You mean the worst areas... Looking for hookers in high traffic areas? No thanks. Best case: lose your car when you get arrested. Worst case: AIDs, etc.
1) A hole is made known to Mozilla before it's made known to the public.
2) A hole is made known to Mozilla and the public at the same time.
In (1), it's reasonable to ask that the software developer at least make a token notification to various vendor's security contacts. Most of the vendors are reasonably private - they won't post the matter to a mailing list - and responsible. The software developer certainly doesn't HAVE to do this, but it would benefit a larger portion of its end users.
In (2), it doesn't make any sense to notify each distribution, because the whole world already knows, and each hour wasted on notification could mean people who are damaged by the hole.
I think the difference between (1) and (2) is significant, and it's important to realize that the case we're talking about here is (2). The hole was made public in Bugzilla, and Mozilla had to rush to create a patch. Holding that patch to give the distributions time to update is silly - people already knew there was a hole, and users were already waiting on the fix. If the initial bug was private, this would be an entirely different story.
Why should end users not be offered the same patches as soon as they are ready? If it takes a vendor 24 hours to get a new package out, that sounds reason able to me, but again, why limit access to the update for that 24 hours?
Just speaking to the theory here, once the 'end users' are notified of the hole, it's reasonable to assume that 'someone' is going to reverse engineer an exploit out of the patch.
On very large holes, the coordinated release allows the largest possible user base to have an upgrade path by the time the hole is made public. If all users were notified as soon as a source patch was released, but the source patch didn't apply directly to distribution X because of local changes to the codebase, a malicious user could (and will) create and circulate an exploit before that group can create a patch.
Note that the security community does not agree here. When OpenSSH had a massive hole, Theo went mailing-list to mailing-list telling people a workaround, and coordinated a very large release of information on a specific day. When DJB's students come out with their list of new exploits every year, they release them all on a webpage with zero notice to ANYONE, including the software vendors involved.
It's a matter of philosophy - are you in the game to protect the most people, or are you managing your software and letting other people worry about their users? I personally don't have a problem with Mozilla's practices - they still beat some other vendors, even if they're not as 'responsible' as the OpenSSH crowd.
Many states in the US have the same sort of renewable energy goals as countries in Europe. It's not, though, something that needs to be regulated by the Federal Government which - for the most part - lets states manage their own energy needs and supplies.
17 states have laws/plans to migrate towards renewable energy, including the largest (California, 20% by 2010), and the Federal government offers a tax credit to companies that use wind for energy needs (which is the Federal government's favorite way of suggesting that companies should be moving in that direction).
After years of study but little progress reducing bird kills, environmentalists have sued to force turbine owners to take tough corrective measures. The companies, at risk of federal prosecution, say they see the need to protect birds. "Once we finally realized that this issue was really serious, that we had to solve it to move forward, we got religion," says George Hardie, president of G3 Energy.
The size of the annual body count -- conservatively put at 4,700 birds -- is unique to this sprawling, 50-square-mile site in the Diablo Mountains between San Francisco and the agricultural Central Valley because it spans an international migratory bird route regulated by the federal government. The low mountains are home to the world's highest density of nesting golden eagles.
It certainly seems to be a limited problem. The question, then, is whether or not you can find a safe alternative, or if you define an 'accepted' loss and work to stay within that realm.
In California (which also has a 20% by 2010 law), these wind turbines are going up ALL OVER - especially in a lot of the passes leading from the coastal valleys into the inner valleys. Some of the windier passes happen to be the same passes that birds use for migration, which is causing a lot of the complaints. Not all of the passes are on migration routes - the corridor along I-10 through Palm Springs has one of the largest installations, and hasn't been subject to many complaints at all, as the number of birds (population density, I suppose) in that area isn't nearly as high as in the coastal regions.
I'm just waiting for a rewritable DVD device that has loadable cartriges and autloading drives.
I'm tired of DLT. 40GB, even compressed, won't backup a modern NAS, so you end up with 2-3 times the hardware investment in permanent media instead of using the DLT/DVD reusable media of old times.
If Blu-ray hits 100GB/disk, and they manage rewritable formats, someone will put them into a scratch-proof cartrige for backup devices.
In any event, the business was failing, so scam or not, it's a desperate game to try to stay alive and relevant for another few years.
The corporation's responsibility is working in the best interest of their shareholders - everything short of breaking the law in order to turn a profit for those who own stock. If that means suing a company just to stay relevant, so be it.
That's how public corporations work. It may not be morally correct (for some definition of morality), but they are responsible for protecting their shareholders... In the end, the trick may work the way they wanted - extending the life of a failing company for another few years so that shareholders have time to sell and salaried employees can collect a few more dollars.
The question isn't 'available', it's 'available at a price that any middle class citizen would be able to afford'.
The answer is 'next to zero'.
The solution isn't to pirate what you cannot afford, despite what some would say, but to find alternatives. If these alternatives are Open Source, fine. If these alternatives are cheaper licenses valid only in certain areas, so be it. The bottom line is that $199 for an operating system is EXPENSIVE, and your average user in Zimbabwe needs something a little cheaper.
