In other words, is it worth to replace a critical bug (security) with a minor bug (annoyance)?
How do you know it will always work out that way? What if an update replaced a critical bug with an even more critical bug? It's not as if developers are conscientously replacing one bug with another. The latter bug will probably be a surprise.
And exactly WHY is it always the first reaction of people like yourself to say "punish the rich and their tax cuts" when the more appropriate statement should be "get those jackass Congressmen to stop spending money like it's theirs, knock it off with their bullshit pork projects, and give the money back to us since it's OUR money"?
Because the rich have way more money to lobby with and therefore have more of a presence in congress than the average-incomed individual. And don't get started on the "everyone has a vote" argument. With enough corporate dollars, a congressman can make their opponent look worse than Hitler no matter how honorable they are.
There might be some hope on the horizon with low-rights IE7. It might be that it really does manage to remove the impact of the bugs, which is really the best case scenario as things stand.
You can do this in linux. Natively. Just make yourself a different user with no rights to do certain things. Try that in Windows and see if it works for you. As to the, "Microsoft will solve everything in the end" mentality, well, I can't really argue with that.
I'm not sure why people keep going back and forth on this issue. It's not hard to run either Firefox or IE as a restricted user. But that does nothing to alleviate the pain caused by malware. If a program ran as this "restricted" user and deleted everything it could, then what would you say? Oh, but it didn't delete sol.exe so I'm safe!
Both IE and Firefox are balking at the one change that could eliminate all of these security issues. Simply don't allow a web page to run code unless the code is signed by a trusted authority. If you don't like/trust the current list of trusted authorities then make a new damn list! Or else remove the ability to execute ActiveX/Java entirely.
That BS was added in under the assumption that code signing would help prevent malware. Somewhere along the line people decided they didn't like the hassle of code signing but left the ability to execute code there.
Firefox gives you a pop-up when a page tries to run invalidly signed Java code. Yes - run this unsigned code with full system access, or No - don't run this code at all. Where's the option for running code like the spec says it should run (with no system access)? IE has the same problem with ActiveX. These browser security models need to grow some balls and quit catering to stupid/lazy web designers.
Oh and buffer overflows are another big problem in these poorly written apps. Two words, "guard bytes". Do your own due diligence.
I like how you equate selling a non-descript laptop for $300 with selling a Sun Blade (with a very well known configuration and price structure) for $20. If someone offered to sell me a $300 laptop then I would need to know more about it to see if it was worth the money. If someone offered me a $20 Sun Blade then I would know something was fishy. You're going to have to do a lot better than that to convince anyone that a $300 laptop is obviously a steal.
Oh, I see. So if you know vi/pico/edit then you can edit any configuration file for any program in existance. That's right, if you know 'x' and 'dd' cut and 'p' pastes, then you can hand hack Oracle configuration files, kernel parameter files, httpd conf files and anything else you could imagine. You can even write your own operating system!
No, it has nothing to do with having knowledge of the syntax and/or knowing what exactly to type into the f***king files! It doesn't matter that GUIs give you choices rather than letting you read the mind of some obscure programmer. Simply checking a box is no challenge. Lets try and see if we can misspell that variable name in exactly the same way the developer did! It's like a puzzle!
The first car wasn't trying to replace something that went 120mph with heated seats, was it? Wasn't it replacing a horse? E-paper is attempting to replace paper so there's nothing wrong with expecting it to be as easy to read as real printed paper. Otherwise, what's the point?
Click on the image for some additional photos. It's a really big, geeky and awkward looking wristwatch. I would like to see someone try and get in a plane with one of those on their wrist. Also notice how the guy is laughing at a color photograph. What's funny is that it's fake. This thing is black and white only.
So encrypt the music/video using a hardened encryption algorithm and then keep the decryption key safe from everyone, including the purchaser. Sure, that'll work.
Or did you mean only share the decryption key with the purchaser and rest assured that this person would never share the key with a single soul? Sure, the honor system always works.
Or better yet, give the purchaser the decryption key but threaten them with the DMCA if they share the key with anyone else. Yeah, that's it!
