Comment Re:Now patched? (Score 4, Informative) 306
No patch is currently available -- a fully patched 10.5.7 system remains vulnerable. See also http://landonf.bikemonkey.org/code/macosx/CVE-2008-5353.20090519.html
Comment Also disable Safari's 'Open"safe" files. (Score 4, Informative) 306
In addition to disabling Java support, Safari's 'Open "safe" files after downloading' must also be disabled to prevent websites from automatically loading a Java WebStart application via a JNLP file.
I've also posted a demonstration of the vulnerability at http://landonf.bikemonkey.org/code/macosx/CVE-2008-5353.20090519.html
Comment Re:Ahem... it's SF (Score 1) 798
1. Nobody calls it "Frisco."
Tell that to Hardee's
"Hardee's is a restaurant chain, located mostly in the Midwest United States and Southeast regions." Ah yes, the good ol' midwest.
Wiretapping Program Ruled Legal 575
BuhDuh writes "The New York Times is carrying a story concerning that well known bastion of legal authority, the 'Foreign Intelligence Surveillance' court, which has ruled that the National Security Agency's warrantless eavesdropping program was perfectly legal. It says, 'A federal intelligence court, in a rare public opinion, is expected to issue a major ruling validating the power of the president and Congress to wiretap international phone calls and intercept e-mail messages without a court order, even when Americans' private communications may be involved, according to a person with knowledge of the opinion.'"
Comment Re:Mix Fun and Fair (Score 1) 262
Instead, look at fairsoftware.net (hey, if I invented it, I can brag about it). You won't earn immediate cash, instead you'll be getting equity into whatever fun software project you find. Or start your own and get more geeks to join you, also for revenue share, not upfront cash.
This is very, very cool.
Do you have any plans to support existing legal entities using FairSoftware? This would provide us with a low-friction approach to collaboration, allowing trust and more permanent relationships to form organically between independent contractors and our organization.
Also, do you have any thoughts on models where external billing is required, such as the iPhone App Store? Serving as a publisher could be one option here (and would be a fairly significant advantage given the difficulties individuals often have dealing with the app store). That's something I'd definitely be interested in collaborating on.
Lastly, a related project -- have you seen One-click Organizations? The information was here, but the the webhost has gone kaput today, so here's the Google Cache version
Comment Re:Developer=Engineer (Score 1) 465
Commenting to remove accidental redundant moderation. It's right next to "Insightful".
Sorry!
Since I'm here -- I've always though that the "hardware is cheap, programmers are expensive" position presented a false dichotomy: a choice between achieving passable performance through good design, versus optimizing for developer efficiency. Efficient use of resources and ease of development are not mutually exclusive.
Comment Re:Java, Java, Java, Java, (Score 1) 136
Modern mobile devices have fast CPUs yet very limited RAM. And no swap.
They have faster CPUs than they used to. The CPUs are still not "fast".
I spent the last week implementing, profiling, and improving up disk-backed image caching with a front-end LRU memory cache for the iPhone, and experimenting with offloading batch image processing off to a OpenGL FBO. Doing image interpolation while scaling is so expensive on the iPhone's relatively fast CPU that it's absolutely necessary for me to cache thumbnails.
The cache implementations themselves had to be highly optimized in order to pull images off disk fast enough to run inside of a tight animation loop, while also supporting a background thread rendering of not-yet-cached thumbnail images and saving to the disk cache.
I can't even fathom writing this in Python. Any spare CPU I have, I put to good use -- there's absolutely none available to spend on a slow interpreter, even for non "performance critical" parts. If there's a non-performance critical code path, then I can always use any available CPU time to do more background work and achieve better perceived UI performance.
Bottom of The Barrel Book Reviews-Confessions of a Recovering Preppie 228
An anonymous reader writes "Michael de Mare's, Confessions of a Recovering Preppie, has
been sitting on my desk a long time, for good reason. They say you
can't always judge a book by it's cover but in this case, the
unintentionally embarrassing front is perfect. Confessions is a painfully
ordinary collection of college stories. Michael seems to have a
different definition for the word preppie than the good people at
Webster or I do. Even though the author specializes in cryptography,
he seems unable to decipher any social situation, himself or the code
to writing a book worth reading. Click below to see how confusing it
gets.
