As author of GeSHi I can confirm this is basically how things played out. I sent Secunia a very irate e-mail asking them basically WTF they were smoking, and as far as I can tell they didn't publish a vulnerability for it.
They've tried on other projects I've been on, such as Mahara. They went trolling through the changelogs of old releases for the word 'security', and hit a git commit that fixed security being too tight on something - and sent an automated email saying they wanted more information about the vulnerability so they could put it in their database! They got another irate e-mail about that one.
Secunia, in my experience, are scum looking to justify their existence rather than actually help.
The IT courses at my university teach you Access as a platform for learning SQL, which is downright negligent (at my uni, the IT people learn on windows while the CS people learn on NetBSD, which is kinda cool that they do that at least).
Apart from that, IT has a more business/management focus, and doesn't take you very far into coding. If you understand what recursion is, it's probably the case that IT won't challenge your coding brain.
[note: all this from my experience at my uni, ymmv]
"license prohibits making screenshots containing desktop or icons or other artwork incorporated into Vista"
Given that almost every window has window manager chrome, it's going to be hard to prevent people from inadvertently breaking this one, huh? What are they going to do, remove the "Print Screen" key from every keyboard?
Every day I see websites, blogs, wikis, forums, and other such software all claiming "XHTML compliance". And sure, for the most part, many of them are well formed and run throught the w3 parser just fine.
HOWEVER, the vast majority of them are _not_ compliant!
Why is this? While the _markup_ is fine, the content is not being sent with the correct _mime type_, invalidating the document before parsing can even begin.
You see, the vast majority of XHTML documents are sent with the text/html header. Think of the mime type as being like an envelope that the document is sent inside.* The browser, when it gets the envelope, decides what parser it is going to use to process the contents inside. And it sees text/html, and sends it straight off to the tag soup parser, the _HTML_ parser, NOT the XHTML one.
The relevant standards show that unless you are serving "HTML compatible" XHTML (this is XHTML 1.0 transitional), you are in violation of the standards by serving XHTML as text/html. And since everyone's favourite web browser, IE6 (and 7), do not support proper XHTML mime types, you're stuck with at most XHTML 1.0 transitional.
And then, given the problems outlined with serving XHTML as HTML anyway, you may as well just use HTML 4 strict or transitional (if you want iframes).
So what does this have to do with this issue? Well, sure the vast majority of websites on the 'net do not use XHTML. But maybe that's partly because the user agent space simply isn't ready for it. Fix the user agents, then the supposed XHTML software out there can become compliant, and from there you may see more people make the transition.
Note: I'm not in any way defending _all_ of the websites out there that don't use XHTML. Just some of them:)
* With apologies to Martyn Smith, whom I borrowed the analogy from:)
Heh, it all sounds as you say, a lot of effort:). And as it would be even harder to get working with hibernate, perhaps I'd better not bother risking my machine. In any event, now even if someone steals my laptop and knows (or guesses) my password, they won't get anywhere since they'd need my shuffle too:) (sure, anyone with more than a passing knowledge could still get in, but the barrier is a little higher now.
I had a fly at getting this going last night with pam_usb. I managed to get it working OK for login and kdm, but it doesn't work for xscreensaver, which is a major bummer as most of the time my laptop is on hibernate. I guess I'll have to look around for a newer solution, pam_usb is getting old now. Thanks for your suggestions:)
Sounds like a good idea also, I see I shall have to take some time to explore the options. I especially like the idea of actually needing something else to unlock the disk. What happens in the case that your thumb drive gets corrupted?
Interesting... at the moment my music is under/home, but it could be moved easily enough I guess. I'll have to have a play and see how much I can lock down before amarok gets annoyed/system won't boot far enough:)
... I have my laptop turn itself on every day in the morning, and five minutes after that amarok starts playing my favourite songs on a low volumn, slowly turning it up over the next 10 minutes, to wake me up. Having to input a password would sorta ruin that:)
It is _not_ a valid defense to say that something would break without you - while you might be right, that is the wrong argument to be pushing here.
Would slashdot give Microsoft so much slack if they were put on trial for monopolistic behaviour, and said the world's computers would become vulnerable if they were put out of business?
Linux is a clone of the operating system Unix, written from scratch by
Linus Torvalds with assistance from a loosely-knit team of hackers across
the Net. It aims towards POSIX and Single UNIX Specification compliance.
However, this is not the case in Australia, where they have had a landmark case on this issue already - a guy who ran a website linking to MP3s was shut down and bankrupted. It's a pity I can't remember the details, the article was in the APC magazine last year sometime. Point is, different countries will enforce this differently.
Well of course you're correct, from our current point of view. I see no reason why future science may yet bring better results. 400 years of science is a long time, in which we could find ways around these things.
My argument may seem philosophical, but get back to me in 20 years:)
All thirteen Konquerer users around the world have now been successfully patched, making this patch one of the only ones ever created that patched all users.
While wikipedia may not be a good source to cite, articles often link to more authoritive, valuable sources (including references to papers etc.). Wikipedia is a good way to find relevant websites and documents quickly.
Of course, anything written on wikipedia should be taken with a grain of salt.
Slashdot Mirror
As author of GeSHi I can confirm this is basically how things played out. I sent Secunia a very irate e-mail asking them basically WTF they were smoking, and as far as I can tell they didn't publish a vulnerability for it.
