But first, let’s take a step back, to the wonderful sci-fi notion itself: Time Travel!

The Time Machine

It’s a genre that really epitomizes and polarizes the very essence of science fiction.  On one side are the clear-cut scientific efforts to truly provoke thought on just what conundrums traveling through time might entail, as well as the science behind how it might even be possible.  And then on the other side you have the more fantasy-oriented side where time travel is simply a given, not a great feat, and becomes a vessel to make a story whilst completely neglecting the actual science.  Frankly, it’s the latter side that we see far more often than not, and that probably has something to do with modern science rather being of the opinion that time travel, at least functionally useful, is impossible.  It’s something that could be argued until everyone is blue in the face and get nowhere, hence why the science side is perhaps more often than not completely neglected.  But that doesn’t stop writers everywhere from being inspired by the “what ifs” of time travel, often times providing great entertainment in the process, even if the science is a bit on the wonky side.

The TARDIS from Doctor Who

So, frankly, to be a decent time travel movie, you really have to try to provide some kind of new perspective, some creative inspiration, just to get anywhere interesting.  Because it pretty much has all been done before.  Some of it brilliant.  Some of it not so much.  And perhaps repeated attempts going after the not so much might finally get those angles right.  Certainly however, trying to go after the ones that were already brilliant are just going to fall short of that.  Time travel is a dangerous business.  You really have to know what you’re doing to get anywhere with it.  So let’s see how our dynamic duo did.

Our first movie is The Time Traveler’s Wife.

The Time Traveler's Wife

How can one put such a movie into words?  Boring, mostly.  Sorry, but it’s true.  Boy spontaneously and uncontrollably pops about through time.  Boy meets girl.  Girl becomes wife.  Boy continues popping about uncontrollably.  Marriage gets stressed.  Girl cheats on boy with … earlier version of boy.  It’s all very quasi-dramatic, and all very ridiculous, and all very boring.  Seriously.  It fails to be all that engaging.  The time travel lacks any sense of realism or adventure.  And the drama, frankly, falls flat with so many missed opportunities to create any real drama.  I’m sure it was a great effort to be all thoughtful about concepts like free will and the existential issues of time travel … except that it really wasn’t.  Even the movie poster pretended to portray more than was actually there with its creative viewpoint.  In actuality however there just wasn’t even an effort in there to change anything, to inspire in the viewer that someone really tried.  In fact there are only a small handful of scenes that actually provoke thought or wrest an emotional response from the lame horse of a script.  It’s a shame.  If only someone had bothered trying, perhaps there could have been a happier ending.  Maybe there’s a director’s cut coming with scenes that were left on the cutting room floor that give it a better go, but I doubt it.  If you like dramatic romance movies, you might enjoy it enough if you watch it for it to have been worth your while, but it’s a promise I definitely cannot make.  For all of the romantic notions in theory, in practice it felt very unachieved.  And if you’re not overly impressed with dramas, you’ll be killing yourself before you even get halfway through.  I’d hope sincerely that the book is better, because it’d pretty much have to be.  But I’ll probably never know because after watching the movie, I don’t think I can drum up enough interest to actually be bothered to find out, and I love a good read.  I can really only give The Time Traveler’s Wife two genetic-disorder-induced miscarriages out of five.

Our second movie for review is Frequently Asked Questions About Time Travel.

Frequently Asked Questions About Time Travel

First off, obviously, this is not a serious movie.  In spite of its long title, it’s quite the comedy, and one that really hits the mark.  Though it does miss a few opportunities to poke fun at paradox and other time travel tribulations, it does quite well with the ones that it does tackle.  It doesn’t try too hard and end up campy, or at least not enough to make you cringe like most time travel comedies do.  It simply flows, makes you laugh, and sadly, reminds us how much better those folks across the pond are at making people laugh than the ones here in the States are these days.  And it actually does try to engage you with the complexities of “what if” without going too far and making your head actually hurt, a finely achieved balancing act that in itself deserves some applause.  But combine that with the enjoyable journey in a pub through the ages, and it’s a real winner.  My only fault with it is that having done such a good job with pondering the perplexities that it did, it’s a real shame that it didn’t go the distance to include the few that it didn’t.  So in spite of being such a laudable creative work, it falls slightly short of the amazing movie it could have been.  Which is why I can only give Frequently Asked Questions About Time Travel four bags of crisps out of five.  But, if there’s ever a sequel, the combined movies could become more than the sum of their parts, and I very much hope to see that in out future.

