Sure - but trusting what someone thought they saw over science (very well-tested science, mind you - my understanding is that false positives are far more likely than false negatives, then multiply that by hundreds of tests) isn't necessarily a good approach. It's very common for people to swear up and down that they saw something when reality is something completely different.
I'm not making a statement either way, but I'm much more inclined to trust highly repeatable data than subjective eyewitnesses. People hold grudges, test results do not.
Well to be fair, Macs don't have a BIOS system and UEFI is largely irrelevant to their ability to do their jobs. While I agree with your notion that their title has nothing to do with their knowledge, at the end of the day they're able to solve most people's problems and tend to do so in a way that doesn't leave a sour taste in people's mouths (unlike your typical help desk workers).
There's clearly a blurry line here trying to distinguish crazed ranting from actual threats. I'm definitely opposed to the idea of "thoughtcrime", but if someone is making real threats that they're in a position to carry out (and I'm guessing an ex-Marine is more qualified than most to do so) it makes sense to step in before real harm is done. But that's also contingent on us being able to actually make a realistic distinction between blowing off steam and actually planning violence. We tend to be overcautious here, but that's societal trends at work.
It's a reflection of the fact that people don't want to deal with security. It working silently in the background and staying out of your way whenever possible is absolutely the right decision, or else the protections would all get turned off because they'd be so damn annoying.
If you got a pop-up every time your firewall blocked a port scan, wouldn't you inevitably turn off your firewall?
Prompting users to make security decisions means you have less security. If Defender prompted you every time it was blocking a write to a sensitive/monitored file, most people (the ones that really need the extra security software) would be inundated with requests eventually causing them to hit allow every time just to make the dialog boxes go away.
There should be a comment in the hosts file indicating how to opt-out of this behavior, but I think what Microsoft has done here is both reasonable and a good security decision. People doing local dev work (myself included, although I don't do web development on Windows) would see the comment and how to disable things, and the rest of the world would have a secure, non-compromised hosts file - as they should.
Yes, but among the vast majority of users (i.e., not Slashdot readers), the hosts file is an attack vector rather than an adblocker or development tool. All of that security training people should receive around double-checking what's in the address bar goes out the window when the hosts file has been compromised.
It sounds like MS's security tools have been a bit overzealous in trying to protect this file and can't determine what's a legitimate versus non-legit edit. But it's better to err on the side of being more rather than less secure here, especially with the amount of damage a maliciously-edited hosts file can do.
Basically: yes, it's Windows 8's fault that this happens, but it's not Microsoft trying to screw you over like the headline makes out. There should be a tool that can edit, save, and sign the hosts file to make this distinction, not entirely unlike visudo - and all operating systems should have something similar. My Cisco VPN client straight-up replaces my hosts file every time I connect, and while I was able to find and update the file it uses to make that less annoying (I have hosts for a lot of VMs in there), the fact that a non-privileged application can do that is quite scary.
You may want to look into them. I'd be quite surprised if this is a large enough change to provide you with a window to end your service contract without the ETF (unlike, say, raising rates or changing contents of the plan, which definitely is)
Yes, I'm sure it's really hard to add a WHERE clause to an SQL statement. This clearly costs hundreds of thousands of dollars in third-party consulting work.
Also, following federal regulations around privacy is not an optional add-on, it's a cost of doing business. I'd be astonished if they can legally do this - though not nearly as astonished as if someone from the FTC grew a pair and started enforcing these regulations against the telcos.
I mean that's cool and all, but I think the more significant piece is that the landing was accurate to within 2km with a journey covering nine months and somewhere roughly around 200m km. Scale that down to something we can actually comprehend, and it's using autopilot for 100km and being accurate to within 1mm. Where talking to your co-pilot takes as much as 14 minutes, with another 14 minutes to hear their response.
Actually, they're legally required to put shareholders first - search around for "fiduciary duty".
That said, the hedge fund types being the main shareholders adds a conflict: they only care about short-term profits (they're going to dump the stock for something else where they can play volatility as soon as it's something sustainable) which disincentivizes long-term infrastructure investments because of the short-term capital investment.
Seriously, blame Wall Street for having continually unrealistic growth expectations. These telcos don't have a bunch of retards in charge of the network, they just have their hands tied. Everybody knows the infrastructure in insufficient and is just getting worse as smartphone penetration deepens.
