A key element of the agreement now appears to be Novell's US$40 million payment to Microsoft in exchange for the latter company's pledge not to sue SUSE Linux users over possible patent violations.
So Novell either doesn't know or won't disclose what it paid 40 million dollars for?
It is not about stealing code, but infringing patents. The real question ought to be "Show us the patents", which is more informative than "Show us the code", because even if Microsoft did show you some code, how are you supposed to know which patents were infringed by it?
Flash can survive only so many write operations. Normally it's not a practical limitation, but what happens when the OS is constantly doing rw's for caching?
The last thing I need is to have data corrupted as it moves through a bad flash stick, and is then potentially written back out to the hard drive later.
So now instead of burning fuel which causes global warming and in turn melts the ice, we'll have cleaner fuel which doesn't melt the ice, and all we have to do is melt the ice to get it!
"At this point you stop bothering whether anyone considers the disclosure of unreported vulnerabilities unethical."
Maybe. But to take more than 31 bugs and disclose them a day at a time so that in effect major web-facing infrastructure for big business and home users alike will have no chance at all of being secured during this entire window, all for the purposes of publicity?
Who really cares if you you are jumping on the bandwagon, or paying lip service to the OSS community? At the end of the day, the fact is that the OSS community has just been handed some product that was previously closed. Isn't that enough?
Is the OSS community really so ungrateful that a company has made what is often a very difficult decision to open their code that it breeds disdain? Or, do these critics somehow gain from creating an *artificial* disdain for these companies on behalf of the OSS community, without basis in fact?
From the NSIS (Nullsoft Scriptable Install System) documentation:
RequestExecutionLevel none|user|highest|admin
Specifies the requested execution level for Windows Vista. The value is embedded in the installer and uninstaller's XML manifest and tells Vista, and probably future versions of Windows, what privileges level the installer requires. user requests the a normal user's level with no administrative privileges. highest will request the highest execution level available for the current user and will cause Windows to prompt the user to verify privilege escalation. The prompt might request for the user's password. admin requests administrator level and will cause Windows to prompt the user as well. Specifying none, which is also the default, will keep the manifest empty and let Windows decide which execution level is required. Windows Vista automatically identifies NSIS installers and decides administrator privileges are required. Because of this, none and admin have virtually the same effect.
It's recommended, at least by Microsoft, that every application will be marked with the required execution level. Unmarked installers are subject to compatibility mode. Workarounds of this mode include automatically moving any shortcuts created in the user's start menu to all users' start menu. Installers that need not install anything into system folders or write to the local machine registry (HKLM) should specify user execution level.
More information about this topic can be found at MSDN. Keywords include "UAC", "requested execution level", "vista manifest" and "vista security".
So it seems that there is an option, "user", which might cause NSIS to run in non-admin (depending on whether Vista's auto-handling is overriding), and that other installers might also be able to run non-admin.
I don't think anyone ever claimed it was unbreakable, nor do I believe even the designers expected it to be. Strong and flexible, yes. And it sounds like this is true: Keys can be revoked and replaced, albeit with pain and suffering on the part of customers. The scheme itself is still not broken.
I'm not a proponent of DRM, of course, but amongst the jubilation it's also important to realize what really happened here. A weakness in a software implementation allowed they key to be exposed in memory for some period of time. Is having the key the same as defeating the lock? Until the lock is re-keyed, yes.
So wait.. YouTube is bad because it didn't defend free speech, but Amazon is bad because it did and it is Kevin Kelleher's opinion that going up against the Humane Society might be a bad idea?
I believe the overarching question is "which company is a better advocate of free speech"?
I think it's important to consider that here we have only two specific examples from many involving either company. Personally, although I don't like the publication Amazon is defending by virtue of defending free speech, I still respect Amazon for doing so. Unless everybody, including me, realizes that freedom of speech is more important than personal opinion, including religious belief, then it's a right we're destined to lose.
Therefore, even in unfortunate circumstance, I have to support Amazon on its decision.
Think about all of the mistaken identities. Especially when many people on different services can share the same nicknames. I can't even count how many times I've tried to register one of my less geeky nicknames on a service and been told it's already taken.
One day some perv will go missing from his parole program and you'll have police on your doorstep asking you to prove your identity because suddenly by virtue of this name registration there is reasonable doubt that you are who you claim to be.