So, that’s it then.  Those are this review’s two movies.  But I’ll leave you with one parting though:  The effects of the storage of information, can they induce time-travel-like effects?  Whilst searching for a classic TARDIS pic, I ran across this little gem, which Google has captured, at least for now, but has been removed from the actual entry:

Doctor Who is a flying green rabbit that drives a red Ford fiesta. Really! The interwebs said so!

Doctor Who is a flying green rabbit that drives a red Ford fiesta.  Huh.  Who’d have guessed?  It’s a little gem frozen in time.  A tiny piece of alternate reality otherwise already vanished from the constant state of flux that is the information superhighway.  Purged from the annals of reality … and yet not.  A bit of time travel flotsam more interesting in point perhaps than in content.  If it could happen there, what else might be out there?

The war in Iraq is over.

But troops are going to stay there to protect our civilians for another year.

But it’s not a war.

What is it then, a “police action” for the next year or more?!?!  When will the troops actually leave Iraq?

I’m glad Afghanistan was at least mentioned in there somewhere.  Seems like we’ve somehow forgotten about that little blunder.  But I swear more time was spent on talking about the US infrastructure and schooling than Afghanistan, the start of this whole war, was mentioned.

I know Barack Obama came into his presidency with a big steaming pile to sort though.  And a part of me doesn’t blame any normal person for being so hesitant and wishy-washy on digging into the dirty mess and getting things done, one way or another.  Because you just can’t do it without getting a heapfull of dirt on you.  But, and it’s a pretty big “but”, that’s how any normal person would deal.  No one who sits in the big chair should be “normal”.  They should be superior.  They should have a deep well of resolve.  And if they don’t they shouldn’t even be running for the job in the first place.  This isn’t some promotion that snuck up on them.  This is running for the presidency of a superpower nation!

President Barack Obama - As He SHOULD Be!

This is the man we should have gotten when we elected him.  Strong.  Thoughtful.  A real leader.  A man who doesn’t even have to have the “right” answer, because whatever his answer is, he’ll make it the right one through sheer force of will and determination.

So where is he?  Where’s the man who promised change?  Where is the strength of character born of the pride of being the first black American president?

I don’t see him.  All I see is a man like anyone else, too afraid of stepping on toes to make strong decisions.  Too wrapped up in his own agendas to even devote himself to the messes left behind by those who “led” before him.  Too uncertain in times that need definitive action.

I am … unimpressed.

Meter Maids, the booth babes for Microsoft at TechEd Australia 2010

There were, of course, objections from the attendants that the gold-clad hussies were objectifying women, blah blah politically correct rambling blah.  I mean yeah, they’re right.  But are women such a protected species that they’re no longer allowed the right to objectify themselves if they want to?  A more reasonable argument would simply have been that the blatant use of T&A does not belong in a fully professional environment.  Even if it is Australia, where people actually have a sense of humor.  And even if the Meter Maids are in fact local talent and even arguably a part of Australian history.

What really got Microsoft into trouble though was not this one questionably poor choice in attracting customers at the event.  No, it was Microsoft’s big mouth when they reportedly claimed to have had no knowledge that the Meter Maids ladies would be scantily clad in gold lame bikinis.  They claimed, and I quote, that they were, “unaware of their exact costuming until the day of the event, at which time it was too late to be addressed.“  Umm … what? One quick look at the Meter Maids website not only reveals all, as it were, but also the history of the Meter Maids is right there, explaining their historic costuming from Surfer’s Paradise on the Gold Coast.  So right off the bat, Microsoft’s words were somewhat less than believable.

To top that off however, chief Meter Maid Roberta Aitchison rebutted Microsoft’s denial with her own side of the story, which was that, “The garments were chosen specifically by them over a period of 2-3 weeks of them looking at photographs of the girls,” and that, “They came back to me by email stating which garments they would like the girls to be wearing.“  Right then!

Microsoft still refused to admit that they simply made a mistake, standing by their word that they somehow had no idea that the Meter Maids would show up in something so provocative.

Un huh.

Yeah.

Who are you going to believe?  A Meter Maid, or Microsoft?

But wait, that’s not all! In a strikingly similar story of sexy women and male egos, we have the (in)famous rapper 50 Cent being booted from Twitpic for failure to adhere to their pictoral guidelines when he uploaded the following picture of a Kim K burger:

50 Cent and his (censored) Kim K Burger pic that got him booted from Twitpic

It’s actually a kind of funny picture, if, you know, you’re adult enough to look at it, somewhere not at work.  Searching for the uncensored version should be easy and entertaining.

