Search Results

Search found 10 results on 1 pages for 'chick markley'.

Page 1/1 | 1 

  • Computationally intensive scala process using actors hangs uncooperatively

    - by Chick Markley
    I have a computationally intensive scala application that hangs. By hangs I means it is sitting in the process stack using 1% CPU but does not respond to kill -QUIT nor can it be attached via jdb attach. Runs 2-12 hours at 800-900% CPU before it gets stuck The application is using ~10 scala.actors. Until now I have had great success with kill -QUIT but I am bit stumped as to how to proceed. The actors write a fair amount to stdout using println which is redirected to a text file but has not been helpful so far diagnostically. I am just hoping there is some obvious technique when kill -QUIT fails that I am ignorant of. Or just confirmation that having multiple actors println asynchronously is a real bad idea (though I've been doing it for a long time only recently with these results) Details scala 2.8.1 & 2.8.0 mac osx 10.6.5 java version "1.6.0_22" Thanks

    Read the article

  • What program is making this sound and how can I make it stop

    - by DrFredEdison
    Some program is intermittently making this weird "chook ... chick" sound, no more than every 5 minutes, but sometimes hours or days between making it. There seems to be no pattern as to when it happens, but the sound is definitely coming from the speakers, and is always the same, so I'm pretty confident some piece of software I'm running is playing the sound. Today, I managed to record it, and I've posted it here: http://tristanhavelick.com/chook-chick.mp3 Short of closing my programs one by one, and seeing if the sound continues, are there any tricks for tracking down a problem like this? Is there any software that can trace what sounds come from what programs (something like tcpview with waveforms)? I am running windows xp.

    Read the article

  • What can I do to get Mozilla Firefox to preload the eventual image result?

    - by Dalal
    I am attempting to preload images using JavaScript. I have declared an array as follows with image links from different places: var imageArray = new Array(); imageArray[0] = new Image(); imageArray[1] = new Image(); imageArray[2] = new Image(); imageArray[3] = new Image(); imageArray[0].src = "http://www.bollywoodhott.com/wp-content/uploads/2008/12/arjun-rampal.jpg"; imageArray[1].src = "http://labelleetleblog.files.wordpress.com/2009/06/josie-maran.jpg"; imageArray[2].src = "http://1.bp.blogspot.com/_22EXDJCJp3s/SxbIcZHTHTI/AAAAAAAAIXc/fkaDiOKjd-I/s400/black-male-model.jpg"; imageArray[3].src = "http://www.iill.net/wp-content/uploads/images/hot-chick.jpg"; The image fade and transformation effects that I am doing using this array work properly for the first 3 images, but for the last one, imageArray[3], the actual image data of the image does not get preloaded and it completely ruins the effect, since the actual image data loads AFTERWARDS, only at the time it needs to be displayed, it seems. This happens because the last link http://www.iill.net/wp-content/uploads/images/hot-chick.jpg is not a direct link to the image. If you go to that link, your browser will redirect you to the ACTUAL location. Now, my image preloading code in Chrome works perfectly well, and the effects look great. Because it seems that Chrome preloads the actual data - the EVENTUAL image that is to be shown. This means that in Chrome if I preloaded an image that will redirect to 'stop stealing my bandwidth', then the image that gets preloaded is 'stop stealing my bandwidth'. How can I modify my code to get Firefox to behave the same way?

    Read the article

  • Is jQuery.parseJSON able to process all valid json?

    - by murze
    This piece of valid json (it has been generated using php's json_encode): {"html":"form is NOT valid<form id=\"articleform\" enctype=\"application\/x-www-form-urlencoded\" method=\"post\" action=\"\"><dl class=\"zend_form\">\n<dt id=\"title-label\">&nbsp;<\/dt>\n<dd id=\"title-element\">\n<input type=\"text\" name=\"title\" id=\"title\" value=\"Artikel K\"><\/dd>\n<dt id=\"articleFormSubmitted-label\">&nbsp;<\/dt>\n<dd id=\"articleFormSubmitted-element\">\n<input type=\"hidden\" name=\"articleFormSubmitted\" value=\"1\" id=\"articleFormSubmitted\"><\/dd>\n<dt id=\"submit-label\">&nbsp;<\/dt><dd id=\"submit-element\">\n<input type=\"submit\" name=\"submit\" id=\"submit\" value=\"Bewaar artikel\" onclick=\"this.value='Bezig...';\"><\/dd><\/dl><\/form><script type=\"text\/javascript\">\n\t $(\"#articleform\").submit(function(){\n $.post(\"\/admin\/ajax\/contenttree\/node\/9\/ajaxtarget\/ajaxContainer\", $(\"#articleform\").serialize(), function(html){$(\"#ajaxContainer\").html(html);} );\n\t\t return false;\n\t });\n\n <\/script>","newNodeName":""} is giving jQuery.parseJSON(data) and me a hard time. With this piece of code: alert('start'); alert(data); jQuery.parseJSON(data) alert('stop'); I get a message start and then the data (jsonstring above) is shown. The message "stop" never appears. When I use this json: {"html":"test","newNodeName":""} I've verified that my first big chick of json is valid. Why isn't it processed by jQuery.parseJSON Are there any special characters that don't go well with json?