You totally overlooked the point of my post. If one person can decrypt information using an open algorithm then anybody can. Your comparison to other encryption algorithms overlooks one major difference. With standard encryption, the recipient wants the information kept private. With DRM, there is no incentive to keep the information private.
I didn't mod the parent, obviously. But I do see how "Open DRM" is an oxymoron. With open source you can create access control. For example, you can create an open-source method for controlling access to an OS in general. However, DRM is about restricting access to everyone except the copyright owner and the licensee. It's also all about restricting the licensee from sharing with others. There's no way open source can make this work. There has to be some algorithm that is protected or else what is keeping the licensee from sharing everything he/she knows? If you have the knowledge of a licensee and all of the code/algorithms from the DRM scheme, then you should be able to obtain access to the content.
Cadets are given instructions and then a "colonel" comes along and convinces some of them to do something they shouldn't. How is this a problem specific to email/technology? Hasn't this type of exercise been around as long as the military?
For the billionth time, what does <col align="right"> have to do with css? This is defined in the HTML specification and has nothing to do with the CSS spec.
Please provide more details and the steps to reproduce. Several people are interested, apparently. Most helpful would be if you could give the hotfix # that produced this behavior. You can look through the windows folder and see which hotfixes were installed on which dates.
Pointing out that various popular sites comply with the standards is not the same as blindly creating a standards compliant page and expecting it to work. I can very easily create a 100% compliant web page that doesn't work in either Mozilla or IE.
IE has some real problems with the <button> tags that pretty much breaks any page that uses it unless you work around the bugs. Mozilla has some serious issues with the <col> tag that breaks any page that relies on that functionality unless you add workarounds. Both are 100% standards compliant and both will break if you use them incorrectly.
WTF?! Developers spend thousands of dollars if not millions developing these sequels. Spams are essentially free to create by the thousands. How are they even remotely similar? If a few people buy something advertised in a spam session then it's profitable. How many people have to purchase a video game sequel to make it profitable? A few? Try a few hundred thousand.
Not quite. I run windows as a non-admin and only have the services running that I want to run. Windows is still easier than most linux distros.
An example, in windows if I have 3 soundcards and want windows to use my extigy vs my sb live then all I have to do is go into the control panel and choose it from a drop-down list. In linux, I have to wade through tons of documentation to figure out what to code into asound.rc, modprobe.conf, and who knows what else. Both accomplish the same thing but one is obviously easier.
Another example, if I want to add/remove settings from my firewall then all I have to do is click the blackice icon and fill out a few fields and click "ok". In linux I have to reread the entire iptables manpage and carefully construct some iptables commands. I also have to remember to "save" everything for some reason or else it's lost when iptables shuts down.
The point is, a lot of things are easier and windows and not everything comes at the expense of some loss of functionality. Some things in linux just require too many codes/files/commands to accomplish what appears to be one single request.
we're taking the proactive step of resetting Cisco.com passwords
What a bunch of crap! That's not proactive, it's reactive. Once the passwords are gone then their customers are screwed. How many of those passwords will work at other sites like banks and credit card companies? I'd bet quite a few. From a company that came up with the 3 A's, you would expect them to at least know how one-way hashes work.
For some reason I doubt that your average counterfeiter will use a color laserjet they picked up from Best Buy. The tool of choice for this activity is the offset printing press.
innerHTML is the wrong way to go, especially in XHTML documents. That's because you can potentially insert badly formed XHTML into the document.
I'm not sure I follow. Without "innerHTML", I can't add badly formed xhtml into my document? That's funny, I do it all the time.
This is a big problem I've always had with DOM regarding xml and/or xhtml processing. Why should I have to recursively parse every node under an element just to recreate the original xml?
If this really is the reason behind the w3c not having some kind of element.innerXML method, then that's just incredible. What's really the difference between this:
Let's say you are implementing a feature and are faced with two approaches, the IE-only approach and the standards-compliant approach.
Even if you know your audience is IE users with no choice in browsers, it would still be unwise to choose the IE-only approach. You may be relying on some undocumented side-effect of IE that will get "fixed" in their next release/patch.