If an inaccuracy is quoted from Wikipedia, why does the professor not log in and correct the offending entries? This benefits all of society and others working in the same field.
If many professors participate, it also self-forms a peer review system.
The intented reading was 'entitled to own' - i.e. have acquired legitamitely.
The problem with your original post and this last reply is that *you make the assumption* that people who own these things have involved themselves in criminal acts in order to acquire them. Poor != Criminal.
People like you feed the rationale for the types of crime I mentioned.
"People like me" realise that people have a basic need to live their lives every day with more than their absolute basic needs - or else what are they living for? When you hit rock bottom and feel you have nowhere else to go, that is when you're going to commit the crime to lift yourself up.
PS3, XBox360, Wii, Nike Shoes.....
People have been Killed, robbed, beatened, and otherwise harmed by people's greed to acquire these products. Yet, none of these are items that are within the definition of "basic needs". Nobody "needs" these.
Of course nobody needs these to live. However, people do need them to protect their social status. There are groups of people that you could categorize as 'poor' given some bounding conditions, but within that group of people there is still social hierarchy, and many people will still strive to be at the upper end of it just as those in the middle class live beyond their means buying fancy cars and houses in expensive areas that they really can't afford, gambling their financial security on low interest rates and tax breaks.
So a poor person owns a pair of Nike's and an XBox360. Isn't everyone entitled to one or two 'luxury' items? Think about all the things you own that the upper class could argue that you don't 'need' and by saving or investing the money instead could elevate your status.
If I were poor, and my sole valuable possession was a pair of Nike's, would you turn your back on me?
I just bought a Gigabyte GA-965P-S3 board. It was not even possible for me to install the Intel chipset drivers on it without it locking up Windows. I found others online reporting exactly the same symptoms with no solution, *five* BIOS revisions previously.
Needless to say it's going back to Newegg, and that this will be the last Gigabyte board I buy in a while. Good job Gigabyte for progressing the technology, but how about making your boards' basic features work to begin with?
It's bad enough that the FBI might want to store your prints permanently in a criminal database without cause, but to then share that information with who knows how many other countries?
How is any individual supposed to protect themselves when you can't even keep track of who has your fingerprints?
As a C/C++ developer I am a little offended by the article summary. Certainly C/C++ has a lot of flexibilities that allow bad developers to write bad code. However, many other languages, e.g. Java, allow bad programmers to write code that looks good because of stronger type checking, reduced use of pointers and the like. However, nothing stops a bad developer from writing insecure code in any language. Maybe you don't manage your resources correctly. Maybe you do a bad job of implementing encryption/protected storage. Maybe your authentication scheme is weak, your site is vulnerable to cross-site scripting vulnerabilities, or your session data can be easily spoofed.
Secure code is not a product of language, it's a product of developers who take the time to fully understand the tools that they are using to build the product, including the ins and outs of their language of choice and its key risk elements, and who research risk elements for all other parts of the system.
The real point is that the system by design encourages (or in fact requires) users to give up their bank pin in order to make purchases. Let's hope they don't actually try to band-aid the problem by making tamper-evident casings.
Question: what role does the 'chip' have? Does it have any way of securely authenticating the transaction with the merchant, and thus in some way verifying that the merchant trusts the terminal? The article summary suggests that the same old information is on the mag strip.
I'm no JS expert, but it would seem that an easy fix is simply to contextualize JS prototypes - One document/frame can't modify prototypes for another.
If you prioritize communication with nodes that have higher bandwidth then you seed the file faster. What is the point in seeding chunks to 50 dialup users when you could have seeded the same chunks to 5000 cable users or 100x as many chunks to 50 cable users in the same time? When a torrent is in high demand mass seeding is most important. When demand is lesser dialup users should be able to find plenty of willing, now seeded nodes to connect with. Everyone still gets their files, and I bet because of the ratio of bandwidth throughput vs connected users nearly everyone gets them faster under this model. And really, how many nodes does a dialup user need to connect to anyway before their downstream is maxed out?
Slashdot Mirror
...would receive a $440 million cash capital infusion, but it was not specific as to the source of the cash
Someone finally paid for the retail version of Windows Vista Ultimate.
Web applet security is certainly an important matter, just not one that stirs up a great deal of controversy.