They've tried on other projects I've been on, such as Mahara. They went trolling through the changelogs of old releases for the word 'security', and hit a git commit that fixed security being too tight on something - and sent an automated email saying they wanted more information about the vulnerability so they could put it in their database! They got another irate e-mail about that one.
Secunia, in my experience, are scum looking to justify their existence rather than actually help.
The IT courses at my university teach you Access as a platform for learning SQL, which is downright negligent (at my uni, the IT people learn on windows while the CS people learn on NetBSD, which is kinda cool that they do that at least).
Apart from that, IT has a more business/management focus, and doesn't take you very far into coding. If you understand what recursion is, it's probably the case that IT won't challenge your coding brain.
[note: all this from my experience at my uni, ymmv]
"license prohibits making screenshots containing desktop or icons or other artwork incorporated into Vista"
Given that almost every window has window manager chrome, it's going to be hard to prevent people from inadvertently breaking this one, huh? What are they going to do, remove the "Print Screen" key from every keyboard?
You're probably not as smart as you think.
:)
:)
Every day I see websites, blogs, wikis, forums, and other such software all claiming "XHTML compliance". And sure, for the most part, many of them are well formed and run throught the w3 parser just fine.
HOWEVER, the vast majority of them are _not_ compliant!
Why is this? While the _markup_ is fine, the content is not being sent with the correct _mime type_, invalidating the document before parsing can even begin.
You see, the vast majority of XHTML documents are sent with the text/html header. Think of the mime type as being like an envelope that the document is sent inside.* The browser, when it gets the envelope, decides what parser it is going to use to process the contents inside. And it sees text/html, and sends it straight off to the tag soup parser, the _HTML_ parser, NOT the XHTML one.
The relevant standards show that unless you are serving "HTML compatible" XHTML (this is XHTML 1.0 transitional), you are in violation of the standards by serving XHTML as text/html. And since everyone's favourite web browser, IE6 (and 7), do not support proper XHTML mime types, you're stuck with at most XHTML 1.0 transitional.
And then, given the problems outlined with serving XHTML as HTML anyway, you may as well just use HTML 4 strict or transitional (if you want iframes).
So what does this have to do with this issue? Well, sure the vast majority of websites on the 'net do not use XHTML. But maybe that's partly because the user agent space simply isn't ready for it. Fix the user agents, then the supposed XHTML software out there can become compliant, and from there you may see more people make the transition.
Note: I'm not in any way defending _all_ of the websites out there that don't use XHTML. Just some of them
* With apologies to Martyn Smith, whom I borrowed the analogy from
Heh, it all sounds as you say, a lot of effort :). And as it would be even harder to get working with hibernate, perhaps I'd better not bother risking my machine. In any event, now even if someone steals my laptop and knows (or guesses) my password, they won't get anywhere since they'd need my shuffle too :) (sure, anyone with more than a passing knowledge could still get in, but the barrier is a little higher now.
I had a fly at getting this going last night with pam_usb. I managed to get it working OK for login and kdm, but it doesn't work for xscreensaver, which is a major bummer as most of the time my laptop is on hibernate. I guess I'll have to look around for a newer solution, pam_usb is getting old now. Thanks for your suggestions :)
Sounds like a good idea also, I see I shall have to take some time to explore the options. I especially like the idea of actually needing something else to unlock the disk. What happens in the case that your thumb drive gets corrupted?
Interesting... at the moment my music is under /home, but it could be moved easily enough I guess. I'll have to have a play and see how much I can lock down before amarok gets annoyed/system won't boot far enough :)
... I have my laptop turn itself on every day in the morning, and five minutes after that amarok starts playing my favourite songs on a low volumn, slowly turning it up over the next 10 minutes, to wake me up. Having to input a password would sorta ruin that :)
It is _not_ a valid defense to say that something would break without you - while you might be right, that is the wrong argument to be pushing here.
Would slashdot give Microsoft so much slack if they were put on trial for monopolistic behaviour, and said the world's computers would become vulnerable if they were put out of business?
That wouldn't be news, it would be fud :)
The linux readme still states :
Linux is a clone of the operating system Unix, written from scratch by
Linus Torvalds with assistance from a loosely-knit team of hackers across
the Net. It aims towards POSIX and Single UNIX Specification compliance.
Perhaps that should be updated, no?
The _same_ sound in fact, just phase-shifted by half. So just buy another mosquito wave generator and experiment.
Linux :)
You don't have a beard??? Where's your honour??
RMS, is that you?
Here, I found a story link: http://www.afterdawn.com/news/archive/6649.cfm
However, this is not the case in Australia, where they have had a landmark case on this issue already - a guy who ran a website linking to MP3s was shut down and bankrupted. It's a pity I can't remember the details, the article was in the APC magazine last year sometime. Point is, different countries will enforce this differently.
Thank goodness
Well of course you're correct, from our current point of view. I see no reason why future science may yet bring better results. 400 years of science is a long time, in which we could find ways around these things.
My argument may seem philosophical, but get back to me in 20 years :)
Who said that future chips have to have transistors in them? You don't know what technology will bring.
All thirteen Konquerer users around the world have now been successfully patched, making this patch one of the only ones ever created that patched all users.
In linux, you can do Plagiarism by:
Select with mouse
Middle-click
While wikipedia may not be a good source to cite, articles often link to more authoritive, valuable sources (including references to papers etc.). Wikipedia is a good way to find relevant websites and documents quickly.
Of course, anything written on wikipedia should be taken with a grain of salt.
-1, Jail