TFA answers your question - most card reading entry systems have a feature which will allow any ATM card to open the door, because these systems are often used to secure ATM machines, and banks want people from other banks to be able to use their machine and pay the 2.00 service charge.
And the sad part is, that is pretty poor security, since I've never seen a system whereby when there is a single ATM, the system keeps others from swiping their cards and enterring while you're at the ATM. Anybody else can amble right in, peek over your shoulder, etc. Sure, there's a video camera, but it's usually set at an angle that allows it to only view the person standing at the machine, making it easy to stay out of range. The better ones have cameras mounted up high to capture all that's going on inside the booth.
A surly, chain-smoking robot, to not do the work you need to get done around the home, which you cannot fire. Sign me up!
Disclaimer: Been to France a couple of times and actually the above would more properly be typical of Parisian behavior; the French people outside Paris have always been quite nice.
Oh yes, Crapaq has been testing for years... testing users' patience, testing the ability of tech support to fix their malfunctioning boxes, and testing the limits of poor customer support.
Please mod the parent up Funny... because that is truly hilarious! Although it does show how mature their technology is if it wasn't written to boost itself over potential rivals.
When I see something touted with a phrase like "rich user experience", my natural reaction (after more than a decade of web use) is to shudder and go on to something that's more likely to be useful and informative.
Good point. The fact is, the state of web sites and web-driven applications is atrocious. People are taking the gaggle of new technologies available and abusing them, creating clunky interfaces, over-stuffed web pages, and garish sites where finding actual content is next to impossible. Google has set the standard for clean, efficient site design, and these Search 2.0 companies are going to learn a hard lesson if they don't follow the trail Google has blazed.
...written by someone who is actually working on the same technology for a rival company to the ones listed in the article. There's an unbiased piece of reporting for you!
...comes the new rage that's sweeping the Internet: Search 2.0! Yes, you've enjoyed Search 1.0 for years but now there's the new and improved Search 2.0! It does all the smae things, but different! No more time-consuming Googling for things -- with Search 2.0, you can have your results in about the same time and have them be remarkably similar!
If they think slapping a fancy title on it will spark everyone to transition to their new search products, they should think again. I suspect Google will simply roll out there 2.0 option at some point and kick everyone else's butt.
Have you seen some of the styles people/comapnies come up with? Ok, maybe I never wen to design school but fuschia, lime green, and orange make for a headache!
That's not the worst thing. You can live with the basic cascading mess; it's a matter of debugging. The real problem is that no two browsers--let alone no two versions of any one browser--interpret CSS the same way! The Microsoft browser interprets a style sheet one way, Firefox interprets it another way, and Opera a third way. Can someone explain to me exactly what kind of "standard" CSS is, anyway?
CSS is not really a standard, but a concept, namely that formatting information should be separate from content. Good idea, assuming you can get the people generating the content to actually pay attention to all the formatting you've set up.
A "standard" would indicate that everyone in industry recognizes it and applies it equally and consistently, a fact we know to be in error as far as browsers go. Let's skip the IE bashing and Firefox fanboy routine and agree that so far, CSS compliance is decent but spotty and nobody really does it exactly as the standard outlines. Unless someone makes a CSS ruling body and gives it some kind of power, don't expect there to be any change in the status quo.
It is easy (even trivial) to do constraint checking on the database that is absoltely infallable. It is much easier to secure a database than an appliation in fact. The problem is that people focus security in the wrong place, the application.
I'm not sure about trivial, but adding constraint checks to the DB just makes everything more secure. You have to figure that if you've set up checks at every stage, by the time data reaches the database it's been looked over at least three times, possibly more depending on your paranoia level.
Security has to be focused on all parts of the system. I would no more trust a system where my only data checks lay with my database than I would one where my only data checks rested with the application.
You may however be able to predict general paterns over a significant period of time. It may be possible to get a pretty good idea of how many typhoons will occur in a given year and how strong they will initially be without knowing their course.
You won't be able to "predict" anything; weather is driven by a complex set of forces, of which we have a very incomplete understanding. It isn't just a matter of temperature, pressure, moisture content, UV radiation, and infrared radiation, which are the main variables your local forecaster uses to try and predict weather trends. Solar wind, ground cover, cloud formation, cosmic rays, vulcanism, atmospheric electrodynamics: these are extra variables that influence the weather in ways we can't understand. And just to screw up the mixture a bit more, add global warming.
You can build more and more sophisticated models and run them on faster and faster hardware, but in the end, you can't really account for all the possible variables to any degree of accuracy. The more variables you add, each with its own degree of accuracy, the more soupy the predictions become. We know in general terms how systems work, but we have no idea how all these forces interact to create weather. I think the Japanese should stick to trying to determine what actually drives the weather and stay out of the prediction business.
