It would become much more obvious why this is news, if the extradition had happened in the opposite direction. IOW, how would you feel about American citizens being extradited to China for trial on charges of assisting Chinese citizens to bypass their censorship firewalls?
If history is a guide, then this merely shows that Microsoft will eventually come up with a competing but inferior product, play catchup, and use their monopoly position in O/S software to take over the market by force. (Remember how we came to have Windows, Zune, M$ internet platforms, etc...)
The same opportunity presented itself a few years ago to Dell when XP was introduced. They *almost* lost a sale to me after a long and difficult conversation with the phone sales clerk, because they refused to sell me Win2000 instead of XP. Very frustrating. At least they seem to be listening to customers now.
For someone who has been using WPA via a vulnerable version of madwifi, they just need to get the madwifi source, recompile it for the running kernel, and install it. No kernel recompile is required. See
This is more about politics than science. And that is a really bad thing.
We need a way to fund scientific research that removes the political influence. And politicians need to stay out of the discussion.
If more of the liberal politicians were driving "green" vehicles, living in "green" homes, limiting their air travel, etc, then their hand-wringing about global warming would at least appear a little less hypocritical.
This is not a new concept, but an old concept taken to a new level. It simply applies a "default deny" permission at the application level rather than at the box or network level. That's a tradeoff--just like it is at the network level. You get better security at the expense of connectivity. Maybe that is a good tradeoff to make for 6 year old kids in third world countries. And it might not be a bad idea for my Mom's computer...or all those computer owners whose machines are enlisted in someone's 'bot army.
The virus has to mutate in order to be transmitted from human to human. What makes us think that a remedy against the current virus will be effective against the mutated one?
you are confusing the peope behind RSA (Ron Rivest, Adi Shamir, and Leonard Adleman) with PGP. Phil Z did not invent any algorithms (well, except for Bass-O-Matic). He just was the first to make an implementation that became publicly available.
It works and is free. When I need to do some reading or concentrate without distraction, some white / pink noise does wonders to block out the chatter in nearby cubes.
Reminds me of a Dirty Harry movie.
"You're asking yourself if I had five nukes or 6...well, I don't remember either.
You've got to ask yourself one question: 'Do I feel lucky?' Well, do you, punk?"
What really matters is not how many publicly known vulnerabilities exist at a point in time. Rather, what matters is whether that number is greater than zero. It only takes one to be owned.
So if Browser A is exposed to at least one publicly known vulnerability on 100 days in 2006, and browser B is exposed on ten days, browser B is safer. Of course this assumes that patches are being applied promptly once available, hopefully via an automatic update process.
It's not a perfect measure, but it certainly gives a more meaningful picture than counting announcements of vulnerabilities.
A much better measure of security is how many days the users spend being vulnerable after a vulnerability is made public. The browser with the fewest days of vulnerability is the safer browser. And that's no contest.
> A contract holds you to what it says, not to what the other > party think it says. Always.
The contract holds the two parties to what they mutually agreed that it meant at the time it was signed. If it can be demonstrated that there never was a "meeting of the minds" then the contract cannot be enforced.
I fail to see how this could be the CTO's fault...
You fail to understand the concept of management. It is the manager's responsibility to identify his assets, threats, vulnerabilities, and risks, and to choose appropriate countermeasures to protect those assets. The company entrusts a part of its assets to the oversight of the manager, and there is accountability for that oversight. The manager should have taken steps to ensure that this kind of thing would not happen.
There is also a legal responsibility to practice due care and due diligence. This manager might even be liable to civil lawsuit by shareholders and AOL searchers. The executives making the decision to show the manager the door are likewise motivated by due care and due diligence, and by the need to satisfy shareholders and searchers.
Probably the most important factor: The firing is intended to convince AOL searchers that this won't happen again.
This approach could make the vulnerabilities (or lack thereof) in the O/s moot.
The goal here is to persuade you to give your consent to install software, based on what appears to be a recommendation from a trusted source. (The software might even do exactly what the recommending email says it will do...plus a few undisclosed things). Once you install it you are owned. So rather than relying on a software vulnerability, it relies on a flaw in the human's trust and verification algorithm.
Beyond all doubt, the patch had never been tested on their combination of software and peripherals. No IT shop in its right mind would push a patch out to mission critical systems without some sort of testing.
The answer is to hold the driver of the SUV accountable for the higher risk he imposes on other drivers. That means substantially higher insurance rates, and a separate drivers' license which is harder to acquire and easier to lose.
That will eventually lead to safer SUV's, or fewer of them. Either outcome would be an improvement.
If I can meausure the state of a quantum bit without altering the bit, I can evesdrop on a quantum key exchange without being detected. Or am I missing something?
Slashdot Mirror
It would become much more obvious why this is news, if the extradition had happened in the opposite direction. IOW, how would you feel about American citizens being extradited to China for trial on charges of assisting Chinese citizens to bypass their censorship firewalls?
If history is a guide, then this merely shows that Microsoft will eventually come up with a competing but inferior product, play catchup, and use their monopoly position in O/S software to take over the market by force. (Remember how we came to have Windows, Zune, M$ internet platforms, etc...)
