It just came to my mind, that even some banks are stupid enough to use identification number as authentication. In this particular case, the attacker was able to withdraw money from an account by only knowing the account number (the account identifier). If this happened to me, I'd sue my bank for giving out my money without authenticating my identity. It should be really simple:
Any bank doing only
deserve to be sued their assess off.
It should not matter if businesses store your SSN. Would you object to storing your name, email address, phone number, postal address or any other publicly available number or information? The SSN should not be any different.
I'm afraid that the real problem is that businesses (and possibly government officials) are using SSN as authentication token instead of identification token.
We have exactly the same problem here in Finland with our SOTU/HETU/what-ever-it's-called-today identifier string. It was originally designed to be identifier for every citizen but the latest law (Henkilötietolaki, 1999) says that this identifier should not be public... Or it can still be used for identifying persons for statistical reasons, for selling services for credit, renting, insurances and other miscellaneus stuff. However, it cannot be used as the person idenfier "only because it were the easiest way to identify a person" (direct translation from the actual law)! How fucked up is that? A personal identification number that shall not be used as personal identification number? To my knowledge this originates from using this identifier for authentication (surely you are the only person that can remember the last 4 symbols in your identification number?)... After reading this discussion, it seems clear that the problem is the same in the USA. What I cannot understand is why they decided to codify this brain-damage as a law instead of simply saying that you cannot authenticate with identifier.
How can we get businesses and government to regognize the difference between identification and authentication? SSN or any other non-secret is not an authentication token and MUST NOT require any protection to keep it from public. One simple method would be to pass a new law that practically says that "SSN number cannot be used as an authentication". As a result, anybody using the SSN for authentication would have no authentication at all, according to law. Hopefully that would be clear enough even for dumber businesses.
Mozilla can't implement h.264.
Why not? It's easily licensable, and Mozilla has a pretty decent income.
Because even though Mozilla has some money, it cannot license H.264 with GPL compatible terms. They need a license that allows end users to modify and redistribute modified versions of Mozilla products (e.g. Firefox). The modified version could be a GPL licensed H.264 codec which has absolutely no browser code remaining. The patent owner, MPEG LA, is not happy with such licensing terms because if they license H.264 to Mozilla with such terms, every free software project has a license. Or if they grant such license, Mozilla is not rich enough for it...
Why are software patents stupid? Because you say so? Do you think there should be a difference between software and non-software patents? Why?
I'm not parent poster that claimed such but here're my ideas about this:
I'd be happy with software patents given following further restrictions:
Notice that originally US patent system required implementation of said invention to be presented to patent officer. This requirement was then dropped because of heavy costs (for the officers or inventors, I don't know). With software, the cost of copying the invention to the patent officer is less than filing the patent so there is really no reason not to require reference implementation.
No. Fundamentally, what is a web browser? It's a program that sends out tcp/ip packets, waits for the response, and displays stuff on screen. While there have been many new features added to windows over the years, there isn't anything fundamental that has changed that would impede a web browser from running on an older version of the win32 api.
Basically true, but the devil is in the details. Latest Firefox version does stuff such as display downloaded fonts on web pages without installing said fonts in the system (requires a new API), scan downloaded files for viruses (has 2 APIs, win2000 requires the old one, newer Windows versions require the newer API), allows theming the browser (could use native uxtheme library API if supported only winxp or newer), native UNICODE support is better with newer versions, too.
For combination of wget and cat the OS version does not change much, for OS supported rendering and integration features, the OS version is very important. The linux version of Firefox already requires pretty recent glibc and cairo libraries.
What would stop Sun from merging any interesting development made on any of these forks back into their version?
The fact that Sun bought the MySQL for acquiring rights to the source. That allows them to sell MySQL with licenses other than GPLv2. If they merge code from any open source fork (they're all GPLv2 because that's the only choice MySQL license allows for a fork), then Sun would be forced to distribute under GPLv2 only. Clearly this is not what they want because they paid $1,000,000,000 for the source. If they wanted GPLv2, they had it for free (as in beer!) already.
ext3 is also delaying writes. The bug is that ext4 is not delaying renames to happen after writes. Instead renames happen immediately, and guess what, they spin your hard drive up, then you get to wait 60 second until real data starts to be written. Oh and if you lose power or crash during these 60 seconds, you loose all data - new and old. Oh and you common desktops programs do that cycle several times a minute.
Excuse my language, but why the fuck are those "common desktop programs" writing and renaming files several times a minute? I understand that files are written if I change any settings but this is something different. Perhaps there should be some special filesystem that is designed to freeze the whole system for 1 second for every write() any application does. Such filesystem could be used for application testing. That way it would be immediately obvious if any program is writing too much stuff without a good reason.
The EXT4 is doing exactly the right thing because it's never actually writing any of those files to the disk. Because those files are constantly replaced with new versions, there's no point trying to save any unless the application ask so. To do that, the application should call fsync(). Otherwise, the FS has no obligation to write anything in any given order to the disk until the FS is unmounted. A high performance FS with enough cache will not write anything to disk until fsync() unless the CPU and disk have nothing else to do (and even then, only because it probably improves the performance of possibly following fsync() or unmount in the future).
The POSIX specifies that closing a file does not force it to permanent storage. To get that, you MUST call fsync() .
So the required code to write a new file safely is:
The is no performance problem because fsync(fd) syncs only the requested file. However, that's in theory... use EXT3 and you'll quickly learn that fsync() is only able to sync the whole filesystem - it doesn't matter which file you ask it to sync, it will always sync the whole filesystem! Obviously that is going to be really slow.
Because of this, way too many software developers have dropped the fsync() call to make the software usable (that is, not too slow) with EXT3. The correct fix is to change all the broken software and in the process that will make EXT3 unusable because of slow performance. After that EXT3 will be fixed or it will be abandoned. An alternative choice is to use fdatasync() instead of fsync() if the features of fdatasync() are enough. If I've understood correctly, EXT3 is able to do fdatasync() with acceptable performance.
If any piece of software is writing to disk without using either fsync() or fdatasync() it's basically telling the system: the file I'm writing is not important, try to store it if you don't have better things to do.
If A = B and B = C, then A = C, except where void or prohibited by law. -- Roy Santoro