized brushes? Actually useful text formatting?
They won't sniff drugs (well, maybe catnip) but Lifestyle Pets sells the "Ashera" line of housecats. It costs a mere $22K (or $28K if you want expedited processing) plus $1500 shipping -- and, according to their FAQ, "All Ashera kittens are provided with a Certificate of Authenticity that will include an image of each kitten's DNA 'fingerprint'."
If Microsoft ever gets into this business, we'll be in real trouble. "I'm sorry, sir, we need to ensure that your copy of Microsoft Puppy is not pirated. Can you read me the 500-character DNA fingerprint off of your Certificate of Authenticity?"