First rule of writing CGI: never trust the data! I work in Perl, and when an app is exposed to the outside world, I have to assume someone is going to try and get in through some hole if they can (or worse, will do something stupid that would have a negative affect oon my systems).
It starts with the web page -- validate input data. I know, I know, anyone can copy your page and rip out the JavaScript validation, but it doesn't hurt to put up a first line of defense. Next, before you actually use the data from the form for anythig validate it separately. In Perl, I have taint mode enabled by default for external apps and I treat all the data I receive as if it were dog crap. I massage it with regexes to make sure it is what it's supposed to be, and then pass it on to be processed. I find the best way to put up a wall is to have the form parameters sent to a validation script, then have the validation script call the script which would run the actual query, throwing back an error message to the user (and sending me a message in the process) if something's not right.
Data validation is really not that hard, especially if you know exactly what the inout is supposed to be. It gets iffier if the user can put in pretty much anything -- then you have to be a little more paranoid.
Why are you assuming that it's not possible to write secure code from the start? The networking stack is a vital part of an OS's security, can't MS fork enough resources to create a relatively secure networking stack for Vista?
That's not my assumption at all; given Microsoft's track record however, you have to wonder if that will be the case. Symantec is saying it isn't based only on their review of the beta software, but you can't take that as gospel, anymore than you can accept MS's assurances that Vista will be secure.
Microsoft has the capacity to make a secure stack, the question is do they have the capability? Since this is new code, one can assume that resources used for XP aren't as of much help as Vista developers, so it depends on the kind and amount of resources they chose to task to this. Personally (and I know this will draw the ire of some), I've found that with each succeeding generation of Windows, the product gets more reliable, though always somewhat less secure. I'm hoping MS can at least maintain quality with Vista while at the same time improving security.
"Microsoft has removed a large body of tried and tested code and replaced it with freshly written code, complete with new corner cases and defects," the researchers wrote in the report, scheduled for publication Tuesday. "This may provide for a more stable networking stack in the long term, but stability will suffer in the short term."
On the one hand, you can see thier point. The XP code has become more mature and has all the latest fixes and is more or less stable, as Windows goes. On the other hand, the hackers and crackers have a pretty good bead on it and are capable of exploiting it more easily than they would a new and unknown body of code. There will be the inevitable bugs in the new code, but you have to admit, Micrososft has a lot of experience now at finding and fixing exploits. I figure the breaking in period for Vista won't be quite as long as it was for XP.
...downloading porn is considered anti-social behavior? Or complaining about the President or Prime Minister? Hate to use the overworn "slippery slope" phraseology, but once you open Pandora's box, it's awfully hard to close. Sure, some of these people, convicted or not, should probably have Internet/computer access rights revoked. But how enforceable is it really? If someone's convicted and goes to jail, fine, but what about someone who is only suspected? Are they going to then follow them around and make sure they don't touch a computer?
Except that you won't be able to tell the difference between normal fear and irrational fear. I doubt there will be that much granularity. After all, won't roller coaster junkies give off some fear emanations as they are riding, even if they are experienced? That's a lot of what's behind the adrenaline junkie is the rush of overcoming their fear. I doubt we want to dispatch cops to Six Flags or Walt Disney World based on this kind of technology. And the fact is, a fear response probably wouldn't be triggered by living in a constant state of fear, as the homeostatic mechanism of the human body would simply adapt to the state. Ultimately, this is more a research tool than a useful application of technology. Although I can see wives using it to see if their husbands are having affairs...
Who thinks I need a map to tell me where I'm happy and sad and so forth day-to-day? Let's cut to the chase: Happy - in front of the TV watching baseball or Law & Order; Unhappy - work; Angry - commuting.
Just because we have certain technologies does not mean they should be combined to created mindless information for mass consupmtion. Are we going to end up with the Google Happy Zone, with a Google Earth map with little emoticons all over it? Are the going to link this to your IM so people on the other end of your messages know your mood? All this is a high-tech version of the 70's mood ring.
And that's what it comes down to. Keep your system updated! Don't click on every moronic spammail you get! Don't run everything you download from an unrelyable source without at least checking what it is!
My prediction would be that you can eliminate about 95% of the most dangerous worms, trojans and spybots currently in the wild if we could just get people to abstain from running every single piece of junk they stumble upon. The best protection against infection is still a working brain.
