You forgot the part where you posted a picture of a firearm to go with your rant about bullies. Nice job of cherry picking the parts of story that fit your rant while ignoring the obvious threat. Last I checked it was next to impossible to get a firearm in the UK, so the fact that a kid who was having problems with bullies posted a picture of him with a firearm and POTENTIALLY menancing words warranted a closer investigation.
Put the shoe on the other foot. What if some kid had gone on a rampage and it later came out that the FBI thought he might have been a threat but decided not to share the information? Rather than worrying about someone's rights being trampled (and I'd argue that they weren't given that he posted in a PUBLIC forum visible to the world), we'd be condemning the FBI for not doing more to save the children.
It has been a good decade since I last listened to that album. I lost the CD when I moved a while ago. I should probably go find a torrent. I'm sure someone else was kind enough to make a backup copy of it for me.
Orbital, the original "Orbital" album. It also has such great quotes as, "Son, it's better to regret something you have done, than to regret something you haven't done. And if you see your mother this weekend, be sure to tell her..... SATAN, SATAN, SATAN"
The most elegant approach that I was able to devise was to ask for a new title and job description to reflect all of the new responsibilities. In my case the IT department was reduced by 50% and I absorbed a lot of my previous boss' responsibilities, in addition to responsibilities from other departments. By taking the initiative to ask for those things I let the HR department know that I knew I was doing a lot more than was in my job description, and I wasn't being officially recognized for it. HR departments are notoriously ambivalent about changing job titles because doing so is a tacit acknowledgement that the position needs to be compensated the market rate for whatever the job title is.
I believe that asking for a job title change is the most subtle, "safe" way to bring up the disparity of your situation with the rest of the organization. By doing that you get to ask what is probably really on your mind.. "Are you going to pay me what I'm really worth?" If they flat out deny you even a title change, you know you're completely replaceable, or at least HR believes you are. If you get a title change and new job description you are in a better position to ask for a raise next year to reflect your increased responsibilities, and your proven track record of meeting them. In my case, I was given a raise along with the title change.
If money is really important to you and you get a title change but no raise, the new title puts you in a better position to find a new job. When I was sorting things out with my company I put my resume online just in case. Despite deciding to stay put where I am, I still get calls from recruiters a couple of times a month. I highly suggest posting your resume on an appropriate forum and responding to a couple of job postings. Figure out for yourself whether or not the market has any interest in you. The odds are that if you are competent enough to pick up the slack of a down sizing, you are worth significantly more than you're currently making. I've had good luck with Dice.com.
What exactly is their job that needs to be done in your perspective, Mr. has to post AC because he can't even stand by his own rant and own up to it? The way I see it, their job is to improve their software and provide their customers with the functionality that the customers need to run their businesses with. Last I checked, XP is dead. It is still out there in production and is still getting patched, but there isn't any new development happening.
Put the shoe on the other foot. If someone went to Google and said, "I found this vulnerability in Android 1.5, fix it." Do you think Google is going to put much effort into it? They'd probably just point out the fact that 1.5 is obsolete and recommend an upgrade to 1.6 or 2.1. Maybe someone can cry about flaw in Chrome 3.0 and we'll see how much weight Google puts on fix that.
Heaven forbid Microsoft takes more than 48 hours to patch an obsolete OS that most competent IT administrators are in the process of phasing out.
Even if you put the fact the XP is on the way out aside, how long do you think it takes a huge organization like Microsoft to regression test a patch? How many different departments need to sign off on something before it gets pushed out the door? I'm not saying that being big gives a company a pass for being inefficient, but be realistic. If they screw up a patch there are millions of people that can be impacted by it. It's not like Google where they enjoy the good will of the IT community and can just hang up a, "We're working on it, bare with us for a few moments" sign.
For an example read this article written by someone who is almost completely happy with Google apps.
Those of you with large support contracts are encouraged to tell your support representatives that you would like to see Microsoft invest in developing processes for faster responses to external security reports.
That's what he was complaining about, and I think it's a legitimate complaint.
He did get a response. He didn't get a resolution (in the time frame he wanted one in).
