This release is supposed to be the first one to include out of the box, native support for Java, right ? Does anyone know if they are still on track with that ?
>> Borrow someone else's copy of that abusive monopoly product and burn it to CD
>> If Microsoft sues you for copyright infringement (which they won't), counter-sue.
Advocating civil disobedience as a way to deal with abusive monopolies ? Finally, something we agree on completely. =) Seems like a good place to end this little thread.
>> Go for a walk down the street downtown with a lit joint and see how free you are. Then come try it in Canada.
Well, at least now everybody has the same enemy... try to create and/or publicize a workalike for the product of a billion-dollar corporation in Russia (Skylarov - Adobe eBook), Norway (Johansen - DVD player), or the US (Bleem, 2600, et al). See the difference ? Nope, me neither.
Not even. From the standpoint of me, the consumer:
Scenario 1: There's a big security problem with Product X, which I have purchased. There is no disclosure of that vulnerability by corporation Xmaker, inc. The way I find out about it, then, is I get all my money stolen away in my use of X, or it fails and causes my car to crash, or whatever. Even then, there's no action taken for just me, it has to happen to a BUNCH of people before it becomes a spot on the radar of Xmaker, inc.
Scenario 2: There's a bug, and it makes the evening news. Thousands of mostly unsophisticated criminals learn of the vulnerability and how to exploit it. The Xmaker inc realizes that things are about to get really really rough unless they fix the bug, and they do so. I, as the consumer, am vaguely aware that there was a bug, but it's fixed now, and nobody, or some terrifically small number of people compared to scenario 1, was adversely affected by it. As bonus points for Xmaker, inc, my trust of, and loyalty to said corporation increases somewhat.
>> obviously you are incorrect about not being allowed to have enough information, since you apparently have this information.
No I don't. I don't know what corporations have vulnerable gift cards and which ones have taken the (trivial) steps to make these devices relatively safe to use. In the case of Microsoft software products, I have this information because of independant research groups publishing it, the very practice Microsoft is trying to suppress.
>> And how exactly would you enact such a system?
By allowing, and encouraging (through an avoidance of suppressive legislation, if not actual financial support) the independant review and disclosure of consumer goods. Such things as Bugtraq and other consumer watchdog organizations.
>> consumers are likewise not going to expend money fixing any problem, no matter how severely it affects a corporation, until it starts to affect them.
I, as a consumer, am not in a position to fix security issues with products I purchase, or I most certainly would. I don't have the source code to Windows or Outlook to fix those bugs or they'd be fixed by now. I don't have the ability to restructure Circuit City's gift card system or I would do so. The only recourse I have is to simply avoid using the products that have security flaws. But, if the bugs are kept closely guarded secrets, I am not able to make even that simple decision! Furthermore, assuming I know full well that a product from a given corpoation is full of security problems, and want to boycott it, what do I do if that corporation has a (judicially proven) abusive monopoly in that product space ?
Same thing to the corporation. Not the same to the consumer. (That's you, slick.)
>> When you buy software from Microsoft you take a risk that it's not going to work perfectly.
Microsoft wants to keep you from ever finding out that there are any problems with their product. Being stupid and not being allowed to have enough information to make an educated decision are most certainly -not- the same thing.
>> If you don't like capitalism you shouldn't be in Circuit City anyway.
I like capitalism fine. I just advocate a system that gives corporations a significant capitalist interest in promptly and proactively fixing problems with their products that put their customers' money (gift cards), health (aspartame and other drugs), or lives (automobiles) at risk.
Businesses are not going to expend money fixing any problem, no matter how severly it affects me as a customer, until it starts to affect their profitability. I wouldn't expect them to; they are a construct created with the express purpose of optimizing profitability. My goal as a security-conscious consumer is to -make- it the corporation's best interest to fix any problems that would have a detrimental effect on me as quickly as possible.
