I have no doubt that freelance security researchers (the source for TFA) do indeed find more vulnerabilities in Oracle. But this is at least as much a statement about security researchers as it is about Oracle. Oracle is what everybody spends their time on because of the way it's perceived: it's the market leader, with a high-power image, and a CEO prone to wild bouts of very un-FOSS like narcissism. That makes a much higher-prestige target.
Besides, almost all of the Oracle vulnerabilities I've seen come down to configuration issues. Most of them seem to start with "ok, get a login with DBA privs", for crissakes. Perhaps if you think of "a database" as that MySQL instance running on your desktop this seems like something that is likely to happen, but you know, this is what DBAs get paid to do all day...
Saying that "a SQL Server" is a generic term for an RDBMS is no more appropriate than saying that Linux is a "PERL Server". The fact that a derivative version of SQL happens to be one way (and it is far from the only way on any modern RDBMS) to interact with the database does not in any way mean that the database *is* the language. No DBA (and I am one) would perceive any ambiguity in saying "SQL Server" to mean M$'s product specifically.
That is my recollection as well. And in this case, the remedies in the compendium aren't directly being patented. But they *are* being used as "prior art", which because it supersedes a patent, is sort of like a common-law patent, in that it blocks a specific application.
There are Traditional books which discuss these treatments in detail and how and where to apply it There are also traditional books that discuss in detail the way an evil reptile forced humanity's only h0t ch1x0r to put on underwear. Not that I need to spell this out, then, but you are delusional if you think "tradition" is any more then weakly correlated with "truth".
And the best proof that it is not a myth, is that it works really well in practice. If you refine your concept of "it" long enough, this statement will eventually be true. There are some traditional remedies that are indseed better than useless, there are some with the bad side effects that can result from ingesting unpurified plants whole, and there are many more that just don't do anything. It is that last group, in particular, that I refer to.
While there's nothing wrong with publishing a compendium of folklore per se, the reasoning behind this project leads to some fun slippery-slope problems. For example, could a folk medicine be considered "patented"?
And if so, can I patent other logical non-sequitors?
Like my method for facilitating TCP/IP transport via wearing lots of black?
we are saying here that those who take the time to learn some BASIC computer skills will manage to get by ok
While BASIC served me well growing up in the 80's, I'd actually recommend something along the lines of "HTML/CSS plus some Java and WSH" to the n00b of the next generation.
How arrogant of $INDUSTRY_GROUP to think that they can actually solve $SECURITY_HOLE by pushing this $TECHNICAL_FIX fix down our throats! All they'll ever catch with this are the really casual users, who aren't capable of anything worse than annnoyance; any *real* villain would get around $TECHNICAL_FIX in heartbeat by just $10_SEC_CIRCUMVENTION. Why does/. keep shilling 2-bit press releases from $INDUSTRY_GROUP, anyway?
$INDUSTRY_GROUP="Icomm" $SECURITY_HOLE="data smuggling" $TECHNICAL_FIX="camera ban" $10_SEC_CIRCUMVENTION="SFTP'ing the whole damn corporate database to a home SSH server set up on port 80"
Apparently another Outlook trojan has exploited InformationWeek's copy of Excel.
No, seriously, stare at their chart for a minute....there ya go!
My second (and more serious) comment is that we can't really be expected to take seriously a corporate division's introspection that it is perpetually underfunded. The conflicts of interest and problems of impartiality are so blatant that they would leap out at a retarded intern, and I cannot for the life of me understand why something like this would be published as "research". If you really want to know whether IT is underfunded, take enough data points (hundreds, hopefully) to draw the curve that represents security incidents vs dollars spent and ask senior management of each company if they're where they want to be on that curve. Then, do the same thing for compliance incidents...
deja vu: this story (and the pcworld article linked from it) almost perfectly describe what happened to me when i attempted to use froogle to buy a monitor last month. the phone calls that went nowhere, the arguments with sales managers about why a camera shop in new york would tell me i needed to buy a power adapter for my "international" model, and then, the eventual shutdown when i refused to budge.
after trying several places, i eventually spent $100 more at newegg, and got exactly what i wanted almost immediately.
i suppose this is a strong argument agaist froogle which, afaik, doesn't spend nearly as many man-hours policing its sellers as the other aggregators mentioned.
Re:Can AJAX finally bring us "push technology"
on
Ajax in Action
·
· Score: 1
doh!
*sigh*
Re:Can AJAX finally bring us "push technology"
on
Ajax in Action
·
· Score: 1
<a href="http://www.justfuckinggoogleit.com">justfuck inggoogleit</a><br> <br>   ; ....no, but seriously, google's customizable homepage does all of this, and i wouldn't call it cumbersome in the slightest. i have it open all day, as a low-bandwidth and low-real-estate aggregator that allows me to keep an eye on everything important to me, from the <a href="http://www.nyt.com">nyt</a> to <a href="http://www.somethingawful.com">sa</a>.
