Dreamweaver MX

My personal blog

Robots.txt Syntax Checker

checks your robots.txt file and informs you of any errors that it finds.



Has Nani Penned New Deal?

This new ‘development’ has been gnawing away at my brain for the past day and a half. So let’s get rid of it right away once and for all. (Read on Source)


Newest GPL draft leaves Novell in the clear

Final draft of GPL 3 doesn't block the Novell-Microsoft patent pact that has raised open-source hackles.


Business.com Could Hit Jackpot on Auction Block

Entrepreneurs Jake Winebaum and Sky Dayton were widely mocked for lavishing $7.5 million on a single Internet domain name -- business.com -- back in 1999. It was the single highest price paid for a domain name at the time. (Read on Source)


Subscribe to Marketing Pilgrim to Win $300!

How would you like have a chance to win $300 by simply subscribing to our RSS feed? Yep, the RSS subscriber contest is back for the summer and one lucky RSS reader will win $300 to spend on whatever they want! (Seeing as everyone seems to have an iPod these days, we thought we’d just [...]


Share your open source success story

Has your organization migrated a key part of your IT infrastructure to Linux or an open source application? Share your success story with Linux.com readers.


Computer Training Course

There are several types of computer training course available to the person seeking to learn about computers today. In fact, the whole arena of computer training can be so intimidating that it is goo...


Hamilton plays down title talk

Lewis Hamilton refused to contemplate the prospect of becoming the first rookie Formula One world champion despite a stunning victory in a thrilling Japanese Grand Prix.


Why Dynamic web site does not crawled by meta search engines?

Dynamic generated web sites often cause problems with search engines. Dynamic website design, generally not crawled by search engines. What should a web designer do to make his website search engine f...


Williams girls stay on course for Final clash - Wimbledon Ladies Singles.


SERP Position: It Ain't Horseshoes

Close enough may get you points in horseshoes, but it doesn't cut it in search. More than 90 percent of all search referrals are from results on the first page. If your website doesn't rank for relevant terms on page one, you might as well be invisible.


Addicted to Email? You’re Not Alone

Addicted to Email? You’re Not Alone America is a nation of email addicts, says AOL, and it's only getting worse. Even in the face of so many new methods of online communication, email reigns supreme to the point where some people are literally losing sleep over it. (Read on Source)


Neanderthals, modern humans share ancestor, scientists say

Researchers find a DNA link between the two species. Neanderthals and modern humans shared an ancestor that lived about 660,000 years ago, according to scientists who have pieced together the first complete sequence of maternal DNA from humanity's closest cousins. (Read on Source)


Dive Deep with 3 Underwater Cameras

These digital cameras from Olympus, Panasonic and SeaLife don't mind a dunking.


Wenger expects new arrival

Arsene Wenger is ?certain? he will be able to add another body to his Arsenal squad before the transfer window closes at the end of the month.


Boston Court's Meddling With 'Full Disclosure' Is Unwelcome

In eerily similar cases in the Netherlands and the United States, courts have recently grappled with the computer-security norm of "full disclosure," asking whether researchers should be permitted to disclose details of a fare-card vulnerability that allows people to ride the subway for free.

The "Oyster card" used on the London Tube was at issue in the Dutch case, and a similar fare card used on the Boston "T" was the center of the U.S. case. The Dutch court got it right, and the American court, in Boston, got it wrong from the start -- despite facing an open-and-shut case of First Amendment prior restraint.

The U.S. court has since seen the error of its ways -- but the damage is done. The MIT security researchers who were prepared to discuss their Boston findings at the DefCon security conference were prevented from giving their talk.

The ethics of full disclosure are intimately familiar to those of us in the computer-security field. Before full disclosure became the norm, researchers would quietly disclose vulnerabilities to the vendors -- who would routinely ignore them. Sometimes vendors would even threaten researchers with legal action if they disclosed the vulnerabilities.

Later on, researchers started disclosing the existence of a vulnerability but not the details. Vendors responded by denying the security holes' existence, or calling them just theoretical. It wasn't until full disclosure became the norm that vendors began consistently fixing vulnerabilities quickly. Now that vendors routinely patch vulnerabilities, researchers generally give them advance notice to allow them to patch their systems before the vulnerability is published. But even with this "responsible disclosure" protocol, it's the threat of disclosure that motivates them to patch their systems. Full disclosure is the mechanism (.pdf) by which computer security improves.