Yeah, I've always wondered why there's not a lot more effort expended to fight petty theft from this direction. If law enforcement is able to crack down on pawn shops dealing in stolen goods, then in one fell swoop they've cut most of the profitability out from under bike theft, car breakins, home invasions, baggage theft (at airports, etc)...
My girlfriend's house was broken into last year. They didn't take ANY cash, but they took a laptop computer, some DVDs, and a whole lot of jewelry. That's where the money is in theft...
>> In this case we're talking about whether or not to spend money to stop losing money.
No, we're talking about spending money to prevent your customers from being robbed due to deficiencies in your product. For an obvious (to slashdotters) analog, compare the total number of damages in billions of dollars caused by security deficiencies in Microsoft products, to the amount of actual financial liability incurred by Microsoft itself.
Suppose the company in question is Circuit City. How many hundreds of thousands of customer dollars have to be stolen before the amount of dollars that the thefts cost Circuit City corporate warrants them doing something about it ?
>> Most smart managers want to fix a problem before it bites them.
>> At least that's how it'd work where I work.
In my experience, most companies operate on some variation of the Fight Club 'formula'. In this case, if the cost of closing the security hole is more than the estimated value of the loss of customer loyalty plus the value of any out of court settlements, then it won't get fixed.
>> And then there are plenty of dishonest people around who aren't inventive enough to think this up and would
>> jump on the bandwagon if the retailer's name was mentioned.
No doubt. And what do you think would give these companies a reason to change their policies and fix the problem faster than a thundering bandwagon of thieves armed with this groovy new idea to make easy money ?
In a nondisclosure situation, nobody's going to get pissed or be at risk of losing their job until a significant amount of money is already ripped off.
If, on the other hand, MSNBC ran a list of 'top ten shittiest gift card security offenders', this would impel an immediate change be made by those ten offenders, lest they incur huge losses in reputation .
Interesting... after describing a company who is particularly lax in their security practices wrt the gift cards:
The company's name isn't being published to avoid giving criminals a too-easy target.
Swell. So there's no significant economic reason for that company to change their policies yet. -sigh-
At least Microsoft is internally consistant in their views on disclosure of security concerns... albeit consistantly wrong.
>> How is it?
I've been extremely pleased with it overall. The only gripe I have with it at all is the mp3 playing interface is all kinds of shitty (sounds fine though). It doesn't read filenames longer than 8.3. If you have seen an Apex player, it's actually got almost identical menus.
>> which monitor resulution are supported?
Not sure, but I think it runs at the native resolution of the DVD, so 720x480 for ntsc discs and close to that for PAL. It's well inside the sync rates of my monitor, the 2.7 AV from Princeton Graphics
>> did you buy it directly from Hong Kong?
Yes, from Project Design (link in parent post)
>> was a reliable shopping process?
Sort of. He accepts money order or Paypal if memory serves, not credit card directly. I used Paypal because I figured if anything went screwy I would have the best chance of getting my money back that way. Nothing did, I got it very promptly and was able to track it the whole way. However, when I got it there was a cable disconnected inside, so I had to immediately void my warranty to get it working, but I honestly don't think I really had a warranty to begin with;-) To be completely fair, I never even brought this up with the guy at Project Design, for all I know he would have promptly exchanged it for me, but I didn't consider it worth the trouble. Long story short, I plan on doing business with this guy in the future, but I do plan on continuing to cover my ass by using paypal/credit.
One more note on hackability: This player, like most of the Apex ones, uses a standard ATAPI DVD-Rom drive, single speed. If you drop a faster drive in it, you can skip through chapters and fast-forward or rewind with speed that blows the most expensive name-brand players completely out of the water. =)
I got myself setup with an HDTV system for under $600. I got a Princeton Graphics monitor and a cool chinese import DVD player from Project Design and Trading Company that has VGA output. So I have a high-resolution non-interlaced signal. The player, the DVD-368PS, also has normal progressive scan signals if you decide to upgrade your TV later to a 'conventional' HDTV.