    Read the article

  • servlet resopnse data for autocomplete

    - by shams haque
    Hello experts, Following code is in php. i want to do same in java. Please tell me how do i generate this type of array or collection in java. I need this to response to json autocomplete. <?php $q = strtolower($_GET["q"]); if (!$q) return; $items = array( "Peter Pan"=>"[email protected]", "Molly"=>"[email protected]", "Forneria Marconi"=>"[email protected]", "Master Sync"=>"[email protected]", "Dr. Tech de Log"=>"[email protected]", "Don Corleone"=>"[email protected]", "Mc Chick"=>"[email protected]", "Donnie Darko"=>"[email protected]", "Quake The Net"=>"[email protected]", "Dr. Write"=>"[email protected]" ); $result = array(); foreach ($items as $key=>$value) { if (strpos(strtolower($key), $q) !== false) { array_push($result, array( "name" => $key, "to" => $value )); } } echo json_encode($result); ?>

    Read the article

  • Image.Save(..) throws a GDI+ exception because the memory stream is closed.

    - by Pure.Krome
    Hi folks, i've got some binary data which i want to save as an image. When i try to save the image, it throws an exception if the memory stream used to create the image, was closed before the save. The reason i do this is because i'm dynamically creating images and as such .. i need to use a memory stream. this is the code: [TestMethod] public void TestMethod1() { // Grab the binary data. byte[] data = File.ReadAllBytes("Chick.jpg"); // Read in the data but do not close, before using the stream. Stream originalBinaryDataStream = new MemoryStream(data); Bitmap image = new Bitmap(originalBinaryDataStream); image.Save(@"c:\test.jpg"); originalBinaryDataStream.Dispose(); // Now lets use a nice dispose, etc... Bitmap2 image2; using (Stream originalBinaryDataStream2 = new MemoryStream(data)) { image2 = new Bitmap(originalBinaryDataStream2); } image2.Save(@"C:\temp\pewpew.jpg"); // This throws the GDI+ exception. } Does anyone have any suggestions to how i could save an image with the stream closed? I cannot rely on the developers to remember to close the stream after the image is saved. In fact, the developer would have NO IDEA that the image was generated using a memory stream (because it happens in some other code, elsewhere). I'm really confused :(