Outside of computer security, secrecy is much more the norm. Some security communities, like locksmiths, behave much like medieval guilds, divulging the secrets of their profession only to those within it. These communities hate open research, and have responded with surprising vitriol to researchers who have found serious vulnerabilities in bicycle locks, combination safes (.pdf), master-key systems and many other security devices.

Researchers have received a similar reaction from other communities more used to secrecy than openness. Researchers -- sometimes young students -- who discovered and published flaws in copyright-protection schemes, voting-machine security and now wireless access cards have all suffered recriminations and sometimes lawsuits for not keeping the vulnerabilities secret. When Christopher Soghoian created a website allowing people to print fake airline boarding passes, he got several unpleasant visits from the FBI.

This preference for secrecy comes from confusing a vulnerability with information about that vulnerability. Using secrecy as a security measure is fundamentally fragile. It assumes that the bad guys don't do their own security research. It assumes that no one else will find the same vulnerability. It assumes that information won't leak out even if the research results are suppressed. These assumptions are all incorrect.

The problem isn't the researchers; it's the products themselves. Companies will only design security as good as what their customers know to ask for. Full disclosure helps customers evaluate the security of the products they buy, and educates them in how to ask for better security. The Dutch court got it exactly right when it wrote: "Damage to NXP is not the result of the publication of the article but of the production and sale of a chip that appears to have shortcomings."

In a world of forced secrecy, vendors make inflated claims about their products, vulnerabilities don't get fixed, and customers are no wiser. Security research is stifled, and security technology doesn't improve. The only beneficiaries are the bad guys.

If you'll forgive the analogy, the ethics of full disclosure parallel the ethics of not paying kidnapping ransoms. We all know why we don't pay kidnappers: It encourages more kidnappings. Yet in every kidnapping case, there's someone -- a spouse, a parent, an employer -- with a good reason why, in this one case, we should make an exception.

The reason we want researchers to publish vulnerabilities is because that's how security improves. But in every case there's someone -- the Massachusetts Bay Transit Authority, the locksmiths, an election machine manufacturer -- who argues that, in this one case, we should make an exception.

We shouldn't. The benefits of responsibly publishing attacks greatly outweigh the potential harm. Disclosure encourages companies to build security properly rather than relying on shoddy design and secrecy, and discourages them from promising security based on their ability to threaten researchers. It's how we learn about security, and how we improve future security.

---

Bruce Schneier is Chief Security Technology Officer of BT Global Services and author of Beyond Fear: Thinking Sensibly About Security in an Uncertain World. You can read more of his writings on his website.


Add to Facebook Add to Reddit Add to digg Add to Google


SpeedDate Scores $6 Million For Matchmaking In A Hurry

SpeedDate Scores $6 Million For Matchmaking In A Hurry Online dating site SpeedDate has raised $6 million in a Series B funding round led by Menlo Ventures. SpeedDate offers users a series of 3 minute mini-dates, during which they can converse through video, audio, and a chat box. If both partners decide they were a good match when prompted at the end of the date, they can continue communicating ... (Read on Source)


WaPo Writer: Hoping For an End to American-Style Capitalism

WaPo Writer: Hoping For an End to American-Style Capitalism Was the current economic situation caused by too little government intervention in the financial markets?or too much?   I'd say the latter.  Washington used Fannie/Freddie as a political piggy bank, causing it dole out loans to people who had no business receiving them.  And because Freddie and Fannie's obligations enjoyed the implicit ... (Read on Source)