Lets put a not so hypothetical situation out there to consider. You're working your ass off getting a project out the door, coding your little heart out (in this case, Microsoft was in the final hours of their "patch Tuesday" process). A vendor of yours comes to you on Friday night with a NEW problem that they think is a big deal. You acknowledge their complaint, file it away and go back to working on what you were working on. Two business days later, you learn that your vendor took out ads in every major publication and website touting what an idiot you are for not "responding" to him, even though you did.
The person who released the vulnerability needs to grow up. Just because he might be a competent security researcher doesn't seem to translate to him being able to act like an adult, and to treat others with respect. Don't even bother to say, "Well Microsoft doesn't treat other with respect." because as any second grader knows, two wrongs don't make a right (but three lefts do). What adult expects another grown adult (or group of adults) to drop everything they're working on to respond to what one person believes to be a huge problem? If everyone dropped everything every time something "important" popped up, nothing would ever get done.
The fact that the guy works at Google shows that he comes from a different head space. Google lives in perpetual beta and their apps are often times "temporarily unavailable". We've all seen what happens when Microsoft release a bad patch. Tens if not hundreds of millions of people are running Windows XP. The last "bad patch" Microsoft pushed out BSOD'd a bunch of compromised computers. The patch worked fine on clean computers, but Microsoft still caught a flak for that one, as if they should be required to test their patches against every known malware out there.
Why is the guy even messing with XP anymore anyway? That is two generations ago. Why didn't he hit Windows 7 if he wants to make the point that Microsoft is insecure and slow to respond to critical issues? It could be completely possible that the bug he found in XP doesn't even exist in Windows 7 (but I wouldn't hold my breath on that one). Maybe Microsoft researchers should focus on breaking Android 1.5 so that they can generate a bunch of bad PR for Google and point out how inept they are when it comes to developing mobile phones?
Slashdot needs a "sticky" so that we don't have to rehash this symantic issue every time it comes up. Zero day doesn't mean what most people claim it means. Zero day was a warez term. Any use of the term to refer to anything other than a pirated software release is a bastardization of the term.
"Root is a state of mind. Zero day is a state of freshness."
there are physical activities gamers might enjoy but they... well... don't...
For a certain subset of gamers, they are playing games as an escape from reality. For a subset of that subset, they are supplanting their inability to achieve in real life with their ability to achieve in the game. Where as one person might find the idea of putting on a full suit of armor and swinging around a heavy weapon to be fun, there are others who would just consider it a burden and find that the experience reenforced their preference to suit up and swing weapons around in an online environment.
Another poster mentioned tai chi. I found that when I started training martial arts (tai chi, bagua and kung fu), I found that I wanted to spend less time playing games. I felt like I was wasting time playing games, and that the time could be better spent "leveling up" my real life skills.
I present the motion that from this moment, we substitute "fresh no day" for the term "zero day". It was good enough for warez kids so it will be good enough for security researchers.
And further add to the discussion, as long as it requires having some sort of "bag" that bag probably has room for other common things that people carry around like writing implements, paper, books, etc. Making the statement that you don't need a case for an iPad is kind of like saying you don't need a briefcase for your papers. Sure, you could walk around with a couple of file folders tucked under your arm, but a briefcase is a lot more convenient. (If you're some sort of hipster who is morally opposed to the idea of a briefcase and the connotation it has with "the man", feel free to substitute messenger bag, or other metro-sexual approved fashion accessory.)
You are right that the focus has changed. The infection vector has also changed. The old vectors don't work, or if they do the access to them has been mitigated on the client by the software firewall, and on the network permimeter by hardware firewalls. The operating system has been hardened to the point that most of the exploits are targetting applications. That is an improvement. Once they figure out how to properly sandbox the applications, the entire system will become more stable. Whether or not Microsoft is really up to the task is debatable.
Any serious geek will tell you the long sorded history of windows and all its memorable virii, malware and hacks...
Where are the equivalent virii in 2010? I remember Code Red and Slammer and the really malicious code that was raping any system stupid enough to expose 135/137 and 445 to the world. I don't remember any malware of that league in recent memory. The worst malware these days seems to be the AntiVirus 2010 and its related ilk. The malware itself is insidious and requires a pave and rebuild "just to be sure". The infection vector is the same old, same old mess of compromised websites and browser exploits. So in that regard Microsoft is getting better. Their software isn't getting owned two minutes after being connected to the internet. Like others have mentioned, they still have a long way to go.
