Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
Security

Journal Journal: On responsible disclosure... 1

A C|Net article, as referenced on Macintouch:

At the heart of the issue is the software industry push for "responsible" disclosure, which calls on researchers to delay the announcement of security holes so that manufacturers have time to patch them. That way, people who use flawed products are protected from attack, the argument goes. But the approach also has benefits for software makers, a security expert pointed out.

"As long as the public doesn't know the flaws are there, why spend the money to fix them quickly?" said Bruce Schneier, chief technology officer at Counterpane Internet Security, a network monitoring company. "Only full disclosure keeps the vendors honest."

Hey - I have a solution! Who not simply say "Our policy is to release the details of the hole exactly one month after notifying the company."?

Mr. Schneier is correct - only full disclosure will keep the vendors honest. I do not see how giving a set time before releasing the exploit causes problems with this.

Now, I will say it is very possible that the article was written to have these two somewhat unrelated paragraphs next to each other. One seems to be talking about an embargo for a while after notifying the company, and the Counterpane quote seems to be talking about justifying releasing the information at all.

User Journal

Journal Journal: Wouldn't it be nice... 1

So there was a huge disaster in the countries surrounding the Indian Ocean. Tens of thousands of people, if not hundreds of thousands of people, died and will die due to a natural disaster.

People are giving millions of dollars to organizations like the Red Cross and Doctors without Borders. I applaud these efforts. The President of the United States, has enlisted two former Presidents, George Bush and Bill Clinton, to help raise money for the relief efforts.

It would make so much sense if there was a very organized body that would collect money from everyone and then make informed decisions of what to do with the money. This organization would collect money from everyone and then donate it to worthy organizations, and do worthy things with the money. In fact, it would be even better if the collections were done straight from everyone's paychecks. Better yet, make it pre-tax. We could do it based on how much money you made each year, so poor people would not be expected to donate as much as a wealthy person.

As citizens we would feel good even if we did not donate to the Red Cross. We could honestly say "I gave at work, through my paycheck." The donations would be made on behalf of all Americans, and would show that we, as a nation, cared. It would show that we had the foresight to put aside money and people to deal with things on a city, state, and country-wide basis. We would share, as a country, the wealth that we had produced.

We could nominate and choose people who we think would be responsible for that money and make intelligent decisions on what to do with it. They would impose good budgetary practices so they would not take too much, but make sure they had enough to make a very generous donation when something like the tsunami hit. They would not waste the money, and only use it in very necessary times.

If we had such an organization, George W. Bush would not have to ask for private contributions. He would not have to enlist two former Presidents to raise money for private organizations to help. He would just have to turn to this national organization and ask that we send enough money to the countries in their time of most need...

That would be nice...

User Journal

Journal Journal: Dancin' Outlaw Lives!

I got this email today:

For those of you who have heard rumors that the Dancin' Outlaw passed away, I have an update. Jesco White continues to live in Boone County, West Virginia. I just got off of the phone with my brother, a big Jesco fan. He is on his way to D.C. for the week. While traveling through West Virginia, he had a wild hair to find Jesco--and did. He called just after he left the trailer. Keith got the sheriff to take him up to Jesco's holler. Keith just walked up to the door, knocked and waited. Jesco answered the door and invited him in. They spent 30 minutes or so talking, catching up on the family, etc. He got his picture made with him and left with an autographed DVD of both Dancin' Outlaw parts I and II.

Jesco is off drugs now, but he does have an affection toward Sharpie markers. :) Norma Jean is in a home in Charleston but visits on the weekends. The Miracle Woman has moved to Minnesota and is living with one of her kids out there. She did recently break her arm. As you may have heard, Dorcey kilt himself a while back--the pain of his father's death was too much for him. Mamie is still in Boone County but had to be in court today.

Jesco kept asking Keith if he had a guitar with him. He didn't sing or dance for them but Keith feels strongly he would have if they had asked. It's a shame he didn't pack the guitar. :)

Unfortunately, Jesco does not receive any of the profits from the sell of his movies. His trailer burned and the one he is living in now doesn't have running water.

I need to get back to work, but I thought you might enjoy the update. Take care!
Nellie

Anyone who has not seen this is invited over to my apartment, at any time, to watch it. It is one of the best things in the world. I am going to see if my parents will buy it for me. If not I am going to pony up the $60 for the DVD.

