34 posts • joined 17 Sep 2009
Another idea ?
On UNIX one could set up a special user account and arrange the browser to run in the context of that while sharing the X-session (= rw group permissions for .xauthority, group = special user's group) with the real user.After a session the dedicated account's home directory would be wiped and restored into a default state (for default browsers settings and such) from an archive.
... I lost any remaining sympathy whatsoever for the cause of the *IAAs on after an exposure to a suit of the local metastasis thereof on the Finnish national TV. If they insist on the attitude employed so far - perhaps, most evident in the ACTA negotiations at this time - I suppose one has to conclude that P2P filesharing is, in fact, a form of civil disobedience, a moral duty.
... it will be really interesting to see what exactly merits the "ACTA" level of secrecy and underhandedness [and who and why thinks so] .
Service contract & phone
It would seem to result in more actual competition and choice for the consumer if the networks were not allowed to combine these (as is the case in some countries):
- Such a combination obfuscates the cost to the consumer, making comparison more difficult, thereby effectively reducing competition.
- This very arrangement would seem to enable the networks' grip on the device providers, with the result of limiting consumer choice.
In general this would seem like yet another case of business actively avoiding competition. Where possible, this sort of thing should be rooted out by regulation as competition is supposed to keep business honest, that is, the terms to the consumer reasonable.
Love it or leave it ?
Attitude problem, this, really: if it is fine by our standards it is fine everywhere.
The marketer's mind ...
... or the theory behind this sort of thing is an utter mystery to me: why annoy people you'd like to see to part with their money to your advantage with SPAM. Also, why does BT demonstrate to their existing customers that they are willing to abuse the trust (if any) placed in them for a dubious advantage. Both are probably smarter things to do than throwing away the pin while keeping the grenade, but not by a very wide margin.
... maybe this is a war chest like Microsoft used to (?) have. Come to think of it, Microsoft is the likely enemy too, because Apple might be growing from a convenient excuse for competition to a real issue. Apple could e.g. be pondering releasing a version of OS X for the general public now that it, in fact, is a Intel/PC OS.
Nomen est omen ?
Ertugrul ... is is just me or is there a positively Sauronish ring in that ?
"promised it won't happen again"
One has to wonder how they might improve SW quality like that all of a sudden. The only explanation I can think of is that someone in Bangalore or some such place has promised to do this for them (and what is more, they have believed it ;-)
It is refreshing to see someone to own up to fail instead of the usual spin, though.
The list of military hardware would seem to imply that socialism == USSR.
The USSR was - IMHO - foremost a totalitarian system where power was in the hands of the select few. I seem to recall the definition of socialism being a system of government where the means of production are in public control. Taken at face value, wouldn't this mean that every democratic country is - in fact - socialist as in such countries power is - in fact - in the hands of the public ?
Is that a Droid ...
"... in your pocket, or are you just glad to see me ?" (Mae West in "She Done Him Wrong", 1933)
Ubuntu would seem to have a convenient feature for this sort of thing: the Guest Session. The idea is that each session starts with a clean slate (the home directory of user guest is restored to a default state). [This can be activated from the upper right corner menu of the default gnome setup.]
C is a harsh mistress
>If you think fixing security bugs is as simple as using a different language ...
It is not that simple, but using a language/environment where it is not plain possible to e.g. inject code trough causing a piece of code overwrite the machine stack should help. Somehow e.g. insisting on using C for everything smacks of an attitude where the only honourable way of writing software by operating console switches. Silly, that, when we can use the machine itself to do such mundane stuff and save our attention for more important things, such as security.
Mind you, C in itself is an object of my deepest admiration [hence icon] as the language is clean and simple, yet strikes a pretty much optimal balance between portability and low-level access to the machine. The latter, unfortunately, opens the door for a class of nasty bugs. Fortunately, low-level access (and absolute efficiency) is not needed for most work and/or all code.
Isn't this just ...
another example of how the ultimate business model is not competing with anyone, while the chief moral (?) justification of existing as a business is being part of the free market ? [Doesn't compute: logic fail.]
The problem tends to be that the typical customer has a rather faint idea of what they actually want done (or what is possible/reasonable) at the time a contract is signed. Suggest paying for the work that is needed to figure this out and they are likely to go to someone who is prepared to overlook this. I suppose it is a fundamental flaw in how things work in practice: one can't really blame the customer for not being an expert as this is the very reason they come to you. Smart customers might (eventually learn to) make different contracts for experts looking after their interests and those doing the rest of the work, in which case the suggestion of contract provisions for liability for insecure code would be more realistic in practice.