As an example, I had to support an app that provided a list of items as anchor tags. IE did not require the anchor tag to be closed since it would automatically close it on the next "</p>" tag. After upgrading to IE 5.5, this "feature" started causing stack overflow exceptions.
Most people, when they say "IE-specific" they actually mean "IE version x/windows verion y/service pack level z"-dependent.
Slashdot Mirror
That's news to me. It's news to Sun as well.
How do you know it will always work out that way? What if an update replaced a critical bug with an even more critical bug? It's not as if developers are conscientously replacing one bug with another. The latter bug will probably be a surprise.
Because the rich have way more money to lobby with and therefore have more of a presence in congress than the average-incomed individual. And don't get started on the "everyone has a vote" argument. With enough corporate dollars, a congressman can make their opponent look worse than Hitler no matter how honorable they are.
Well, if their mattress is in Bermuda or the Cayman islands then maybe. I figured they kept it big bags with a huge $ printed on the side.
I'm not sure why people keep going back and forth on this issue. It's not hard to run either Firefox or IE as a restricted user. But that does nothing to alleviate the pain caused by malware. If a program ran as this "restricted" user and deleted everything it could, then what would you say? Oh, but it didn't delete sol.exe so I'm safe!
Both IE and Firefox are balking at the one change that could eliminate all of these security issues. Simply don't allow a web page to run code unless the code is signed by a trusted authority. If you don't like/trust the current list of trusted authorities then make a new damn list! Or else remove the ability to execute ActiveX/Java entirely.
That BS was added in under the assumption that code signing would help prevent malware. Somewhere along the line people decided they didn't like the hassle of code signing but left the ability to execute code there.
Firefox gives you a pop-up when a page tries to run invalidly signed Java code. Yes - run this unsigned code with full system access, or No - don't run this code at all. Where's the option for running code like the spec says it should run (with no system access)? IE has the same problem with ActiveX. These browser security models need to grow some balls and quit catering to stupid/lazy web designers.
Oh and buffer overflows are another big problem in these poorly written apps. Two words, "guard bytes". Do your own due diligence.
I like how you equate selling a non-descript laptop for $300 with selling a Sun Blade (with a very well known configuration and price structure) for $20. If someone offered to sell me a $300 laptop then I would need to know more about it to see if it was worth the money. If someone offered me a $20 Sun Blade then I would know something was fishy. You're going to have to do a lot better than that to convince anyone that a $300 laptop is obviously a steal.
Oh, I see. So if you know vi/pico/edit then you can edit any configuration file for any program in existance. That's right, if you know 'x' and 'dd' cut and 'p' pastes, then you can hand hack Oracle configuration files, kernel parameter files, httpd conf files and anything else you could imagine. You can even write your own operating system!
No, it has nothing to do with having knowledge of the syntax and/or knowing what exactly to type into the f***king files! It doesn't matter that GUIs give you choices rather than letting you read the mind of some obscure programmer. Simply checking a box is no challenge. Lets try and see if we can misspell that variable name in exactly the same way the developer did! It's like a puzzle!
The first car wasn't trying to replace something that went 120mph with heated seats, was it? Wasn't it replacing a horse? E-paper is attempting to replace paper so there's nothing wrong with expecting it to be as easy to read as real printed paper. Otherwise, what's the point?
Click on the image for some additional photos. It's a really big, geeky and awkward looking wristwatch. I would like to see someone try and get in a plane with one of those on their wrist. Also notice how the guy is laughing at a color photograph. What's funny is that it's fake. This thing is black and white only.
You should change your name to Overly Naive Guy.
So encrypt the music/video using a hardened encryption algorithm and then keep the decryption key safe from everyone, including the purchaser. Sure, that'll work.
Or did you mean only share the decryption key with the purchaser and rest assured that this person would never share the key with a single soul? Sure, the honor system always works.
Or better yet, give the purchaser the decryption key but threaten them with the DMCA if they share the key with anyone else. Yeah, that's it!
You totally overlooked the point of my post. If one person can decrypt information using an open algorithm then anybody can. Your comparison to other encryption algorithms overlooks one major difference. With standard encryption, the recipient wants the information kept private. With DRM, there is no incentive to keep the information private.