I will believe that Microsoft has figured out secure software once they properly sandbox their browser and manage to prevent malicious code from breaking out of it to compromise the system. There is not any reason why visiting a webpage, either deliberately or through a redirect, should result in a compromised system.
basically, google is lagging badly behind where third parties want to go with android.
That sound eriely familiar to the way they handled Google Apps. I was all gung ho to replace my Exchange server with Google Apps but there were a couple of not so minor little details to be addressed. I tried to get an answer from Google but couldn't get one. Everyone suggested talking to a GAPE partner. I tried to ask the GAPE partners the same questions and their response was, "Google assures us they're working on those features. No, we can't tell you when they will be ready. No, we really can't. Google won't tell us when new features are coming. Here, why don't you try this work around...."
That's the stick they need to support their customers. If Google doesn't man up and do this, I'm afraid it will do a significant amount of harm to the rapidly developing Android market.
Don't hold your breath waiting for good customer support from Google. Google has been great about bringing technologies to market. They have proven themselves nearly incompetent when it comes to end user support for those technologies. They really need to open up their hundred billion plus dollar bank accounts and fund a decent customer service / marketing department. Google is great if you're a coder and are comfortable working with half done APIs. They aren't so great if you're in the market for something that just works.
I notice a handful of developers who have a beef with the way Apple runs their App store, but do any users actually care? Are there hundreds of thousands of users who are hating Apple right now because Apple is denying the users access to a killer application that they simply can't live without?
The whole issue surrounding the app store seems really contrived to me. Users who actually care about wanting to run specific types of applications will buy a phone that they can run applications on. Users who want an iPhone will buy an iPhone. Plenty of huge corporations like Starbucks, Bank of America and others have developed iPhone apps. Fandango has an app for finding movies that runs on both the iPhone and the G1 (and probably other Android phones too). If there was a huge problem with Apple exclusivity, I'd expect corporations like BofA and the like to be complaining that Apple is preventing them from offering their customers the same kind of applications that are offered on Android.
Other than some niche apps, there doesn't seem to be a real problem. If app devs really have uber ideas for applications then they should be able to build those apps on alternative platforms and the users will come. If they do build them and the users don't show up, the app obviously wasn't all that compelling in the first place.
I'm not a big Apple fan, but I recognize their right to tailor their product as they see fit. It isn't as if they are the entire mobile device market. They aren't even half of it. There are alternatives. As much as I dislike the Apple fanboys when they trot out their tired, "You aren't the target market" meme, it seems to fit in this case. Apple isn't targeting developers. They are targeting end users.
Remember these are NOT computers they are phones..
In 1990 people would have killed to get their hands on a "phone" with the processing power far greater than their desktop "computers" at the time. The only thing that makes the iPhone a "phone" is the form factor. The internals are every bit as much a "computer" as the box sitting on your desk. It may lack the peripherals like a DVD drive or a USB connector, but in terms of the ability to programs the iPhone is a full blown computer (more so if it is jail broken).
we might ought to slow the process so we can kill enough of them to save South Korea.
All of the landmines in the world don't address the problem with the North Koreans having enough artillery in place to completely level Seoul within an hour or two.
Let them eat their own dog food. I wish Google the best of luck. I would love to see an open, nearly free version of all of the popular MS applications that make running a business easier. It would be great to have equivalents of Office, and Project and Exchange.
Whoever engineered the smaller run alongside the larger one, then decided that anyone who wants access to the system taps into the smaller system, is definitely worth whatever that person makes every year. Keeping the end users off of the backbone itself limits the chance of a misconfiguration taking everything down.
I don't pay for them. On the other hand I don't attend enough conferences or deal with enough sales people to amass enough of them to simply hand them out at will either.
Slashdot Mirror
You forgot the part where you posted a picture of a firearm to go with your rant about bullies. Nice job of cherry picking the parts of story that fit your rant while ignoring the obvious threat. Last I checked it was next to impossible to get a firearm in the UK, so the fact that a kid who was having problems with bullies posted a picture of him with a firearm and POTENTIALLY menancing words warranted a closer investigation.