Faced with (90% piracy @ expensive licnese) or (10% piracy @ cheaper licenses), some economist should be able to work out a reasonable cost that let's everyone 'win'.
It is now easier, though not any more secure, to offer files. The creation of torrents and trackers is now rolled into one - but there's still location information in it.
It's implemented. It doesn't hide your ID, so illegal users still have the same problems.
The BSA, MPAA, RIAA only has to go after a handful of very large network providers before then can put a large dent into various P2P networks.
Hitting some of the larger college campuses would be a good start. Some colleges will fight, but until the precedent is set, others will block, and the highest bandwidth users will be offline.
Iridium + Text messaging (http://messaging.iridium.com/) is the way to go. That way you can not only receive it anywhere, but you can take action.
The one thing I did notice with the Iridium phones is that while they work EVERYWHERE on the globe (including in the middle of the Pacific on a cruise ship, great reception despite the latency), they don't perform as well as most modern phones in steel buildings (again, cruise ship). On the deck they were great. In the large open air suites they were great. In the casino and restaurants, not so great.
Above and beyond that, find a great managed hosting solution and make a deal with them to respond to alerts during periods of absence. I know my hosting company does this with our application servers from time to time.
There was another critical hole that didn't require the whitelist addition.
Yes, Firefox will be updated. No, not everyone who runs Firefox will update. Yes, the hole will be used to install viruses and spyware. No, installing Firefox once is not a single solution to surfing the internet safely - you still have to update, just like Windows Update/IE.
Neither would be best, but it won't happen. Therefore, both is more fair than Windows/IE only.
Fortunately, this type of posting is actually informative - most people don't follow the mailing lists and wouldn't have known any other way. Unfortunately, it's also a great way to start flamewars.
It actually looks like the old 3D render from the Infinium Labs 'Phantom' console, turned on end and smoothed a bit.... The one that was in the promo video that came out a year ago?
Slashdot Mirror
The article doesn't mention cause - it's an article about the correlation, and nothing more.
You mean the worst areas ... Looking for hookers in high traffic areas? No thanks. Best case: lose your car when you get arrested. Worst case: AIDs, etc.
Except the last two singers left (this year) are both from red states....
There's really two scenarios here:
1) A hole is made known to Mozilla before it's made known to the public.
2) A hole is made known to Mozilla and the public at the same time.
In (1), it's reasonable to ask that the software developer at least make a token notification to various vendor's security contacts. Most of the vendors are reasonably private - they won't post the matter to a mailing list - and responsible. The software developer certainly doesn't HAVE to do this, but it would benefit a larger portion of its end users.
In (2), it doesn't make any sense to notify each distribution, because the whole world already knows, and each hour wasted on notification could mean people who are damaged by the hole.
I think the difference between (1) and (2) is significant, and it's important to realize that the case we're talking about here is (2). The hole was made public in Bugzilla, and Mozilla had to rush to create a patch. Holding that patch to give the distributions time to update is silly - people already knew there was a hole, and users were already waiting on the fix. If the initial bug was private, this would be an entirely different story.
Why should end users not be offered the same patches as soon as they are ready? If it takes a vendor 24 hours to get a new package out, that sounds reason able to me, but again, why limit access to the update for that 24 hours?
Just speaking to the theory here, once the 'end users' are notified of the hole, it's reasonable to assume that 'someone' is going to reverse engineer an exploit out of the patch.
On very large holes, the coordinated release allows the largest possible user base to have an upgrade path by the time the hole is made public. If all users were notified as soon as a source patch was released, but the source patch didn't apply directly to distribution X because of local changes to the codebase, a malicious user could (and will) create and circulate an exploit before that group can create a patch.
Note that the security community does not agree here. When OpenSSH had a massive hole, Theo went mailing-list to mailing-list telling people a workaround, and coordinated a very large release of information on a specific day. When DJB's students come out with their list of new exploits every year, they release them all on a webpage with zero notice to ANYONE, including the software vendors involved.
It's a matter of philosophy - are you in the game to protect the most people, or are you managing your software and letting other people worry about their users? I personally don't have a problem with Mozilla's practices - they still beat some other vendors, even if they're not as 'responsible' as the OpenSSH crowd.
Absolute nonsense.
Many states in the US have the same sort of renewable energy goals as countries in Europe. It's not, though, something that needs to be regulated by the Federal Government which - for the most part - lets states manage their own energy needs and supplies.
17 states have laws/plans to migrate towards renewable energy, including the largest (California, 20% by 2010), and the Federal government offers a tax credit to companies that use wind for energy needs (which is the Federal government's favorite way of suggesting that companies should be moving in that direction).
It certainly seems to be a limited problem. The question, then, is whether or not you can find a safe alternative, or if you define an 'accepted' loss and work to stay within that realm.