Normally I would agree, but what about the fact that there may be legitimate sites out there that have been infected by this rootkit, which will then in turn infect users who have no reason to fear infection? Not every work or trojan is spread via the incompetence of the user -- it only seems that way. Look at the way 180solutions is dumping spyware on unaware MySpace users who click on seemingly legitimate content, including an ad for software to protect children. ALl someone has to do is slip this sucker into some seemingly harmless content and WHAM!
Great! So now you can watch scads of porn without actually seeing any of it!
No, now you can scan through your entire porn collection and pick out the things you want to see, much faster than doing a search. Imagine hooking this up to your browser and surfing through porn websites brought up by a Google search -- you could find what you're looking for instantly!
Mind you, I'm sure DARPA didn't have this in mind when they thought it up. They probably want to hunt fro troops, missiles, terrorists, etc. But the pron industry seems to be at the forefront of every new technology at some point.
Essentially, it uses the extremely powerful visual recognition ability of the human brain and couples it with a computer's raw processing power to allow a user wearing an EEG cap to filter through scores of digital images at high-speed and pick out something of interest.
Slashdot Mirror
And the sad part is, that is pretty poor security, since I've never seen a system whereby when there is a single ATM, the system keeps others from swiping their cards and enterring while you're at the ATM. Anybody else can amble right in, peek over your shoulder, etc. Sure, there's a video camera, but it's usually set at an angle that allows it to only view the person standing at the machine, making it easy to stay out of range. The better ones have cameras mounted up high to capture all that's going on inside the booth.
A surly, chain-smoking robot, to not do the work you need to get done around the home, which you cannot fire. Sign me up!
Disclaimer: Been to France a couple of times and actually the above would more properly be typical of Parisian behavior; the French people outside Paris have always been quite nice.
Worse yet, will you be able to fire them when they become lazy and incompetent?
Oh yes, Crapaq has been testing for years... testing users' patience, testing the ability of tech support to fix their malfunctioning boxes, and testing the limits of poor customer support.
Yes, but can they tell me where in the hell I left my car keys??
No, but the NSA or FBI can...
Please mod the parent up Funny... because that is truly hilarious! Although it does show how mature their technology is if it wasn't written to boost itself over potential rivals.
Good point. The fact is, the state of web sites and web-driven applications is atrocious. People are taking the gaggle of new technologies available and abusing them, creating clunky interfaces, over-stuffed web pages, and garish sites where finding actual content is next to impossible. Google has set the standard for clean, efficient site design, and these Search 2.0 companies are going to learn a hard lesson if they don't follow the trail Google has blazed.
...written by someone who is actually working on the same technology for a rival company to the ones listed in the article. There's an unbiased piece of reporting for you!
...comes the new rage that's sweeping the Internet: Search 2.0! Yes, you've enjoyed Search 1.0 for years but now there's the new and improved Search 2.0! It does all the smae things, but different! No more time-consuming Googling for things -- with Search 2.0, you can have your results in about the same time and have them be remarkably similar!
If they think slapping a fancy title on it will spark everyone to transition to their new search products, they should think again. I suspect Google will simply roll out there 2.0 option at some point and kick everyone else's butt.
CSS stands for Conspicuously Sketchy Sheets
CSS = Completely Stupid Styles
Have you seen some of the styles people/comapnies come up with? Ok, maybe I never wen to design school but fuschia, lime green, and orange make for a headache!
CSS is not really a standard, but a concept, namely that formatting information should be separate from content. Good idea, assuming you can get the people generating the content to actually pay attention to all the formatting you've set up.
A "standard" would indicate that everyone in industry recognizes it and applies it equally and consistently, a fact we know to be in error as far as browsers go. Let's skip the IE bashing and Firefox fanboy routine and agree that so far, CSS compliance is decent but spotty and nobody really does it exactly as the standard outlines. Unless someone makes a CSS ruling body and gives it some kind of power, don't expect there to be any change in the status quo.
You won't be able to "predict" anything; weather is driven by a complex set of forces, of which we have a very incomplete understanding. It isn't just a matter of temperature, pressure, moisture content, UV radiation, and infrared radiation, which are the main variables your local forecaster uses to try and predict weather trends. Solar wind, ground cover, cloud formation, cosmic rays, vulcanism, atmospheric electrodynamics: these are extra variables that influence the weather in ways we can't understand. And just to screw up the mixture a bit more, add global warming.
You can build more and more sophisticated models and run them on faster and faster hardware, but in the end, you can't really account for all the possible variables to any degree of accuracy. The more variables you add, each with its own degree of accuracy, the more soupy the predictions become. We know in general terms how systems work, but we have no idea how all these forces interact to create weather. I think the Japanese should stick to trying to determine what actually drives the weather and stay out of the prediction business.
