It's not just that. It's about deceit. The cell companies led consumers to think that the system access fee was mandated by the Canadian government, when in fact it wasn't.
I think not. The security permissions that are set for applets are pretty much dictated by the Java plugin.
On Windows, the plugin contributes an icon to the system tray which opens a preferences dialog (also available through the control panel). Perhaps some security settings can be changed using that dialog, but I doubt it.
I don't see an obvious "fix" except the following hurdles that can be presented to unsigned applets (and hence breaking a lot of hobby games, apps etc)-
1. Validate applet size to be always significantly less than screen size
2. Remove support for "System Modal" for unsigned applets for "setAlwaysOnTop". Application modal is fine, system modal is not.
I would expect that "System Modal" should be forbidden from any applet, even if it is signed. After all, it is running in a browser, not directly in the OS, so Application modal should be sufficient. In fact, one can argue that if you are writing an applet and you need System Modal functionality, then you are probably using the wrong technology anyways and should consider alternatives.
Applets were designed to be sandboxed. System Modal should have been forbidden from the beginning anyways.
Yahoo uses Java for many of their online games. You might not play them, but a lot of people do. And that "lot of people" will probably leave Java enabled and be victim to this crap.
This actually demonstrates the whole point of using noscript - site specific control of scripts, flash and Java.
Also, the grandparent's analogy is wrong. He didn't write the vulnerability, he only discovered it - as opposed to McAfee actually writing a virus to increase its sales.
In fact, it makes sense that someone like him, and not just some random surfer, have discovered this. After all, he is scrutinizing Java (and, for that matter, other plugins) all the time, as part of his job/hobby.
The question posed at the end of the summary is wrong; it implies secrecy through obscurity.
If the information is available from court files online, then it has already passed the legal transparency barrier.
Obviously, the problem here is that the names of those informants and undercover agents have already made it to the public sections of the court files, instead of being censored appropriately - especially nowadays that everything is searchable.
The website seems to be suspended. However, the screenshot from the nytimes article shows that the site also encourage users to submit information. Users can submit profiles of others, and I wonder who verifies the information? It seems like an easy task to falsely submit someone's name, and seriously harm their reputation.
One of the prominent Java implementation out there is IBM's jdk. It's supposed to be faster, since IBM invests time, energy, and patents on proprietory improvements - performance improvements, optimization, integration with WebSphere, DB2, etc. For example, most of WebSphere Studio products requires an IBM JRE to run.
Now that Java is under GPL, IBM will have to release their JDK under GPL as well, right? and if they fork it to something else, will they still be able to use the Java name? How will this affect their patenting strategy, with regards to Java?
I don't get it, how hard is it to just follow the money? the scammers got the credentials of innocent customers using a phishing site, then what's their next move? obviously they log in to the real bank, under the false credentials and do a wire transfer to move the money elsewhere.
Just follow the money, reverse the transfer and find the owner of the account to which the money was transfered to. I thought the authorities already do this to fight terrorism, don't they?
I think most people won't use all the functionality that zune offers. As was mentioned here on slashdot before, it's better to have a device that does one thing, and does it good (e.g. ipod in this case), then a device that does many things, and does some or all of them crappy.
I am curious to know, what happen if the US government demands google in the US to turn over some information about, say, the search history of a person in the UK?
After all, it is a global company, and such information might be actually stored in the US.
... we could add a nofollow to their URLs. Or strip them entirely. But that puts me into the position of editing not just the submission, but the submittor, and i really don't think that this is "Right". ...
Should part of this process be checking the URL of the submitter to make sure that it is legitimate? Does that really matter? Should we add a nofollow tag to those URLs?
My opinion is no... I don't think it's fair that we strip creds from someone just because they choose to squander that URL on something stupid.
