And remember all the slashdotters and others who think when you make a product you should *not* be liable for what happens after you release it. Either Cisco is not responsible like everyone else, or everyone is responsible.
Even if it came to a vote and passed, the resolution would not be binding on Cisco's executives. But "it sends a strong message to management, and it gets across the sentiment of shareholders in a way that writing a letter can't do," says Wolfe.
Big whip. It's not binding and is just paper. As for the reasoning that management cares what the shareholder's think...well that argument has been going on for decades.
Also from the article:
"Can companies just claim a total lack of political responsibility in how their technology is used in all instances? It's something that companies should be thinking about when they sell their technologies around the world."
Yes, they can. Companies are out to make a profit not a political statement. Investors, i.e., the shareholders, want a monetary return, not a political return on their investment. As an investor in Cisco I would sell immediately if I knew Cisco was going to quit selling to one of the largest markets in existence because they were going to make a political statment (in fact I would sell short and make quite a bit when this news hit the street as well).
There is nothing that Cisco itself can do change human rights in China. In order for that to happen the people of China have to want the change; really want the change. If tomorrow Cisco stopped selling to China Juniper or another company would just take up the slack. Only if all companies did this would that then make an impact. (And yes, I know you have to start somewhere, but why don't you start with the people in China first?)
Political mongering at corporations has been around for decades and it will not go away. But what a waste of time to fight over a non-binding non-effort.
The biggest problem with security is that you can't guard against things you don't know about.
But this is the point. How can you secure code when you don't actively audit it? The reason why there are 10,000 holes is that companies don't have the mindset of features + security = release. It is first develop the features then release. And after the fact add security.
It will take a huge culture shift to get that the concept that in order for programs to be secure they have to have security built in from the ground up, not after the fact. If you don't do it this way then you get a fix opening another problem fixing a problem. Build in the security first and you don't have this problem.
In order to do it this way you need to change the way people program. And in order to do that you need some external or internal motivation to do so. And honestly speaking I don't see that yet. Maybe another 40 million credit cards need to be released.
Security is a neat buzz word lately. We all "need" to do security, blah, blah, blah.
Security is just like customer service. In order for it to be effective you have to ingrain it in a culture which places it as a top priority. It's obvious that most developers and corporations think of this as an after thought.
Okay, we need functionality x and y. Great, now that we have it... oh yeah, put a firewall in front of it. What, we were hacked? We had a firewall...
Just reading the article it shows that the developers were surprised someone can reverse engineer their code; they were "annoyed" someone created a graphical exploit. Annoyed? How about pissed? What about "motivated" to plug the hole. Obviously we weren't there to hear this first hand but it sounds like just an oh well we should do something about this. The article talks about a priority shift. Just another corporate slogan.
If it was a true culture shift you would see something like: x company has announced the hiring of 1,000 new software programmers to create a new division of security. This new division will audit all code for potential security problems before any new programs are released.
When I read this the first thing that went through my mind is that someone targeted the site. But it sounds like a spammer just used it to send out emails (as far as I know now). Based upon this I doubt that the site was even targeted at all. I bet an automated script searched through google and is looking for drupal sites to exploit. phpBB has this happen quite a bit. Once a site is found the script automates the hack and then sends out the spam.
My guess it that the spammer didn't even know what site they hacked.
This would be my first choice to you as well. I would not use php-nuke. If you don't update the modules constantly with php-nuke you will have problems. I have seen more sites hacked due to flaws in php-nuke than any other CMS.
Also, take a look at Post-Nuke. (www.postnuke.com) Another more secure php CMS.
Before dispensing advice you have not really answered the most important question?
What do you want to network?
There are a lot of books on networking, networking a printer, networking work stations, networking computers for internet access, file sharing, IM networking, email server, etc.
It wholly depends on what you want to setup. If you just want internet access and to share a few files you can do this with a Netgear router and a switch and turn on file/folder sharing in Windows. Simple and it works. If you need something more powerful such as file sharing look at adding a SAMBA server or dedicated Windows server. Do you need ftp to the server? Adding an intranet? Then you need to add the appropriate programs.
