You can't really give a 'one size fits all' timeline for when a fix should be issued. For some software (ie Windows), developing and testing a patch can be a many months process (and almost all of that time will be QA). On the other hand, it's probably pretty safe to make a small security fix in an email app.
With that said, if an exploit is discovered by one person, it's been discovered by many. Regardless of how widely known the exploit is, the customer is still vulnerable, and the software company has an obligation to patch their software.
If software companies started getting sued for the damages that their software was responsible for,then I think we'd see a much different security landscape in IT.
Re:I have my doubts about the conclusions
on
Pornified
·
· Score: 1
I have to disagree. The Jenna book is selling because people are buying it for the salacious thrill. A book that talks about the benefits of pornography, or the lack of detrement to society wouldn't really sell that well.
I have my doubts about the conclusions
on
Pornified
·
· Score: 2, Informative
How many people a day view pornography online? thousands, millions? They get a double blind study of a couple of hundred, and that's supposed to tell us something?
I've worked on scientific studies, and I can say with certainty that they are highly dependent on the researchers who are doing them (and the groups that are funding them). I've worked on studies that didn't get published becuase they dind't have the results the funders wanted. I've also worked on studies where the results had to be skewed (ie, those samples are contaminated, remove them).
I'd be willing to bet that a anti porn book would sell more copies than a pro porn book.
Another issue is, how did they find the people that they interviewed? Most 'normal' viewers probaby wouldn't take the time out of their day to sit through a long interview. It's only the minority of people that feel some compelling reason to talk about it (ie, they feel it destroyed their lives), that would go to the trouble to get interviewed.
Do you get payed for doing your job? Why? I'm sure whatever company you work for makes it's money from selling something, and possibly from your intellectual ideas.
I moved out of SC, and I used to spend a lot of time at those theaters. I didn't realize how lucky I was to have that much independant cinema near me. At the theaters up here in Bellevue, etc, it's all mainstream fair that apparently is being catered to the 13 year old crowd.
I've gotten so frustrated I'm actually looking into starting my own theater. I'd kill to have the nick up here.
when ever I hear other engineers talking about the latest and greatest programming language/paradigm/whatever, I can't help but think about a marketing exec spewing out the latest trendy buzzwords while saying absolutely nothing.
Most of the new languages are designed to make life easier on the programmer (ie, php making db data very web accessable), but I would prefer to stick with the devil I know. I'd prefer to get my job done, not learn another language.
Of course, I run the risk of becoming obsolete if I don't jump on the next big bandwagon that actually does end up 'changing the world'.
When I'm trying to find a review, I usually go to Amazon and read those reviews (I believe they were the first retail site to offer user submitted reviews). The trick though, is to check the lowest rated reviews first. If they have valid points about the product, then I pay attention. On the other hand, if the low reviews are written by some complete tools that are knocking it because because they are too stupid to read directions (or whatever), then I be fairly certain that the product isn't 'bad'.
Once a product isn't bad, it usually comes down to price for me.
Re:Amazon has it cheaper than bookpool
on
DHTML Utopia
·
· Score: 1
browser problem
on
DHTML Utopia
·
· Score: 4, Interesting
A lot of the annoyance of 'web apps' comes from the fact that browsers can't just refresh a simple tag on the page from the server. They have to re-render the entire page, causing a jarring visual experience for the user.
Browsers should be able to realize that since the url is the same, diff the previous stream, and the current one, and modify the current page inline.
As it stands now, web developers have to jump through a lot of hoops to get that sort of functionality. They shouldn't.
They are talking about reading this data like it's encrypted with blowfish, and they are deleting the key. How hard can it be to read that tape data? I can't imagine that data from back that was stored in a very complicated format. Even if the media was of a propriatary format, it couldn't be that hard to create a reader for it. Come on people, it's not like this is rocket scien....Um, never mind.
In a lot of cases, you don't have the option to switch. I don't know how things work in the uk, but here in the US, a lot of companies have monoplies on service in their area. Also, phone companies aren't repsonsible for their content in the US. Once they start blocking specific content, they can't really say that they are neutral about the rest of the content. That's kinda like having your cake and eating it too, no?