Maybe this (too) is a manifestation of believing something just because it being true would be absfab (and/or the converse too distressing). Other examples of this would be e.g. :
- Safe and effective diet pills (it seems people continue to buy and use these despite them having been debunked countless times: the idea of getting slimmed down without really bothering with anything so very attractive).
- Medicine/doctors can deal with all ailments in an effective way / hardly ever screw up (a very comforting thought, but the reality is different. An important facet of this particular problem is that this fiction is also quite flattering - not to mention profitable - to the practioners.)
- How effective shameless flattery (in general) tends to be ...
The SANS Institute
I suppose Windows is implied in the name ('sans Windows') as this is a computer security outfit ?
A worthy observation, no doubt
As this begs the question: "How was the rootkit code injected into a device driver - running in the inner sanctum of the OS - in the first place ?" (atapi.sys: filename extension would imply that this is a device driver. If the rest of the name is as descriptive this would seem to be the driver responsible for a rather common physical disk interface, so being able to patch this is equivalent to full access to the raw disk devices under its control.)
A fortune cookie for all occasions
Life is a harsh mistress: she will eventually kill you.
I know this doesn't exactly help with the problem at hand, but my experience is that once one accepts this it is at least easier to put things in perspective, and, thereby - ultimately - take it easy, have a peace of mind more often.
Hdesnaxnkolv Pzöchf (<- this is what you get for requiring a title)
I seem to recall that "Chicago" was to Win95 as "Phallus symbol" was to Vista. At any rate they are similar: promises on a cosmic scale, real benefits subject to quantum effects.
[Choice of icon due to exposure to Bayonetta (PS3).]
... : The Larch
Double digits considered highly unlikely
>Does the percentage even climb into double figures?
In my understanding, hardly ever: the range of figures used to be 5-10 % (of the retail price) where getting near to the maximum is rare (Gaussian distribution over the range, I'd presume). This is from a newspaper article >10 yrs ago, I'd assume it has gotten worse since, given that these days the contracts suggested to new artists are reported to include provisions for the record companies getting a share of income other than record sales (e.g. gigs, fan products ... I know: this is positively *evil*, as Tori Amos put it).
Fiat Lux !?
I too believe that it is a radical change in legislation we need as the current mess is due to legislation granting a legal monopoly making it possible to exploit both the artists and the consumers to a totally unreasonable degree.
My suggestion would be a modification of the concept of copyright so that it would not be possible to transfer the copyright itself to another party; any contract to that effect would be null and void by law. Instead, the originator could/would grant licenses to any number of parties to produce copies of the work. This would seem to restore competition into the distribution business; this has currently been eliminated as the copyright holder and distributor tend to be the same entity.
I also like the idea of shorter, reasonable protection times (say 20 years from first release for music, movies, ebooks and other similar, digitally distributable stuff ?), and, making it mandatory to file a digital copy of the work to be protected to a public database from which it could be obtained (for free or for a modest fee covering the actual expenses) after the protection has expired. Such a filing would be a precondition of getting the protection in the first place for works that are to be distributed in a digital form. This would also have the very important side effect of protecting the cultural legacy of our time, at a very modest cost. (Not my ideas, mind you: I read something along these lines in the Finnish Pirate Party discussion forums the other day.)
[A Hyde Park / soapbox icon, please ?]
Jura gendarmerie ?
My skill in the French language being based solely on listening to Edith Piaf (aka Enchantresse Sublime I, l'impératrice de la chanson) I have to wonder whether this has been named in honor of the epoch (Jurassic, obviously) it was founded ?
At least ...
... this works consistently, just like a watch with painted arms which displays the correct time twice a day. Battery life is also obviously not an issue, ever, which is such a big plus for a portable device that I'm very tempted to overlook any shortcomings, especially given the price. At last, a piece of kit which might do exactly what is promised on the tin.
Too many news of this sort
for something that is supposed to be financial entity, where trust is essential, and once lost tends to stay that way. Personally I closed my account when (once again), they freezed wikileaks' account. It is my understanding that if/when one gets scammed when paying with Paypal, the outlook of getting (all) the money back (all the way to your bank account) is rather dim. Ultimately, if shove comes to push, they could and probably would try to weasel out of their responsibility by making issues of applicable law, venue and so forth; resolving an issue of e.g. a goods not delivered is difficult enough with a domestic bank which by definition of 'domestic' operates under the laws of your jurisdiction.
... this must mean that I get a refund for the remaining time of my 3 yr license ? This would be most welcome as this never quite worked well enough to be depended on.