Was this a wireless network? Well, then the books you want are different.
How about running your own email server? Well that's going to take you a completely different direction than just file sharing (although the cable setup will probably not change).
Saying you want a book on networking is like saying you want to read a book on programming. The real question to you is what do you want to do? Only then can someone give you appropriate direction.
all the offtopic non-linux posts I do think it is interesting and relevant that Debian has listened to the people using the distro and have addressed the problems. You usually do not see such a fast response to security issues and problems. It is obvious that the leadership of Debian is concerned for the users and the future of Debian.
if I gave my wife that stuff. I don't know about others, but it really doesn't look that good to me.
I guess if it were functional I could see using the IDE belt. You could hook a couple hard drives in holsters off the belt and hot plug the cable into your computer.
it doesn't matter which one you choose. I bet for what you will be using them for the only difference you will need to look at will be vendor support. Both of these distributions are top of the line for business support and you will not go wrong by choosing either of them.
Now, if I had to choose one I would suggest you go with SuSE all else being equal. The reason for this is that their newest desktop 9.3 is a very good distro and it will keep you happy. But if you went with Redhat you would be happy as well.
I would not go to any other the other distributions if you have money for support. The other linux distributions are very good. Several of the ones mentioned here are at least as stable and offer as many (if not more) features than these two distributions. But, if your tech support knows nothing about linux having a dedicated corporate vendor support staff is going to be a big help. Your tech support could figure things out by browsing mailing lists and forums for the other linux distributions but it would take them longer than picking up a phone and saying how do you do (fix) x. For a business environment this is a no brainer.
Why do they have the link to email an editor if you see a serious problem with the story when they don't even read the emails?
I saw this as a preview story and sent an email to the "online" editor telling them it was a duplicate story and provided them with the link to the duplicate story. Yet the story was still posted...
I have clearly had the opposite experience with a Blackberry 7100 and Treo 600. The Treo outdistances the Blackberry by at least a factor of 2 when it comes to battery life. The Blackberry doesn't even come close. My experience is based upon usage and upon non-use standby.
They haven't been forced to do so by market forces. It's the philosophy if it's not broke don't fix it. In this case they haven't been forced to do anything different by the end use customers. (And in this case you generally are the end user; HP, Dell, IBM, etc. are the next in line from the motherboard manuafacturers).
See, we're not the best in everything. In fact our major products are behind. Therefore, we don't have a monopoly on anything. Please leave our lawyers alone...
While this does have a hint of truth it also works very well for them.
You can skip the articles they don't tell you much other than what is in the Slashdot Summary. However, the blog entry has the code part on it. Here are all the articles including code entry...
Story:
Ryan Naraine - PC Magazine Tue Jun 28,10:49 AM ET
Norwegian hacker Jon Lech Johansen has cracked the lock on Google's new in-browser video player.
Johansen, also known as 'DVD Jon' for his work on decrypting DVD security codes, has created a patch for the Google Video Viewer--less than 24 hours after the search giant shipped the video playback plug-in, a tool based on the open-source VideoLAN media player.
The patch, released on Johansen's 'So Sue Me' blog, effectively disables a modification Google made to the VideoLAN code to prevent users from playing videos that are not hosted on Google's servers.
Johansen said the patch, which requires the.Net run-time framework, will remove Google's restriction and allow the playback of video files that aren't on the video.google.com server.
The 21-year-old hacker, who faced two trials in Norway in 2002 and 2003 for his role in the release of the DeCSS decryption software, is a hero to many for his efforts to defeat DRM (digital rights management) mechanisms built into media player technology.
He has been involved in a public cat-and-mouse game with Apple Inc., releasing several tools to bypass the DRM software used to encrypt music sold on the iTunes Music Store. LINK TO: PyMusique Unlocks iTunes Copy Protection. Again. http://www.extremetech.com/article2/0,1558,1779526,00.asp
Johansen has also cracked Apple's AirPort Express's encryption and released a proof-of-concept program that allows Linux users to play video encoded with Microsoft's proprietary WMV9 codec. The proof-of-concept is based on the VideoLan code.
