No, not the attorney general (Gonzales) but blame Gomez, the web application and performance monitoring tool. Gomez rates the "performance" of Banking applications, in part, by how quickly the main page loads. Some scofflaw financial institution realised they could get faster load times - and a higher ranking with Gomez - by allowing login right from the main web page, avoiding that nasty SSL overhead.
And then, all the other banks did the same to keep up with the Edward Jones'.
In my experience, that virus - printing page after page of funny characters - is a human one, from someone trying to print a PCL formatted file to a PostScript printer or vice versa.
I can't believe I haven't seen a comment yet about this movie possibly being cast in the future. With the power of umm, the holy grail juice, the Jones' far exceed their normal life expectancy and must battle some evil in the future. I don't mean Star Wars future, but still -- something just far enough to be fantastical.
I think there could really be a story about how they have to avoid / evade huge parts of their life to explain away their very very slowing age and then are called upon again . . . perhaps when the Ark finally gets opened up accidentally while searching for party favors for the celebration being held to honour Bush's successful third term.
You absolutely need to get over to http://www.nomoremrniceguy.com/ - get the book, do the exercises. People arent "draining you" for support, you are letting them. Figure out what you want and then go after it - if you want to keep doing the support, but want adequate compensation, be direct about your needs. Establish your boundaries. Be your own man.
Earlier you said that you were "trying to build the machine that will pass the Turing test". Do you still feel that way? Is it because you want to be a new sort of deus ex machina that you came to me?
Additionally, one cannot simply "throw more resources" at the problem to make testing go faster. Ie: I would shudder to think of the quality issues by asking marketing to get involved in regression testing because "we have to ship this out" -- the time it takes to labotimize, err, "train" the new individual may be more than simply doing the act yourself.
Nobody (on./) likes it, but Microsoft did a decent job of handling the situation. Not the best job, but a decent one.
IANAL, but I am always amazed at how these security issues are found and resolved since the exploratory phase for white and black hats are, essentially, the same. (I have a similar pet peeve around journalists, who with their hidden cameras, are able to investigate the mysteries of illicit acts without any recompense).
While it may be one thing to pull apart IE and Windows XP (they can be done remotely, in an unconnected lab, with zero impact to a larger community), where does one acquire the balls to go and tinker with a hugely popular online site like google, where the mere act of investigation -may- impact the operational stability of the site.
Now, I know that XSS is benign but whose to say that there wouldn't be some ping-of-death like characteristic with a bizarre UTF-7 encoding? While it's doubtful that google would have such poor quality in their applications, why does the white-hat security community get carte blanche access to test it out?
I could be bitter because I sent a similar email to google (regarding their gmail login account and the 'continue=' varaiable) in March but never heard a reply. But to google's credit, and my defense, I only indicated that it looked highly suspicious and never took the next step to craft an actual attack and send them the code.
If a security engineer should happen across the logs and start to see a bunch of unusual encodings, or what appears to be a recon of the website's characteristics, what level of forgiveness would be applied if the source of such network activity was from eEye, or Watchfire? And what if it was bankofamerica.com instead of google?
I am all for giving vendors a reasonable amount of time to fix a defect and then provide full disclosure but I'm not keen to keep paying for watchfire (eEye, iss, etc..) to go to school and get free press based on unauthorized accesses to my production systems - where is the balance?
I purchased a car from a dealership in NJ (aka the "Mafia Car" by my coworkers) through eBay last year. I was bidding up against a "Buy it Now" price and, in the last 30 minutes, a new user joined eBay and bid me up over the BiN price by $100.
This looked incredible - that a new user should join and the very first thing they should do is to bid up the price of an automobile over the BiN price - all the moreso, since the registrant information (location) was clearly outside of the USA which would make delivery of the vehicle...costly to say the least.
I used eBay motors' instant chat and explained that I thought this was a "bum deal". Personally, I speculated someone at the delearship had done it, because they thought I would keep bidding and not 'notice' the irregularity.
I had resigned myself to keep looking when, 15 minutes later - and before the auction had completed - the "new user" was deleted and so was their bid! "Kudos to eBay" I said, and have enjoyed my Black Toyota Avalon ever since.
An interesting take on this is that, like a lot of business dealings, timing is everything and the incentive for eBay motors' to resolve a conflict prior to the auction close (and ensure their auction fees) was paramount.