I don't think that you distinguish between legitimate creds and creds that are mangled with dishonesty. If that's your opinion, then I think you are making slashdot an "accomplice to the crime", or to put it in other words, you encourage pragiarism. Yes, yes, I used the word encourage. If slashdot is telling the world "this is the prize for getting your story submitted, and slashdot won't check the integrity of the links", then you are turning a blind eye, and encouraging pragiarism... and it doesn't matter how cool/interesting/hot-topic the story is.
"what interest the half-a-million readers" shouldn't be the holy-grail that justify low standards on slashdot links. Slashdot can be better than that, and I am sure that the quality of published stories won't go down, because there are so many of them. If anything, the quality of submitted stories will go up.
I had it for a while (until it was stolen), and was very happy with it. It is small (but not too small for my taste), no blue-tooth, normal address book, tough (I dropped it many many times - not on purpose, of course), fast, GSM, and with a cool speaker phone which I liked.
It has java-based games, but I never used them.
I think Google should block China in return:) And I don't mean just their news site, I mean all of Google. So people in China, when visiting any google site will get a message that they have been blocked because their government has a dispute with Google, in the name of maintaining Google's integrity and "don't be evil" motto.
An anti-communist dream? maybe... but it will definitely be interesting to see if such an act will stir-up pressure from the chinese population on their government to change their censorship policy.
In anycase, I think that Google is definitely deviating from their "don't be evil" motto by removing those unreachable links, because then the people in China have no clue what they are missing.
Yes, but if Google didn't remove those listings of unreachable sites, some people in China would at least have a chance to know what sites are denied from them...
Slashdot Mirror
Yeah. Slashdot editors, please stop this "Frequent Slashdot contributor ..." crap.
Shitty website, low quality news. Just as an example, the same site has a different article that doesn't favor Vista: http://news.softpedia.com/news/Vista-Is-Nothing-Compared-to-XP-Move-to-Mac-OS-X-and-Ubuntu-Linux-65786.shtml
The judge probably saved him from perjury.
It's not just that. It's about deceit. The cell companies led consumers to think that the system access fee was mandated by the Canadian government, when in fact it wasn't.
http://www.michaelgeist.ca/content/view/2246/196//
I think not. The security permissions that are set for applets are pretty much dictated by the Java plugin. On Windows, the plugin contributes an icon to the system tray which opens a preferences dialog (also available through the control panel). Perhaps some security settings can be changed using that dialog, but I doubt it.
I don't see an obvious "fix" except the following hurdles that can be presented to unsigned applets (and hence breaking a lot of hobby games, apps etc)-
1. Validate applet size to be always significantly less than screen size
2. Remove support for "System Modal" for unsigned applets for "setAlwaysOnTop". Application modal is fine, system modal is not.
I would expect that "System Modal" should be forbidden from any applet, even if it is signed. After all, it is running in a browser, not directly in the OS, so Application modal should be sufficient. In fact, one can argue that if you are writing an applet and you need System Modal functionality, then you are probably using the wrong technology anyways and should consider alternatives.
Applets were designed to be sandboxed. System Modal should have been forbidden from the beginning anyways.
Yahoo uses Java for many of their online games. You might not play them, but a lot of people do. And that "lot of people" will probably leave Java enabled and be victim to this crap.
This actually demonstrates the whole point of using noscript - site specific control of scripts, flash and Java.
Also, the grandparent's analogy is wrong. He didn't write the vulnerability, he only discovered it - as opposed to McAfee actually writing a virus to increase its sales.
In fact, it makes sense that someone like him, and not just some random surfer, have discovered this. After all, he is scrutinizing Java (and, for that matter, other plugins) all the time, as part of his job/hobby.
On Ubuntu, with ies4linux, it crashes ie6 but not ie7.
The question posed at the end of the summary is wrong; it implies secrecy through obscurity.
If the information is available from court files online, then it has already passed the legal transparency barrier.
Obviously, the problem here is that the names of those informants and undercover agents have already made it to the public sections of the court files, instead of being censored appropriately - especially nowadays that everything is searchable.