Addict3d.org more details:
Jon Lech Johansen, "DVD Jon", took just one day to build a crack to allow you to play video on your website using Google's VLC-based player.
This means you can publish video that will play on your webpage and will work for anyone who has Google's player installed.
Johansen, also known as 'DVD Jon' for his work on decrypting DVD security codes, has created a patch for the Google Video Viewer--less than 24 hours after the search giant shipped the video playback plug-in, a tool based on the open-source VideoLAN media player.
This "feature" prevents you from playing videos that are not hosted on Google's servers. Download and run this patch I wrote to remove this restriction. Running the patch requires a.NET runtime.
As a graphic designer, let me speak from experience - Corporate art sucks.
Yep. But as a graphic designer you also know that most, if not all corporations don't use cartoon looking daemons. FreeBSD obviously wants to change its perception and unfortunately this is one part of that transformation.
Now, I'm off to buy some daemon t-shirts before they are gone forever...
Colo4dallas also has staff on hand for a price ($75.00 per hour). Of course if you don't mind paying anyone will just about do anything for you (for a price that is).
Slashdot Mirror
And remember all the slashdotters and others who think when you make a product you should *not* be liable for what happens after you release it. Either Cisco is not responsible like everyone else, or everyone is responsible.
From the article:
Even if it came to a vote and passed, the resolution would not be binding on Cisco's executives. But "it sends a strong message to management, and it gets across the sentiment of shareholders in a way that writing a letter can't do," says Wolfe.
Big whip. It's not binding and is just paper. As for the reasoning that management cares what the shareholder's think...well that argument has been going on for decades.
Also from the article:
"Can companies just claim a total lack of political responsibility in how their technology is used in all instances? It's something that companies should be thinking about when they sell their technologies around the world."
Yes, they can. Companies are out to make a profit not a political statement. Investors, i.e., the shareholders, want a monetary return, not a political return on their investment. As an investor in Cisco I would sell immediately if I knew Cisco was going to quit selling to one of the largest markets in existence because they were going to make a political statment (in fact I would sell short and make quite a bit when this news hit the street as well).
There is nothing that Cisco itself can do change human rights in China. In order for that to happen the people of China have to want the change; really want the change. If tomorrow Cisco stopped selling to China Juniper or another company would just take up the slack. Only if all companies did this would that then make an impact. (And yes, I know you have to start somewhere, but why don't you start with the people in China first?)
Political mongering at corporations has been around for decades and it will not go away. But what a waste of time to fight over a non-binding non-effort.
How much money does the film have to make before they bring back the series?
This link just goes back to the one in the article, you can skip it.
Are they serious about security, privacy and piracy yet?
The biggest problem with security is that you can't guard against things you don't know about.
But this is the point. How can you secure code when you don't actively audit it? The reason why there are 10,000 holes is that companies don't have the mindset of features + security = release. It is first develop the features then release. And after the fact add security.
It will take a huge culture shift to get that the concept that in order for programs to be secure they have to have security built in from the ground up, not after the fact. If you don't do it this way then you get a fix opening another problem fixing a problem. Build in the security first and you don't have this problem.
In order to do it this way you need to change the way people program. And in order to do that you need some external or internal motivation to do so. And honestly speaking I don't see that yet. Maybe another 40 million credit cards need to be released.
1) Metasploit isn't a graphical exploit; it's a Perl shell
I guess I was referring to this:
"Version 2.3 of the Metasploit Framework includes a web interface"
when I meant graphical.
Duh.
... oh yeah, put a firewall in front of it. What, we were hacked? We had a firewall ...
Security is a neat buzz word lately. We all "need" to do security, blah, blah, blah.
Security is just like customer service. In order for it to be effective you have to ingrain it in a culture which places it as a top priority. It's obvious that most developers and corporations think of this as an after thought.