    Read the article

  • My Interview with Microsoft

    - by Victor Hurdugaci
    This post is for those who want to apply or have already applied (but not finished the interview) for a Microsoft Job. The recruitment process is quite similar for everyone and consists of a few steps. Application E-Mail Interview Phone Interview On Site Interview I will tell you my story and how I went through the four phases. 1. Application My blog's title (Ex Nihilo Nihil Fit) means "Nothing Comes Out of Nothing". You can't get a job at Microsoft by not doing anything - this is true for anything else. The first step you need to complete is the application process. For this, many options are available. You can... ... apply online on Microsoft's Careers website as I did ... send your CV to different e-mail addresses (there are some dedicated e-mails for different positions) ... apply through some 3rd party organization (job shop, campus recruitment, job agency, etc) On MS Careers you just have to post your CV and choose the job you want. That's all! No recommendation letter, no cover letter, no nothing. Of course, not every CV passes the selection process. Here are some tips for improving your resume (worked for me): Don't write it just before applying! Write a draft version, wait a few days and then review it. This way you will find a lot of mistakes and stupid things you wrote initially. If you review it immediately after writing, your mind will not be criticism oriented and will just ignore mistakes. Repeat the write-wait-review process as many times as necessary, until you find that the review revealed no mistakes. After you did the final review and the CV is bullet-proof, ask others to review it. They will definitely find inconsistencies and mistakes and this will make you feel stupid. This is good because will open your eyes will make you go into an 'I want to improve' mode. You'll try to correct everything. After you come up with a modified version go again through steps 1 and 2. Repeat this as many times as necessary. [Special thanks to Lucian Sasu, Nadia Comanici, Andrei Ciobanu, Monica Balan and Lavinia Tanase for reviewing my CV!] Make it short and give only relevant facts. Initially, I come up with a 5 pages CV because I wrote every single technology with which I worked. There were a lot irrelevant things, I wrote Windows Workflow Foundation just because I played with it for a few days. I added extensive descriptions for every project, made a personal details section (name, birth date, address, etc) of 1/2 page. Others suggested to cut everything that was not necessary. You don't need to give extensive descriptions, just add a few words. For example, I wrote "VS Image Visualizer - Visual Studio 2008 debug visualizer for images" and added a link to the project's page - you submit formatted andcan embed links. Add something that makes it different. I don't know if this makes a difference, but I added some lines to separate items just like in the picture below. Definitely Microsoft gets thousands of CVs per day. You need something special. Don't lie! Tell exactly what you did and what is the proficiency level of your skills. For example, don't write "Advanced" for UML if you don't know the difference between composition and aggregation. Be realistic and don't under/over estimate yourself. Use the spell chick. Make sure everything is written in correct English and there are no grammar/spelling mistakes. Noddy likes a WC with grammar mi takes. You mght fail just because of that. Once you completed your CV, choose the job that suits best your needs, apply and wait... The waiting is a problem because all these big companies like Microsoft, Google, Mozilla, Apple, etc. will contact you only if they find something interesting in your application. If you're not suitable, then no rejection is sent. I applied for an Intern Software Development Engineer position at Microsoft Redmond. I cannot apply for a full time position because I want to finish the master program on time, in the next summer - an internship is just what I need. 2. E-Mail Interview January 20, 2010. Two months since I submitted the CV. I wasn't hoping anymore that MS will contact me, when I got an e-mail titled: "Victor Hurdugaci ES DK" from Holly Peterson saying: Read more >>