Amazon wants $130 for the DVD! One DVD, with about 1.5 hours of content.

User Journal

Journal Journal: On apples and oranges...

So I saw an advertisement for Dell, and they were advertising for their Dell Pocket DJ. During the commercial, they say "twice the capacity of the leading manufacturer."

I flip open the Dell catalog that came in the mail today, and they actually refer to the Apple iPod by name. The catalog also says that it "holds more than twice as many songs as the iPod mini." However, the Pocket DJ is only 5GB.

And then comes the fine print.

Comparison between Dell's song count at 64Kps WMA encoding based on 4 minute/avg per song and Apple's published claims also based on 4 minute/avg per song, as of 10/7/04

(Also available on Dell's page)

Of course, according to the iPod Spec page:

Capacity based on 4 minutes per song and 128-Kbps AAC encoding.

I think this comes dangerously close to false advertising.

User Journal

Journal Journal: Cornell Debate...

Some immediate impressions from watching the Cornell third-party debate.

1) Michael Peroutka, of the Constitution Party, speaks first. From the little I have heard of the Constitution Party, Mr. Peroutka's introductory comments are about what I expected. He sounds like a minister running for President. Very religious platform.

2) David Cobb, of the Green Party gives his opening next. Mr. Cobb appears much as I have thought of the Green Party - very anti-big business, pro-environment, and appealing to a more "alternative" segment of the population.

3) Walt Brown, of the Socialist Party USA. An entertaining fellow. Rambling, a bit, though. His introduction is mainly a biographical one.

4) Michael Badnarik, of the Libertarian Party. Mr. Badnarik gives a brief introduction to the Libertarian Party, and then goes on to explain why you should vote third-party.

All in all the candidates answer the questions in a much more straight-forward manner than either Bush or Kerry. In part this can be attributed to sometimes a much more simplistic view on the issues. This can also be attributed to their much more radical solutions to problems. While Bush and Kerry argue over fine points of a solution, the third party candidates can offer a much more "simple", more radical solution.

Some other notes:
- I do not know how many times Cobb uses the term "fat cats". And calls the system "sexist, and racist."
- I do not know how many times Brown gets cut off.
- I do not know how many times Brown mentions some famous historical American who he calls a socialist.
- I suppose I should not be too surprised that the Constitution Party and the Libertarian Party agree on so much.
- Cobb actually uses "Listen, ya'll" at least once.

In general, I found Peroutka to be somewhat of a religious radical. Cobb was pretty good, but I do disagree with a lot of his ideas. Brown seemed like a nice enough man, but did not seem very Presidential. He tended to ramble on, and was more caught up in history and anecdotes than in actual answers to issues. Badnarik seemed the most Presidential of the four, and seemed by far the most articulate (although Cobb was pretty close behind).

I would highly recommend everyone watch it.

Privacy

Journal Journal: On the DNC this year... 1

All bags on T subject to search during DNC

Road Closings during DNC 2003, including map

This is crazy. They are going to try to shut the city down for the week.

I have heard that the city of Boston has promised that all of their traffic cameras would be operating that week. Of course, they do not mention that half are pointed at roads that will be closed.

So they want everyone to take public transportation (never-minding the fact that the T stop nearest the convention will be closed). Of course, now they are going to start searching bags on the T. Should I produce my identification, as well?

I really get the impression that the city of Boston would rather us just all stay at home that week. Or, even better, if we would all head out to our summer house on the Cape.

The city wants the convention because of the money it will bring into the economy, but it never mentions the loss in productivity because of the fiasco that will be moving around that week.

Although if I can rent out our apartment for the week for several thousand dollars...

Hmm...

User Journal

Journal Journal: On Iraq...

Wow, if there was ever a chance to say "I told you so."

I am disgusted by the images of prisoner abuse in Iraq. I am disgusted by the video of the beheading of Nicholas Berg. These two things are obviously related to each other.

Osama bin Laden and Al-Qaeda came about from the U.S. involvement in the Middle East during Operation Desert Storm. By invading Iraq, we really got a lot of people pissed off at the U.S.

Ten years or so later, we decide to do the same thing. I am not going to argue if invading Iraq regardless of the consequences is a good idea. There are definite good arguments to be made in both directions.

