Couldn't you just inform them that a security vulnerability is present, and perhaps classify it in severity and category (remote, local, etc)? Would you (in most cases) really need specifics? If you do need specifics (i.e. source level), you probably have enough knowledge of the project to already be in the loop helping with the problem anyway.
Well, YMMV of course depending on the project, your use of it, and its maintainers... but it seems like it would work in most cases.
From the article: "To use an analogy, it's a little bit as if Ford was selling cars with defective brakes. If I realised that there was a problem, opened the hood and took a few pictures to prove it, and published everything on my Web site. Then Ford could file a complaint against me," added Tena.
If he gave them due notice (it wasn't indicated in TFA), then there is nothing wrong with him posting the exploits.
Otherwise, he is just grandstanding. Pretty much all projects (FOSS included) classify security bugs until a patch or workaround has been worked out. After it has been fixed, though, I think there is an obligation to the users to let them know what happened.
See, for one of these types of posts to be funny, you can't just pick two previous articles at random and arbitrarily combine them with elements from the current story.
The joke actually has to be funny, ironic, or creative in some way for it to be worth anything.
I know getting modded Funny is a great ego (although not karma) booster and all, but come on. Show some class.
Being a fan of java, Apache JAMES is my current mail server favorite. The Mailet API is a really cool for customization and it boasts really good performance numbers (check the wiki for more info). And it runs on anything with a recent JRE.
Mr. Schleicher said that students in countries that emphasized theorems and rote learning tended not to do as well as those that emphasized the more practical aspects of mathematics.
Doesn't this stem from the fact that theory-based instruction has a much steeper learning curve?
Emphasizing the theory encourages creativity later on, but students initially grasp it less quickly.
Students who know the "mechanics" of standard problems will always do best on standardized tests (hence the standardized?).
I've found that Google sometimes changes the content by region and by how old your cookie is. They have a timestamp and a signature inside of the cookie (to verify that it is generated by them), among some other things.
In my experience, users with older (>24hr) cookies see these kind of changes, while the rest have to wait for their cookie to age a bit.
Maybe this will clear up the nonstop "I see it, I don't" posts about Google sites.
Java generally has a constant memory overhead for the JVM + the heap. Unless you are using heavy server apps, Eclipse, or something similarly heavy, the footprint should sit around 64mb for the Sun implementation (which can be changed with -Xms and -Xmx JVM args).
It is generally pretty efficient for the JVM to GC on the heap and keep a constant memory overhead. Eclipse takes up as much or less memory than similar IDEs for me. Efficient GC can beat simple programmer-driven memory management in many instances, and it is definitely handy for running untrusted code. The obvious shortcoming here is in real time systems.
If you are running a bunch of small apps in separate VMs, then the footprint will be too big. Change the heap size with the command line args. Other than that, I don't see it as a big problem.
It also doesn't help that their regression techniques are outdated, misplaced, and generally suck ass. I've been directly involved with some of their "predictions", they basically threw 500 different configurations of 5-6 algorithms at the data and picked the best one out of the batch... real scientific.
Oh my, a linear regression with double-exponential smoothing doesn't approximate EVERYTHING correctly?! But... double exponential... it's DOUBLE man!!!11 (This would be the attitude of the people I worked with)
I just went there (www.java.com), I saw 1.4.2_06. I even tried it with the Firefox user-agent set to IE6 on Windows and found 1.4.2_06.
Unless they changed it in the past couple of hours, maybe you should wake up:)
Re:Still for sale though
on
The VHS is Dead
·
· Score: 3, Interesting
My old roommate still has like 20-30 VHS tapes full of recorded-off-TV movies that he still likes to watch. (Shhh... the MPAA's still watching out for those Bill and Ted pirates)
He got his first DVD player in the laptop he bought at the beginning of this semester.
"You have no way to prove me wrong when I assert that you see the color blue the same way I see the color red. So, how many angels can dance on the head of a pin?"
Fair enough. All arguments must stop at the axioms, good day to you!
Yep, you're right about the notation bit. The same note in different contexts can sound differently. They are, however, still the same note... and it doesn't remove the question about the position. All signs still point to rhetoric for me.
As a musician and classical violinist I have to wonder why the B# played in second position on the E string differs from 1) the simpler notation of C for the same note as B# or 2) the same C/B# played in third, fourth, or fifth position.
I think a lot of people can associate imagery with music; for what purpose do you think compositions like Vivaldi's Four Seasons and Prokofiev's Peter and the Wolf exist?
I call B.S. on this unless you have a serious complex. I also think that the use of verbiage like "b# played in the second position on a violin's E string" is pure rhetoric to attract attention and/or moderation. Ah, well. Whatever floats your boat.
I challenge you: I'll make some recordings of the same note played different ways, and you have to tell me which version each recording represents. It's kind of like Randi's paranormal challenge. Prove me wrong.
Try signing up for an account at PizzaHut.com and go through the first step of ordering a pizza. Crashes FF 1.0 for me every time.
Having to open up IE to just to use the site at all is painful.
Slashdot Mirror
Couldn't you just inform them that a security vulnerability is present, and perhaps classify it in severity and category (remote, local, etc)? Would you (in most cases) really need specifics? If you do need specifics (i.e. source level), you probably have enough knowledge of the project to already be in the loop helping with the problem anyway.
... but it seems like it would work in most cases.
Well, YMMV of course depending on the project, your use of it, and its maintainers
From the article: "To use an analogy, it's a little bit as if Ford was selling cars with defective brakes. If I realised that there was a problem, opened the hood and took a few pictures to prove it, and published everything on my Web site. Then Ford could file a complaint against me," added Tena.
