| |
| Current Topic: Technology |
|
udrepper: Do you still think the LSB has some value? |
|
|
|---|
| Topic: Technology |
10:48 am EDT, Sep 19, 2005 |
Do you still think the LSB has some value?
There are still people out there who think that the LSB has any value. This just means they buy into the advertisement of the people who have monetary benefits from the existence of the specification, they don't do any research, and they generally don't understand ABI issues. Just look at the recent LSBv3 certification process. Our management got pressured by certain parties into declaring that once again we go through the process. The v3 spec was extended significantly, some new tests were added. And of course, the tests are run against the current code base and using the machines people nowadays use. What is the result of all this: many many reported bugs. This is nothing new, it has been the case for every test run after an update of the test suite. And the analysis of the failures is also always the same: the bugs are not in the tested code, they are in the test suite. There might be occasionally a problem in the code, I think I've seen one or two of these, but it's safe to say 90 % of the reported bugs are actually problems in the test suite. Look at the LSB bug database and all the reported problems if you doubt that.
Interesting commentary on LSB. udrepper: Do you still think the LSB has some value? |
|
Sun Censored but Not Silent |
|
|
|---|
| Topic: Technology |
8:37 am EDT, Sep 14, 2005 |
Top business publications refused to run our bold ad concepts because the headlines were thought too controversial. At Sun, we're the radical engineers that build "ass-whoopin" technology - we're not Miss Manners and we never want to be.
It looks like Sun is trying to change their image. I like their new ads, and the rejected ones are even better. Sun Censored but Not Silent |
|
Massachusetts Switching to Open Document Standards |
|
|
|---|
| Topic: Technology |
9:00 pm EDT, Sep 12, 2005 |
These days, anybody trying to sell a one-vendor proprietary networking stack would be laughed out of the market. I am quite certain that in another decade or two, anyone trying to sell a proprietary office-document format will be too. Massachusetts is smart enough to be a little ahead of the game.
Massachusetts Switching to Open Document Standards |
|
RE: The Six Dumbest Ideas in Computer Security |
|
|
|---|
| Topic: Technology |
1:36 pm EDT, Sep 12, 2005 |
Dagmar wrote: It is Clue.
Argh. Why'd you have to post something so inflamitory on a day when I have movers in my apartment? I must respectfully disagree. The number one most destructive idea in computer security is that its a good thing to write quazi-utopian "everyone in the entire industry is crazy except me" essays that give clueless people the belief that they are privy to THE answer. I'm sure it works wonders for Ranum's business. However, it is neither constructive nor useful. 1. Default Permit. It depends on the context. I think that default permit is a bad idea in the email world, for example, but most people are, for some reason, far more interested in getting the odd unsolicited communique then they are in living without spam. This is, perhaps, because the whole idea of the internet is to enable people to easily communicate. Its possible that overtime people will tire of all the opennness, and if they do, no one will be happier then computer security people, but for the time being some applications are going to be default permit, and its not the computer security community that drives that. 2. Enumerating Badness. He argues in the default permit section that "It takes dedication, thought, and understanding to implement a 'Default Deny' policy" and then immediately proceeds to argue that its less expensive to implement a Default Deny policy then to enumerate badness and that most of the computer security industry is a sham! He is, of course, wrong (why did we write NFR?!). While you might have to pay $30 to buy a product that enumerates badness, in general, that badness is the same for everyone. Your goodness is specific to you, and so you're going to have to hire someone to custom configure it for you, and they are going to charge you a hell of a lot more then $30. His Enumerate Goodness anti-virus system sounds somewhat reasonable until you realize that decent worms and viruses disable things like that, but if you want to live in a world where you absolutely must get permission from the IT department in order to run anything, its coming, and its called palladium, and I will conceed that people are going to do it, and it will prevent some security woes. It will also prevent a lot of work from getting done, and smart people won't use it. 3. Penetrate and Patch. If people simply wrote software that didn't have vulnerabilities, there wouldn't be any need to patch things! WOW! Brilliant! The inevitable result is going to be that some hapless admin somewhere is going to need to patch a critical flaw and he'll be told by his boss's boss that he has a "penetrate and patch" mentality. Wonderful. The fact is that no one has designed a vulnerability free computer, and while we do appreciate systems that are more failure tolerant, such as OpenBSD, and wish businesses adopted them more often, until such time it is foolish to fault researchers for continuing to look fo... [ Read More (0.2k in body) ] RE: The Six Dumbest Ideas in Computer Security
|
|
Verisign Sues ICANN to reinstate Sitefinder! |
|
|
|---|
| Topic: Technology |
2:58 pm EDT, Sep 10, 2005 |
] The dispute over who controls key portions of the
] Internet's address system erupted into open conflict
] today when VeriSign Inc., the world's largest addressing
] company, sued the Internet's most visible regulatory