So they don't avoid predators, and they don't learn from their mistakes. These do not sound like hyperalert mouse "soldiers" whose qualities one would expect to win a war with owls and cats.
Indeed, but that's only because the mice lack the drive to kill something and protect something else. You make the faulty assumption that the mice must go from irrational fear to irrational exuberance; we spend so much energy drilling and training our soldiers exactly because we want them to replace their personal emotions with "pragmatism" (albeit someone else's arbitrary conception of that).
Our/. poster would probably be among those who think evolution naturally results in more and more extreme traits over time: bigger brains, faster rabbits, stronger people. Fearless, fast-running rabbits run into a clearing and get eaten
Yes, and that's precisely the difference between war and genetic selection. It is the role of a good soldier to sacrifice their genes and those of any family members in the vacinity for the socially dominant. In a sense this promotes those evolutionary traits that make one a senator[1], but that is not the same thing as promoting the traits that make one a soldier.
I am quite sure this drug will be on the battlefield in a year or 2. To my mind, the more interesting question is whether things such as this and the new sorts of sleep-replacement drugs will cause a rethink of our drug policy. Suddenly the old categories of Medicine and Street Drugs that the FDA sees look outdated; surely people have a right to something so mindbogglingly useful just because?
[1] Which is why social dominance nearly always brings breeding rights both in nature and in Potomac whorehouses
Did you ever consider that France aren't disagreeing with your foreign policies because of who you are, but because they they don't like your foreign policies? i, for one, did consider that.
here's a test for that hypothesis: if the french perception of america were based on rational policy differences, then it should have shifted all over the spectrum during the past, oh, 150 years or so. if, on the other hand, it was exploitative emotional populism, then pretty much every french public figure after de tocqueville would have looked down on america.
here's another test for that hypothesis: if the french perception of america were based on rational policy differences, then it should be voiced in a desciption of those policies. if, on the other hand, it was exploitative emotional populism, then pretty much every french public figure after de tocqueville would have used "anglo-saxon" as a nationalist catchall for whatever is worst in the world.
easy: all compromises are a form of submission (that's what "respect" means, at it's heart). all legislation is a compromise, and both legislation and compromise are, for the foreeable future, mandatory. you're submitting to a minority every time you let somebody merge on a freeway, numbnuts, and when we debate public policy, what we're debating is just which acts of submission we feel are most justifiable.
heh, oops, let's try that again, formatted correctly this time:
> As we know Echelon has been a joint venture between European countries an the US, > one wonders how that partnership will be affected.
Actually no, we don't know that. Echelon is (disclaimer: "supposed to be") a joint venture between the US and it's English allies, which means Britain, Australia, and Canada. The main target of Echelon is the EU for crissakes. That's why the article mentions that there's widespread distrust of American security products: because they're all assumed to be part of the conspiracy.
> Further, if something "bad" were to happen (i.e. plane blowing up), you know the US Gov't will > blame the EU, saying that lift on encryption resulted in that tragedy. Lawsuit to follow?
One government sueing another over differences in their mutual legislation?!? In which court, exactly?
-this message brought to you by Nerds Against Drunk Posting
> As we know Echelon has been a joint venture between European countries an the US, > one wonders how that partnership will be affected. Actually no, we don't know that. Echelon is (disclaimer: "supposed to be") a joint venture between the US and it's English allies, which means Britain, Australia, and Canada. The main target of Echelon is the EU for crissakes. That's why the article mentions that there's widespread distrust of American security products: because they're all assumed to be part of the conspiracy. > Further, if something "bad" were to happen (i.e. plane blowing up), you know the US Gov't will blame the EU, > saying that lift on encryption resulted in that tragedy. Lawsuit to follow? One government sueing another over differences in their mutual legislation?!? In which court would that happen, exactly? Remember, think first, post second... catalyst. =-=
One of the earliest companies to try to use something resembling AI on the web was Firefly, and before they got subsumed by micros~1 their software (which became Passport) was fairly useful, in that it was fairly good at making suggestions about music and IIRC books you might like based on others you've rated. The company I work for (we essentially make and run cobranded ecommerce sites) has also researched similar sorts of applications, with varying degrees of success. Taste matching isn't the sexiest application of AI, but it is one of the easiest and most commercially viable. Extensions to the sort of systems that CDNow use might be:
meta-analysis of user surveys similar to that done on some psychiatric tests, ie, assuming that the respondent isn't able or willing to fully express what they're thinking and trying to draw patterns not just from what they answer by how they answer.
learning fuzzy logic systems, which not only might provide more insightful predictions but also could prove useful in the age of the privacy backlash when demographic information might not be readily available and the only information you have to go on might be site tracking information and referrer urls.
one of the best parodies of the newbie chicken little phenomenon embodied by this was the satirical "bad times" forward. for those who missed it, it one ups "good times" by proclaiming that bad times will screw up the tracking on your vcr, screw up your freezer so your ice cream melts, etc. amusingly enough, the new album by the group "laika" contains a song called "bad times" in which the singer recites the forward in a smooth and sultry voice over lounge jazz. worth checking out both for the humor value and the musical value...