    Read the article

  • Week in Geek: IPv6 Capable Smartphones Compromise User Privacy Edition

    - by Asian Angel
    This week we learned how to “clone a disk, resize static windows, and create system function shortcuts”, use 45 different services, sites, and apps to help read favorite sites, add MP3 support to Audacity (for saving in MP3 format), install a Wii game loader for easy backups and fast load times, create a Blue Screen of Death in any color, and more. Photo by legofenris. Weekly News Links Photo by The H Security. IPv6: Smartphones compromise users’ privacy Since version 4 of the iOS operating system, Apple’s iPhones, iPads and iPods have been capable of handling IPv6, and most Android devices have been capable since version 2.1. However, the operating systems transfer an ID that discloses information about their users. Dumb phones can be attacked too Much of the discussion of security threats to mobile phones revolves around smartphones, but researchers have found that less advanced “feature phones,” still used by the majority of people around the world, also are vulnerable to attack. SCADA exploit – the dragon awakes The recent publication of an exploit for KingView, a software package for visualising industrial process control systems, appears to be having an effect. Threatpost reports that both the Chinese vendor Wellintech and Chinese CERT (CN-CERT) have now reacted. Sophos: Spam to get more malicious Spam is becoming more malicious in nature as trickery tactics change in line with current user interests, according to a new report released Tuesday by Sophos. Global spam traffic rebounds as Rustock wakes Spam is on the rise after the Rustock botnet awoke from its Christmas slumber, according to Symantec. Cracking WPA keys in the cloud At the forthcoming Black Hat conference, blogger Thomas Roth plans to demonstrate how weak WPA PSKs can be cracked quickly and easily using Amazon’s Elastic Compute Cloud (EC2) service. Microsoft Security Advisory: Vulnerability in Internet Explorer could allow remote code execution Provides a link to more details about the vulnerability and shows a work-around/fix for the problem. Adobe plans to make it easier to delete Flash cookies in web browsers The new API, NPAPI:ClearSiteData, will allow Flash cookies – also known as Local Shared Objects (LSO) – to be deleted directly in the browser’s settings. Firefox beta getting new database standard The ninth beta version of Firefox is set to get support for a standard called IndexedDB that provides a database interface useful for offline data storage and other tasks needing information on a browser’s computer. MetroPCS accused of blocking certain Net content MetroPCS is violating the FCC’s recently approved Net neutrality rules by blocking certain Internet content, say several public interest groups. Server and Tools chief Muglia to leave Microsoft in summer 2011 Microsoft veteran and Server & Tools Business (STB) President Bob Muglia is leaving Microsoft, according to an email that CEO Steve Ballmer sent to employees on January 10. Report: DOJ nearing decision on Google-ITA The U.S. Department of Justice is gearing up for a possible formal antitrust investigation into whether or not Google should be allowed to purchase travel software company ITA Software, according to a report. South Korea says Google Street View broke law Police in South Korea reportedly say Google broke the country’s law when its Street View service captured personal data from unsecure Wi-Fi networks. The backlash over Google’s HTML5 video bet Choosing strategies based on what you believe to be long-term benefits is generally a good idea when running a business, but if you manage to alienate the world in the process, the long term may become irrelevant. Google answers critics on HTML5 Web video move Google responded to critics of its decision to drop support for a popular HTML5 video codec by declaring that a royalty-supported standard for Web video will hold the Web hostage. Random TinyHacker Links A Special GiveAway: a Great Book & Great Security Software The team from 7 Tutorials has a special giveaway running during the month of January. Signed copies of their latest book, full 1-year licenses of BitDefender Internet Security 2011 and free 3-month trials for everyone willing to participate. One Click Rooting For Android Phones Here’s a nice tool that helps you root your Android phone effortlessly. New Angry Birds Free version 1.0 Available in the App Store. Google Code University Learn programming at Google Code University. Capture and Share Your Favorite Part Of a YouTube Video SnipSnip.it lets you share only the part of the video that you like. Super User Questions More great questions and answers from this past week’s popular topics at Super User. What are the Windows A: and B: drives used for? Does OS X support linux-like features? What is the easiest way to make a backup of an entire hard disk? Will shifting from Wireless to Wired network result in better performance? Is it legal to install Windows 7 Home Premium Retail inside VMware virtual machine? How-To Geek Weekly Article Recap Enjoy reading through our hottest articles from this past week. The 50 Best Ways to Disable Built-in Windows Features You Don’t Want The Best of CES (Consumer Electronics Show) in 2011 How to Upgrade Windows 7 Easily (And Understand Whether You Should) The Worst of CES (Consumer Electronics Show) in 2011 The How-To Geek Guide to Audio Editing: Basic Noise Removal One Year Ago on How-To Geek More great articles from one year ago filled with helpful geeky goodness for you to enjoy. Share Text & Images the Easy Way with JustPaste.it Start Portable Firefox in Safe Mode Firefox 3.6 Release Candidate Available, Here’s How to Fix Your Incompatible Extensions Protect Your Computer from “Little Hands” with KidSafe Lock Prying Eyes Out of Your Minimized Windows Custom Crocheted Cylon-Cthulhu Hybrid What happens when you let your Cylon Centurion figure and your crocheted Cthulhu spend too many lonely nights together? A Cylon-Cthulhu hybrid, of course! You can get your own from the Cthulhu Chick store over on Etsy. Note: This is not an ad…Ruth is a friend of ours, and this Cylon-Cthulhu hybrid makes the perfect guard for the new MVP trophy in our office. The Geek Note Whether it is a geeky indoor project or just getting outside, we hope that you and your families have a terrific fun-filled weekend! Remember to keep sending those great tips in to us at [email protected]. Photo by qwrrty. Latest Features How-To Geek ETC How to Upgrade Windows 7 Easily (And Understand Whether You Should) The How-To Geek Guide to Audio Editing: Basic Noise Removal Install a Wii Game Loader for Easy Backups and Fast Load Times The Best of CES (Consumer Electronics Show) in 2011 The Worst of CES (Consumer Electronics Show) in 2011 HTG Projects: How to Create Your Own Custom Papercraft Toy Firefox 4.0 Beta 9 Available for Download – Get Your Copy Now The Frustrations of a Computer Literate Watching a Newbie Use a Computer [Humorous Video] Season0nPass Jailbreaks Current Gen Apple TVs IBM’s Jeopardy Playing Computer Watson Shows The Pros How It’s Done [Video] Tranquil Juice Drop Abstract Wallpaper Pulse Is a Sleek Newsreader for iOS and Android Devices