(c) upgraded infrastructure which will encourage would-be users to select your service, which includes greater bandwidth and (b) more towers.
Sincerely, A Shareholder
Seriously - I own shares of VZ, T, and S. I can't complain about the (small) dividend checks, but I'd rather see them put that money into creating a better service.
Depends - do you want people to take you seriously? I think it's safe to assume people dress a bit nicer when meeting with clients/vendors/etc. to be taken more seriously and appear professional. Why would you not want that same level of respect from people you work with every day? There's a matter of balancing your own (physical) comfort, especially when it comes to practical matters like being able to crawl around under desks to set up machines.
In fairness, I'm banging out code and slashdot comments in jeans and a tee. But I also make sure that my clothes are clean and fit reasonably well: it's practical and comfortable, but showing a bit of effort and self-respect goes a long way.
I've seen you cite that three times in the comments so far, and I'm not even very far down the page. I'm pretty sure it's been tested more recently than 1996. In fact, here you go. I imagine you got your link from the wikipedia page on shrink-wrap contracts, as did I.
It varies by court and by license - there's no precedent that's used in all cases.
And regardless, what they're doing is illegal so it doesn't matter if it was in the EULA. Knowledge != consent
I find articles about widespread, easy-to-exploit security flaws quite interesting, thank you very much. And it goes to show that all of the electronic security in the world is pointless when there's a flaw in the physical security. The fact that it was centered around something marketed as a gun safe was basically irrelevant to me; it just as easily could have been a document safe with $10M of easily stolen cash inside. Or using a coat-hangar to open many office doors.
Then he doesn't buy. Free market at work here. Good/service X is worth $y to me. Company offering said good/service is asking $z. If $z = $y, I buy it. If their costs are such that they can't offer the thing to me at a price at or below what I'm willing to pay, then I go without. If going without really bothers me, then $y is actually higher than I stated earlier (unless it's artificially capped by what I actually _can_ pay, i.e. I simply can't afford it, but would buy if I could)
Well truth be told, if we're going to create an engineering culture to some demographic, I'd much prefer it to be hostile towards vegans rather than women:p
Have you had an opt-out pat-down? If you can get off to that, I'd be impressed. They go out of their way to make it slow and embarrassing ("MALE OPT-OUT OVER HERE!") to hope you won't do it again, but even 1% of passengers doing it would probably overload the system.
Also, you *do* pay for it - there's a TSA fee in your airfare (it may be taked on or built-in)
And you want to have to wait for a major release (plus probably two minors, to be safe) to fix your database input sanitizer? I think not.
Granted, it would have been better to make mysql_real_escape_string (per the example) a temporary function for the next minor version of the current major release, and immediately deprecate it when the behavior of the original is fixed in the next major version, but oh well. You should be using prepared statements anyway:p
What? Just fix the bugs. Then you can upgrade whenever you please.
The code in question was reliant on the "garbage in, garbage out" idea. When the function changes to "garbage in, error out", that means you need to stop feeding it garbage, which you can do whenever you get off your ass.
Otherwise you're ignoring your decimals parameter in the null case, and creating a new bug;) You should also maintain the original function's signature, with $dec_point = '.' and $thousands_sep = ','
>If I screwed something up, I want to know about it so I can deal with it.
I do too, but PHP out-of-the-box isn't designed for that. It's designed to let the lowest common denominator programmer make something that will work, and more sophisticated programmers can set up real error handling (errors/notices to exceptions). After talking about this kind of stuff with Rasmus a couple days ago, I'm going to put together a proposal for a drop-dead-simple way to turn on that behavior with one line of code/config so people that actually know what they're doing can turn on "real programmer mode" in such a way that won't break every crappily-written application on the internet.
I agree about the __FILE__ thing though. Some project I was playing with that uses that stupid "if (__FILE__ == $_SERVER['REQUEST_FILENAME'])" trick broke in all sorts of interesting ways because my web root is served out of a symlinked directory by nginx. Though symlinks create all sorts of unpredictable behavior everywhere, and get pretty unwieldy to follow. Easy enough to fix with a realpath() call, but still annoying.
Slashdot Mirror
Sure - but trusting what someone thought they saw over science (very well-tested science, mind you - my understanding is that false positives are far more likely than false negatives, then multiply that by hundreds of tests) isn't necessarily a good approach. It's very common for people to swear up and down that they saw something when reality is something completely different.