Okay, we need functionality x and y. Great, now that we have it
Just reading the article it shows that the developers were surprised someone can reverse engineer their code; they were "annoyed" someone created a graphical exploit. Annoyed? How about pissed? What about "motivated" to plug the hole. Obviously we weren't there to hear this first hand but it sounds like just an oh well we should do something about this. The article talks about a priority shift. Just another corporate slogan.
If it was a true culture shift you would see something like: x company has announced the hiring of 1,000 new software programmers to create a new division of security. This new division will audit all code for potential security problems before any new programs are released.
their wallet and jewelry box they could look for the "I am a certified spy" card and secret decoder ring.
When I read this the first thing that went through my mind is that someone targeted the site. But it sounds like a spammer just used it to send out emails (as far as I know now). Based upon this I doubt that the site was even targeted at all. I bet an automated script searched through google and is looking for drupal sites to exploit. phpBB has this happen quite a bit. Once a site is found the script automates the hack and then sends out the spam.
My guess it that the spammer didn't even know what site they hacked.
This would be my first choice to you as well. I would not use php-nuke. If you don't update the modules constantly with php-nuke you will have problems. I have seen more sites hacked due to flaws in php-nuke than any other CMS.
Also, take a look at Post-Nuke. (www.postnuke.com) Another more secure php CMS.
Before dispensing advice you have not really answered the most important question?
What do you want to network?
There are a lot of books on networking, networking a printer, networking work stations, networking computers for internet access, file sharing, IM networking, email server, etc.
It wholly depends on what you want to setup. If you just want internet access and to share a few files you can do this with a Netgear router and a switch and turn on file/folder sharing in Windows. Simple and it works. If you need something more powerful such as file sharing look at adding a SAMBA server or dedicated Windows server. Do you need ftp to the server? Adding an intranet? Then you need to add the appropriate programs.
Was this a wireless network? Well, then the books you want are different.
How about running your own email server? Well that's going to take you a completely different direction than just file sharing (although the cable setup will probably not change).
Saying you want a book on networking is like saying you want to read a book on programming. The real question to you is what do you want to do? Only then can someone give you appropriate direction.
all the offtopic non-linux posts I do think it is interesting and relevant that Debian has listened to the people using the distro and have addressed the problems. You usually do not see such a fast response to security issues and problems. It is obvious that the leadership of Debian is concerned for the users and the future of Debian.
Cheers to Debian!
if I gave my wife that stuff. I don't know about others, but it really doesn't look that good to me.
I guess if it were functional I could see using the IDE belt. You could hook a couple hard drives in holsters off the belt and hot plug the cable into your computer.
it doesn't matter which one you choose. I bet for what you will be using them for the only difference you will need to look at will be vendor support. Both of these distributions are top of the line for business support and you will not go wrong by choosing either of them.
Now, if I had to choose one I would suggest you go with SuSE all else being equal. The reason for this is that their newest desktop 9.3 is a very good distro and it will keep you happy. But if you went with Redhat you would be happy as well.
I would not go to any other the other distributions if you have money for support. The other linux distributions are very good. Several of the ones mentioned here are at least as stable and offer as many (if not more) features than these two distributions. But, if your tech support knows nothing about linux having a dedicated corporate vendor support staff is going to be a big help. Your tech support could figure things out by browsing mailing lists and forums for the other linux distributions but it would take them longer than picking up a phone and saying how do you do (fix) x. For a business environment this is a no brainer.
Why do they have the link to email an editor if you see a serious problem with the story when they don't even read the emails?
I saw this as a preview story and sent an email to the "online" editor telling them it was a duplicate story and provided them with the link to the duplicate story. Yet the story was still posted...
Maybe a slow news day?
I have clearly had the opposite experience with a Blackberry 7100 and Treo 600. The Treo outdistances the Blackberry by at least a factor of 2 when it comes to battery life. The Blackberry doesn't even come close. My experience is based upon usage and upon non-use standby.
sorry
They haven't been forced to do so by market forces. It's the philosophy if it's not broke don't fix it. In this case they haven't been forced to do anything different by the end use customers. (And in this case you generally are the end user; HP, Dell, IBM, etc. are the next in line from the motherboard manuafacturers).