The sad part is, I’m not even entirely sure what part of the picture is violating the terms and conditions.  You’d certainly have seen just as much had she been wearing a thong bottom.  And at the beach, that happens.  Kids are seeing that much every day.  She even has her bikini top on, not that it matters from that angle.  It might be “in bad taste”, but I’m rather failing to see where it could actually harm minors.  Still, this is a (supposedly) professional blog, so I’ve censored the image for you, just in case little Timmy is looking over your shoulder.

Now, again, just as with the Microsoft story, the looky looky was perhaps a poor choice for the venue.  It’s a simple enough mistake to own up to, and certainly wouldn’t have been any big deal if that had been that.  But this is 50 Cent we’re talking about, so of course that wasn’t that.  Open mouth.  Words come out.  It’s what he does after all.

The saga is, of course, on Twitter, where 50 Cent tweeted his suspension angst, amongst other pearls of wisdom.  The following quotes are, of course, censored.  They began with, “Twitpic just suspended my account damn They got 30mns to get it back or ima go haywire,” and went on with such wonderfully colorful tweets as, “Man they took my twitt pic down I told them motherFriends put it backI run twitter nWord don’t touchin my sh..Stuff.“  If you want the uncensored … stuff … just follow the previous link to his Twitter page, but be warned, it is most definitely not safe for work.

So there you have it.  Yes, parading women around like objects can indeed catch you some flack, especially if you’re doing it in a place where that’s really not the proper dress code.  However, opening up your big mouth to say anything other than, “Mea culpa,” is just going to make your little faux pas ten times worse.

We all make mistakes.  Own up to them.  People will respect you more for it.

It’s a downsized version of the Active Denial System developed for the military in their search for non-lethal weapons, mounted on a Humvee or truck to use in crowd control / riot suppression.  Now it’ll be used at home to suppress prison riots instead.

AID is fairly simply to use.  The raygun is mounted in a turret on the ceiling, along with a CCTV camera feed.  From a safe room a guard can aim and fire the pain gun to stall or suppress a fight while guards move in.  In normal circumstances, without AID, precious time stopping the fight is lost while guards prep and move.  With AID fights will hopefully be stopped sooner and safer.

It’s an interesting concept, and as its first deployment, will no doubt provide admirable testing during the six month deployment.  One has to wonder however at the cost.  The National Institute of Justice provided it free of charge, no doubt in exchange for the invaluable human testing information that will be provided by using it in a jail.  After that, can it really be something that modern prisons can afford?

A lot of people are asking why.  Goodness knows that was my first thought too.  It answered itself pretty quickly though.  I mean how many motherboards these days come with heat, fan speed, and voltage monitoring built into the hardware and BIOS?  How many come with hard drive checking and detailed memory checking as well?  Heck, I’ve even seen some with crappy antivirus that I wouldn’t trust in the past.  So as a selling point, an antivirus that you could trust makes a kind of sense.

More than that though, one of my favorite features of old nVidia motherboards was the built-in hardware firewall with a web interface.  A personal firewall that doesn’t eat up all of my PC’s resources?  It was a great idea as far as I was concerned.

And what eats more resources today than anti-virus, anti-spyware, firewall, email, etc. protection suites all rolled into one?  Some of those are real beasts!  As McAfee well knows, since their antivirus is one of the most resource consuming monstrosities out there.  So if anyone can hardware-accelerate your malware defenses, who better than Intel?

Heck, with virtualization and abstraction layers abounding as new means of defending your computer from hackers, again, who better a partner than Intel to add some hefty unique specialized hardware into your northbridge?

Okay, so I guess AMD might have been a good second choice.  Maybe even nVidia a third.  But we all know that if you want to reach the world at large, you aim at Intel.  So who better than to sell yourself out to than Intel directly?

And these days Intel is looking to bundle everything they possibly can into their CPUs and chipsets.  From 3D graphics now even going into CPUs, to memory controllers (finally catching up with AMD there), to disk security, to serious RAID disk controllers, it’s all being packed up and bundled in.  So it comes as no surprise then that Intel is looking to bundle in one more specialized bit of hardware – the Malware Defense Unit.  (Or something equally trite.)

Whatever makes them happy.

And maybe it’ll even work out well for them.  It certainly makes a kind of sense.

