I'm sure you have an example of a vulnerability not yet exploited in the wild that was patched and released by one distro without notification and coordination with the other distros.
Mozilla was not wrong to release this fix as soon as they had it ready, as the vulnerability had already been publicized. However, security fixes for vulnerabilities that don't have known exploits in the wild should be coordinated.
There's a difference between being unpatched because you're a mouth breather who doesn't pay attention, and being unpatched because the devs didn't notify the distro I use before they put the exploit in the wild.
I can set things up to automatically patch or notify me when security patches come out for my distro. I don't know of anyway to do that right off the Mozilla site. This is all pretty moot in this situation since the exploit was already publicized, and this is end user software as opposed to server daemon stuff that has to stand up to attack 24/7.
The fact that some people aren't going to patch even if you hit them with a clue-by-four doesn't mean that I can't patch, and luckily the professionally run projects give the clued the opportunity to get patched shortly after the vulnerability gets publicized. The fact that some people won't patch is not an excuse for failure to produce a patch in the first place, and it's not an excuse for failing to let the clued patch as soon as the vulnerability is released to the wild.
If the exploit is public knowledge, or is known as being used to exploit by blackhats, then releasing the fix as soon as it is finished is best. If the exploit is not publically known, and there are no signs it is being used, then a coordinated release is best. Not coordinating ends up leaving a window for blackhats to find out about the exploit and use the vulnerability on those systems that are not yet patched.
It's a common troll. Replace the software in question with whatever is being discussed. The tagline is the giveaway, "Needless to say, the $SOFTWARE_PACKAGE team offered no support whatsoever. I made the employee uninstall $SOFTWARE_PACKAGE from the machines and lets just say he's not with us anymore."
Holding back by a few hours until vendors can merge the fixes with any customizations they have done actually equalizes the users, in that all end users have access to the fixes for their particular build at the same time, regardless of where they get their builds from. If Redhat discovered a security flaw, patched it themselves and then released their fixed version without giving the mozilla people time to patch and QA, people would be screaming bloody murder.
I doubt it will be mitigating if there is an equivalent p2p system where you can control what is shared there.
I don't particularly want stuff getting shared off my computer and bandwidth that I don't know about.
What I could use though is a something that I can stick on my linux gateway to intercept BT streams, handle the torrent itself, so that I don't have to port forward to a single machine on the inside, and the uploading can be done from the internet facing machine instead of from the machines on the inside. I'd be happy to leave the upload going on files I downloaded for quite some time, but not under any circumstances for files I didn't download.
That's against the rules, but I'm sure that someone will do that. But that won't help with the rest of the puzzles. Someone who is good at these will be able to do it faster than someone using Photoshop anyway.
I can't speak for the rest of Slashdot, but I'm not anti-advertising. I'm anti-deceptive-advertising, I'm anti-stupid-fluff-advertising, anti-advertising-that-seeks-to-convince-the-consum er-they-have-a-need-they-really-don't. etc. I'm very pro on ads that lead me to stuff that I'm genuinely interested in. I've subscribed to publications *just* for the ads. ("I... uh... subscribe to Computer Shopper for the articles, uh huh.")
Someone mentioned skipping through commercials using a TiVo. I don't know about anybody else, but with a TiVo I have ended up watching more ads than when I watched TV live. I use the 30-second skip function, and will catch a glimpse of ads as they go by. It's not uncommon for one to catch my interest, and I'll back up to watch it. Previously, I would use commercial breaks to go do something else, and I'd miss most of them entirely. But now, I get to catch things like http://www.trunkmonkeyad.com/.
Lose all the stupid fluff. "...a passion for software development, an interest in learning new development techniques, the ability to aggressively overcome obstacles, and excellent communication skills." This is instant clue that you are a PHB, not someone most truly skilled people would want to work for.
It might not be unfair to ask for those degrees, but you are also cutting yourself off from a lot of very talented people. Some of the best programmers I know don't have your required degrees. Many started working at very well paying jobs before they graduated because they were damned good. I and others like me snap those guys up before you even get to them, and while we encourage them to finish their degree, many don't. Some have degrees in allied fields, such as mathematics. Some graduated before there even was such a thing as a CS degree.
This is obviously an entry level position but you desire at least a co-op or internship, which also weeds out a lot of excellent candidates. I'm not entirely sure what the situation is these days, but when I was in college, internships were either unpaid, or paid diddly. A lot of people can't afford to do that, they have to work at jobs that actually pay enough to afford their education. I've had more success with people who didn't do internships than with those who did.