I'm not making a statement either way, but I'm much more inclined to trust highly repeatable data than subjective eyewitnesses. People hold grudges, test results do not.
Well to be fair, Macs don't have a BIOS system and UEFI is largely irrelevant to their ability to do their jobs. While I agree with your notion that their title has nothing to do with their knowledge, at the end of the day they're able to solve most people's problems and tend to do so in a way that doesn't leave a sour taste in people's mouths (unlike your typical help desk workers).
There's clearly a blurry line here trying to distinguish crazed ranting from actual threats. I'm definitely opposed to the idea of "thoughtcrime", but if someone is making real threats that they're in a position to carry out (and I'm guessing an ex-Marine is more qualified than most to do so) it makes sense to step in before real harm is done. But that's also contingent on us being able to actually make a realistic distinction between blowing off steam and actually planning violence. We tend to be overcautious here, but that's societal trends at work.
It's a reflection of the fact that people don't want to deal with security. It working silently in the background and staying out of your way whenever possible is absolutely the right decision, or else the protections would all get turned off because they'd be so damn annoying.
If you got a pop-up every time your firewall blocked a port scan, wouldn't you inevitably turn off your firewall?
Thought so.
Prompting users to make security decisions means you have less security. If Defender prompted you every time it was blocking a write to a sensitive/monitored file, most people (the ones that really need the extra security software) would be inundated with requests eventually causing them to hit allow every time just to make the dialog boxes go away.
There should be a comment in the hosts file indicating how to opt-out of this behavior, but I think what Microsoft has done here is both reasonable and a good security decision. People doing local dev work (myself included, although I don't do web development on Windows) would see the comment and how to disable things, and the rest of the world would have a secure, non-compromised hosts file - as they should.
Yes, but among the vast majority of users (i.e., not Slashdot readers), the hosts file is an attack vector rather than an adblocker or development tool. All of that security training people should receive around double-checking what's in the address bar goes out the window when the hosts file has been compromised.
It sounds like MS's security tools have been a bit overzealous in trying to protect this file and can't determine what's a legitimate versus non-legit edit. But it's better to err on the side of being more rather than less secure here, especially with the amount of damage a maliciously-edited hosts file can do.
Basically: yes, it's Windows 8's fault that this happens, but it's not Microsoft trying to screw you over like the headline makes out. There should be a tool that can edit, save, and sign the hosts file to make this distinction, not entirely unlike visudo - and all operating systems should have something similar. My Cisco VPN client straight-up replaces my hosts file every time I connect, and while I was able to find and update the file it uses to make that less annoying (I have hosts for a lot of VMs in there), the fact that a non-privileged application can do that is quite scary.
"Contracts"
You may want to look into them. I'd be quite surprised if this is a large enough change to provide you with a window to end your service contract without the ETF (unlike, say, raising rates or changing contents of the plan, which definitely is)
Yes, I'm sure it's really hard to add a WHERE clause to an SQL statement. This clearly costs hundreds of thousands of dollars in third-party consulting work.
Also, following federal regulations around privacy is not an optional add-on, it's a cost of doing business. I'd be astonished if they can legally do this - though not nearly as astonished as if someone from the FTC grew a pair and started enforcing these regulations against the telcos.
I mean that's cool and all, but I think the more significant piece is that the landing was accurate to within 2km with a journey covering nine months and somewhere roughly around 200m km. Scale that down to something we can actually comprehend, and it's using autopilot for 100km and being accurate to within 1mm. Where talking to your co-pilot takes as much as 14 minutes, with another 14 minutes to hear their response.
We've got some damn fine people working on this.
Actually, they're legally required to put shareholders first - search around for "fiduciary duty".
That said, the hedge fund types being the main shareholders adds a conflict: they only care about short-term profits (they're going to dump the stock for something else where they can play volatility as soon as it's something sustainable) which disincentivizes long-term infrastructure investments because of the short-term capital investment.
Seriously, blame Wall Street for having continually unrealistic growth expectations. These telcos don't have a bunch of retards in charge of the network, they just have their hands tied. Everybody knows the infrastructure in insufficient and is just getting worse as smartphone penetration deepens.
Dear The Phone Company,
(c) upgraded infrastructure which will encourage would-be users to select your service, which includes greater bandwidth and (b) more towers.