<voice="theatrical">Ohhh yes it does!</voice>
Okay, but if I read TFA:
A key element of the agreement now appears to be Novell's US$40 million payment to Microsoft in exchange for the latter company's pledge not to sue SUSE Linux users over possible patent violations.
So Novell either doesn't know or won't disclose what it paid 40 million dollars for?
It is not about stealing code, but infringing patents. The real question ought to be "Show us the patents", which is more informative than "Show us the code", because even if Microsoft did show you some code, how are you supposed to know which patents were infringed by it?
.. but I haven't been following the entire ordeal.
What are the patents that Microsoft are claiming to be infringed by Linux (I think this is different than "Show us the code")?
ReactOS! ReactOS!
Flash can survive only so many write operations. Normally it's not a practical limitation, but what happens when the OS is constantly doing rw's for caching?
The last thing I need is to have data corrupted as it moves through a bad flash stick, and is then potentially written back out to the hard drive later.
Blu-ray titles were slightly, but definitely superior
This post is only slightly, but definitely sarcastic.
So now instead of burning fuel which causes global warming and in turn melts the ice, we'll have cleaner fuel which doesn't melt the ice, and all we have to do is melt the ice to get it!
I love it when a plan comes together.
"At this point you stop bothering whether anyone considers the disclosure of unreported vulnerabilities unethical."
Maybe. But to take more than 31 bugs and disclose them a day at a time so that in effect major web-facing infrastructure for big business and home users alike will have no chance at all of being secured during this entire window, all for the purposes of publicity?
Who really cares if you you are jumping on the bandwagon, or paying lip service to the OSS community? At the end of the day, the fact is that the OSS community has just been handed some product that was previously closed. Isn't that enough?
Is the OSS community really so ungrateful that a company has made what is often a very difficult decision to open their code that it breeds disdain? Or, do these critics somehow gain from creating an *artificial* disdain for these companies on behalf of the OSS community, without basis in fact?
You decide.
From the NSIS (Nullsoft Scriptable Install System) documentation:
RequestExecutionLevel none|user|highest|admin
Specifies the requested execution level for Windows Vista. The value is embedded in the installer and uninstaller's XML manifest and tells Vista, and probably future versions of Windows, what privileges level the installer requires. user requests the a normal user's level with no administrative privileges. highest will request the highest execution level available for the current user and will cause Windows to prompt the user to verify privilege escalation. The prompt might request for the user's password. admin requests administrator level and will cause Windows to prompt the user as well. Specifying none, which is also the default, will keep the manifest empty and let Windows decide which execution level is required. Windows Vista automatically identifies NSIS installers and decides administrator privileges are required. Because of this, none and admin have virtually the same effect.
It's recommended, at least by Microsoft, that every application will be marked with the required execution level. Unmarked installers are subject to compatibility mode. Workarounds of this mode include automatically moving any shortcuts created in the user's start menu to all users' start menu. Installers that need not install anything into system folders or write to the local machine registry (HKLM) should specify user execution level.
More information about this topic can be found at MSDN. Keywords include "UAC", "requested execution level", "vista manifest" and "vista security".
So it seems that there is an option, "user", which might cause NSIS to run in non-admin (depending on whether Vista's auto-handling is overriding), and that other installers might also be able to run non-admin.I don't think anyone ever claimed it was unbreakable, nor do I believe even the designers expected it to be. Strong and flexible, yes. And it sounds like this is true: Keys can be revoked and replaced, albeit with pain and suffering on the part of customers. The scheme itself is still not broken.
I'm not a proponent of DRM, of course, but amongst the jubilation it's also important to realize what really happened here. A weakness in a software implementation allowed they key to be exposed in memory for some period of time. Is having the key the same as defeating the lock? Until the lock is re-keyed, yes.
So wait.. YouTube is bad because it didn't defend free speech, but Amazon is bad because it did and it is Kevin Kelleher's opinion that going up against the Humane Society might be a bad idea?
I believe the overarching question is "which company is a better advocate of free speech"?
I think it's important to consider that here we have only two specific examples from many involving either company. Personally, although I don't like the publication Amazon is defending by virtue of defending free speech, I still respect Amazon for doing so. Unless everybody, including me, realizes that freedom of speech is more important than personal opinion, including religious belief, then it's a right we're destined to lose.
Therefore, even in unfortunate circumstance, I have to support Amazon on its decision.