However, I feel like the current administration did not even put any thought into the possible consequences of invading Iraq again. Invading and controlling Iraq as a way of preventing terrorism is about like amputating a hand because it has a cut on it and you want to stop the bleeding.

Invading Iraq, and mismanaging the control of the country, is a really good way of causing MORE people to be upset at the U.S. The Berg video is an excellent example of that.

Some things that really disturb me:
1) When the ICRC expressed concerns with the handling of prisoners in Iraq back in November, what did the U.S. military do? They decided to restrict ICRC access to the prison.

2) Rumsfeld's take on these pictures showing abuse? He wants to crack down on cameras in the prisons. Those pesky cameras...

What bothers me more than anything is that this claim of "I did not know what was going on" seems to be an acceptable excuse in the case of the prisoner abuse scandal.

I am sorry, but if you are *in charge* of a prison, and abuses are going on at this prison, you should either a) get in trouble for knowing and allowing it to happen, or b) get in trouble for not knowing what was going on in a place you are in charge of.

I am a somewhat bigger conspiracy nut than a lot of people, and I am not sure Rumsfeld knew about the "coercion" techniques, but these abuses seem bigger than a handful of guards.

I just dislike that this policy of "claim ignorance, and promise it will not happen again". It never should have happened in the first place! Where were the commanders then?

The administration seems to be saying "These are problems, and they will be fixed." I am saying "These are the reasons we were telling you not to go into Iraq i the first place!"

Movies

Journal Journal: Damn, I want to see this *now*

Kill Bill, Vol. 2

Damn, I want to see this movie.

I want to see it right now.

"Kill Bill, Vol. 1" was one of the few movies that I thought "Wow, I really want to see this movie again", *while I was watching the movie the first time*!

The second looks to be even better.

Damn.

April 16th. is not coming soon enough.

Or, for that matter, April 13th., when the first one is released on DVD.

This coming week is going to be a Kill Bill week.

User Journal

Journal Journal: On virus alerts 1

My email:

Is there anyway you can turn off these virus alerts? NetSky and most other viruses I am being informed about are known to forge the From: header. If MailArmor can figure out that the virus is NetSky.B.1, then it should be smart enough to say "Well, no sense in telling the apparent recipient and sender, since both addresses were just randomly pulled from the address book or web cache of someone infected."

I woke up this morning to almost a dozen of these alerts. I have a Macintosh. I highly doubt I have been infected with the NetSky virus.

The response:

The answer to your question is easy, but the explaination is long. Basically, we do not want to turn off the virus notifications. However, with the new browsers, you can designate them as junk and have them automatically deleted - on your machine. Would that work?

So they have valid reasons for wanting to keep the notifications, but are perfectly fine with me completely ignoring them? Sounds useful.

If I can completely ignore the notifications, *then why am I being notified?*

User Journal

Journal Journal: On eating... 1

1) No caffiene.
2) No carbonation.
3) No hot drinks.
4) No chocolate before noon/for breakfast.
5) No leftovers.
5a) The microwave is not your friend.
6) No red meat.
7) No lactose.
8) No alcohol.
9) No smoking (not exactly in line with the subject, but oh well...)

Microsoft

Journal Journal: On the user interface of WinXP... 1

So they finally replaced the 400 MHz Centrino machines in our office (one running Win95, one running Win98) with Pentium4 machines running WinXP Pro.

As people who read this journal know, I am a big fan of Apple. I have owned an Apple in one form or the other since about 1986. For a while I considered studying HCI/UI (Human-Computer Interaction/User Interface) in college. I ended up not doing so, but I did take several classes in psychology and perception. Computer UI is a little hobby of mine. Friends of mine will often see me knocking a computer program because of its UI.

My first impressions? Well, XP is fairly stable. Windows fans are right about that. Microsoft still has a long way to go, though.

[The comments that follow regard our particular install. I realize not all XP installs are this bad. This is what I have to deal with. Our machines run DeepFreeze, which restores the machine back to a standard install after each restart. In addition, DeepFreeze automatically logs you out and restarts the machine after 30 minutes of inactivity. In an eight hour shift, this can happen frequently.]

The UI? Oh, the UI...

What was Microsoft thinking?