Sincerely,
A Shareholder
Seriously - I own shares of VZ, T, and S. I can't complain about the (small) dividend checks, but I'd rather see them put that money into creating a better service.
And how do Hawaii's income levels compare with the national average? I'm guessing it's on the higher side.
Depends - do you want people to take you seriously? I think it's safe to assume people dress a bit nicer when meeting with clients/vendors/etc. to be taken more seriously and appear professional. Why would you not want that same level of respect from people you work with every day? There's a matter of balancing your own (physical) comfort, especially when it comes to practical matters like being able to crawl around under desks to set up machines.
In fairness, I'm banging out code and slashdot comments in jeans and a tee. But I also make sure that my clothes are clean and fit reasonably well: it's practical and comfortable, but showing a bit of effort and self-respect goes a long way.
I've seen you cite that three times in the comments so far, and I'm not even very far down the page. I'm pretty sure it's been tested more recently than 1996. In fact, here you go. I imagine you got your link from the wikipedia page on shrink-wrap contracts, as did I.
It varies by court and by license - there's no precedent that's used in all cases.
And regardless, what they're doing is illegal so it doesn't matter if it was in the EULA. Knowledge != consent
He sold enough to pay his taxes.
Remind me - how it is that early investors are not shareholders?
There are a huge number of cyclists killed in car accidents. It's more like saying the best way not to die in a car accident is to eliminate all cars.
I find articles about widespread, easy-to-exploit security flaws quite interesting, thank you very much. And it goes to show that all of the electronic security in the world is pointless when there's a flaw in the physical security. The fact that it was centered around something marketed as a gun safe was basically irrelevant to me; it just as easily could have been a document safe with $10M of easily stolen cash inside. Or using a coat-hangar to open many office doors.
Then he doesn't buy. Free market at work here. Good/service X is worth $y to me. Company offering said good/service is asking $z. If $z = $y, I buy it. If their costs are such that they can't offer the thing to me at a price at or below what I'm willing to pay, then I go without. If going without really bothers me, then $y is actually higher than I stated earlier (unless it's artificially capped by what I actually _can_ pay, i.e. I simply can't afford it, but would buy if I could)
Well truth be told, if we're going to create an engineering culture to some demographic, I'd much prefer it to be hostile towards vegans rather than women :p
Have you had an opt-out pat-down? If you can get off to that, I'd be impressed. They go out of their way to make it slow and embarrassing ("MALE OPT-OUT OVER HERE!") to hope you won't do it again, but even 1% of passengers doing it would probably overload the system.
Also, you *do* pay for it - there's a TSA fee in your airfare (it may be taked on or built-in)
And you want to have to wait for a major release (plus probably two minors, to be safe) to fix your database input sanitizer? I think not.
Granted, it would have been better to make mysql_real_escape_string (per the example) a temporary function for the next minor version of the current major release, and immediately deprecate it when the behavior of the original is fixed in the next major version, but oh well. You should be using prepared statements anyway :p
What? Just fix the bugs. Then you can upgrade whenever you please.
The code in question was reliant on the "garbage in, garbage out" idea. When the function changes to "garbage in, error out", that means you need to stop feeding it garbage, which you can do whenever you get off your ass.
Line 3 would work better as:
if (!$number) $number = 0;
or
$number = (float) $number;
Otherwise you're ignoring your decimals parameter in the null case, and creating a new bug ;) You should also maintain the original function's signature, with $dec_point = '.' and $thousands_sep = ','
>If I screwed something up, I want to know about it so I can deal with it.
I do too, but PHP out-of-the-box isn't designed for that. It's designed to let the lowest common denominator programmer make something that will work, and more sophisticated programmers can set up real error handling (errors/notices to exceptions). After talking about this kind of stuff with Rasmus a couple days ago, I'm going to put together a proposal for a drop-dead-simple way to turn on that behavior with one line of code/config so people that actually know what they're doing can turn on "real programmer mode" in such a way that won't break every crappily-written application on the internet.
I agree about the __FILE__ thing though. Some project I was playing with that uses that stupid "if (__FILE__ == $_SERVER['REQUEST_FILENAME'])" trick broke in all sorts of interesting ways because my web root is served out of a symlinked directory by nginx. Though symlinks create all sorts of unpredictable behavior everywhere, and get pretty unwieldy to follow. Easy enough to fix with a realpath() call, but still annoying.