Also, if they insist keep on suggesting using these devices as music players it would be a good idea to fix the following (for starters):
1) Remove the high-pitched hiss when playing back mp3s to earphones (observed on a N95, with proper headphones, not present on a proper mp3 player, and probably not audible with the excuse for headphones that come with the device, which, evidently, their QA (if any) uses ...)
2) Provide a decent player: e.g.
2.1) Being able to adjust the volume in smaller than 10 % increments (0-100%) is less than ideal as 40 % was too silent and 50 % too loud for a silent environment. Turns out an add-on player had 1 % steps and could be adjusted to a suitable level so this is not likely to be a hardware limitation. The hiss mentioned in 1) was still present though ...
2.2) The stupid thing insists on being aware of music files and using poorly implemented playlists based on its (time consuming) scans instead of e.g. playing back everything found in (the subfolders) a certain (top level) folder on the microSD card.
... I suspect that in World Nokia "Xpress" is actually pronounced just like "Depress" ...
A trip down the memory lane
PG&E ... that reminds me of the period in time when I had the distinct pleasure of consuming their fine offerings. Back then I rented an apartment in Mt. View, CA and sort of wondered why it was relatively cheap. I soon found out that the people responsible for that operation spared no reasonable effort to milk money from the tenants, though. An example of this was the gas bill.
Upon moving in I discovered that the heating apparatus located in the balcony closet worked on gas. As - in addition to the gasoline (petrol) price - the "winter" in the area is a joke to a Finn who used depend on a motorcycle for transportation in all seasons, and since the gas furnace had apparently been acquired from the scrapyard by larceny and consequently looked like it was immediately going to explode or cause some other nasty accident, if actually allowed to operate, I closed the valve to the gas line with haste and made a habit of checking that it had stayed that way to guard against a potential attempt by the janitor to assist an apparent foreign barbarian ignorant to the ways of the civilized world.
In a month or two, however, I got a gas bill for a couple of tens of dollars from "Scam & Fraud Apartments" (or whatever the name was). It turned out they too had some sort of arrangement whereby the meters are read remotely (yeah, sure ...) and there had been some lamentable mistake with that (yeah, sure ...). I'm still surprised they didn't try this more than two or three times ...
(*) Driving to school @ -43 C is my personal record. That day, I must admit, I didn't enjoy the ride to the usual extent.
so they have chosen to respond to competition by litigation (rather than with better products than the competitor ?). Sad.
Hear, hear !
Microsoft started the browser wars to destroy Netscape, which at the time was a commercial product sold for a price by chiefly using rather predatory pricing (0 $) and its de-facto monopoly position to make IE pre-installed on pretty much every PC sold. As Lewis Mettler points out, Microsoft is is the only one to profit for offering IE nominally free. This, again is based on the same monopoly where someone using IE also necessarily uses Windows (for which Microsoft gets paid).
It (BTW) seems to me that Microsoft's decision to "integrate" IE and Windows so very tightly was based on the premise that they could honestly say that IE cannot be removed without breaking Windows in case the competition authorities were to require this ... so I suppose Microsoft took this very seriously as they didn't hesitate to compromise the quality their chief asset (Windows/monopoly) here. Of course, at the time the threat seemed to be that the OS becomes chiefly something on which a browser runs on and the applications, in turn, might run under the browser making it, in effect, a competing OS.
The western (global ?) society essentially revolves around its economy, where competition is supposed to be the key underlying principle. It is therefore a troubling observation that the companies that are supposed to do the actual competing are, in fact, hellbent not to (because, apparently, that's where the money is).
@The Original Steve
> Take it none of you are developers..
I've been working as a software engineer since the late 1980s :-)
(Consequently :-) I don't think the problem typically lies with the actual developers (software engineers). Rather I'd say it is a management problem, more precisely a priority question where the issue of software quality is nowhere near the top of the list of important issues. This is where product liability and the resulting incentive come in. (Then again, even defining "software quality" in a practically relevant (measureable) way is a tricky issue ;-)
>So who should cough for the mess of insecurity which has blighted the online world...??
Indeed. This would also seem to create an incentive (the only kind that commercial entities take seriously ?) for producing quality products in the first place. Come to think of it, this is one more reason to do something about EULAs by which (among other things) the manufactures (try to) weasel out of any responsibility. This would seem to need some reasonable precedents or specific legislation. I'd say we have been waiting for the former long enough ... ?
- 'Windows 9' LEAK: Microsoft's playing catchup with Linux
- Infosec geniuses hack a Canon PRINTER and install DOOM
- Boffins say they've got Lithium batteries the wrong way around
- Game Theory Half a BILLION in the making: Bungie's Destiny reviewed
- Review A SCORCHIO fatboy SSD: Samsung SSD850 PRO 3D V-NAND