> Is it trendy to be a kerneldeveloper? Sorry but I couldn't care less about *WHO* made a change.
It's probably less for the purpose of claiming credit than assigning blame.;-)
But, if you have a problem with a specific area of the kernel, say a particular sound card driver, it usually helps to at least cc the author/maintainer of that chunk of code directly as well as posting to the list; just raises the probability of your bug report getting the eyes of somebody who can do something useful with it.
The first person to have Crusoe portables stateside, as far as I know, is Emperor Linux. I've never had anything but excellent experience in dealing with them.
Re:Hard to install and setup?
on
Future Of IDS
·
· Score: 1
> If I can see an attack and it is the real thing the attacker has failed.
And if you see a false positive caused by legitimate traffic and respond to it as though it were an attack, then you have failed.
Re:Hard to install and setup?
on
Future Of IDS
·
· Score: 1
There's a difference between installing an IDS and effectively using one once its installed. Finding somebody who can intelligently deal with the output from any IDS (snort, portsentry, whatever) is harder than finding somewho can do the initial setup.
The company I work for is set up to do centralized monitoring of lots of different IDS's (including a spiffy one we developed in-house) for our customers who don't want to deal with/can't afford to hire their own people. There are only so many admins in the world who know how to deal with an attack, and they usually want a lot of money for that. =)
Cool... the distributed IDS model (lots of listeners spread throughout the network reporting back home for analysis) is what we engineered our product for. It's the only effective way to keep an eye on the whole network so you can see a distributed attack or an internal-to-internal attack.
Slashdot Mirror
They're apparently including vehicles this time around, Tribes 2 style.
Heh... in reference to a future windows-compatible iPod from Apple:
;-)
Apple is great at keeping secretes (sic)
I know a certain Canadian news agency that won't be getting an early look at the iWinPod
This release is supposed to be the first one to include out of the box, native support for Java, right ? Does anyone know if they are still on track with that ?
>> Borrow someone else's copy of that abusive monopoly product and burn it to CD
>> If Microsoft sues you for copyright infringement (which they won't), counter-sue.
Advocating civil disobedience as a way to deal with abusive monopolies ? Finally, something we agree on completely. =) Seems like a good place to end this little thread.
>> Go for a walk down the street downtown with a lit joint and see how free you are. Then come try it in Canada.
Well, at least now everybody has the same enemy... try to create and/or publicize a workalike for the product of a billion-dollar corporation in Russia (Skylarov - Adobe eBook), Norway (Johansen - DVD player), or the US (Bleem, 2600, et al). See the difference ? Nope, me neither.
> No, same thing to society.
Not even. From the standpoint of me, the consumer:
Scenario 1: There's a big security problem with Product X, which I have purchased. There is no disclosure of that vulnerability by corporation Xmaker, inc. The way I find out about it, then, is I get all my money stolen away in my use of X, or it fails and causes my car to crash, or whatever. Even then, there's no action taken for just me, it has to happen to a BUNCH of people before it becomes a spot on the radar of Xmaker, inc.
Scenario 2: There's a bug, and it makes the evening news. Thousands of mostly unsophisticated criminals learn of the vulnerability and how to exploit it. The Xmaker inc realizes that things are about to get really really rough unless they fix the bug, and they do so. I, as the consumer, am vaguely aware that there was a bug, but it's fixed now, and nobody, or some terrifically small number of people compared to scenario 1, was adversely affected by it. As bonus points for Xmaker, inc, my trust of, and loyalty to said corporation increases somewhat.
>> obviously you are incorrect about not being allowed to have enough information, since you apparently have this information.
No I don't. I don't know what corporations have vulnerable gift cards and which ones have taken the (trivial) steps to make these devices relatively safe to use. In the case of Microsoft software products, I have this information because of independant research groups publishing it, the very practice Microsoft is trying to suppress.
>> And how exactly would you enact such a system?