Slashdot Mirror
I have no doubt that freelance security researchers (the source for TFA) do indeed find more vulnerabilities in Oracle. But this is at least as much a statement about security researchers as it is about Oracle. Oracle is what everybody spends their time on because of the way it's perceived: it's the market leader, with a high-power image, and a CEO prone to wild bouts of very un-FOSS like narcissism. That makes a much higher-prestige target.
Besides, almost all of the Oracle vulnerabilities I've seen come down to configuration issues. Most of them seem to start with "ok, get a login with DBA privs", for crissakes. Perhaps if you think of "a database" as that MySQL instance running on your desktop this seems like something that is likely to happen, but you know, this is what DBAs get paid to do all day...
Saying that "a SQL Server" is a generic term for an RDBMS is no more appropriate than saying that Linux is a "PERL Server". The fact that a derivative version of SQL happens to be one way (and it is far from the only way on any modern RDBMS) to interact with the database does not in any way mean that the database *is* the language. No DBA (and I am one) would perceive any ambiguity in saying "SQL Server" to mean M$'s product specifically.
...Hieronymus?
That is my recollection as well. And in this case, the remedies in the compendium aren't directly being patented. But they *are* being used as "prior art", which because it supersedes a patent, is sort of like a common-law patent, in that it blocks a specific application.
There are Traditional books which discuss these treatments in detail and how and where to apply it
There are also traditional books that discuss in detail the way an evil reptile forced humanity's only h0t ch1x0r to put on underwear. Not that I need to spell this out, then, but you are delusional if you think "tradition" is any more then weakly correlated with "truth".
And the best proof that it is not a myth, is that it works really well in practice.
If you refine your concept of "it" long enough, this statement will eventually be true. There are some traditional remedies that are indseed better than useless, there are some with the bad side effects that can result from ingesting unpurified plants whole, and there are many more that just don't do anything. It is that last group, in particular, that I refer to.
While there's nothing wrong with publishing a compendium of folklore per se, the reasoning behind this project leads to some fun slippery-slope problems. For example, could a folk medicine be considered "patented"?
And if so, can I patent other logical non-sequitors?
Like my method for facilitating TCP/IP transport via wearing lots of black?
we are saying here that those who take the time to learn some BASIC computer skills will manage to get by ok
While BASIC served me well growing up in the 80's, I'd actually recommend something along the lines of "HTML/CSS plus some Java and WSH" to the n00b of the next generation.
How arrogant of $INDUSTRY_GROUP to think that they can actually solve $SECURITY_HOLE by pushing this $TECHNICAL_FIX fix down our throats! All they'll ever catch with this are the really casual users, who aren't capable of anything worse than annnoyance; any *real* villain would get around $TECHNICAL_FIX in heartbeat by just $10_SEC_CIRCUMVENTION. Why does /. keep shilling 2-bit press releases from $INDUSTRY_GROUP, anyway?
$INDUSTRY_GROUP="Icomm"
$SECURITY_HOLE="data smuggling"
$TECHNICAL_FIX="camera ban"
$10_SEC_CIRCUMVENTION="SFTP'ing the whole damn corporate database to a home SSH server set up on port 80"
Apparently another Outlook trojan has exploited InformationWeek's copy of Excel.
No, seriously, stare at their chart for a minute....there ya go!
My second (and more serious) comment is that we can't really be expected to take seriously a corporate division's introspection that it is perpetually underfunded. The conflicts of interest and problems of impartiality are so blatant that they would leap out at a retarded intern, and I cannot for the life of me understand why something like this would be published as "research". If you really want to know whether IT is underfunded, take enough data points (hundreds, hopefully) to draw the curve that represents security incidents vs dollars spent and ask senior management of each company if they're where they want to be on that curve. Then, do the same thing for compliance incidents...
deja vu: this story (and the pcworld article linked from it) almost perfectly describe what happened to me when i attempted to use froogle to buy a monitor last month. the phone calls that went nowhere, the arguments with sales managers about why a camera shop in new york would tell me i needed to buy a power adapter for my "international" model, and then, the eventual shutdown when i refused to budge.
after trying several places, i eventually spent $100 more at newegg, and got exactly what i wanted almost immediately.
i suppose this is a strong argument agaist froogle which, afaik, doesn't spend nearly as many man-hours policing its sellers as the other aggregators mentioned.
i'm betting you're 50% wrong.
doh!