Upgrade With a Payday Loan Online

We use them for everything these days. Computers, MP3 Players, Laptops and cell phones have become essential in everything we do. Unfortunately, we may get the best model there is, and by the time we get home with it, a new and improved version is on the market. It's hard enough to use equipment that isn't up to date for our own personal use but when it's necessary for our work, we want to have the best advantage that is available to us. If you work on a computer, you know how quickly they become archaic. You may be right in the middle of an important report or presentation. All of a sudden, all you can get is the blue screen of death. All your work is lost, and you can't even get back to the beginning to do the work over. You have a deadline and now it's looking like you're not going to meet it. When you call your computer company for tech support, you find out that your computer is now considered an antique. There's nothing they can do to help, but you're told you need to upgrade to a new computer. That sounds like a great idea, but where are you going to get the money? When you find yourself in need of cash in a hurry, consider a Payday Loan Online. This short-term loan is available to people who are of legal age, have an active checking account, and a stable source of income. They let you get part of your next payday in advance so that you can get the equipment you need to do your job. To apply, just click on the cash advance payday loan link. The application takes no more than two minutes to complete and approval is almost instant. Once you're approved for the loan, the money goes straight into your bank account. The money may be deposited in as little as an hour or, if you apply on a weekend, it will be deposited on the next business day. The entire process of getting a Payday Loan Online takes place online, so you either need to apply before your computer crashes, or borrow your coworker's computer to get the cash you need. You can complete the process at home or at the office, as long as you have internet access. Loans are available from $500 to $1500, sometimes less, depending on the amount of your income. When it's time to repay the loan, the amount you borrowed plus a small, one-time fee that depends on the amount you borrowed, is withdrawn electronically from your bank account. There's no credit check to worry about with a Payday Loan Online so you don't have to worry about a bad credit history. There's also never any collateral. You just have to be of legal age, have a current checking or savings account, and a steady source of income. If you're worried about making a deadline, go ahead and apply for that Payday Loan Online. Upgrade your working materials, take out the extended warranty, and guarantee you'll be there ahead of the rest.

Jennifer Meinert is an established author who enjoys writing and reviewing many topics including payday loans and cash advance payday loans. Please visit her site at http://paydayloanonline4less.blogspot.com, http://cashadvancepaydayloan4less.blogspot.com


My Targeting Wish List

I had the opportunity to attend Yahoo's Right Media Open last week and was amazed at the level of sophistication of display-based ad targeting. The transformation of the online display landscape through the advent of ad exchanges and data-based targeting is a fascinating phenomenon, but a topic for a later column. Rather, the innovations I saw at ... (Read on Source)


Are Doncaster Rovers merely Arsenal in disguise?

Doncaster Rovers were dubbed 'the Arsenal of League One' during last season's promotion campaign. So it is perhaps appropriate that, as Arsene Wenger is forced to answer questions over his side's inability to deviate from their purists' game plan when needs dictate, Shaun O'Driscoll, too, is finding praise for his team's style of play easier to ... (Read on Source)


Ballmer Spurns Yahoo's Latest Overtures

Microsoft's CEO dismisses possibilities for new acquisition talks, despite earlier comments by Yahoo's Jerry Yang.


Essay on the island rule

The web site for the Hobbit episode of Nova has opened. It let's you e-mail questions for Mike Morwood, features some graphics with endocast scans and some video from the program. The site also includes an essay by Peter Tyson on the history of the island rule, which is a nice article, even if you know a lot about island biogeography. Here's a ... (Read on Source)


On How We Relate to Our Students...

On How We Relate to Our Students... Dr. Isis came home tonight after Friday night cocktails with her colleagues prepared to blog about shoes, how totally hot she is, or some other terribly important topic that you would inevitably find absolutely riveting. (Read on Source)


PB Unleashed: Arizona State Second Half Thread

PB Unleashed: Arizona State Second Half Thread Bruins are hanging in on the road down by a score of 6-14. The defense has been DOMINATING. At the end of first half, Bruin defense has held to 61 total yards and 0 rushing yards. They simply have been outstanding with strong pressure up front, stuffing the run game and disrupting Carpenter. The coverage from secondary has been right which even ... (Read on Source)


'Chelsea target Middlesbrough striker Tuncay'

'Chelsea target Middlesbrough striker Tuncay' Chelsea are reported to be preparing an ?8m bid for Middlesbrough striker as the Luiz Felipe Scolari seeks new striker options. (Read on Source)


India's First 3G Operator Starts Service

India's first 3G operator, Mahanagar Telephone Nigam, launches 3G services.
Add to digg Add to Reddit Add to Slashdot Email this Article Add to StumbleUpon


UPDATING Greg Palast.

UPDATING Greg Palast. UPDATING Greg Palast. (Read on Source)