1) Four years of one of the most time intensive majors in colleges
CS is tough, but it was nothing compared to physics, or some of the chemistry majors. I switched from physics to computational mathematics because it was a lot easier.
2) Going through Microsoft's dehumanizing interview process
I've interviewed at a lot of companies (including MS) and I can say that there is nothing wrong with their interview process (it's actually pretty good).
3) Getting free soda in exchange for 80 hour work weeks at minimum wage
I've never had to work more than 60 hours in a week, and even that is pretty rare. My normal work week is 50 hours or so. It's probably closer to 35 once you take out all the time wasted reading sites like slashdot:) .
4) Getting fired at age 28 for being too old
Whatever dude. No one get's fired for being too old. If you keep your skills up to date and you aren't an jerk to work with, finding/keeping a job isn't that hard.
Spam wouldn't be a problem if people didn't actually click on the links. I've seen studies somewhere about the return rate on spam. While it is quite low, it's still high enough to make it worth their while.
Maybe we should establish a site that lists all the companies that support spam, and then boycott them. We could even have a plugin in firefox that would warn or block a site that was known to have used spam.
I don't work for the intel compiler team, so I can't say that it is or isn't actually intentional (I'm just saying that it's possible to be unintentional).
As for the 'tricking the processor' part, just because you haven't found the bugs, doesn't mean they dont exist (or that the QA for Intel didn't find them).
I'm not saying your wrong, I'm just saying this isn't a slam dunk case.
I will take issue with your statement that Intel is at fault for not being more proactively supporting AMD processors. Your statement about a monopoly being the effect on a marketplace is completely incorrect. A business has to do something to actively prevent competition to be guilty of monopolistic practices.
If I start a business and am better than everyone else, and they all go out of business becuase they suck and I don't. That isn't a monoply. If I then sign contracts that exclude other companies from entering the market, that is a monoply.
Why would you think a company has to actively support a competitors product?
No, the Intel compiler is a seperate product. You can 'plug it in' to VS.
AFAIK, the only companies using the intel compiler (in any real numbers) are games companies.
I know how this can happen (and it has nothing to do with being evil).
The engineers get the specs for the next version of the compiler. They also get a slew of bug reports from the last version. They have a short amount of time to impliment the new specs, and fix the bugs.
The bug reports will be something like, "on AMD processors when doing a memcopy with optimization xyz turned on, the processors mispredicts half the time. This makes it very slow."
The engineer in that case, turns the optimization off for that generated code, thereby 'fixing' the bug (but not really). It happens all the time. It's not a nefarious plot, it's the same time crunch issue that every software engineer has to deal with.
You could have published your book yourself through booksurge, and sold it on Amazon.com. At least that way, you'd actually get payed for all the work you did on it.
Amazon isn't driving the smaller retailers out of business, the smaller retailers are selling on amazon now (you know, the '12 new and used from $14' links on the side of an items page). If you want to support the smaller retailers, just use the 3rd party sellers on the site. You'll usually get your stuff cheaper also.
Is for some nationally enforced standard for keeping credit card data secure (ie, it has to be encrypted, you can't send the backup tapes across town on a bicyle messenger, etc).
We also need something to put the liability on the credit card companies when they do scew up. If my identitiy is stolen due to some lameness like a currier dropping a package, I may have to be informed, I may not be financially liable, but I still have to get my credit information and make sure no one is opening new cards in my name etc. The burden to deal with it is still on me.
There is another thing to keep in mind here. When a credit card charge is disputed, the credit card company actually makes money on the deal. Lets say that you buy something at Amazon.com with a stolen credit card. The credit card company takes it cut from the transaction (2 or 3%). Then when the charge is disputed, the credit card company takes the money from the retailer, as well as a chargeback fee.
Overall, they have an incentive to let credit card info get stolen.
I said you were talking smack, then you call me a smack head. I used a verb, you used a noun. you were calling me a name, I was calling out an action on your part (in a way that I didn't think would be that offensive). Apparently I touched a nerve, and for that I apologize.
My comment about Children was probably rather immature (ironically), and for that I apologize.