My only concern is that I’ve personally never been a McAfee fan in the first place.  Every time I’ve used their software, it’s sucked up valuable resources.  Sure, it protects you, but at what cost?  And then look at Intel’s idea of 3D graphics acceleration.  It’s hardly top-notch.  And while their RAID disk controllers are okay, they’re not exactly the ones I go to when I need something professional either.  So is that the kind of aim that Intel is going to take with their new security division as well?  Is their Onboard McAfee going to just be another, “It’s better than nothing, but for anything serious I’m still replacing it,” product?  That might work great for casual users and small offices, but I can’t see Intel’s usual approach to anything not directly CPU related winning over any serious business buys.

But hey, I guess that’s a worry for another day.  First we have to see what Intel even does with McAfee in the first place.

One does have to wonder though …

I mean with CPUs having so many cores these days, not to mention Intel’s famous HyperThreading…  Then you add in to that the virtualization being built into CPUs as well…  Does anyone really need hardware acceleration to run their PC’s security suite anymore?  Seems to me processors these days can do it all with plenty to spare, so much so that you’d probably never even notice a resource hog anymore.

With so many unused cores in most desktops you could probably even do software RAID without noticing.

But maybe that’s just me.

Apple just recently fixed this “binary planting” vulnerability in their iTunes for Windows application.  A remote attacker merely has to plant a malicious DLL using a specific name in the same network share as a media file and as soon as someone comes along to listen to that media file, BAM!  iTunes would load that laced DLL to play the music and execute goodness only knows what evil.

Many sysadmins are sighing with a bit of relief as this attack vector does require a network share to pull off, which is not something they intend to allow hackers to do this on their networks.  But, need I remind you of the Web Client service, enabled by default, with features like WebDAV, which allows remote network shares, as in internet-based, as in not safely behind  your intranet?

Fortunately, besides disabling these features, you also have options like  firewalls to stop the evil WebDAV and likewise outbound traffic.

Also of good news is that Apple has fixed this security hole in iTunes.

But!

Was iTunes the only hole needing to be patched?  Not according to H.D. Moore of Metasploit, who says that about 40 applications are exploitable in Windows because of the way in which Windows loads “safe” file types from network locations.  A problem which affects not only the older and less-secure Windows XP, but even Windows Vista and Windows 7.

So be warned.  Be wary.  And secure those PCs please.

Network Solutions, Happily Providing Website Owners With Malware Since…

Take, for example, anyone running a website hosted by Network Solutions.  Turns out that one of their widgets, there to make your website construction easier, was actually infected with malware!

What’s worse, Network Solutions is neither apologizing for infecting your websites, nor even saying how their widget got infected in the first place.  They just tell you to delete it.  Oh.  How informative.  How helpful.

Initial reports based on Google and Yahoo searches estimate anywhere between half a million and five million domains may have been infected.  Network Solutions, of course, denies any such numbers as being so high, but as of yet has failed to provide its own numbers to back that up.

SQL Vs. Apple … And A Whole Lot Of Others

An SQL attack has hit approximately half a million legitimate webpages with database commands that attempt to hide malware exploit links into the webpage code.  Of those infected is included the ever famous Apple, who’s iTunes podcast promotion pages were identified as hit.  Fortunately Apple was quick to clean up their infections.

Plenty of other websites have been hacked by this SQL vuln as well, obviously.  The continued SQL database injection attacks are frequently changing enough that tjey jave yet to be stopped.

Adobe – Chilly Towards A Hot ColdFusion Vuln

Adobe’s ColdFusion application server saw a recent update to patch a security hole that it labeled as “important”. But just how important was patching this exploit?  Well a number of researchers now claim that it should have been labeled “critical” because the vuln could actually let hackers seize control of servers in a “full system compromise”.  It not only allows someone to manipulate the system files, but to also upload scripts and even mess around with the database natively.  As holes go, it really doesn’t get worse than that.

Fortunately, Adobe did patch the hole.  But downplaying the importance of the vulnerability may lead to less people upgrading to the fix as they should.

Disney – Sued For Spying On Your Kids?

Walt Disney’s internet subsidiary, Walt Disney Internet Group, and several partners such as Clearspring Technologies and Warner Bros. Records, are being sued in the US District Court of Los Angeles for allegedly using Adobe Flash Player cookies to track highly personal information about users, the majority of whom are minors.  The Locally Shared Objects (LSOs) otherwise known as Flash Cookies, have supposedly been gathering detailed user information over long periods of time since at least 2007, in ways that, are claimed, violate the sites’ privacy policies.   These LSOs were left behind, and used to respawn deleted browser cookies, becoming “zombie cookies” which allegedly were used to re-identify users to continue tracking them without warning or knowledge thereof.