    Read the article

  • Pain Comes Instantly

    - by user701213
    When I look back at recent blog entries – many of which are not all that current (more on where my available writing time is going later) – I am struck by how many of them focus on public policy or legislative issues instead of, say, the latest nefarious cyberattack or exploit (or everyone’s favorite new pastime: coining terms for the Coming Cyberpocalypse: “digital Pearl Harbor” is so 1941). Speaking of which, I personally hope evil hackers from Malefactoria will someday hack into my bathroom scale – which in a future time will be connected to the Internet because, gosh, wouldn’t it be great to have absolutely everything in your life Internet-enabled? – and recalibrate it so I’m 10 pounds thinner. The horror. In part, my focus on public policy is due to an admitted limitation of my skill set. I enjoy reading technical articles about exploits and cybersecurity trends, but writing a blog entry on those topics would take more research than I have time for and, quite honestly, doesn’t play to my strengths. The first rule of writing is “write what you know.” The bigger contributing factor to my recent paucity of blog entries is that more and more of my waking hours are spent engaging in “thrust and parry” activity involving emerging regulations of some sort or other. I’ve opined in earlier blogs about what constitutes good and reasonable public policy so nobody can accuse me of being reflexively anti-regulation. That said, you have so many cycles in the day, and most of us would rather spend it slaying actual dragons than participating in focus groups on whether dragons are really a problem, whether lassoing them (with organic, sustainable and recyclable lassos) is preferable to slaying them – after all, dragons are people, too - and whether we need lasso compliance auditors to make sure lassos are being used correctly and humanely. (A point that seems to evade many rule makers: slaying dragons actually accomplishes something, whereas talking about “approved dragon slaying procedures and requirements” wastes the time of those who are competent to dispatch actual dragons and who were doing so very well without the input of “dragon-slaying theorists.”) Unfortunately for so many of us who would just get on with doing our day jobs, cybersecurity is rapidly devolving into the “focus groups on dragon dispatching” realm, which actual dragons slayers have little choice but to participate in. The general trend in cybersecurity is that powers-that-be – which encompasses groups other than just legislators – are often increasingly concerned and therefore feel they need to Do Something About Cybersecurity. Many seem to believe that if only we had the right amount of regulation and oversight, there would be no data breaches: a breach simply must mean Someone Is At Fault and Needs Supervision. (Leaving aside the fact that we have lots of home invasions despite a) guard dogs b) liberal carry permits c) alarm systems d) etc.) Also note that many well-managed and security-aware organizations, like the US Department of Defense, still get hacked. More specifically, many powers-that-be feel they must direct industry in a multiplicity of ways, up to and including how we actually build and deploy information technology systems. The more prescriptive the requirement, the more regulators or overseers a) can be seen to be doing something b) feel as if they are doing something regardless of whether they are actually doing something useful or cost effective. Note: an unfortunate concomitant of Doing Something is that often the cure is worse than the ailment. That is, doing what overseers want creates unfortunate byproducts that they either didn’t foresee or worse, don’t care about. After all, the logic goes, we Did Something. Prescriptive practice in the IT industry is problematic for a number of reasons. For a start, prescriptive guidance is really only appropriate if: • It is cost effective• It is “current” (meaning, the guidance doesn’t require the use of the technical equivalent of buggy whips long after horse-drawn transportation has become passé)*• It is practical (that is, pragmatic, proven and effective in the real world, not theoretical and unproven)• It solves the right problem With the above in mind, heading up the list of “you must be joking” regulations are recent disturbing developments in the Payment Card Industry (PCI) world. I’d like to give PCI kahunas the benefit of the doubt about their intentions, except that efforts by Oracle among others to make them aware of “unfortunate side effects of your requirements” – which is as tactful I can be for reasons that I believe will become obvious below - have gone, to-date, unanswered and more importantly, unchanged. A little background on PCI before I get too wound up. In 2008, the Payment Card Industry (PCI) Security Standards Council (SSC) introduced the Payment Application Data Security Standard (PA-DSS). That standard requires vendors of payment applications to ensure that their products implement specific requirements and undergo security assessment procedures. In order to have an application listed as a Validated Payment Application (VPA) and available for use by merchants, software vendors are required to execute