Like a lot of incentive, time-based systems, I imagine it would be a challenge to get $500 back from eBay after I had purchased the vehicle and then began complaining. Kind of like asking me to take out the garbage after we have sex!
You want to talk about "interface nazis", talk about Apple. There's nothing wrong -- indeed, it may be a great benefit -- with being rigidly inflexible when it comes to understanding HCI (human computer interaction - is that a term used anymore?) and interface design.
Gnome's problem is that, well, they don't have a usable interface design to stick with in the first place. This goes back as far as 2000 - "systems administrators still struggle to install applications on Linux and that antiquated versions of Gnome, a graphical-oriented user interface for the operating system, continue to ship with different distributions of Linux"
"http://www.computerworld.com/softwaretopics/os/st ory/0,10801,54030,00.html"
I was getting ready to rant and say well, of course individuals use fake information because, as the article already points out -- Any user can look up this data via one of the many whois sites on the net - and most users don't actually want to be looked-up.
I was getting ready to talk about the difference between 'personal use' domains, where the ability to contact the owner is almost immaterial to the correct operation of the personal use, and how the reverse is true for corporate domain users where you'd bloody well have valid dns, technical, and ABUSE contact information clearly laid out.
And then I did something I almost never do - I RTFA and whoaaaa, isn't this a bit outside of the GAO jurisdiction? To wit, from their own website (URL:http://www.gao.gov/about/what.html)
Congress asks GAO to study the programs and expenditures of the federal government. GAO, commonly called the investigative arm of Congress or the congressional watchdog, is independent and nonpartisan. It studies how the federal government spends taxpayer dollars. GAO advises Congress and the heads of executive agencies (such as Environmental Protection Agency, EPA, Department of Defense, DOD, and Health and Human Services, HHS) about ways to make government more effective and responsive. GAO evaluates federal programs, audits federal expenditures, and issues legal opinions. When GAO reports its findings to Congress, it recommends actions. Its work leads to laws and acts that improve government operations, and save billions of dollars.
So, where is the direct federal impact, ability to make government more efficient (oh, unless you meant the Patriot Act enforcement agencies...), and study of taxpayer dollars related to GAO's research?
And what the heck is the GAO doing colluding with ICANN, other than to more tightly couple its operations with that of the US government?
PS: Why not look at.gov names? Oh wait, perhaps you cannot because (http://slashdot.org/article.pl?sid=02/09/21/12592 11&tid=95) "Verisign stopped providing access to information about the.gov internet domain, which is restricted to US government bodies, over concerns the data could be used in planning internet attacks."
Well written! (Sorry, I'm not a moderator so I can't mod you up any). To share my very similar case: I recently left a very large financial institution, and on very good terms. I gave 3 weeks notice, which reflected the position, responsibility, and trust I had built up over the 5+ years at the company.
We were able to work all sorts of things out, just as if we were negotiating for a new-hire. For example, I asked my Vacation time to be extended "on book" so I wouldn't have the possible tax implication of receiving a lump-sum final payout of unused vacation days; this also let me carry forward health benefits until my new job started, I worked diligently until the very last day, they threw me a party.
And the company would hire me back in an instant, with no hesitation.
Such an idea tied loosely to a metaphor like the stock market suffers from some problems: while the stock market is (supposedly) tied to intrinsic value, this model is tied simply to popularity - and the incentive is too great (read: their is no signficant drawback) for record labels to simply "pump and dump" their own labels. Although it would be great to have an organization like the SEC regulate the behaviors of the RIAA members!:)
Another drawback is that a stock market has both buyers and sellers - what value can be derived from an iTunes marketplace where buyers compete for a limitless supply?
Not that the model wouldn't work, but it sure doesn't have any easy analogs in the real world of markets and trading. That said, if iTunes would allow me to sell my used songs on their market, and cap a maximum IPO of song title quantities, I'd gladly give Steve Jobs a few pennies to offload my ex girfriend's Celine Dion albums (no URL link provided) and pick up a little microcap named Moxy Fruvus http://www.fruvous.com/
I don't want to be modded Redundant (again!) so let me diverge slightly from the already well written responses and suggest that the EFF is only one of a handful of organisations working towards fighting for freedoms.