By allowing, and encouraging (through an avoidance of suppressive legislation, if not actual financial support) the independant review and disclosure of consumer goods. Such things as Bugtraq and other consumer watchdog organizations.
>> consumers are likewise not going to expend money fixing any problem, no matter how severely it affects a corporation, until it starts to affect them.
I, as a consumer, am not in a position to fix security issues with products I purchase, or I most certainly would. I don't have the source code to Windows or Outlook to fix those bugs or they'd be fixed by now. I don't have the ability to restructure Circuit City's gift card system or I would do so. The only recourse I have is to simply avoid using the products that have security flaws. But, if the bugs are kept closely guarded secrets, I am not able to make even that simple decision! Furthermore, assuming I know full well that a product from a given corpoation is full of security problems, and want to boycott it, what do I do if that corporation has a (judicially proven) abusive monopoly in that product space ?
>> Same thing.
Same thing to the corporation. Not the same to the consumer. (That's you, slick.)
>> When you buy software from Microsoft you take a risk that it's not going to work perfectly.
Microsoft wants to keep you from ever finding out that there are any problems with their product. Being stupid and not being allowed to have enough information to make an educated decision are most certainly -not- the same thing.
>> If you don't like capitalism you shouldn't be in Circuit City anyway.
I like capitalism fine. I just advocate a system that gives corporations a significant capitalist interest in promptly and proactively fixing problems with their products that put their customers' money (gift cards), health (aspartame and other drugs), or lives (automobiles) at risk.
Businesses are not going to expend money fixing any problem, no matter how severly it affects me as a customer, until it starts to affect their profitability. I wouldn't expect them to; they are a construct created with the express purpose of optimizing profitability. My goal as a security-conscious consumer is to -make- it the corporation's best interest to fix any problems that would have a detrimental effect on me as quickly as possible.
Yeah, I've always wondered why there's not a lot more effort expended to fight petty theft from this direction. If law enforcement is able to crack down on pawn shops dealing in stolen goods, then in one fell swoop they've cut most of the profitability out from under bike theft, car breakins, home invasions, baggage theft (at airports, etc)...
My girlfriend's house was broken into last year. They didn't take ANY cash, but they took a laptop computer, some DVDs, and a whole lot of jewelry. That's where the money is in theft...
>> In this case we're talking about whether or not to spend money to stop losing money.
No, we're talking about spending money to prevent your customers from being robbed due to deficiencies in your product. For an obvious (to slashdotters) analog, compare the total number of damages in billions of dollars caused by security deficiencies in Microsoft products, to the amount of actual financial liability incurred by Microsoft itself.
Suppose the company in question is Circuit City. How many hundreds of thousands of customer dollars have to be stolen before the amount of dollars that the thefts cost Circuit City corporate warrants them doing something about it ?
>> Most smart managers want to fix a problem before it bites them.
>> At least that's how it'd work where I work.
In my experience, most companies operate on some variation of the Fight Club 'formula'. In this case, if the cost of closing the security hole is more than the estimated value of the loss of customer loyalty plus the value of any out of court settlements, then it won't get fixed.
>> And then there are plenty of dishonest people around who aren't inventive enough to think this up and would
>> jump on the bandwagon if the retailer's name was mentioned.
No doubt. And what do you think would give these companies a reason to change their policies and fix the problem faster than a thundering bandwagon of thieves armed with this groovy new idea to make easy money ?
>> pisses off customers and ruins loyalty.
In a nondisclosure situation, nobody's going to get pissed or be at risk of losing their job until a significant amount of money is already ripped off.
If, on the other hand, MSNBC ran a list of 'top ten shittiest gift card security offenders', this would impel an immediate change be made by those ten offenders, lest they incur huge losses in reputation .
>> Books!
>> Cans of Paint!
>> Socks!
Easily pawnable goods !
Books, DVDs, CDs, video games can practically be spent like cash money if you have a pawn shop closeby.