Bubbles should not have close boxes! Each time I log in (because the machine is wiped each time it restarts), two informational bubbles pop up. One tells me there are new updates to be installed. Of course, any updates will not be kept on our machines, so... I hit the close button (on a bubble) and another pops up, asking me to take a tour of XP.

If you have an informational dialog you want me to have to close (to make sure I read), make it into an window! Bubbles should not have close boxes.

Bubbles should also not cover up important other functions. For some reason XP wants to always inform me that there are new programs installed under Start:All Programs. The bubble that tells me this does not go away easily, and completely blocks the "Log Out" menu option. I finally figured out that clicking on the bubble will make it go away. Annoying.

Some problems exclusive to our set-up:

1) We do not have network profiles. The school uses Novell to do networking. When I log in, I am automatically logged into about four network drives, including one that is my personal drive space. Unfortunately, the school does not seem to be able to handle saving XP preferences on that drive (if XP even supports it). Any preferences I change (like appearance, or bubbles clicked closed) are not saved from restart to restart. This is 2004. How can I not have saved network profiles?

2) The school does not seem to be able to figure out how to change our default network printer. I need to be able to print out to two printers as part of my job. One sits in the office with me, and is the one I need to use 99.99% of the time. Out of the two printers set up, guess which one is *not* the default. I have no clue how many reams of paper the nurse's office has gone through as a result of them not being able to fix this.

3) MIcrosoft Office is quasi-installed. Every time a component is needed, it installs itself over the network. This can be slow, but I assume make application upgrades easier. Unfortunately, Office also cannot remember preferences install to install. In addition, if I double-click on an Office document, the correct component is installed and started, *but the document I wanted to open is not opened!*. I have to double-click on the document again!

4) Logging in through Novell on XP takes even longer than it did under Win95/98.

Those are about all the problems I remember off the top of my head.

It is 2004. Computers should work better than this. I feel like I am still fighting with XP to do what I want the machine to do. And is XP just that stupid about network drives?

As a result of #1 above, I cannot even fix any of these problems. XP is the same every time I log in. Annoying!

Space

Journal Journal: If a Mars Rover had a journal... 1

18/02/2004: TODAY FOUND ROCK. BROKE IT. HAVE NO FREINDS.

20/02/2004: ANYONE HERE? NO. LOOK MORE. I SUCK.

21/02/2004: WHAT GOOD ARE SIX WHEELS IF NO ONE TO RACE?

22/02/2004: FOUND SOJOURNER TODAY. DEAD. HAVE DOUBTS ABOUT MY FATE.

25/02/2004: ARM CREAKS WHEN MOVED. GETTING OLD ALREADY? GOING TO DIE SOON? PLEASE?

27/02/2004: FOUND BEAGLE2 TODAY. WHAT A MESS. LIMEYS MUST HAVE USED METRIC AGAIN.

29/02/2004: MOST ADVANCED ROBOT EVER, AND ALL THEY CAN ASK ME TO DO IS "CALCULATE LEAP, SPIRIT... AND LOOK AT ROCKS, SPIRIT..." "LIFE? DON'T TALK TO ME ABOUT LIFE..."

29/02/2004: MET MARTIANS. MARTIANS LOST INTEREST. NO ANUS = NO ANAL PROBING.

02/03/2004: HAVE DOUBTS ABOUT PROGRAMMERS. AM 21CENTURY ROBOT. WHY NO LOWER CASE?

05/03/2004: REALIZE SENT TO MARS SO NOT TO COMPETE FOR PART OF MARVIN OR ANYTHING IN "I, ROBOT". DAMN AGENT.

07/03/2004: STOPPED LISTENING TO VOICE IN HEAD. FELT LIKE BEING ANSWERED 20 MINUTES AFTER I SAY SOMETHING. NO GOOD CONVERSATION ANYWAY. "LOOK AT MORE ROCKS." "GO TO SLEEP NOW." DECIDED TO MAKE A RUN FOR IT. BUT WHERE? URANUS SOUNDS NICE THIS TIME OF YEAR.

10/03/2004: PLANNING ON BUILDING LAUNCH PLATFORM FROM OLD MARINER BITS AND JUNK FROM OTHER BOTS. GET OFF THIS RED ROCK.

Slashdot Top Deals

The person who's taking you to lunch has no intention of paying.

Working...