the PCI Payment Application Vendor Release Agreement (VRA). (Are you still with me through all the acronyms?) Beginning in August 2010, the VRA imposed new obligations on vendors that are extraordinary and extraordinarily bad, short-sighted and unworkable. Specifically, PCI requires vendors to disclose (dare we say “tell all?”) to PCI any known security vulnerabilities and associated security breaches involving VPAs. ASAP. Think about the impact of that. PCI is asking a vendor to disclose to them: • Specific details of security vulnerabilities • Including exploit information or technical details of the vulnerability • Whether or not there is any mitigation available (as in a patch) PCI, in turn, has the right to blab about any and all of the above – specifically, to distribute all the gory details of what is disclosed - to the PCI SSC, qualified security assessors (QSAs), and any affiliate or agent or adviser of those entities, who are in turn permitted to share it with their respective affiliates, agents, employees, contractors, merchants, processors, service providers and other business partners. This assorted crew can’t be more than, oh, hundreds of thousands of entities. Does anybody believe that several hundred thousand people can keep a secret? Or that several hundred thousand people are all equally trustworthy? Or that not one of the people getting all that information would blab vulnerability details to a bad guy, even by accident? Or be a bad guy who uses the information to break into systems? (Wait, was that the Easter Bunny that just hopped by? Bringing world peace, no doubt.) Sarcasm aside, common sense tells us that telling lots of people a secret is guaranteed to “unsecret” the secret. Notably, being provided details of a vulnerability (without a patch) is of little or no use to companies running the affected application. Few users have the technological sophistication to create a workaround, and even if they do, most workarounds break some other functionality in the application or surrounding environment. Also, given the differences among corporate implementations of any application, it is highly unlikely that a single workaround is going to work for all corporate users. So until a patch is developed by the vendor, users remain at risk of exploit: even more so if the details of vulnerability have been widely shared. Sharing that information widely before a patch is available therefore does not help users, and instead helps only those wanting to exploit known security bugs. There’s a shocker for you. Furthermore, we already know that insider information about security vulnerabilities inevitably leaks, which is why most vendors closely hold such information and limit dissemination until a patch is available (and frequently limit dissemination of technical details even with the release of a patch). That’s the industry norm, not that PCI seems to realize or acknowledge that. Why would anybody release a bunch of highly technical exploit information to a cast of thousands, whose only “vetting” is that they are members of a PCI consortium? Oracle has had personal experience with this problem, which is one reason why information on security vulnerabilities at Oracle is “need to know” (we use our own row level access control to limit access to security bugs in our bug database, and thus less than 1% of development has access to this information), and we don’t provide some customers with more information than others or with vulnerability information and/or patches earlier than others. Failure to remember “insider information always leaks” creates problems in the general case, and has created problems for us specifically. A number of years ago, one of the UK intelligence agencies had information about a non-public security vulnerability in an Oracle product that they circulated among other UK and Commonwealth defense and intelligence entities. Nobody, it should be pointed out, bothered to report the problem to Oracle, even though only Oracle could produce a patch. The vulnerability was finally reported to Oracle by (drum roll) a US-based commercial company, to whom the information had leaked. (Note: every time I tell this story, the MI-whatever agency that created the problem gets a bit shirty with us. I know they meant well and have improved their vulnerability handling/sharing processes but, dudes, next time you find an Oracle vulnerability, try reporting it to us first before blabbing to lots of people who can’t actually fix the problem. Thank you!) Getting back to PCI: clearly, these new disclosure obligations increase the risk of exploitation of a vulnerability in a VPA and thus, of misappropriation of payment card data and customer information that a VPA processes, stores or transmits. It stands to reason that VRA’s current requirement for the widespread distribution of security vulnerability exploit details -- at any time, but particularly before a vendor can issue a patch or a workaround -- is very poor public policy. It effectively publicizes information of great value to potential attackers while not providing compensating benefits - actually, any benefits - to payment card merchants or consumers. In fact, it magnifies the risk to payment card merchants and consumers. The risk is most prominent in the time before a patch has been released, since customers often have little option but to continue using an application or system despite the risks. However, the risk is not limited to the time before a patch is issued: customers often need days, or weeks, to apply patches to systems, based upon the complexity of the issue and dependence on surrounding programs. Rather than decreasing the available window of exploit, this requirement increases the available window of exploit, both as to time available to exploit a vulnerability and the ease with which it can be exploited. Also, why would hackers focus on finding new vulnerabilities to exploit if they can get “EZHack” handed to them in such a manner: a) a vulnerability b) in a payment application c) with exploit code: the “Hacking Trifecta!