Firefox SSL-Certificate Debate Rages On 733
BobB-nw points out the ever more raucous debate over the way Firefox 3 handles self-signed certificates. The scary browser warnings have affected a number of legitimate sites (such as Google AdWords and LinkedIn) that didn't renew certs in time. Lauren Weinstein loudly called attention to the problem early in July. "If you visit a website with either an expired or a self-signed SSL certificate, Firefox 3 will not show that page at all. Instead it will display an error message... To get past this error page, users have to go through four different steps before they can access the website, which from a usability standpoint is far from ideal. This way of handling websites with expired or self-signed SSL certificates is bound to scare away a lot of inexperienced users, no matter how legitimate the website is."
When Is a Self-Signed SSL Certificate Acceptable? 627
UltraLoser writes "When is it acceptable to encourage users to accept a self-signed SSL cert? Recently the staff of a certain Web site turned on optional SSL with a self-signed and domain-mismatched certificate for its users and encourages them to add an exception for this certificate. Their defense is that it is just as secure as one signed by a commercial CA; and because their site exists for the distribution of copyrighted material the staff do not want to have their personal information in the hands of a CA. In their situation is it acceptable to encourage users to trust this certificate or is this giving users a false sense of security?"
Ralph Nader Might Announce Run For President 333
SonicSpike writes "According to the AP, Ralph Nader could be poised for another presidential campaign. Nader will appear on NBC's 'Meet the Press' tomorrow to announce whether he will launch another White House bid. Nader kicked off his 2004 presidential run on the show. Kevin Zeese, who was Nader's spokesman during the 2004 presidential race said, 'Obviously, I don't think Meet the Press host Tim Russert would have him on for no reason.'"
MIT Offers City Car for the Masses 290
MIT's stackable electric car, a project to improve urban transportation will make its debut this week in Milan. "The City Car, a design project under way at the Massachusetts Institute of Technology, is envisioned as a two-seater electric vehicle powered by lithium-ion batteries. It would weigh between 1,000 and 1,200 pounds and could collapse, then stack like a shopping cart with six to eight fitting into a typical parking space. It isn't just a car, but is designed as a system of shared cars with kiosks at locations around a city or small community."
Submission + - Adium code forked over Leopard Dispute (livejournal.com)
admiralfrijole writes: Earlier this week, several people opened tickets against Adium crashes occurring in the latest Leopard Beta, which started a veritable firestorm of controversy that included discussions of GPL violations, disabling features, and quite a spat across no less than 3 different IRC channels.
Today, one of the people who filed a ticket and was told that it would not be fixed until Leopard ships announced on his blog that he, and several other unnamed individuals, have forked Adium to create A.org.
Today, one of the people who filed a ticket and was told that it would not be fixed until Leopard ships announced on his blog that he, and several other unnamed individuals, have forked Adium to create A.org.
Best Buy Acquires SpeakEasy 285
spazimodo writes "From the announcement e-mail from Speakeasy CEO Bruce Chatterley: 'I am pleased to announce that Speakeasy has been acquired by Best Buy, an innovative and growing Fortune 100 company and the top consumer electronics retailer in North America. This is a significant milestone for our company as our new relationship will help us realize our goals of becoming the No. 1 provider of voice and data solutions to small businesses. It is important to note that though Speakeasy will now be a wholly owned subsidiary of Best Buy, we will continue to operate as a standalone, independent operating division with headquarters in Seattle.' As a longtime Speakeasy customer, it's too bad to see their business moving in this direction. Back in the day when I called up their support with a problem, and mentioned I was using an OpenBSD box as a firewall/gateway the response was: 'cool!' — slightly different from the response Comcast or Verizon would give. I can't imagine they'll be able to maintain that independence, and there's no way I'm paying a premium for Internet service to Best Buy."
Wordpress 2.1.1 Release Compromised by Cracker 48
GrumpySimon writes "The recent 2.1.1 release of the popular blog software Wordpress was compromised by a cracker who made it easier for to execute code remotely. This is interesting because the official release was quietly and subtly compromised, and has been in the wild for a few days now. There's no word on if any affected sites have been compromised, but anyone running Wordpress is urged to upgrade to 2.1.2 immediately, and admins can check their logs for access to 'theme.php' or 'feed.php', and query strings with 'ix=' or 'iz=' in them."