Put the shoe on the other foot. What if some kid had gone on a rampage and it later came out that the FBI thought he might have been a threat but decided not to share the information? Rather than worrying about someone's rights being trampled (and I'd argue that they weren't given that he posted in a PUBLIC forum visible to the world), we'd be condemning the FBI for not doing more to save the children.
I'm 95% certain it is somewhere on this album
http://en.wikipedia.org/wiki/Orbital_(green_album)
It has been a good decade since I last listened to that album. I lost the CD when I moved a while ago. I should probably go find a torrent. I'm sure someone else was kind enough to make a backup copy of it for me.
Orbital, the original "Orbital" album. It also has such great quotes as, "Son, it's better to regret something you have done, than to regret something you haven't done. And if you see your mother this weekend, be sure to tell her..... SATAN, SATAN, SATAN"
If I had never met people from the internet IRL I would have missed the first half dozen Defcons.
The most elegant approach that I was able to devise was to ask for a new title and job description to reflect all of the new responsibilities. In my case the IT department was reduced by 50% and I absorbed a lot of my previous boss' responsibilities, in addition to responsibilities from other departments. By taking the initiative to ask for those things I let the HR department know that I knew I was doing a lot more than was in my job description, and I wasn't being officially recognized for it. HR departments are notoriously ambivalent about changing job titles because doing so is a tacit acknowledgement that the position needs to be compensated the market rate for whatever the job title is.
I believe that asking for a job title change is the most subtle, "safe" way to bring up the disparity of your situation with the rest of the organization. By doing that you get to ask what is probably really on your mind.. "Are you going to pay me what I'm really worth?" If they flat out deny you even a title change, you know you're completely replaceable, or at least HR believes you are. If you get a title change and new job description you are in a better position to ask for a raise next year to reflect your increased responsibilities, and your proven track record of meeting them. In my case, I was given a raise along with the title change.
If money is really important to you and you get a title change but no raise, the new title puts you in a better position to find a new job. When I was sorting things out with my company I put my resume online just in case. Despite deciding to stay put where I am, I still get calls from recruiters a couple of times a month. I highly suggest posting your resume on an appropriate forum and responding to a couple of job postings. Figure out for yourself whether or not the market has any interest in you. The odds are that if you are competent enough to pick up the slack of a down sizing, you are worth significantly more than you're currently making. I've had good luck with Dice.com.
What exactly is their job that needs to be done in your perspective, Mr. has to post AC because he can't even stand by his own rant and own up to it? The way I see it, their job is to improve their software and provide their customers with the functionality that the customers need to run their businesses with. Last I checked, XP is dead. It is still out there in production and is still getting patched, but there isn't any new development happening.
Put the shoe on the other foot. If someone went to Google and said, "I found this vulnerability in Android 1.5, fix it." Do you think Google is going to put much effort into it? They'd probably just point out the fact that 1.5 is obsolete and recommend an upgrade to 1.6 or 2.1. Maybe someone can cry about flaw in Chrome 3.0 and we'll see how much weight Google puts on fix that.
Heaven forbid Microsoft takes more than 48 hours to patch an obsolete OS that most competent IT administrators are in the process of phasing out.
Even if you put the fact the XP is on the way out aside, how long do you think it takes a huge organization like Microsoft to regression test a patch? How many different departments need to sign off on something before it gets pushed out the door? I'm not saying that being big gives a company a pass for being inefficient, but be realistic. If they screw up a patch there are millions of people that can be impacted by it. It's not like Google where they enjoy the good will of the IT community and can just hang up a, "We're working on it, bare with us for a few moments" sign.
For an example read this article written by someone who is almost completely happy with Google apps.
http://www.forbes.com/2010/01/25/microsoft-email-spreadsheets-technology-business-intelligence-google.html
Oh it means what I think it means, even if I can't spell it correctly. ;) Semantic is the word I was looking for.
Those of you with large support contracts are encouraged to tell your support representatives that you would like to see Microsoft invest in developing processes for faster responses to external security reports.
That's what he was complaining about, and I think it's a legitimate complaint.
He did get a response. He didn't get a resolution (in the time frame he wanted one in).