The website seems to be suspended. However, the screenshot from the nytimes article shows that the site also encourage users to submit information. Users can submit profiles of others, and I wonder who verifies the information? It seems like an easy task to falsely submit someone's name, and seriously harm their reputation.
Arrr.IAA?
vaporware?
An image of a cat-5 cable for a story about a wireless device?
One of the prominent Java implementation out there is IBM's jdk. It's supposed to be faster, since IBM invests time, energy, and patents on proprietory improvements - performance improvements, optimization, integration with WebSphere, DB2, etc. For example, most of WebSphere Studio products requires an IBM JRE to run.
Now that Java is under GPL, IBM will have to release their JDK under GPL as well, right? and if they fork it to something else, will they still be able to use the Java name? How will this affect their patenting strategy, with regards to Java?
I don't get it, how hard is it to just follow the money? the scammers got the credentials of innocent customers using a phishing site, then what's their next move? obviously they log in to the real bank, under the false credentials and do a wire transfer to move the money elsewhere. Just follow the money, reverse the transfer and find the owner of the account to which the money was transfered to. I thought the authorities already do this to fight terrorism, don't they?
I think most people won't use all the functionality that zune offers. As was mentioned here on slashdot before, it's better to have a device that does one thing, and does it good (e.g. ipod in this case), then a device that does many things, and does some or all of them crappy.
After all, it is a global company, and such information might be actually stored in the US.
Should part of this process be checking the URL of the submitter to make sure that it is legitimate? Does that really matter? Should we add a nofollow tag to those URLs?
My opinion is no ... I don't think it's fair that we strip creds from someone just because they choose to squander that URL on something stupid.
I don't think that you distinguish between legitimate creds and creds that are mangled with dishonesty. If that's your opinion, then I think you are making slashdot an "accomplice to the crime", or to put it in other words, you encourage pragiarism. Yes, yes, I used the word encourage. If slashdot is telling the world "this is the prize for getting your story submitted, and slashdot won't check the integrity of the links", then you are turning a blind eye, and encouraging pragiarism ... and it doesn't matter how cool/interesting/hot-topic the story is.
"what interest the half-a-million readers" shouldn't be the holy-grail that justify low standards on slashdot links. Slashdot can be better than that, and I am sure that the quality of published stories won't go down, because there are so many of them. If anything, the quality of submitted stories will go up.
Since the article mentions internet telephony, I figured the killer app will be a dupe prediction detector :)
I don't give a flying rat's a... oh wait.
http://www.nokia.ca/english/products/3120/3120_fea tures.asp
I had it for a while (until it was stolen), and was very happy with it. It is small (but not too small for my taste), no blue-tooth, normal address book, tough (I dropped it many many times - not on purpose, of course), fast, GSM, and with a cool speaker phone which I liked.
It has java-based games, but I never used them.
Too bad it's gone :(
See, for example, the PMA400.
It is open source, linux based, has a 30gb hd, and has many other goodies.
But it is still nice to see that a large company like nokia is offering such a product. It will definitely help to spread linux :)
http://www.nytimes.com/2005/03/19/technology/19wif i.html?ex=1268888400&en=51d90e7518bba5d6&ei=5090&p artner=rssuserland/
I think Google should block China in return :) And I don't mean just their news site, I mean all of Google. So people in China, when visiting any google site will get a message that they have been blocked because their government has a dispute with Google, in the name of maintaining Google's integrity and "don't be evil" motto.
An anti-communist dream? maybe ... but it will definitely be interesting to see if such an act will stir-up pressure from the chinese population on their government to change their censorship policy.
In anycase, I think that Google is definitely deviating from their "don't be evil" motto by removing those unreachable links, because then the people in China have no clue what they are missing.
Yes, but if Google didn't remove those listings of unreachable sites, some people in China would at least have a chance to know what sites are denied from them ...