I didn't mod the parent, obviously. But I do see how "Open DRM" is an oxymoron. With open source you can create access control. For example, you can create an open-source method for controlling access to an OS in general. However, DRM is about restricting access to everyone except the copyright owner and the licensee. It's also all about restricting the licensee from sharing with others. There's no way open source can make this work. There has to be some algorithm that is protected or else what is keeping the licensee from sharing everything he/she knows? If you have the knowledge of a licensee and all of the code/algorithms from the DRM scheme, then you should be able to obtain access to the content.
Cadets are given instructions and then a "colonel" comes along and convinces some of them to do something they shouldn't. How is this a problem specific to email/technology? Hasn't this type of exercise been around as long as the military?
For the billionth time, what does <col align="right"> have to do with css? This is defined in the HTML specification and has nothing to do with the CSS spec.
Please provide more details and the steps to reproduce. Several people are interested, apparently. Most helpful would be if you could give the hotfix # that produced this behavior. You can look through the windows folder and see which hotfixes were installed on which dates.
Pointing out that various popular sites comply with the standards is not the same as blindly creating a standards compliant page and expecting it to work. I can very easily create a 100% compliant web page that doesn't work in either Mozilla or IE.
IE has some real problems with the <button> tags that pretty much breaks any page that uses it unless you work around the bugs. Mozilla has some serious issues with the <col> tag that breaks any page that relies on that functionality unless you add workarounds. Both are 100% standards compliant and both will break if you use them incorrectly.
Sequels to video games are not like spam. Sorry, but you lack common sense if you think otherwise.
WTF?! Developers spend thousands of dollars if not millions developing these sequels. Spams are essentially free to create by the thousands. How are they even remotely similar? If a few people buy something advertised in a spam session then it's profitable. How many people have to purchase a video game sequel to make it profitable? A few? Try a few hundred thousand.
Any thrown object is going to have a parabolic path regardless of how fast it is thrown. Even bullets travel in a parabolic path.
Not quite. I run windows as a non-admin and only have the services running that I want to run. Windows is still easier than most linux distros.
An example, in windows if I have 3 soundcards and want windows to use my extigy vs my sb live then all I have to do is go into the control panel and choose it from a drop-down list. In linux, I have to wade through tons of documentation to figure out what to code into asound.rc, modprobe.conf, and who knows what else. Both accomplish the same thing but one is obviously easier.
Another example, if I want to add/remove settings from my firewall then all I have to do is click the blackice icon and fill out a few fields and click "ok". In linux I have to reread the entire iptables manpage and carefully construct some iptables commands. I also have to remember to "save" everything for some reason or else it's lost when iptables shuts down.
The point is, a lot of things are easier and windows and not everything comes at the expense of some loss of functionality. Some things in linux just require too many codes/files/commands to accomplish what appears to be one single request.
Who would do such a thing?
For some reason I doubt that your average counterfeiter will use a color laserjet they picked up from Best Buy. The tool of choice for this activity is the offset printing press.
I'm not sure I follow. Without "innerHTML", I can't add badly formed xhtml into my document? That's funny, I do it all the time.
This is a big problem I've always had with DOM regarding xml and/or xhtml processing. Why should I have to recursively parse every node under an element just to recreate the original xml?
If this really is the reason behind the w3c not having some kind of element.innerXML method, then that's just incredible. What's really the difference between this:
and this:
Does one or the other do a better job of preventing malformed xml? I think not.
Let's say you are implementing a feature and are faced with two approaches, the IE-only approach and the standards-compliant approach.
Even if you know your audience is IE users with no choice in browsers, it would still be unwise to choose the IE-only approach. You may be relying on some undocumented side-effect of IE that will get "fixed" in their next release/patch.
As an example, I had to support an app that provided a list of items as anchor tags. IE did not require the anchor tag to be closed since it would automatically close it on the next "</p>" tag. After upgrading to IE 5.5, this "feature" started causing stack overflow exceptions.
Most people, when they say "IE-specific" they actually mean "IE version x/windows verion y/service pack level z"-dependent.