Experience with Java, C# or C++ is desired, but knowledge of OOP is a plus??? I think this is backwards. Picking up a new language is trivial. I don't know Java, C#, and I've barely touched C++, but I assure you that if I had to, two weeks from now you'd never know I hadn't been working in them for years.
In the current environment, it is incredibly easy to find excellent people. You just have to know how to look.
Damn all ads! Bandwidth is free and those schmucks don't deserve to get paid for their sucky content (even though I like it enough to check it every day).
Yeah, but you don't have to "reboot" in order to restart all the daemons on Linux (or any Un*x that I'm familiar with). The kernel doesn't use the dynamic libraries, so the only reason to reboot the kernel is if you're installing a new kernel. Even then a lot of kernel modules can be removed and reinserted without a reboot.
XP has fixed this, but it used to drive me nuts that Win98 would make you reboot the computer just to change any of the network settings.
There is no IT employee shortage. There are only companies that want to be cheapskates, hire people with exact skillsets, and not hire anybody too old (i.e., over 30).
Keep the last known good location in the phone, transmit that plus the fact that the phone is presently unable to get a satellite fix (which should be a nice hint to an indoor location).
911 services are emergency services, there is a great deal of public good in having standard required access to them across the board. The fact that someone is "liable" is cold comfort if someone dies or is seriously injured due to lack of expected emergency services. There are some things that not all the money in the world can make up for.
Sometimes, when you dial 911 you can't tell them where you are. They may be having a seizure, a stroke or heart attack and be unable to speak. They might be a very young child. That's why they put the e911 features in, so that you wouldn't *have* to be able to give your address.
Slashdot Mirror
I'm sure you have an example of a vulnerability not yet exploited in the wild that was patched and released by one distro without notification and coordination with the other distros.
Mozilla was not wrong to release this fix as soon as they had it ready, as the vulnerability had already been publicized. However, security fixes for vulnerabilities that don't have known exploits in the wild should be coordinated.
No.
There's a difference between being unpatched because you're a mouth breather who doesn't pay attention, and being unpatched because the devs didn't notify the distro I use before they put the exploit in the wild.
I can set things up to automatically patch or notify me when security patches come out for my distro. I don't know of anyway to do that right off the Mozilla site. This is all pretty moot in this situation since the exploit was already publicized, and this is end user software as opposed to server daemon stuff that has to stand up to attack 24/7.
The fact that some people aren't going to patch even if you hit them with a clue-by-four doesn't mean that I can't patch, and luckily the professionally run projects give the clued the opportunity to get patched shortly after the vulnerability gets publicized. The fact that some people won't patch is not an excuse for failure to produce a patch in the first place, and it's not an excuse for failing to let the clued patch as soon as the vulnerability is released to the wild.
If the exploit is public knowledge, or is known as being used to exploit by blackhats, then releasing the fix as soon as it is finished is best. If the exploit is not publically known, and there are no signs it is being used, then a coordinated release is best. Not coordinating ends up leaving a window for blackhats to find out about the exploit and use the vulnerability on those systems that are not yet patched.
It's a common troll. Replace the software in question with whatever is being discussed. The tagline is the giveaway, "Needless to say, the $SOFTWARE_PACKAGE team offered no support whatsoever. I made the employee uninstall $SOFTWARE_PACKAGE from the machines and lets just say he's not with us anymore."
Well, if you read the Red Hat guy's page, he's talking about a matter of a few hours, not days.
Holding back by a few hours until vendors can merge the fixes with any customizations they have done actually equalizes the users, in that all end users have access to the fixes for their particular build at the same time, regardless of where they get their builds from. If Redhat discovered a security flaw, patched it themselves and then released their fixed version without giving the mozilla people time to patch and QA, people would be screaming bloody murder.
I doubt it will be mitigating if there is an equivalent p2p system where you can control what is shared there.
I don't particularly want stuff getting shared off my computer and bandwidth that I don't know about.
What I could use though is a something that I can stick on my linux gateway to intercept BT streams, handle the torrent itself, so that I don't have to port forward to a single machine on the inside, and the uploading can be done from the internet facing machine instead of from the machines on the inside. I'd be happy to leave the upload going on files I downloaded for quite some time, but not under any circumstances for files I didn't download.