If he gave them due notice (it wasn't indicated in TFA), then there is nothing wrong with him posting the exploits.
Otherwise, he is just grandstanding. Pretty much all projects (FOSS included) classify security bugs until a patch or workaround has been worked out. After it has been fixed, though, I think there is an obligation to the users to let them know what happened.
Big trees from little acorns grow. Powerful you have become, the dark side I sense in you.
It's "Collect underpants" ...
Underpants Gnomes aren't some kind of dirty thieves, you insensitive clod! They're legitimate businessgnomes!
See, for one of these types of posts to be funny, you can't just pick two previous articles at random and arbitrarily combine them with elements from the current story. The joke actually has to be funny, ironic, or creative in some way for it to be worth anything. I know getting modded Funny is a great ego (although not karma) booster and all, but come on. Show some class.
Isn't this about the idea getting government approval? Not really duped I think ...
Being a fan of java, Apache JAMES is my current mail server favorite. The Mailet API is a really cool for customization and it boasts really good performance numbers (check the wiki for more info). And it runs on anything with a recent JRE.
Might actually be good for a dorm room, where space is limited. I do wonder how functional the built in stuff is, though.
http://developers.slashdot.org/comments.pl?sid=133 575&cid=11155535
One word (hyphenated to ease your reading speed): J-O-K-E.
Good day to you.
If not RTFA, RTFBlurb at least. This guy attempted to steal credit card numbers from a system he accessed on an open wireless network.
He didn't just connect to it.
Used to. They ported it to a Windows environment ... "not developed here", you know.
Mr. Schleicher said that students in countries that emphasized theorems and rote learning tended not to do as well as those that emphasized the more practical aspects of mathematics.
Doesn't this stem from the fact that theory-based instruction has a much steeper learning curve?
Emphasizing the theory encourages creativity later on, but students initially grasp it less quickly.
Students who know the "mechanics" of standard problems will always do best on standardized tests (hence the standardized?).
1) Can it find MY website?
2) ???
3) Profit!
I've found that Google sometimes changes the content by region and by how old your cookie is. They have a timestamp and a signature inside of the cookie (to verify that it is generated by them), among some other things.
In my experience, users with older (>24hr) cookies see these kind of changes, while the rest have to wait for their cookie to age a bit.
Maybe this will clear up the nonstop "I see it, I don't" posts about Google sites.
Come on ... we all learned from Commander Data that singing comes from the emotion chip, you insensitive clod.
Java generally has a constant memory overhead for the JVM + the heap. Unless you are using heavy server apps, Eclipse, or something similarly heavy, the footprint should sit around 64mb for the Sun implementation (which can be changed with -Xms and -Xmx JVM args).
It is generally pretty efficient for the JVM to GC on the heap and keep a constant memory overhead. Eclipse takes up as much or less memory than similar IDEs for me. Efficient GC can beat simple programmer-driven memory management in many instances, and it is definitely handy for running untrusted code. The obvious shortcoming here is in real time systems.
If you are running a bunch of small apps in separate VMs, then the footprint will be too big. Change the heap size with the command line args. Other than that, I don't see it as a big problem.
It also doesn't help that their regression techniques are outdated, misplaced, and generally suck ass. I've been directly involved with some of their "predictions", they basically threw 500 different configurations of 5-6 algorithms at the data and picked the best one out of the batch ... real scientific.
... double exponential ... it's DOUBLE man!!!11 (This would be the attitude of the people I worked with)
Oh my, a linear regression with double-exponential smoothing doesn't approximate EVERYTHING correctly?! But
Sigh.
I just went there (www.java.com), I saw 1.4.2_06. I even tried it with the Firefox user-agent set to IE6 on Windows and found 1.4.2_06.
:)
Unless they changed it in the past couple of hours, maybe you should wake up
My old roommate still has like 20-30 VHS tapes full of recorded-off-TV movies that he still likes to watch. (Shhh ... the MPAA's still watching out for those Bill and Ted pirates)
He got his first DVD player in the laptop he bought at the beginning of this semester.
He still watches the VHS.
"You have no way to prove me wrong when I assert that you see the color blue the same way I see the color red. So, how many angels can dance on the head of a pin?" Fair enough. All arguments must stop at the axioms, good day to you!
Yep, you're right about the notation bit. The same note in different contexts can sound differently. They are, however, still the same note ... and it doesn't remove the question about the position. All signs still point to rhetoric for me.
As a musician and classical violinist I have to wonder why the B# played in second position on the E string differs from 1) the simpler notation of C for the same note as B# or 2) the same C/B# played in third, fourth, or fifth position.
I think a lot of people can associate imagery with music; for what purpose do you think compositions like Vivaldi's Four Seasons and Prokofiev's Peter and the Wolf exist?
I call B.S. on this unless you have a serious complex. I also think that the use of verbiage like "b# played in the second position on a violin's E string" is pure rhetoric to attract attention and/or moderation. Ah, well. Whatever floats your boat.
I challenge you: I'll make some recordings of the same note played different ways, and you have to tell me which version each recording represents. It's kind of like Randi's paranormal challenge. Prove me wrong.
"select top"?! That's not ANSI-compliant, you insensitive clod!
Try signing up for an account at PizzaHut.com and go through the first step of ordering a pizza. Crashes FF 1.0 for me every time. Having to open up IE to just to use the site at all is painful.