*sigh*
<a href="http://www.justfuckinggoogleit.com">justfuck inggoogleit</a><br>p ; ....no, but seriously, google's customizable homepage does all of this, and i wouldn't call it cumbersome in the slightest. i have it open all day, as a low-bandwidth and low-real-estate aggregator that allows me to keep an eye on everything important to me, from the <a href="http://www.nyt.com">nyt</a> to <a href="http://www.somethingawful.com">sa</a>.
<br>
&nbs
So they don't avoid predators, and they don't learn from their mistakes. These do not sound like hyperalert mouse "soldiers" whose qualities one would expect to win a war with owls and cats.
/. poster would probably be among those who think evolution naturally results in more and more extreme traits over time: bigger brains, faster rabbits, stronger people. Fearless, fast-running rabbits run into a clearing and get eaten
Indeed, but that's only because the mice lack the drive to kill something and protect something else. You make the faulty assumption that the mice must go from irrational fear to irrational exuberance; we spend so much energy drilling and training our soldiers exactly because we want them to replace their personal emotions with "pragmatism" (albeit someone else's arbitrary conception of that).
Our
Yes, and that's precisely the difference between war and genetic selection. It is the role of a good soldier to sacrifice their genes and those of any family members in the vacinity for the socially dominant. In a sense this promotes those evolutionary traits that make one a senator[1], but that is not the same thing as promoting the traits that make one a soldier.
I am quite sure this drug will be on the battlefield in a year or 2. To my mind, the more interesting question is whether things such as this and the new sorts of sleep-replacement drugs will cause a rethink of our drug policy. Suddenly the old categories of Medicine and Street Drugs that the FDA sees look outdated; surely people have a right to something so mindbogglingly useful just because?
[1] Which is why social dominance nearly always brings breeding rights both in nature and in Potomac whorehouses
Did you ever consider that France aren't disagreeing with your foreign policies because of who you are, but because they they don't like your foreign policies?
i, for one, did consider that.
here's a test for that hypothesis: if the french perception of america were based on rational policy differences, then it should have shifted all over the spectrum during the past, oh, 150 years or so. if, on the other hand, it was exploitative emotional populism, then pretty much every french public figure after de tocqueville would have looked down on america.
here's another test for that hypothesis: if the french perception of america were based on rational policy differences, then it should be voiced in a desciption of those policies. if, on the other hand, it was exploitative emotional populism, then pretty much every french public figure after de tocqueville would have used "anglo-saxon" as a nationalist catchall for whatever is worst in the world.
let me know how those tests go.
No, Google Personalized Homepage allows RDF feeds in addition to RSS ones...
easy: all compromises are a form of submission (that's what "respect" means, at it's heart). all legislation is a compromise, and both legislation and compromise are, for the foreeable future, mandatory. you're submitting to a minority every time you let somebody merge on a freeway, numbnuts, and when we debate public policy, what we're debating is just which acts of submission we feel are most justifiable.
heh, oops, let's try that again, formatted correctly this time:
> As we know Echelon has been a joint venture between European countries an the US,
> one wonders how that partnership will be affected.
Actually no, we don't know that. Echelon is (disclaimer: "supposed to be") a joint venture between the US and it's English allies, which means Britain, Australia, and Canada. The main target of Echelon is the EU for crissakes. That's why the article mentions that there's widespread distrust of American security products: because they're all assumed to be part of the conspiracy.
> Further, if something "bad" were to happen (i.e. plane blowing up), you know the US Gov't will
> blame the EU, saying that lift on encryption resulted in that tragedy. Lawsuit to follow?
One government sueing another over differences in their mutual legislation?!? In which court, exactly?
-this message brought to you by Nerds Against Drunk Posting
catalyst.
=-=
> As we know Echelon has been a joint venture between European countries an the US, > one wonders how that partnership will be affected. Actually no, we don't know that. Echelon is (disclaimer: "supposed to be") a joint venture between the US and it's English allies, which means Britain, Australia, and Canada. The main target of Echelon is the EU for crissakes. That's why the article mentions that there's widespread distrust of American security products: because they're all assumed to be part of the conspiracy. > Further, if something "bad" were to happen (i.e. plane blowing up), you know the US Gov't will blame the EU, > saying that lift on encryption resulted in that tragedy. Lawsuit to follow? One government sueing another over differences in their mutual legislation?!? In which court would that happen, exactly? Remember, think first, post second... catalyst. =-=
one of the best parodies of the newbie chicken little phenomenon embodied by this was the satirical "bad times" forward. for those who missed it, it one ups "good times" by proclaiming that bad times will screw up the tracking on your vcr, screw up your freezer so your ice cream melts, etc. amusingly enough, the new album by the group "laika" contains a song called "bad times" in which the singer recites the forward in a smooth and sultry voice over lounge jazz. worth checking out both for the humor value and the musical value...