Lets put a not so hypothetical situation out there to consider. You're working your ass off getting a project out the door, coding your little heart out (in this case, Microsoft was in the final hours of their "patch Tuesday" process). A vendor of yours comes to you on Friday night with a NEW problem that they think is a big deal. You acknowledge their complaint, file it away and go back to working on what you were working on. Two business days later, you learn that your vendor took out ads in every major publication and website touting what an idiot you are for not "responding" to him, even though you did.
The person who released the vulnerability needs to grow up. Just because he might be a competent security researcher doesn't seem to translate to him being able to act like an adult, and to treat others with respect. Don't even bother to say, "Well Microsoft doesn't treat other with respect." because as any second grader knows, two wrongs don't make a right (but three lefts do). What adult expects another grown adult (or group of adults) to drop everything they're working on to respond to what one person believes to be a huge problem? If everyone dropped everything every time something "important" popped up, nothing would ever get done.
The fact that the guy works at Google shows that he comes from a different head space. Google lives in perpetual beta and their apps are often times "temporarily unavailable". We've all seen what happens when Microsoft release a bad patch. Tens if not hundreds of millions of people are running Windows XP. The last "bad patch" Microsoft pushed out BSOD'd a bunch of compromised computers. The patch worked fine on clean computers, but Microsoft still caught a flak for that one, as if they should be required to test their patches against every known malware out there.
Why is the guy even messing with XP anymore anyway? That is two generations ago. Why didn't he hit Windows 7 if he wants to make the point that Microsoft is insecure and slow to respond to critical issues? It could be completely possible that the bug he found in XP doesn't even exist in Windows 7 (but I wouldn't hold my breath on that one). Maybe Microsoft researchers should focus on breaking Android 1.5 so that they can generate a bunch of bad PR for Google and point out how inept they are when it comes to developing mobile phones?
Slashdot needs a "sticky" so that we don't have to rehash this symantic issue every time it comes up. Zero day doesn't mean what most people claim it means. Zero day was a warez term. Any use of the term to refer to anything other than a pirated software release is a bastardization of the term.
"Root is a state of mind. Zero day is a state of freshness."
there are physical activities gamers might enjoy but they... well... don't...
For a certain subset of gamers, they are playing games as an escape from reality. For a subset of that subset, they are supplanting their inability to achieve in real life with their ability to achieve in the game. Where as one person might find the idea of putting on a full suit of armor and swinging around a heavy weapon to be fun, there are others who would just consider it a burden and find that the experience reenforced their preference to suit up and swing weapons around in an online environment.
Another poster mentioned tai chi. I found that when I started training martial arts (tai chi, bagua and kung fu), I found that I wanted to spend less time playing games. I felt like I was wasting time playing games, and that the time could be better spent "leveling up" my real life skills.
I present the motion that from this moment, we substitute "fresh no day" for the term "zero day". It was good enough for warez kids so it will be good enough for security researchers.
And further add to the discussion, as long as it requires having some sort of "bag" that bag probably has room for other common things that people carry around like writing implements, paper, books, etc. Making the statement that you don't need a case for an iPad is kind of like saying you don't need a briefcase for your papers. Sure, you could walk around with a couple of file folders tucked under your arm, but a briefcase is a lot more convenient. (If you're some sort of hipster who is morally opposed to the idea of a briefcase and the connotation it has with "the man", feel free to substitute messenger bag, or other metro-sexual approved fashion accessory.)
I believe that the paper was mentioned in reference to Google's patent application.
Are you SURE about that?
You are right that the focus has changed. The infection vector has also changed. The old vectors don't work, or if they do the access to them has been mitigated on the client by the software firewall, and on the network permimeter by hardware firewalls. The operating system has been hardened to the point that most of the exploits are targetting applications. That is an improvement. Once they figure out how to properly sandbox the applications, the entire system will become more stable. Whether or not Microsoft is really up to the task is debatable.
Any serious geek will tell you the long sorded history of windows and all its memorable virii, malware and hacks...