In California (which also has a 20% by 2010 law), these wind turbines are going up ALL OVER - especially in a lot of the passes leading from the coastal valleys into the inner valleys. Some of the windier passes happen to be the same passes that birds use for migration, which is causing a lot of the complaints. Not all of the passes are on migration routes - the corridor along I-10 through Palm Springs has one of the largest installations, and hasn't been subject to many complaints at all, as the number of birds (population density, I suppose) in that area isn't nearly as high as in the coastal regions.
Average need for backup lifetime in my specific situation is less than 2 months.
Bit rot isn't a concern - quick snapshots of files that are deleted and noticed within a week is.
I'm just waiting for a rewritable DVD device that has loadable cartriges and autloading drives.
I'm tired of DLT. 40GB, even compressed, won't backup a modern NAS, so you end up with 2-3 times the hardware investment in permanent media instead of using the DLT/DVD reusable media of old times.
If Blu-ray hits 100GB/disk, and they manage rewritable formats, someone will put them into a scratch-proof cartrige for backup devices.
In any event, the business was failing, so scam or not, it's a desperate game to try to stay alive and relevant for another few years.
The corporation's responsibility is working in the best interest of their shareholders - everything short of breaking the law in order to turn a profit for those who own stock. If that means suing a company just to stay relevant, so be it.
That's how public corporations work. It may not be morally correct (for some definition of morality), but they are responsible for protecting their shareholders... In the end, the trick may work the way they wanted - extending the life of a failing company for another few years so that shareholders have time to sell and salaried employees can collect a few more dollars.
The question isn't 'available', it's 'available at a price that any middle class citizen would be able to afford'.
The answer is 'next to zero'.
The solution isn't to pirate what you cannot afford, despite what some would say, but to find alternatives. If these alternatives are Open Source, fine. If these alternatives are cheaper licenses valid only in certain areas, so be it. The bottom line is that $199 for an operating system is EXPENSIVE, and your average user in Zimbabwe needs something a little cheaper.
Faced with (90% piracy @ expensive licnese) or (10% piracy @ cheaper licenses), some economist should be able to work out a reasonable cost that let's everyone 'win'.
Essentially:
It is now easier, though not any more secure, to offer files. The creation of torrents and trackers is now rolled into one - but there's still location information in it.
It's implemented. It doesn't hide your ID, so illegal users still have the same problems.
The BSA, MPAA, RIAA only has to go after a handful of very large network providers before then can put a large dent into various P2P networks.
Hitting some of the larger college campuses would be a good start. Some colleges will fight, but until the precedent is set, others will block, and the highest bandwidth users will be offline.
Iridium + Text messaging (http://messaging.iridium.com/) is the way to go. That way you can not only receive it anywhere, but you can take action.
The one thing I did notice with the Iridium phones is that while they work EVERYWHERE on the globe (including in the middle of the Pacific on a cruise ship, great reception despite the latency), they don't perform as well as most modern phones in steel buildings (again, cruise ship). On the deck they were great. In the large open air suites they were great. In the casino and restaurants, not so great.
Above and beyond that, find a great managed hosting solution and make a deal with them to respond to alerts during periods of absence. I know my hosting company does this with our application servers from time to time.
Hope that helps.
Everything that man touches turns to gold. Brilliant, hilarious, bring it on.
They have had their websites shutdown until they... ... form a new company, get new checks, and open new websites in different states.
It's a nice story, but it won't change much until people are behind bars.
Hopefully the next release will incorporate a preview - a few seconds to help those of us who would otherwise have no idea what these videos may be.
There was another critical hole that didn't require the whitelist addition.
Yes, Firefox will be updated.
No, not everyone who runs Firefox will update.
Yes, the hole will be used to install viruses and spyware.
No, installing Firefox once is not a single solution to surfing the internet safely - you still have to update, just like Windows Update/IE.
Neither would be best, but it won't happen. Therefore, both is more fair than Windows/IE only.
Fortunately, this type of posting is actually informative - most people don't follow the mailing lists and wouldn't have known any other way. Unfortunately, it's also a great way to start flamewars.
Win one, lose one, life moves on.
Word and Outlook on a phone is nice, too...
Yes, very nice.
It actually looks like the old 3D render from the Infinium Labs 'Phantom' console, turned on end and smoothed a bit.... The one that was in the promo video that came out a year ago?
Most of them are the same worm, and they're doing dictionary attacks for weak passwords (not quite the same flaw as not being updated).
The phpBB, awstats, and openwebmail worms were better examples.
doesn't cover tech stories any more...
Unless it portrays one of the token issues (linux, filesharing, video streaming, apple, OSX, iPod, etc) in a favorable light.
Google DNS outage? Big deal. Even NANOG didn't seem to do more than a blip over it. Why not start with the huge WorldNIC outage first?
It was trading at $0.58 on 2004/12/22 - it closed at $0.90 today (2004/12/30) after peaking around $1.41 at the opening Tuesday (2004/12/28).
If you bought last Thursday, and sold on Tuesday, you could have made 240% - a modest $1000 investment would have made you $1431 profit.
If the fax really was a pump-and-dump, it worked.
The phantom has a ton of games - it's just WinXP, any windows game will play on it just fine...
That's one of the (very) few things going Infinium's way.