Another great cause is the NCSF (National Coaltion for Sexual Freedoms) http://www.ncsfreedom.org/ and they have worked hand-in-hand with the EFF on several areas, especially in those efforts involved in fighting a heavy-handed government attempt to limit the use of technology as an avenue for free speech and personal expression. From their website:
In 2003, nearly 600 contacts were made between NCSF and individuals, groups, attorneys, prosecutors, and businesses who requested assistance. Each incident sometimes required only one or two phone calls, but many evolved into much larger projects such as the series of attacks by religious political extremists against SM conferences in the midwest.
In 41% of the incidents, NCSF assisted individuals. The largest category of incidents involved parents who were engaged in child custody and divorce cases. Parents continue to experience difficulties gaining child custody due to their interest in SM, swing or poly activities. NCSF worked with a number of attorneys representing parents accused of being unfit because of their alternative lifestyle interests. In many cases, because of information we were able to provide, the courts decided that alternative sexual expression alone was not cause to impugn a parent's ability to be a good parent. Individuals also consulted with NCSF on a variety of other issues, including: the legality of obscene materials, guidelines for posting sexually frank information on websites, the law regarding private parties, and dealing with personal media exposure.
In 2002, NCSF also opposed zoning and other local regulatory measures against those who practice some form of alternative sexual expression. NCSF assisted the swing communities in Florida and Phoenix by holding open-forum discussions about how to affect zoning regulations and current litigation against lifestyle clubs. NCSF also worked with the Gay and Lesbian Activist Alliance (GLAA) to lobby against the Washington DC's Alcoholic Beverage Control regulation 905, which has been used to prohibit SM play in local establishments with liquor licenses even when liquor isn't being sold or consumed
I in no way believe the EFF to be futile or it's purpose outlived - unless I guess we've outlived Freedom! We need groups like the EFF to fight some issues, groups like the NCSF and the ACLU to fight others. Freedom is an individual responsibility, not a lobbying entity; these groups need to exist to help people, not themselves. (In the latter regard, I would put the ACLU further along the outlived timeline than the EFF)
The IE bug, that is. Google definitely did not fix the IE bug. Rather, they fixed their own bug that was exploitable iff the IE bug was also exploited.
This gives witness to the defense-in-depth approach to security. If Google had previously secured their desktop from this behaviour, they never would have been vulnerable in the first place.
My two main points are: 1- the IE bug still exists; Google does nothing to mitigate the very real and dangerous security defect that still exists out there! 2- there obviously was something wrong with Google's implementation, or it would have been able to defend itself against having its permiter protection compromised
----
I awoke with a jerk and slowly started to remember what I had done last night.
Slashdot Mirror
No, the D&D play nearby would have caused JFK to be killed by "Lightning Bolt! Lightning Bolt! Lightning Bolt!"
And then, all the other banks did the same to keep up with the Edward Jones'.
For example, check out: http://www.gomez.com/Performance_Strategies/benchm arking/benchmark_cabanking.html
It's all shenanigans really, but it's a shenanigan that is hard to explain to MBA graduates and senior executives!
PS: Yes, the article is ancient -- I thought we had all given up on improving information security for online banking.
In my experience, that virus - printing page after page of funny characters - is a human one, from someone trying to print a PCL formatted file to a PostScript printer or vice versa.
I think there could really be a story about how they have to avoid / evade huge parts of their life to explain away their very very slowing age and then are called upon again . . . perhaps when the Ark finally gets opened up accidentally while searching for party favors for the celebration being held to honour Bush's successful third term.
You absolutely need to get over to http://www.nomoremrniceguy.com/ - get the book, do the exercises. People arent "draining you" for support, you are letting them. Figure out what you want and then go after it - if you want to keep doing the support, but want adequate compensation, be direct about your needs. Establish your boundaries. Be your own man.
This Alpha branding may be part of their blessed strategy: "I am Alpha and Omega, the beginning and the ending, saith the Jobs." iRevelation, 1:8
Really, this is Google's fault for releasing a series of very well understood, usable, secure, nearly flawless applications all under the "Beta" name!
Earlier you said that you were "trying to build the machine that will pass the Turing test". Do you still feel that way? Is it because you want to be a new sort of deus ex machina that you came to me?