Where are the equivalent virii in 2010? I remember Code Red and Slammer and the really malicious code that was raping any system stupid enough to expose 135/137 and 445 to the world. I don't remember any malware of that league in recent memory. The worst malware these days seems to be the AntiVirus 2010 and its related ilk. The malware itself is insidious and requires a pave and rebuild "just to be sure". The infection vector is the same old, same old mess of compromised websites and browser exploits. So in that regard Microsoft is getting better. Their software isn't getting owned two minutes after being connected to the internet. Like others have mentioned, they still have a long way to go.
I will believe that Microsoft has figured out secure software once they properly sandbox their browser and manage to prevent malicious code from breaking out of it to compromise the system. There is not any reason why visiting a webpage, either deliberately or through a redirect, should result in a compromised system.
basically, google is lagging badly behind where third parties want to go with android.
That sound eriely familiar to the way they handled Google Apps. I was all gung ho to replace my Exchange server with Google Apps but there were a couple of not so minor little details to be addressed. I tried to get an answer from Google but couldn't get one. Everyone suggested talking to a GAPE partner. I tried to ask the GAPE partners the same questions and their response was, "Google assures us they're working on those features. No, we can't tell you when they will be ready. No, we really can't. Google won't tell us when new features are coming. Here, why don't you try this work around...."
That's the stick they need to support their customers. If Google doesn't man up and do this, I'm afraid it will do a significant amount of harm to the rapidly developing Android market.
Don't hold your breath waiting for good customer support from Google. Google has been great about bringing technologies to market. They have proven themselves nearly incompetent when it comes to end user support for those technologies. They really need to open up their hundred billion plus dollar bank accounts and fund a decent customer service / marketing department. Google is great if you're a coder and are comfortable working with half done APIs. They aren't so great if you're in the market for something that just works.
I notice a handful of developers who have a beef with the way Apple runs their App store, but do any users actually care? Are there hundreds of thousands of users who are hating Apple right now because Apple is denying the users access to a killer application that they simply can't live without?
The whole issue surrounding the app store seems really contrived to me. Users who actually care about wanting to run specific types of applications will buy a phone that they can run applications on. Users who want an iPhone will buy an iPhone. Plenty of huge corporations like Starbucks, Bank of America and others have developed iPhone apps. Fandango has an app for finding movies that runs on both the iPhone and the G1 (and probably other Android phones too). If there was a huge problem with Apple exclusivity, I'd expect corporations like BofA and the like to be complaining that Apple is preventing them from offering their customers the same kind of applications that are offered on Android.
Other than some niche apps, there doesn't seem to be a real problem. If app devs really have uber ideas for applications then they should be able to build those apps on alternative platforms and the users will come. If they do build them and the users don't show up, the app obviously wasn't all that compelling in the first place.
I'm not a big Apple fan, but I recognize their right to tailor their product as they see fit. It isn't as if they are the entire mobile device market. They aren't even half of it. There are alternatives. As much as I dislike the Apple fanboys when they trot out their tired, "You aren't the target market" meme, it seems to fit in this case. Apple isn't targeting developers. They are targeting end users.
Remember these are NOT computers they are phones..
In 1990 people would have killed to get their hands on a "phone" with the processing power far greater than their desktop "computers" at the time. The only thing that makes the iPhone a "phone" is the form factor. The internals are every bit as much a "computer" as the box sitting on your desk. It may lack the peripherals like a DVD drive or a USB connector, but in terms of the ability to programs the iPhone is a full blown computer (more so if it is jail broken).
we might ought to slow the process so we can kill enough of them to save South Korea.
All of the landmines in the world don't address the problem with the North Koreans having enough artillery in place to completely level Seoul within an hour or two.
Let them eat their own dog food. I wish Google the best of luck. I would love to see an open, nearly free version of all of the popular MS applications that make running a business easier. It would be great to have equivalents of Office, and Project and Exchange.
Whoever engineered the smaller run alongside the larger one, then decided that anyone who wants access to the system taps into the smaller system, is definitely worth whatever that person makes every year. Keeping the end users off of the backbone itself limits the chance of a misconfiguration taking everything down.
Show them how understanding code can help them compromise computers. Kids tend to enjoy breaking things.
I don't pay for them. On the other hand I don't attend enough conferences or deal with enough sales people to amass enough of them to simply hand them out at will either.