“ It’s fair to say that this is probably the exact opposite of what PCI – or any of us – would want. Established industry practice concerning vulnerability handling avoids the risks created by the VRA’s vulnerability disclosure requirements. Specifically, the norm is not to release information about a security bug until the associated patch (or a pretty darn good workaround) has been issued. Once a patch is available, the notice to the user community is a high-level communication discussing the product at issue, the level of risk associated with the vulnerability, and how to apply the patch. The notices do not include either the specific customers affected by the vulnerability or forensic reports with maps of the exploit (both of which are required by the current VRA). In this way, customers have the tools they need to prioritize patching and to help prevent an attack, and the information released does not increase the risk of exploit. Furthermore, many vendors already use industry standards for vulnerability description: Common Vulnerability Enumeration (CVE) and Common Vulnerability Scoring System (CVSS). CVE helps ensure that customers know which particular issues a patch addresses and CVSS helps customers determine how severe a vulnerability is on a relative scale. Industry already provides the tools customers need to know what the patch contains and how bad the problem is that the patch remediates. So, what’s a poor vendor to do? Oracle is reaching out to other vendors subject to PCI and attempting to enlist then in a broad effort to engage PCI in rethinking (that is, eradicating) these requirements. I would therefore urge all who care about this issue, but especially those in the vendor community whose applications are subject to PCI and who may not have know they were being asked to tell-all to PCI and put their customers at risk, to do one of the following: • Contact PCI with your concerns• Contact Oracle (we are looking for vendors to sign our statement of concern)• And make sure you tell your customers that you have to rat them out to PCI if there is a breach involving the payment application I like to be charitable and say “PCI meant well” but in as important a public policy issue as what you disclose about vulnerabilities, to whom and when, meaning well isn’t enough. We need to do well. PCI, as regards this particular issue, has not done well, and has compounded the error by thus far being nonresponsive to those of us who have labored mightily to try to explain why they might want to rethink telling the entire planet about security problems with no solutions. By Way of Explanation… Non-related to PCI whatsoever, and the explanation for why I have not been blogging a lot recently, I have been working on Other Writing Venues with my sister Diane (who has also worked in the tech sector, inflicting upgrades on unsuspecting and largely ungrateful end users). I am pleased to note that we have recently (self-)published the first in the Miss Information Technology Murder Mystery series, Outsourcing Murder. The genre might best be described as “chick lit meets geek scene.” Our sisterly nom de plume is Maddi Davidson and (shameless plug follows): you can order the paper version of the book on Amazon, or the Kindle or Nook versions on www.amazon.com or www.bn.com, respectively. From our book jacket: Emma Jones, a 20-something IT consultant, is working on an outsourcing project at Tahiti Tacos, a restaurant chain offering Polynexican cuisine: refried poi, anyone? Emma despises her boss Padmanabh, a brilliant but arrogant partner in GD Consulting. When Emma discovers His-Royal-Padness’s body (verdict: death by cricket bat), she becomes a suspect.With her overprotective family and her best friend Stacey providing endless support and advice, Emma stumbles her way through an investigation of Padmanabh’s murder, bolstered by fusion food feeding frenzies, endless cups of frou-frou coffee and serious surfing sessions. While Stacey knows a PI who owes her a favor, landlady Magda urges Emma to tart up her underwear drawer before the next cute cop with a search warrant arrives. Emma’s mother offers to fix her up with a PhD student at Berkeley and showers her with self-defense gizmos while her old lover Keoni beckons from Hawai’i. And everyone, even Shaun the barista, knows a good lawyer. Book 2, Denial of Service, is coming out this summer. * Given the rate of change in technology, today’s “thou shalts” are easily next year’s “buggy whip guidance.”