Oh, if only Aeon Flux had been so lucky!
Additionally, one cannot simply "throw more resources" at the problem to make testing go faster. Ie: I would shudder to think of the quality issues by asking marketing to get involved in regression testing because "we have to ship this out" -- the time it takes to labotimize, err, "train" the new individual may be more than simply doing the act yourself. Nobody (on ./) likes it, but Microsoft did a decent job of handling the situation. Not the best job, but a decent one.
I would agree, if the 3rd party patch didn't have any side effects like affecting printing. For example.
While it may be one thing to pull apart IE and Windows XP (they can be done remotely, in an unconnected lab, with zero impact to a larger community), where does one acquire the balls to go and tinker with a hugely popular online site like google, where the mere act of investigation -may- impact the operational stability of the site.
Now, I know that XSS is benign but whose to say that there wouldn't be some ping-of-death like characteristic with a bizarre UTF-7 encoding? While it's doubtful that google would have such poor quality in their applications, why does the white-hat security community get carte blanche access to test it out?
I could be bitter because I sent a similar email to google (regarding their gmail login account and the 'continue=' varaiable) in March but never heard a reply. But to google's credit, and my defense, I only indicated that it looked highly suspicious and never took the next step to craft an actual attack and send them the code.
If a security engineer should happen across the logs and start to see a bunch of unusual encodings, or what appears to be a recon of the website's characteristics, what level of forgiveness would be applied if the source of such network activity was from eEye, or Watchfire? And what if it was bankofamerica.com instead of google?
I am all for giving vendors a reasonable amount of time to fix a defect and then provide full disclosure but I'm not keen to keep paying for watchfire (eEye, iss, etc..) to go to school and get free press based on unauthorized accesses to my production systems - where is the balance?
This looked incredible - that a new user should join and the very first thing they should do is to bid up the price of an automobile over the BiN price - all the moreso, since the registrant information (location) was clearly outside of the USA which would make delivery of the vehicle...costly to say the least.
I used eBay motors' instant chat and explained that I thought this was a "bum deal". Personally, I speculated someone at the delearship had done it, because they thought I would keep bidding and not 'notice' the irregularity.
I had resigned myself to keep looking when, 15 minutes later - and before the auction had completed - the "new user" was deleted and so was their bid! "Kudos to eBay" I said, and have enjoyed my Black Toyota Avalon ever since.
An interesting take on this is that, like a lot of business dealings, timing is everything and the incentive for eBay motors' to resolve a conflict prior to the auction close (and ensure their auction fees) was paramount.
Like a lot of incentive, time-based systems, I imagine it would be a challenge to get $500 back from eBay after I had purchased the vehicle and then began complaining. Kind of like asking me to take out the garbage after we have sex!
My take on this is simply that God comes first because he gave us the best possible present.
{splurt} oh, crap.
Gnome's problem is that, well, they don't have a usable interface design to stick with in the first place. This goes back as far as 2000 - "systems administrators still struggle to install applications on Linux and that antiquated versions of Gnome, a graphical-oriented user interface for the operating system, continue to ship with different distributions of Linux" "http://www.computerworld.com/softwaretopics/os/st ory/0,10801,54030,00.html"
"Supersize me"
"it looks like you're defrauding the journal"
And as an added bonus, Carly was asked to leave the BoD shortly thereafter!
I was getting ready to rant and say well, of course individuals use fake information because, as the article already points out -- Any user can look up this data via one of the many whois sites on the net - and most users don't actually want to be looked-up.
I was getting ready to talk about the difference between 'personal use' domains, where the ability to contact the owner is almost immaterial to the correct operation of the personal use, and how the reverse is true for corporate domain users where you'd bloody well have valid dns, technical, and ABUSE contact information clearly laid out.
And then I did something I almost never do - I RTFA and whoaaaa, isn't this a bit outside of the GAO jurisdiction? To wit, from their own website (URL:http://www.gao.gov/about/what.html) Congress asks GAO to study the programs and expenditures of the federal government. GAO, commonly called the investigative arm of Congress or the congressional watchdog, is independent and nonpartisan. It studies how the federal government spends taxpayer dollars. GAO advises Congress and the heads of executive agencies (such as Environmental Protection Agency, EPA, Department of Defense, DOD, and Health and Human Services, HHS) about ways to make government more effective and responsive. GAO evaluates federal programs, audits federal expenditures, and issues legal opinions. When GAO reports its findings to Congress, it recommends actions. Its work leads to laws and acts that improve government operations, and save billions of dollars.