False rumors have been spread that an upcoming European tour of Guns N’ Roses was canned, thanks to a bit of Twitter hacking of Axl Rose’s account.  The tweet from Axl that all was over was, of course, not really from Axl at all.  And he might have even been able to catch it and prevent the spread, had he ever been using his Twitter account instead of, well, doing anything more entertaining than tweeting.  But, alas, he actually has a life.  And so the hack went uncontested long enough for people to believe it.  It’s nice to see someone on Twitter actually busy with real life for a change.  But it’s also a good reminder that if you choose to have an online presence, maybe you should at least log in every once in a while.  Or just let it drop entirely if you’re too busy to take it seriously.

Including being a security problem.

I’ve already told you how Symbian smartphones have been turned into a mass-mailing zombie network. But let me tell you, that’s only the beginning.

Palm Pre phones are prone to a vulnerability in receiving malicious messages that can compromise them with a backdoor which can allow hackers to record and transmit audio, effectively “bugging” your Palm Pre, as well as the usual theft of stored data.

Also, Apple has only just recently patched critical security holes in its iOS.  One allowed hackers to install malicious apps on iPhones, iPads, and iPod Touches through poisoned PDF files which, by default, open automatically.

Another let attackers break out of the iOS security “sandbox” to access the root account, allowing unlimited access to the device.  This flaw, by the way, was the one used by jailbreaking software to let your iPhone be used how you want it to be used.  So don’t go thinking that this fix was entirely driven by just security over at Apple.

So there you have it, your smartphone is becoming more and more just another computer for hackers to attack.  They contain the same security risks as any Mac or PC.  Be conscious and use good security practices, even with your cute little phones, or you just might be caught unaware by a nasty ol’ hacker.

Well, okay, so in theory there’s also Macintosh in there somewhere.  But honestly, who cares about that?

And, again, another theoretical solution is to use virtualization, like VMware, to run one OS natively and the other on virtualized hardware from inside the native OS.  Except that’s not really the solution that it should be.  If you run Linux native and Windows virtual, it’ll work, sure, but the point of a lot of people of running Windows is to play games that Linux can’t, and even though VMware has made some great strides in graphics virtualization, now that they actually virtualize the 3D acceleration as well, there’s still a significant performance loss running on virtualized hardware.  Which rather defeats the purpose.  Who wants to play their games slowly? But the alternative, running Windows natively so that you get full performance, and virtualizing Linux, is frankly even more useless since you’ve just thrown the whole Linux security advantage out the window.  And really, what can Linux do that Windows can’t?  So then what would be the point of using Linux at all if you were going to make your base OS Windows?  You could just use Windows.

So the answer is to dual boot.  Install Linux and Windows side-by-side and choose which one you want to load at startup.  It’s supposed to be easy.  And solve all of your problems.

Except for when it isn’t, and doesn’t.

Frankly, Linux (and all things related) is really starting to piss me off.

To start with, I decided to try a distro I’ve never touched before, because I’m old school I guess: Ubuntu.  It’s cute.  It’s snazzy.  Shame it couldn’t properly recognize my RAID0 array and trashed it each and every time I tried to install it.  Having installed Windows first in the process, that meant a lot of re-installing Windows, drivers, etc.  It was a royal pain in the asterisk.

But I’m nothing if not persistent.  I switched from using my Intel Matrix RAID controller to the dinky JMicron one that I don’t trust worth a darn, and voila, Ubuntu stops trying to access the component drives separately and treats the RAID0 array as a single disk.  Windows, mind you, had no problem properly using either.

That settled, move on in time.  To a procedure I’d put off perhaps a little too long: making my first backup.

Here’s a freaking rant in and of itself.  Windows Backup in Windows 7 can’t be used because the Linux bootloader partition used by GRUB I stupidly partitioned and formatted for Linux.  You might think “duh” there, as what else would you do?  Well Windows 7 has a stupid shadow copy technique used when backing up drives.  This is poorly programmed, and requires so much free space on each partition.  And yes, you guessed it, Windows both is smart enough to recognize that it needs to backup that bootloader partition, but too dumb to know how to read any Linux-formatted partitions.  So unless you were smart enough to make that bootloader a FAT32 or NTFS format, Windows Backup fails each and every time because it can’t shadow the bootloader partition.  Never mind that you could have literal terabytes of space free on your drive.  The shadow has to be on the partition being copied, and if the partition format can’t be read by Windows, you’re SOL.  And, in fact, I can’t even be sure that making that partition Windows-readable will fix this Windows Backup woe, because I have yet to try it.  It’s only a theory that it might make Windows Backup usable on a dual-boot box.