Think about all of the mistaken identities. Especially when many people on different services can share the same nicknames. I can't even count how many times I've tried to register one of my less geeky nicknames on a service and been told it's already taken.
One day some perv will go missing from his parole program and you'll have police on your doorstep asking you to prove your identity because suddenly by virtue of this name registration there is reasonable doubt that you are who you claim to be.
Papers please!
If an inaccuracy is quoted from Wikipedia, why does the professor not log in and correct the offending entries? This benefits all of society and others working in the same field.
If many professors participate, it also self-forms a peer review system.
The intented reading was 'entitled to own' - i.e. have acquired legitamitely.
The problem with your original post and this last reply is that *you make the assumption* that people who own these things have involved themselves in criminal acts in order to acquire them. Poor != Criminal.
People like you feed the rationale for the types of crime I mentioned.
"People like me" realise that people have a basic need to live their lives every day with more than their absolute basic needs - or else what are they living for? When you hit rock bottom and feel you have nowhere else to go, that is when you're going to commit the crime to lift yourself up.
PS3, XBox360, Wii, Nike Shoes .....
People have been Killed, robbed, beatened, and otherwise harmed by people's greed to acquire these products. Yet, none of these are items that are within the definition of "basic needs". Nobody "needs" these.
Of course nobody needs these to live. However, people do need them to protect their social status. There are groups of people that you could categorize as 'poor' given some bounding conditions, but within that group of people there is still social hierarchy, and many people will still strive to be at the upper end of it just as those in the middle class live beyond their means buying fancy cars and houses in expensive areas that they really can't afford, gambling their financial security on low interest rates and tax breaks.
So a poor person owns a pair of Nike's and an XBox360. Isn't everyone entitled to one or two 'luxury' items? Think about all the things you own that the upper class could argue that you don't 'need' and by saving or investing the money instead could elevate your status.
If I were poor, and my sole valuable possession was a pair of Nike's, would you turn your back on me?
I just bought a Gigabyte GA-965P-S3 board. It was not even possible for me to install the Intel chipset drivers on it without it locking up Windows. I found others online reporting exactly the same symptoms with no solution, *five* BIOS revisions previously.
Needless to say it's going back to Newegg, and that this will be the last Gigabyte board I buy in a while. Good job Gigabyte for progressing the technology, but how about making your boards' basic features work to begin with?
It's bad enough that the FBI might want to store your prints permanently in a criminal database without cause, but to then share that information with who knows how many other countries?
How is any individual supposed to protect themselves when you can't even keep track of who has your fingerprints?
As a C/C++ developer I am a little offended by the article summary. Certainly C/C++ has a lot of flexibilities that allow bad developers to write bad code. However, many other languages, e.g. Java, allow bad programmers to write code that looks good because of stronger type checking, reduced use of pointers and the like. However, nothing stops a bad developer from writing insecure code in any language. Maybe you don't manage your resources correctly. Maybe you do a bad job of implementing encryption/protected storage. Maybe your authentication scheme is weak, your site is vulnerable to cross-site scripting vulnerabilities, or your session data can be easily spoofed.
Secure code is not a product of language, it's a product of developers who take the time to fully understand the tools that they are using to build the product, including the ins and outs of their language of choice and its key risk elements, and who research risk elements for all other parts of the system.
The real point is that the system by design encourages (or in fact requires) users to give up their bank pin in order to make purchases. Let's hope they don't actually try to band-aid the problem by making tamper-evident casings.
Question: what role does the 'chip' have? Does it have any way of securely authenticating the transaction with the merchant, and thus in some way verifying that the merchant trusts the terminal? The article summary suggests that the same old information is on the mag strip.
I'm no JS expert, but it would seem that an easy fix is simply to contextualize JS prototypes - One document/frame can't modify prototypes for another.
If you prioritize communication with nodes that have higher bandwidth then you seed the file faster. What is the point in seeding chunks to 50 dialup users when you could have seeded the same chunks to 5000 cable users or 100x as many chunks to 50 cable users in the same time? When a torrent is in high demand mass seeding is most important. When demand is lesser dialup users should be able to find plenty of willing, now seeded nodes to connect with. Everyone still gets their files, and I bet because of the ratio of bandwidth throughput vs connected users nearly everyone gets them faster under this model. And really, how many nodes does a dialup user need to connect to anyway before their downstream is maxed out?