They get Jedi, we get Sith...
Now that's funny.
Jedi Academy Student
Jedi Programmer
Jedi Religious Member
And did he use the Official Jedi Name Generator?
See, we're not the best in everything. In fact our major products are behind. Therefore, we don't have a monopoly on anything. Please leave our lawyers alone...
While this does have a hint of truth it also works very well for them.
You can skip the articles they don't tell you much other than what is in the Slashdot Summary. However, the blog entry has the code part on it. Here are all the articles including code entry...
.Net run-time framework, will remove Google's restriction and allow the playback of video files that aren't on the video.google.com server.
6 ,00.asp
// Google mods
.NET runtime.
Story:
Ryan Naraine - PC Magazine Tue Jun 28,10:49 AM ET
Norwegian hacker Jon Lech Johansen has cracked the lock on Google's new in-browser video player.
Johansen, also known as 'DVD Jon' for his work on decrypting DVD security codes, has created a patch for the Google Video Viewer--less than 24 hours after the search giant shipped the video playback plug-in, a tool based on the open-source VideoLAN media player.
The patch, released on Johansen's 'So Sue Me' blog, effectively disables a modification Google made to the VideoLAN code to prevent users from playing videos that are not hosted on Google's servers.
Johansen said the patch, which requires the
The 21-year-old hacker, who faced two trials in Norway in 2002 and 2003 for his role in the release of the
DeCSS decryption software, is a hero to many for his efforts to defeat DRM (digital rights management) mechanisms built into media player technology.
He has been involved in a public cat-and-mouse game with Apple Inc., releasing several tools to bypass the DRM software used to encrypt music sold on the iTunes Music Store. LINK TO: PyMusique Unlocks iTunes Copy Protection. Again. http://www.extremetech.com/article2/0,1558,177952
Johansen has also cracked Apple's AirPort Express's encryption and released a proof-of-concept program that allows
Linux users to play video encoded with Microsoft's proprietary WMV9 codec. The proof-of-concept is based on the VideoLan code.
Addict3d.org more details:
Jon Lech Johansen, "DVD Jon", took just one day to build a crack to allow you to play video on your website using Google's VLC-based player.
This means you can publish video that will play on your webpage and will work for anyone who has Google's player installed.
Johansen, also known as 'DVD Jon' for his work on decrypting DVD security codes, has created a patch for the Google Video Viewer--less than 24 hours after the search giant shipped the video playback plug-in, a tool based on the open-source VideoLAN media player.
Crack can be found here -
http://nanocrew.net/wp-content/GVVPatch.exe
http://nanocrew.net/?p=114
Blog Entry:
Google has released Google Video Viewer, a browser plugin based on VLC. Here's one of the features they've added:
+
+ const char* allowed_host = \"video.google.com\";
+ char * host_found = strstr(p_sys->url.psz_host, allowed_host);
+ if ((host_found == NULL) ||
+ ((host_found + strlen(allowed_host)) !=
+ (p_sys->url.psz_host + strlen(p_sys->url.psz_host)))) {
+ msg_Warn( p_access, \"invalid host, only video.google.com is allowed\" );
+ goto error;
+ }
This "feature" prevents you from playing videos that are not hosted on Google's servers. Download and run this patch I wrote to remove this restriction. Running the patch requires a
As a graphic designer, let me speak from experience - Corporate art sucks.
Yep. But as a graphic designer you also know that most, if not all corporations don't use cartoon looking daemons. FreeBSD obviously wants to change its perception and unfortunately this is one part of that transformation.
Now, I'm off to buy some daemon t-shirts before they are gone forever...
Colo4dallas also has staff on hand for a price ($75.00 per hour). Of course if you don't mind paying anyone will just about do anything for you (for a price that is).