So, where is the direct federal impact, ability to make government more efficient (oh, unless you meant the Patriot Act enforcement agencies...), and study of taxpayer dollars related to GAO's research?
And what the heck is the GAO doing colluding with ICANN, other than to more tightly couple its operations with that of the US government?
PS: Why not look at .gov names? Oh wait, perhaps you cannot because (http://slashdot.org/article.pl?sid=02/09/21/12592 11&tid=95) "Verisign stopped providing access to information about the .gov internet domain, which is restricted to US government bodies, over concerns the data could be used in planning internet attacks."
We were able to work all sorts of things out, just as if we were negotiating for a new-hire. For example, I asked my Vacation time to be extended "on book" so I wouldn't have the possible tax implication of receiving a lump-sum final payout of unused vacation days; this also let me carry forward health benefits until my new job started, I worked diligently until the very last day, they threw me a party.
And the company would hire me back in an instant, with no hesitation.
Another drawback is that a stock market has both buyers and sellers - what value can be derived from an iTunes marketplace where buyers compete for a limitless supply?
Not that the model wouldn't work, but it sure doesn't have any easy analogs in the real world of markets and trading. That said, if iTunes would allow me to sell my used songs on their market, and cap a maximum IPO of song title quantities, I'd gladly give Steve Jobs a few pennies to offload my ex girfriend's Celine Dion albums (no URL link provided) and pick up a little microcap named Moxy Fruvus http://www.fruvous.com/
Another great cause is the NCSF (National Coaltion for Sexual Freedoms) http://www.ncsfreedom.org/ and they have worked hand-in-hand with the EFF on several areas, especially in those efforts involved in fighting a heavy-handed government attempt to limit the use of technology as an avenue for free speech and personal expression. From their website:
In 2003, nearly 600 contacts were made between NCSF and individuals, groups, attorneys, prosecutors, and businesses who requested assistance. Each incident sometimes required only one or two phone calls, but many evolved into much larger projects such as the series of attacks by religious political extremists against SM conferences in the midwest.
In 41% of the incidents, NCSF assisted individuals. The largest category of incidents involved parents who were engaged in child custody and divorce cases. Parents continue to experience difficulties gaining child custody due to their interest in SM, swing or poly activities. NCSF worked with a number of attorneys representing parents accused of being unfit because of their alternative lifestyle interests. In many cases, because of information we were able to provide, the courts decided that alternative sexual expression alone was not cause to impugn a parent's ability to be a good parent. Individuals also consulted with NCSF on a variety of other issues, including: the legality of obscene materials, guidelines for posting sexually frank information on websites, the law regarding private parties, and dealing with personal media exposure.
In 2002, NCSF also opposed zoning and other local regulatory measures against those who practice some form of alternative sexual expression. NCSF assisted the swing communities in Florida and Phoenix by holding open-forum discussions about how to affect zoning regulations and current litigation against lifestyle clubs. NCSF also worked with the Gay and Lesbian Activist Alliance (GLAA) to lobby against the Washington DC's Alcoholic Beverage Control regulation 905, which has been used to prohibit SM play in local establishments with liquor licenses even when liquor isn't being sold or consumed
I in no way believe the EFF to be futile or it's purpose outlived - unless I guess we've outlived Freedom! We need groups like the EFF to fight some issues, groups like the NCSF and the ACLU to fight others. Freedom is an individual responsibility, not a lobbying entity; these groups need to exist to help people, not themselves. (In the latter regard, I would put the ACLU further along the outlived timeline than the EFF)
This gives witness to the defense-in-depth approach to security. If Google had previously secured their desktop from this behaviour, they never would have been vulnerable in the first place.
My two main points are:
1- the IE bug still exists; Google does nothing to mitigate the very real and dangerous security defect that still exists out there!
2- there obviously was something wrong with Google's implementation, or it would have been able to defend itself against having its permiter protection compromised
---- I awoke with a jerk and slowly started to remember what I had done last night.
Plus, they were able to become the First Poster, at nearly twice the rate!