] body, charging that it has been unfairly prevented from
] developing new services for Internet users. VeriSign's power grab attempts continue. Verisign Sues ICANN to reinstate Sitefinder! |
|
Schneier on Security: SHA-1 Broken |
|
|
|---|
| Topic: Technology |
2:54 pm EDT, Sep 10, 2005 |
] SHA-1 has been broken. Not a reduced-round version. Not a
] simplified version. The real thing. All your digital signatures are belong to us. You have no chance to survive make new keys. (well, not really new keys, but you get the drift) Schneier on Security: SHA-1 Broken |
|
Mike Lynn's 'exploit', in plain (non-technical) English |
|
|
|---|
| Topic: Technology |
12:39 pm EDT, Sep 9, 2005 |
There has been an almost unbelievable amount of hubbub lately about the research that Mike Lynn gave a demonstration of at the BlackHat conference last week, and there's been a positively dizzying amount of "spin" applied to the media. Let me say one thing to everyone reading this, right up front. What Lynn uncovered is a serious issue, probably actually more serious than what the media is making it out to be. While coverage on the issue is good (and useful to both "sides") the lack of actual accurate reporting on the issue isn't helpful to anyone. Part of the problem is that apparently, outside of the list of BlackHat attendees, there's not that many people running around who truly understand what Lynn's research uncovered. Lynn did not reveal an "exploit" in the usual sense. In fact, Lynn of his own volition has been playing his cards fairly close to his chest on this, and omitted most of the technical details of the problem from his presentation in order to assure that no one would be able to easily "follow in his footsteps". Lynn, it can safely be said, was scared by what he discovered--scared enough that he has risked his livelihood not once but twice in order to be sure that should the technical aspects of what he's found not be resolved before someone with less respect for the continuation of the Internet figures it out for themselves, the network and security administrators of the world will have had time to take some steps to reduce the amount of damage done. It can no longer be thought of as a sure thing that just because a particular vulnerability could "break the Internet" that no one's going to try it just to see if it's really true. We have a rather excellent example in recent history that pretty much everyone is aware of by now... the MS Blaster worm which raged around the Internet wreaking rather unprecedented havok. Pretty much everyone on the Internet was either personally affected by this, or knows someone who was. Blaster made use of a vulnerability that had become rather common knowledge by the time it was released, but had already been known to many security professionals for months. The real problem that made things so painful and propagation of Blaster so widespread, was that for those months, Microsoft had been actively denying that there was ever a problem until Blaster forced them to admit it. Had system administrators been made aware of the issue and the meager steps needed to impede the spread of Blaster (which everyone implemented in a white-hot hurry once their networks were figuratively ablaze) the damage could have been much less indeed. Cisco is not helping the issue, or I should say, Cisco's lawyers are not helping the issue. Cisco makes some really awesome products, and their technical people can't really be faulted for this one technical flaw. The problem is that Cisco's lawyers are convinced that public knowledge of a serious issue ... [ Read More (1.3k in body) ] Mike Lynn's 'exploit', in plain (non-technical) English |
|
Armed and Dangerous » Microsoft tries to recruit me |
|
|
|---|
| Topic: Technology |
8:22 am EDT, Sep 9, 2005 |
I’d thank you for your offer of employment at Microsoft, except that it indicates that either you or your research team (or both) couldn’t get a clue if it were pounded into you with baseball bats. What were you going to do with the rest of your afternoon, offer jobs to Richard Stallman and Linus Torvalds? Or were you going to stick to something easier, like talking Pope Benedict into presiding at a Satanist orgy?
Apparently Eric S. Raymond got a job solicitation from Microsoft. I think the circumstances are funnier than his reply, but whatever. Armed and Dangerous » Microsoft tries to recruit me |
|
BBC NEWS | Technology | Money motive drove virus suspects |
|
|
|---|
| Topic: Technology |
9:04 am EDT, Sep 7, 2005 |
Few virus writers now want to hit the front pages, said Mr Hypponen, most prefer to have their creations sneak under the radar, rack up a few thousand unwitting victims who are then milked for money or saleable data. It appears that Mr Essebar was intending to make money several different ways from the people caught out by the Mytob and Zotob viruses he is alleged to have created.
It seems we are entering a new era of organized crime online. Viruses are no longer the product of kiddies trying to prove they are capable of doing damage. Instead viruses have become a tool of spammers and adware installers. BBC NEWS | Technology | Money motive drove virus suspects |
|
Philips Paper-like Display Earlier Than Expected |
|
|
|---|
| Topic: Technology |
7:43 am EDT, Sep 6, 2005 |
The Readius is the world’s first prototype of a functional electronic-document reader that can unroll its display to a scale larger than the device itself. With four gray levels, the monochrome, 5-inch QVGA (320 pixels x 240 pixels) display provides paper-like viewing comfort with a high contrast ratio for reading-intensive applications, including text, graphics, and electronic maps.
Philips Paper-like Display Earlier Than Expected |
|
