Meanwhile, the U.S. seems to be heading for control of speed and use of the last mile by a small number of big telcos, with speeds less than a tenth of what Malaysia is aiming for.
James remarks that Malaysia’s plan looks like Korea’s. In other words, like a plan that’s already working in another country.
Funny what can be done when a country decides to actually do something instead of squabbling.
-jsq
As an example of how, even though people cry wolf too much, nonetheless sometimes, as in the current the Microsoft WMF vulnerability, the wolf really is at the door, or in this case in the image. Unlike many web-related vulnerabilities, this one doesn’t require the user to do anything to take effect, because it’s an image vulnerability. Internet Explorer (IE) just goes ahead and executes the vulnerability when it sees such an image. Recent versions of Firefox at least ask the user before opening the image, but many users will say yes because it’s an image, and people think images are safe.
Microsoft has not provided a fix, even though this problem has been around for a week or more now. SANS is predicting that Microsoft won’t provide any fix for Windows 98, instead if you want to be safe, you’ll have to upgrade.
Meanwhile, an individual has provided a patch that seems to work, and SANS has tested it and approves.
What does it mean when the world’s largest software vendor can’t release a timely patch to one of the worst-ever vulnerabilities in its software?
Continue readingNotice that in 1968, when Ehrlich published his book The Population Bomb, world fertility was already in decline. Ehrlich was thus urging people to do what they had already been doing for about 10 years. It’s not clear whether he knew this or not. But certainly when he said, “The battle to feed all of humanity is over….At this late date nothing can prevent a substantial increase in the world death rate…” he was simply wrong. As you see, after his book appeared the death rate remained flat in developed countries, and it continued to fall for another 10 years in developing countries.Crichton remarks that Erhlich was merely crying out in desperation to urge what’s already happening. However, Crichton also neglects to mention that a quite significant government initiative, the One-Child Policy in China, was promulgated after Erhlich’s warning and has apparently had a significant effect on population growth in China, which is now expected to peak somewhere around 1.5 billion in about 2025. In other words, China chose to change its demographics to start acting like a developed country before it became one. Crichton also doesn’t mention improvements in food production that weren’t known to be possible when Erhlich wrote. Erlich was in fact wrong in his predictions, but Crichton is also wrong in implying that things would have gone as well if nobody had tried to do anything to change the situation. Continue reading
Fear, Complexity, & Environmental Management in the 21st Century Washington Center for Complexity and Public Policy, Washington DC, November 6, 2005, By Michael Crichton
Perhaps his most important point is that that settlement will only have effect in the U.S., not, for example, in Canada.
This particular suit settlement would require Sony not only to recall all the affected CDs, but also to stop using the software that implemented the rootkit and to disavow the relevant portions of the EULAs. It even would require free music downloads, which would be one of the things Sony was trying to counter with the DRM in the first place. Continue reading
Occasionally I’ve argued that it would be good if ISPs blocked badly configured computers. By that I meant blacklisting computers that were especially badly configured, having well-known security holes or actively spewing actual malware.
Even that has problems. Already, ISPs are hair-trigger to block anything that looks like it might be doing a port scan, even though it turns out port scans do not correlate with exploits (see later post). Regular traceroutes to your friends’ locations could get you tossed off. Others will block if your outgoing packet rate goes above some arbitrary minimum. So much for your fast-paced game.
White listing of only acceptable applications would be even worse.
Vendors call them by different names, but all use an agent on the client to verify its configuration. If the agent reports software (or in more advanced versions, hardware) that isn’t on a white list, access is denied.
Will ISPs Quarantine You From the lnternet? Microsoft is against ISPs doing anything that would restrict customers’ right to run insecure software. By Andy Dornan 1 Jan 2006, 12:00 AM ET
I’d like to believe that won’t happen, but given the way some ISPs already run turnkey software that springs bogus traps such as I already mentioned, I can’t say it won’t.
Continue readingThe world is an increasingly dangerous place, so we have to use extraordinary means in extraordinary times, right? Wrong, according to a recent report:
The Human Security Report, an independent study funded by five countries and published by Oxford University Press, draws on a wide range of little publicized scholarly data, plus specially commissioned research to present a portrait of global security that is sharply at odds with conventional wisdom. The report reveals that after five decades of inexorable increase, the number of armed conflicts started to fall worldwide in the early 1990s. The decline has continued.
By 2003, there were 40 percent fewer conflicts than in 1992. The deadliest conflicts — those with 1,000 or more battle-deaths — fell by some 80 percent. The number of genocides and other mass slaughters of civilians also dropped by 80 percent, while core human rights abuses have declined in five out of six regions of the developing world since the mid-1990s. International terrorism is the only type of political violence that has increased. Although the death toll has jumped sharply over the past three years, terrorists kill only a fraction of the number who die in wars.
Peace on Earth? Increasingly, Yes. By Andrew Mack, Washington Post, Wednesday, December 28, 2005; Page A21
We wouldn’t know this by what’s generally reported in the media, whose motto remains, if it bleeds, it leads. So what happened?
Continue readingBush’s eavesdropping program was explicitly anticipated in 1978, and made illegal by FISA. There might not have been fax machines, or e-mail, or the Internet, but the NSA did the exact same thing with telegrams.Continue reading
— Project Shamrock, by Bruce Schneier, 29 December 2005
It’s good that a bot herder got caught and may get time. But this one was unusual, indiscreet, and probably easier to catch than most. Continue reading
So you end up with a movie that has elements generated this way; so what? Well, in QuickTime,
A sprite can also modify its behavior with the passage of time, either “movie” time (the duration in which the movie plays) or in real time. In fact, a sprite can continue to act even after the movie it is in is paused or stopped.OK, a sprite isn’t just a movie; it’s a program, implemented by the movie player. Still, so what? Continue reading
— QuickTime Interactivity Gives Your Movies the Smarts.