Back to the actual point of this discussion.
Responding to an email telling someone how to decode or recombine a movie that you know is copyrighted, is definitely promotion.
The quotes from the decision are all we really have to go on. We don't have the transcipts of the arguments that were presented (at least I haven't read them anywhere), and we don't have a list of the evidence that was presented. Without those, we have no ammunition to attack the statements in the decision.
and just for the record, I'm not apologizing for the supreme court decision, I agree with it.
The real anger here should be that these companies who were exploiting the fair use laws for something that definitely wasn't in the spirit of 'fair use'. Now SCOTUS had to step in and try to clarify. That fact that they had to clarify (thanks to Grokster, Streamcast and all those people that think it's ok to download music/movies for free), it creates a situation were the copyright holders actually have some ground to stand on. That means that now then can actually start throwing money at these lawsuits etc and have some real hope of winning (or grinding down the defendant until they cave).
Let's leave the name calling at the door, ok children?
There is nowhere that I know of that either company issued a press release asking users to violate copyright. I'm not really sure why you think that's so important.
Here are a couple of quotes from the decision.
Respondents have sometimes learned about the infringement
directly when users have e-mailed questions regarding copyrighted
works, and respondents have replied with guidance.
Replying with 'guidance' is taking an action to assist.
How about this
The record is replete with evidence that from the moment
Grokster and StreamCast began to distribute their free
software, each one clearly voiced the objective that recipients
use it to download copyrighted works, and each took
active steps to encourage infringement.
No, contrary to what you may want to think. Even though this case went against what you wanted, the supreme court is for the most part an impartial and fair arbiter of justice (though they are fallable just like the rest of us).
Maybe you should actually read up on the SCOTUS decisions before you start talking smack about them.
Action is required in the facilitation of privacy. There is a paragraph in decision of the grokster case that explicitly states that grokster and streamcast 'actively' promoted piracy. It then goes on to give examples of what they did. There really shouldn't be any suprises in that decision.
As for the 10 commandments issue; the display of the 10 commandments inside the courthouse (I can't remember where it was) was specifically intended to further 'Christian Ideals'. That is what SCOTUS took issue with. The display on the lawn was in the company of several other monuments, and therefor it didn't specifically promote christian ideals.
I don't really think that Bram would lose a case or suit brought against him, but I definitely think he could be bankrupted trying to fight it:(
Mat
If movies from hollywood suck so much (and I agree that most do), then why are you downloading them? I don't download movies, but obviously a lot of people do. Just look at how many copies of 'revenge of the sith' are floating around. If people didn't want to see these shitty movies, they wouldn't be pirating them.
Slashdot Mirror
With that said, if an exploit is discovered by one person, it's been discovered by many. Regardless of how widely known the exploit is, the customer is still vulnerable, and the software company has an obligation to patch their software.
If software companies started getting sued for the damages that their software was responsible for,then I think we'd see a much different security landscape in IT.
I have to disagree. The Jenna book is selling because people are buying it for the salacious thrill. A book that talks about the benefits of pornography, or the lack of detrement to society wouldn't really sell that well.
How many people a day view pornography online? thousands, millions? They get a double blind study of a couple of hundred, and that's supposed to tell us something?
I've worked on scientific studies, and I can say with certainty that they are highly dependent on the researchers who are doing them (and the groups that are funding them). I've worked on studies that didn't get published becuase they dind't have the results the funders wanted. I've also worked on studies where the results had to be skewed (ie, those samples are contaminated, remove them).
I'd be willing to bet that a anti porn book would sell more copies than a pro porn book.
Another issue is, how did they find the people that they interviewed? Most 'normal' viewers probaby wouldn't take the time out of their day to sit through a long interview. It's only the minority of people that feel some compelling reason to talk about it (ie, they feel it destroyed their lives), that would go to the trouble to get interviewed.
I run BeOS. Now the feds can never catch me Bwahahahahah.
Do you get payed for doing your job? Why? I'm sure whatever company you work for makes it's money from selling something, and possibly from your intellectual ideas.
Think about that the next time you buy some food.