But honestly, it’s no big deal.  That’s okay, because Windows Backup is a PoS anyway.  There’s so much better software out there, right?  Comodo, for example, is free and does a much better job.  I would have just used my old copy of Norton Ghost, like I have on so many Windows XP boxes past, but it’s not compatible with Windows 7.  Oh, sure, some newer version is, but I’m not going to stump-up cash for that if there’s a free alternative that meets my needs.  And besides, I don’t want to just back up my Windows partitions anyway.  We’re talking dual boot.  We’re talking Windows and Linux living side-by-side.  So a Windows-only backup would be darn stupid anyway.  Just as a Linux-only backup would be.

So let’s try bringing in something truly multiplatform, that can read NTFS and Linux formats equally well, and will respect the whole of the hard drive, the master boot record, the partitions, everything exactly as they are.  Why not try something like Partimage Is Not Ghost (PING) then.

And then watch during a routine backup as PING totally destroys the Windows partition so badly that no Windows or Linux tool can restore it without reformatting the whole NTFS partition Windows used to be using before it was slaughtered by bad programming and heavy Linux hands.

Honestly.  Can anyone tell me why anyone would think a typical Windows user would, at this point, having had his Windows install raped and slaughtered repeatedly by Linux, be even remotely interested in trying to use Linux at this point?  At all?  Ever?

I can’t think of a single reason.

In fact, I feel pretty damn stupid for even giving Linux this many opportunities to nuke my Windows install.

I honestly have no idea why I’m so determined to use Linux at all.  Dualboot is just not working here.  I don’t know why not.  It’s a freaking simple concept.  I know Linux works just great on its own.  And Windows, well, is Windows.  Can’t live with it, can’t live without it.  So…

…I keep on trying.

But if anyone has ever wondered why Windows users don’t switch to Linux for the better security, lower overhead, and easier access to a plethora of wonderful free software?  There you go.  It’s because of all of the bad things that Linux does, that Windows doesn’t.  Like happily deconstruct a RAID array and then write to the drives individually, destroying the array.  Or blithely nuke Windows during a routine hard drive backup, when it should only be reading from the Windows partition in the first place.  Not many Windows users would be happy to reinstall everything from scratch because “oops” we had a little bug.

I’ve decided that I really don’t like Ubuntu though.  So maybe I’ll go back to openSUSE.  Or Fedora.

But later.  Much later.  When the seething anger has gone back down to a dull ache and I can burn a distro to DVD without wanting to throw it across the room, grind it into pulp, etc.

I really never thought I would cherish anything Microsoftian this much.  But I’m about damn ready to mount my Windows 7 disk on a wall.  With those holograms, it’s even kind of shiny…

But a recent perusal in the ZDI database for high-risk vulns still sitting unpatched after more than a year after disclosure has grated on some nerves.  Some of those privately disclosed security holes have even gone as many as three years without being fixed by their respective software vendors.  And that’s just no good.

TippingPoint had been trying to be responsible, keeping the disclosure of the bugs private, giving their creators time to fix them to keep everyone safe without going full disclosure and letting the hackers also know of these vulnerabilities.  But after seeing too many software companies sit upon their laurels and do nothing about their holes, TippingPoint has had enough.

The new ZDI police will still be to privately contact software companies, but to only give them six months of privacy to correct their flaws.  After that six months, if no extension is agreed upon, TippingPoint will turn around and give full disclosure of the bug to the world at large, giving third parties an opportunity to fix the holes that a software vendor refused to act upon.

While many proponents (including myself) laud this tough-on-bugs approach, opposition to the “full disclosure” method (such as Microsoft, of course, inventors of security through obfuscation) argue that set timescales don’t work because some bugs take longer to fix and test than others, and that hackers can also use the disclosed information to make their job of getting into your computer easier.

And these are valid points.  But then, that’s probably why TippingPoint in fact has a method in place to file for an extension to that six month timeline.  TippingPoint seems to make it clear that if Microsoft can make a convincing argument on why they can’t fix their security hole in a mere six months, TippingPoint will be more than happy to extend that timeline to give them all of the privacy they need.

Meanwhile, there’s the other end of the spectrum.  Recently Google has expressed a policy similar to this new one from TippingPoint, but with a mere 60 days, just two months, of privacy, a much tougher deadline to meet.