Interesting... after describing a company who is particularly lax in their security practices wrt the gift cards:
The company's name isn't being published to avoid giving criminals a too-easy target.
Swell. So there's no significant economic reason for that company to change their policies yet. -sigh-
At least Microsoft is internally consistant in their views on disclosure of security concerns... albeit consistantly wrong.
>> How is it?
;-) To be completely fair, I never even brought this up with the guy at Project Design, for all I know he would have promptly exchanged it for me, but I didn't consider it worth the trouble. Long story short, I plan on doing business with this guy in the future, but I do plan on continuing to cover my ass by using paypal/credit.
I've been extremely pleased with it overall. The only gripe I have with it at all is the mp3 playing interface is all kinds of shitty (sounds fine though). It doesn't read filenames longer than 8.3. If you have seen an Apex player, it's actually got almost identical menus.
>> which monitor resulution are supported?
Not sure, but I think it runs at the native resolution of the DVD, so 720x480 for ntsc discs and close to that for PAL. It's well inside the sync rates of my monitor, the 2.7 AV from Princeton Graphics
>> did you buy it directly from Hong Kong?
Yes, from Project Design (link in parent post)
>> was a reliable shopping process?
Sort of. He accepts money order or Paypal if memory serves, not credit card directly. I used Paypal because I figured if anything went screwy I would have the best chance of getting my money back that way. Nothing did, I got it very promptly and was able to track it the whole way. However, when I got it there was a cable disconnected inside, so I had to immediately void my warranty to get it working, but I honestly don't think I really had a warranty to begin with
One more note on hackability: This player, like most of the Apex ones, uses a standard ATAPI DVD-Rom drive, single speed. If you drop a faster drive in it, you can skip through chapters and fast-forward or rewind with speed that blows the most expensive name-brand players completely out of the water. =)
I got myself setup with an HDTV system for under $600. I got a Princeton Graphics monitor and a cool chinese import DVD player from Project Design and Trading Company that has VGA output. So I have a high-resolution non-interlaced signal. The player, the DVD-368PS, also has normal progressive scan signals if you decide to upgrade your TV later to a 'conventional' HDTV.
Apparently the former.
> Is it trendy to be a kerneldeveloper? Sorry but I couldn't care less about *WHO* made a change.
;-)
It's probably less for the purpose of claiming credit than assigning blame.
But, if you have a problem with a specific area of the kernel, say a particular sound card driver, it usually helps to at least cc the author/maintainer of that chunk of code directly as well as posting to the list; just raises the probability of your bug report getting the eyes of somebody who can do something useful with it.
The first person to have Crusoe portables stateside, as far as I know, is Emperor Linux. I've never had anything but excellent experience in dealing with them.
> If I can see an attack and it is the real thing the attacker has failed.
And if you see a false positive caused by legitimate traffic and respond to it as though it were an attack, then you have failed.
There's a difference between installing an IDS and effectively using one once its installed. Finding somebody who can intelligently deal with the output from any IDS (snort, portsentry, whatever) is harder than finding somewho can do the initial setup.
The company I work for is set up to do centralized monitoring of lots of different IDS's (including a spiffy one we developed in-house) for our customers who don't want to deal with/can't afford to hire their own people. There are only so many admins in the world who know how to deal with an attack, and they usually want a lot of money for that. =)
Cool... the distributed IDS model (lots of listeners spread throughout the network reporting back home for analysis) is what we engineered our product for. It's the only effective way to keep an eye on the whole network so you can see a distributed attack or an internal-to-internal attack.
>> Is it because we've become too eyecandyish of a gaming society?
Witness DoA3
Ballmer identified the problem quite handily.
"DEVELOPERS DEVELOPERS DEVELOPERS DEVELOPERS DEVELOPERS !"
FWIW, of the games I mentioned, I think only StarCraft and Dungeon Keeper are DirectX-based... I'm probably completely wrong though.