The same opportunity presented itself a few years ago to Dell when XP was introduced. They *almost* lost a sale to me after a long and difficult conversation with the phone sales clerk, because they refused to sell me Win2000 instead of XP. Very frustrating. At least they seem to be listening to customers now.
For someone who has been using WPA via a vulnerable version of madwifi, they just need to get the madwifi source, recompile it for the running kernel, and install it. No kernel recompile is required. See
d Wifi
http://madwifi.org/wiki/UserDocs/Distro/Debian/Ma
This is more about politics than science. And that is a really bad thing.
We need a way to fund scientific research that removes the political influence. And politicians need to stay out of the discussion.
If more of the liberal politicians were driving "green" vehicles, living in "green" homes, limiting their air travel, etc, then their hand-wringing about global warming would at least appear a little less hypocritical.
Some people just have too much time on their hands...
This is not a new concept, but an old concept taken to a new level. It simply applies a "default deny" permission at the application level rather than at the box or network level. That's a tradeoff--just like it is at the network level. You get better security at the expense of connectivity. Maybe that is a good tradeoff to make for 6 year old kids in third world countries. And it might not be a bad idea for my Mom's computer...or all those computer owners whose machines are enlisted in someone's 'bot army.
I foresee a new market developing for iris-concealing contact lenses.
http://climate.weather.com/blog/9_11396.html?cm_ve n=one_deg_blog&cm_ite=one_deg_commentary&from=one_
Quote: If a meteorologist can't speak to the fundamental science of climate change, then maybe the AMS shouldn't give them a Seal of Approval.
Sounds like muzzling one point of view to me.
So surely the government will give me a discount if I pay my taxes in pennies and nickels!
I thought Al Gore was preoccupied with global warming.
The virus has to mutate in order to be transmitted from human to human. What makes us think that a remedy against the current virus will be effective against the mutated one?
you are confusing the peope behind RSA (Ron Rivest, Adi Shamir, and Leonard Adleman) with PGP. Phil Z did not invent any algorithms (well, except for Bass-O-Matic). He just was the first to make an implementation that became publicly available.
I have used this:
http://www.nch.com.au/ams/index.html
It works and is free. When I need to do some reading or concentrate without distraction, some white / pink noise does wonders to block out the chatter in nearby cubes.
Reminds me of a Dirty Harry movie. "You're asking yourself if I had five nukes or 6...well, I don't remember either. You've got to ask yourself one question: 'Do I feel lucky?' Well, do you, punk?"
Bad news: worldwide tensions reach an even more dangerous level.
Good news: At least NK now has one fewer nuclear devices.
Maybe if they'd run a half a dozen more tests we could all rest easy.
What really matters is not how many publicly known vulnerabilities exist at a point in time. Rather, what matters is whether that number is greater than zero. It only takes one to be owned.
So if Browser A is exposed to at least one publicly known vulnerability on 100 days in 2006, and browser B is exposed on ten days, browser B is safer. Of course this assumes that patches are being applied promptly once available, hopefully via an automatic update process.
It's not a perfect measure, but it certainly gives a more meaningful picture than counting announcements of vulnerabilities.
A much better measure of security is how many days the users spend being vulnerable after a vulnerability is made public. The browser with the fewest days of vulnerability is the safer browser. And that's no contest.
> A contract holds you to what it says, not to what the other
> party think it says. Always.
The contract holds the two parties to what they mutually agreed that it meant at the time it was signed. If it can be demonstrated that there never was a "meeting of the minds" then the contract cannot be enforced.
I fail to see how this could be the CTO's fault...
You fail to understand the concept of management. It is the manager's responsibility to identify his assets, threats, vulnerabilities, and risks, and to choose appropriate countermeasures to protect those assets. The company entrusts a part of its assets to the oversight of the manager, and there is accountability for that oversight. The manager should have taken steps to ensure that this kind of thing would not happen.
There is also a legal responsibility to practice due care and due diligence. This manager might even be liable to civil lawsuit by shareholders and AOL searchers. The executives making the decision to show the manager the door are likewise motivated by due care and due diligence, and by the need to satisfy shareholders and searchers.
Probably the most important factor: The firing is intended to convince AOL searchers that this won't happen again.
This approach could make the vulnerabilities (or lack thereof) in the O/s moot. The goal here is to persuade you to give your consent to install software, based on what appears to be a recommendation from a trusted source. (The software might even do exactly what the recommending email says it will do...plus a few undisclosed things). Once you install it you are owned. So rather than relying on a software vulnerability, it relies on a flaw in the human's trust and verification algorithm.
Beyond all doubt, the patch had never been tested on their combination of software and peripherals. No IT shop in its right mind would push a patch out to mission critical systems without some sort of testing.
The answer is to hold the driver of the SUV accountable for the higher risk he imposes on other drivers. That means substantially higher insurance rates, and a separate drivers' license which is harder to acquire and easier to lose.
That will eventually lead to safer SUV's, or fewer of them. Either outcome would be an improvement.
A lot of people just use whatever the distribution installes by default.
If I can meausure the state of a quantum bit without altering the bit, I can evesdrop on a quantum key exchange without being detected. Or am I missing something?