I've gotten so frustrated I'm actually looking into starting my own theater. I'd kill to have the nick up here.
Most of the new languages are designed to make life easier on the programmer (ie, php making db data very web accessable), but I would prefer to stick with the devil I know. I'd prefer to get my job done, not learn another language.
Of course, I run the risk of becoming obsolete if I don't jump on the next big bandwagon that actually does end up 'changing the world'.
Once a product isn't bad, it usually comes down to price for me.
http://www.amazon.com/exec/obidos/tg/detail/-/0957 921896/qid=1122933343/sr=8-1/ref=pd_bbs_sbs_1/104- 7416645-5407105?v=glance&s=books&n=507846 has it for $26 with free shipping (bookpool makes you buy $40 to get free shipping).
A lot of the annoyance of 'web apps' comes from the fact that browsers can't just refresh a simple tag on the page from the server. They have to re-render the entire page, causing a jarring visual experience for the user.
Browsers should be able to realize that since the url is the same, diff the previous stream, and the current one, and modify the current page inline.
As it stands now, web developers have to jump through a lot of hoops to get that sort of functionality. They shouldn't.
They are talking about reading this data like it's encrypted with blowfish, and they are deleting the key. How hard can it be to read that tape data? I can't imagine that data from back that was stored in a very complicated format.
Even if the media was of a propriatary format, it couldn't be that hard to create a reader for it.
Come on people, it's not like this is rocket scien....Um, never mind.
In a lot of cases, you don't have the option to switch. I don't know how things work in the uk, but here in the US, a lot of companies have monoplies on service in their area.
Also, phone companies aren't repsonsible for their content in the US. Once they start blocking specific content, they can't really say that they are neutral about the rest of the content.
That's kinda like having your cake and eating it too, no?
1) Four years of one of the most time intensive majors in colleges
CS is tough, but it was nothing compared to physics, or some of the chemistry majors. I switched from physics to computational mathematics because it was a lot easier.
2) Going through Microsoft's dehumanizing interview process
I've interviewed at a lot of companies (including MS) and I can say that there is nothing wrong with their interview process (it's actually pretty good).
3) Getting free soda in exchange for 80 hour work weeks at minimum wage
I've never had to work more than 60 hours in a week, and even that is pretty rare. My normal work week is 50 hours or so. It's probably closer to 35 once you take out all the time wasted reading sites like slashdot :) .
4) Getting fired at age 28 for being too old
Whatever dude. No one get's fired for being too old. If you keep your skills up to date and you aren't an jerk to work with, finding/keeping a job isn't that hard.
Spam wouldn't be a problem if people didn't actually click on the links. I've seen studies somewhere about the return rate on spam. While it is quite low, it's still high enough to make it worth their while.
Maybe we should establish a site that lists all the companies that support spam, and then boycott them. We could even have a plugin in firefox that would warn or block a site that was known to have used spam.
As for the 'tricking the processor' part, just because you haven't found the bugs, doesn't mean they dont exist (or that the QA for Intel didn't find them).
I'm not saying your wrong, I'm just saying this isn't a slam dunk case.
I will take issue with your statement that Intel is at fault for not being more proactively supporting AMD processors. Your statement about a monopoly being the effect on a marketplace is completely incorrect. A business has to do something to actively prevent competition to be guilty of monopolistic practices.
If I start a business and am better than everyone else, and they all go out of business becuase they suck and I don't. That isn't a monoply. If I then sign contracts that exclude other companies from entering the market, that is a monoply.
Why would you think a company has to actively support a competitors product?
No, the Intel compiler is a seperate product. You can 'plug it in' to VS.
AFAIK, the only companies using the intel compiler (in any real numbers) are games companies.
I know how this can happen (and it has nothing to do with being evil).
The engineers get the specs for the next version of the compiler. They also get a slew of bug reports from the last version. They have a short amount of time to impliment the new specs, and fix the bugs.
The bug reports will be something like, "on AMD processors when doing a memcopy with optimization xyz turned on, the processors mispredicts half the time. This makes it very slow."
The engineer in that case, turns the optimization off for that generated code, thereby 'fixing' the bug (but not really). It happens all the time.