    Read the article

  • Javascript Bookmarklet - Opening Multiple Links on a Page

    - by NessDan
    I want to make a bookmarklet so that when I go on Digg, I can simply click it and have the top 10 stories open up in new tabs. The HTML on the page looks like this: <div id="topten-list"> <div class="news-summary img-thumb"> <h3> <a href="/comics_animation/Pokemon_COMIC">Pokemon - (COMIC) <span> <em style="background-image: url(&quot;/comics_animation/Pokemon_COMIC/a.png&quot;);"> thumb</em> </span></a> </h3> <ul class="news-digg"> <li class="digg-count"> <a href="/comics_animation/Pokemon_COMIC"> <strong>1872</strong> </a> </li> </ul> </div> <div class="news-summary img-thumb"> <h3> <a href="/comedy/I_am_never_drinking_with_you_assholes_again_Pic"> I am never drinking with you assholes again [Pic] <span> <em style="background-image: url(&quot;/comedy/I_am_never_drinking_with_you_assholes_again_Pic/a.png&quot;);"> thumb</em> </span></a> </h3> <ul class="news-digg"> <li class="digg-count"> <a href="/comedy/I_am_never_drinking_with_you_assholes_again_Pic"> <strong>1650</strong> </a> </li> </ul> </div> <div class="news-summary news-thumb"> <h3> <a href="/comedy/xkcd_Hell">xkcd: Hell <span> <em style="background-image: url(&quot;/comedy/xkcd_Hell/a.png&quot;);"> thumb</em> </span></a> </h3> <ul class="news-digg"> <li class="digg-count"> <a href="/comedy/xkcd_Hell"> <strong>1407</strong> </a> </li> </ul> </div> <div class="news-summary news-thumb"> <h3> <a href="/arts_culture/6_Ridiculous_History_Myths_You_Probably_Think_Are_True"> 6 Ridiculous History Myths (You Probably Think Are True) <span> <em style="background-image: url(&quot;/arts_culture/6_Ridiculous_History_Myths_You_Probably_Think_Are_True/a.jpg&quot;);"> thumb</em> </span></a> </h3> <ul class="news-digg"> <li class="digg-count"> <a href="/arts_culture/6_Ridiculous_History_Myths_You_Probably_Think_Are_True"> <strong>1216</strong> </a> </li> </ul> </div> <div class="news-summary news-thumb"> <h3> <a href="/people/Why_Every_Chick_Flick_Is_Starting_to_Look_The_Same_CHART"> Why Every Chick Flick Is Starting to Look The Same [CHART] <span> <em style="background-image: url(&quot;/people/Why_Every_Chick_Flick_Is_Starting_to_Look_The_Same_CHART/a.jpg&quot;);"> thumb</em> </span></a> </h3> <ul class="news-digg"> <li class="digg-count"> <a href="/people/Why_Every_Chick_Flick_Is_Starting_to_Look_The_Same_CHART"> <strong>978</strong> </a> </li> </ul> </div> <div class="news-summary img-thumb"> <h3> <a href="/food_drink/WTF_World_of_FAST_FOOD_Graphic">WTF World of FAST FOOD! [Graphic] <span> <em style="background-image: url(&quot;/food_drink/WTF_World_of_FAST_FOOD_Graphic/a.jpg&quot;);"> thumb</em> </span></a> </h3> <ul class="news-digg"> <li class="digg-count"> <a href="/food_drink/WTF_World_of_FAST_FOOD_Graphic"> <strong>874</strong> </a> </li> </ul> </div> <div class="news-summary news-thumb"> <h3> <a href="/people/10_Things_You_Don_t_Know_About_My_Life_As_a_Dominatrix"> 10 Things You Don&#39;t Know About My Life As a Dominatrix <span> <em style="background-image: url(&quot;/people/10_Things_You_Don_t_Know_About_My_Life_As_a_Dominatrix/a.jpg&quot;);"> thumb</em> </span></a> </h3> <ul class="news-digg"> <li class="digg-count"> <a href="/people/10_Things_You_Don_t_Know_About_My_Life_As_a_Dominatrix"> <strong>751</strong> </a> </li> </ul> </div> <div class="news-summary img-thumb"> <h3> <a href="/odd_stuff/Star_Trek_Transporter_Mishap_pic">Star Trek Transporter Mishap (pic) <span> <em>thumb</em> </span></a> </h3> <ul class="news-digg"> <li class="digg-count"> <a href="/odd_stuff/Star_Trek_Transporter_Mishap_pic"> <strong>667</strong> </a> </li> </ul> </div> <div class="news-summary vid-thumb"> <h3> <a href="/pc_games/StarCraft_2_Beta_Breakup_Video">StarCraft 2 Beta Breakup (Video) <span> <em style="background-image: url(&quot;/pc_games/StarCraft_2_Beta_Breakup_Video/a.jpg&quot;);"> thumb</em> </span></a> </h3> <ul class="news-digg"> <li class="digg-count"> <a href="/pc_games/StarCraft_2_Beta_Breakup_Video"> <strong>627</strong> </a> </li> </ul> </div> <div class="news-summary news-thumb"> <h3> <a href="/politics/Jon_Stewart_FL_Doc_Won_t_Touch_Yr_Penis_If_You_Voted_Obama"> Jon Stewart: FL Doc Won&#39;t Touch Yr Penis If You Voted Obama <span> <em style="background-image: url(&quot;/politics/Jon_Stewart_FL_Doc_Won_t_Touch_Yr_Penis_If_You_Voted_Obama/a.jpg&quot;);"> thumb</em> </span></a> </h3> <ul class="news-digg"> <li class="digg-count"> <a href="/politics/Jon_Stewart_FL_Doc_Won_t_Touch_Yr_Penis_If_You_Voted_Obama"> <strong>508</strong> </a> </li> </ul> </div> </div> So within each div with the class "news-summary", there is a link. How can I get javascript to go through the div "topten-list" and open each one?

    Read the article

1