First rule of writing CGI: never trust the data! I work in Perl, and when an app is exposed to the outside world, I have to assume someone is going to try and get in through some hole if they can (or worse, will do something stupid that would have a negative affect oon my systems).
It starts with the web page -- validate input data. I know, I know, anyone can copy your page and rip out the JavaScript validation, but it doesn't hurt to put up a first line of defense. Next, before you actually use the data from the form for anythig validate it separately. In Perl, I have taint mode enabled by default for external apps and I treat all the data I receive as if it were dog crap. I massage it with regexes to make sure it is what it's supposed to be, and then pass it on to be processed. I find the best way to put up a wall is to have the form parameters sent to a validation script, then have the validation script call the script which would run the actual query, throwing back an error message to the user (and sending me a message in the process) if something's not right.
Data validation is really not that hard, especially if you know exactly what the inout is supposed to be. It gets iffier if the user can put in pretty much anything -- then you have to be a little more paranoid.
That's not my assumption at all; given Microsoft's track record however, you have to wonder if that will be the case. Symantec is saying it isn't based only on their review of the beta software, but you can't take that as gospel, anymore than you can accept MS's assurances that Vista will be secure.
Microsoft has the capacity to make a secure stack, the question is do they have the capability? Since this is new code, one can assume that resources used for XP aren't as of much help as Vista developers, so it depends on the kind and amount of resources they chose to task to this. Personally (and I know this will draw the ire of some), I've found that with each succeeding generation of Windows, the product gets more reliable, though always somewhat less secure. I'm hoping MS can at least maintain quality with Vista while at the same time improving security.
On the one hand, you can see thier point. The XP code has become more mature and has all the latest fixes and is more or less stable, as Windows goes. On the other hand, the hackers and crackers have a pretty good bead on it and are capable of exploiting it more easily than they would a new and unknown body of code. There will be the inevitable bugs in the new code, but you have to admit, Micrososft has a lot of experience now at finding and fixing exploits. I figure the breaking in period for Vista won't be quite as long as it was for XP.
...downloading porn is considered anti-social behavior? Or complaining about the President or Prime Minister? Hate to use the overworn "slippery slope" phraseology, but once you open Pandora's box, it's awfully hard to close. Sure, some of these people, convicted or not, should probably have Internet/computer access rights revoked. But how enforceable is it really? If someone's convicted and goes to jail, fine, but what about someone who is only suspected? Are they going to then follow them around and make sure they don't touch a computer?
It's called a MacBook, or more generically, any laptop with a DVD drive.
But it would be SOP to disrobe before engaging the device. You know the military -- everythign by the book!
Except that you won't be able to tell the difference between normal fear and irrational fear. I doubt there will be that much granularity. After all, won't roller coaster junkies give off some fear emanations as they are riding, even if they are experienced? That's a lot of what's behind the adrenaline junkie is the rush of overcoming their fear. I doubt we want to dispatch cops to Six Flags or Walt Disney World based on this kind of technology. And the fact is, a fear response probably wouldn't be triggered by living in a constant state of fear, as the homeostatic mechanism of the human body would simply adapt to the state. Ultimately, this is more a research tool than a useful application of technology. Although I can see wives using it to see if their husbands are having affairs...
Who thinks I need a map to tell me where I'm happy and sad and so forth day-to-day? Let's cut to the chase: Happy - in front of the TV watching baseball or Law & Order; Unhappy - work; Angry - commuting.
Just because we have certain technologies does not mean they should be combined to created mindless information for mass consupmtion. Are we going to end up with the Google Happy Zone, with a Google Earth map with little emoticons all over it? Are the going to link this to your IM so people on the other end of your messages know your mood? All this is a high-tech version of the 70's mood ring.
Normally I would agree, but what about the fact that there may be legitimate sites out there that have been infected by this rootkit, which will then in turn infect users who have no reason to fear infection? Not every work or trojan is spread via the incompetence of the user -- it only seems that way. Look at the way 180solutions is dumping spyware on unaware MySpace users who click on seemingly legitimate content, including an ad for software to protect children. ALl someone has to do is slip this sucker into some seemingly harmless content and WHAM!
No, now you can scan through your entire porn collection and pick out the things you want to see, much faster than doing a search. Imagine hooking this up to your browser and surfing through porn websites brought up by a Google search -- you could find what you're looking for instantly!
Mind you, I'm sure DARPA didn't have this in mind when they thought it up. They probably want to hunt fro troops, missiles, terrorists, etc. But the pron industry seems to be at the forefront of every new technology at some point.
Say it with me now... Porn!
...it's a balloon!