That's against the rules, but I'm sure that someone will do that. But that won't help with the rest of the puzzles. Someone who is good at these will be able to do it faster than someone using Photoshop anyway.
Google didn't start this competition, they just started sponsoring it a few years ago.
There is a checkmark on the registration page that you check if you would like to receive notices of employment opportunities.
Scissors are on the allowed materials list.
3 down, 2 to go for me.
And here I thought I was being clever by using as the password.
Doesn't sound like a joke to me.
I can't speak for the rest of Slashdot, but I'm not anti-advertising. I'm anti-deceptive-advertising, I'm anti-stupid-fluff-advertising, anti-advertising-that-seeks-to-convince-the-consum er-they-have-a-need-they-really-don't. etc. I'm very pro on ads that lead me to stuff that I'm genuinely interested in. I've subscribed to publications *just* for the ads. ("I... uh... subscribe to Computer Shopper for the articles, uh huh.")
Someone mentioned skipping through commercials using a TiVo. I don't know about anybody else, but with a TiVo I have ended up watching more ads than when I watched TV live. I use the 30-second skip function, and will catch a glimpse of ads as they go by. It's not uncommon for one to catch my interest, and I'll back up to watch it. Previously, I would use commercial breaks to go do something else, and I'd miss most of them entirely. But now, I get to catch things like http://www.trunkmonkeyad.com/.
Lose all the stupid fluff. "...a passion for software development, an interest in learning new development techniques, the ability to aggressively overcome obstacles, and excellent communication skills." This is instant clue that you are a PHB, not someone most truly skilled people would want to work for.
It might not be unfair to ask for those degrees, but you are also cutting yourself off from a lot of very talented people. Some of the best programmers I know don't have your required degrees. Many started working at very well paying jobs before they graduated because they were damned good. I and others like me snap those guys up before you even get to them, and while we encourage them to finish their degree, many don't. Some have degrees in allied fields, such as mathematics. Some graduated before there even was such a thing as a CS degree.
This is obviously an entry level position but you desire at least a co-op or internship, which also weeds out a lot of excellent candidates. I'm not entirely sure what the situation is these days, but when I was in college, internships were either unpaid, or paid diddly. A lot of people can't afford to do that, they have to work at jobs that actually pay enough to afford their education. I've had more success with people who didn't do internships than with those who did.
Experience with Java, C# or C++ is desired, but knowledge of OOP is a plus??? I think this is backwards. Picking up a new language is trivial. I don't know Java, C#, and I've barely touched C++, but I assure you that if I had to, two weeks from now you'd never know I hadn't been working in them for years.
In the current environment, it is incredibly easy to find excellent people. You just have to know how to look.
Damn all ads! Bandwidth is free and those schmucks don't deserve to get paid for their sucky content (even though I like it enough to check it every day).
Yeah, but you don't have to "reboot" in order to restart all the daemons on Linux (or any Un*x that I'm familiar with). The kernel doesn't use the dynamic libraries, so the only reason to reboot the kernel is if you're installing a new kernel. Even then a lot of kernel modules can be removed and reinserted without a reboot.
XP has fixed this, but it used to drive me nuts that Win98 would make you reboot the computer just to change any of the network settings.
There is no IT employee shortage. There are only companies that want to be cheapskates, hire people with exact skillsets, and not hire anybody too old (i.e., over 30).
VOIP lines need to pay the e911 taxes just like the incumbents. I don't often come down on the side of Ma Bell, but this is an exception.
Keep the last known good location in the phone, transmit that plus the fact that the phone is presently unable to get a satellite fix (which should be a nice hint to an indoor location).
911 services are emergency services, there is a great deal of public good in having standard required access to them across the board. The fact that someone is "liable" is cold comfort if someone dies or is seriously injured due to lack of expected emergency services. There are some things that not all the money in the world can make up for.
Sometimes, when you dial 911 you can't tell them where you are. They may be having a seizure, a stroke or heart attack and be unable to speak. They might be a very young child. That's why they put the e911 features in, so that you wouldn't *have* to be able to give your address.
And if someone who isn't aware of all those things somehow needs to use the phone, then what?
Yeah, but which 911 dispatch do the VOIP companies route the call to? Cell phone companies can route based on the cell tower.
I think they're going to have to stick a GPS chip in, and route based on that, and they might as well send the GPS info along to the 911 dispatch.
http://www.kyocera-wireless.com/7135-smartphone/
There may be others out there, but I'm quite happy with this one.