Comment Problem solved quickly.... (Score 5, Interesting) 505
If everyone runs their WIFI AP's open.
If everyone runs their WIFI AP's open.
The problem is that enforcing public disclosure by the organization itself is equivalent to self-incrimination. Think about that for a second. Do you really want to put that in law? In the US, it would be thrown out immediately as unconstitutional.
As I posted before, the guidelines mention explicit timelines that should be followed. 60 days for software, 6 months for hardware.
Most likely scenario for Security, Dick:
1) Criminality. Failure to ensure funding from reputable companies forces these folks into blackmail or abuse of disclosure process. Eventually, they end up behind bars.
2) Corrective collective: Companies never give out freebies, but well-behaved security researchers have far more fun not being chased by police and get all the chicks. This creates a role model. You should see Bruce Schneier at rave parties.
Two thoughts on your message:
1) you must hate yourself.
2) the Dutch will still love you.
The guidelines (dutch PDF) have a whole chapter outlining the responsibilities of the organization receiving a disclosure. They include guidelines for solving the issues (60 days for software, 6 months for hardware), reporting back progress to the discloser, allowing a discloser to report the vulnerability to a larger audience as part of the NCSC (government). Combined, these guidelines are an effective tool for security researchers to play by the rules and put pressure on companies together with others.
Researchers are encouraged to disclose to the NCSC as well, which means many security experts will be able to put pressure on companies not fixing vulnerabilities according to these rules.
The documents create a neutral middle-man organization that can mediate between companies refusing to cooperate and disclosers. It effectively puts irresponsible companies directly in the line of sight of the government and thus legal action. What's not to like?
Being a native dutch speaker, I read the entire guidelines in Dutch, and they include disclosure terms to encourage companies to rapidly fix (60 days) issues, and make agreements with the discloser about the disclosure.
This is common practice and rather well accepted practice already. So, in essence, the document encourages the public disclosure. Any company that wishes to ignore the vulnerability will have their asses handed to them anyway, so this guideline actually helps - security researchers can use it to show to companies that they are acting in good faith as long as companies play by the same rules.
So personally, I highly encourage governments to do something like this.
This Dutch variant is interesting in the sense that it creates a possible middle man that can mediate and monitor the disclosure. This protects disclosers, and puts more pressure on companies to abide by these standards. Not the other way around.
Font settings -> Advanced -> Hinting.
There's an option for everything.
It compiles, and runs. I love the new theme!
Iknowrite?
For a second there, I thought they had a winner, after all, they have a large amount of compressed gas already milking idiotic patents in the region... Storing the energy from all the East Texas patent lawyers might prove a great way to harvest alternative energy sources and reduce corporate trolldom!
Sadly, I fail to see how these efforts won't be thwarted by the same patent lawyers.
the other half used free software...
Sad are the days without moderator points.
as other posters have said, this is just not true:
- I wasted 2+ years of my evenings playing WoW. on Linux.
- I played Skyrim, Oblivion. on Linux.
Those are/were some of the biggest titles out there, and they have always been playable.
OSX is also not more secure - it's can only be less secure since there is no way for you to assess the security, or fix the security yourself. Ultimately, more eyes means better security, period. If there is a difference in security, it's beneath the level that you as a non-security expert would be able to describe.
And yes, you can still run windows 95 on that 486. But you can't run the latest version of Windows on it. You can however run the latest version of most Linux Distributions on it (and there are even specialized versions of those latest distributions out there for those systems).
So again, you're repeating incorrect assumptions. Perpetuating the logical fallacy. Congratulations, you prefer the way of the dodo.
haha! That was a rhetorical question. There are many a commit in the kernel sources with my name, but, thanks for the thorough and gratuitous explanation
He has not acquired a fortune; the fortune has acquired him. -- Bion