It's not a nefarious plot, it's the same time crunch issue that every software engineer has to deal with.
MS released a patch for this vulnerability a month or two before the worm was released. Don't blame MS for sys admins not patching their servers.
You could have published your book yourself through booksurge, and sold it on Amazon.com. At least that way, you'd actually get payed for all the work you did on it.
Amazon isn't driving the smaller retailers out of business, the smaller retailers are selling on amazon now (you know, the '12 new and used from $14' links on the side of an items page). If you want to support the smaller retailers, just use the 3rd party sellers on the site. You'll usually get your stuff cheaper also.
We also need something to put the liability on the credit card companies when they do scew up. If my identitiy is stolen due to some lameness like a currier dropping a package, I may have to be informed, I may not be financially liable, but I still have to get my credit information and make sure no one is opening new cards in my name etc. The burden to deal with it is still on me.
There is another thing to keep in mind here. When a credit card charge is disputed, the credit card company actually makes money on the deal. Lets say that you buy something at Amazon.com with a stolen credit card. The credit card company takes it cut from the transaction (2 or 3%). Then when the charge is disputed, the credit card company takes the money from the retailer, as well as a chargeback fee.
Overall, they have an incentive to let credit card info get stolen.
I said you were talking smack, then you call me a smack head. I used a verb, you used a noun. you were calling me a name, I was calling out an action on your part (in a way that I didn't think would be that offensive). Apparently I touched a nerve, and for that I apologize.
My comment about Children was probably rather immature (ironically), and for that I apologize.
Back to the actual point of this discussion. Responding to an email telling someone how to decode or recombine a movie that you know is copyrighted, is definitely promotion.
The quotes from the decision are all we really have to go on. We don't have the transcipts of the arguments that were presented (at least I haven't read them anywhere), and we don't have a list of the evidence that was presented. Without those, we have no ammunition to attack the statements in the decision.
and just for the record, I'm not apologizing for the supreme court decision, I agree with it.
The real anger here should be that these companies who were exploiting the fair use laws for something that definitely wasn't in the spirit of 'fair use'. Now SCOTUS had to step in and try to clarify. That fact that they had to clarify (thanks to Grokster, Streamcast and all those people that think it's ok to download music/movies for free), it creates a situation were the copyright holders actually have some ground to stand on. That means that now then can actually start throwing money at these lawsuits etc and have some real hope of winning (or grinding down the defendant until they cave).
There is nowhere that I know of that either company issued a press release asking users to violate copyright. I'm not really sure why you think that's so important.
Here are a couple of quotes from the decision. Respondents have sometimes learned about the infringement directly when users have e-mailed questions regarding copyrighted works, and respondents have replied with guidance.
Replying with 'guidance' is taking an action to assist. How about this The record is replete with evidence that from the moment Grokster and StreamCast began to distribute their free software, each one clearly voiced the objective that recipients use it to download copyrighted works, and each took active steps to encourage infringement.
No, contrary to what you may want to think. Even though this case went against what you wanted, the supreme court is for the most part an impartial and fair arbiter of justice (though they are fallable just like the rest of us).
Maybe you should actually read up on the SCOTUS decisions before you start talking smack about them. Action is required in the facilitation of privacy. There is a paragraph in decision of the grokster case that explicitly states that grokster and streamcast 'actively' promoted piracy. It then goes on to give examples of what they did. There really shouldn't be any suprises in that decision. As for the 10 commandments issue; the display of the 10 commandments inside the courthouse (I can't remember where it was) was specifically intended to further 'Christian Ideals'. That is what SCOTUS took issue with. The display on the lawn was in the company of several other monuments, and therefor it didn't specifically promote christian ideals. I don't really think that Bram would lose a case or suit brought against him, but I definitely think he could be bankrupted trying to fight it :(
Mat
If movies from hollywood suck so much (and I agree that most do), then why are you downloading them? I don't download movies, but obviously a lot of people do. Just look at how many copies of 'revenge of the sith' are floating around. If people didn't want to see these shitty movies, they wouldn't be pirating them.