Nuvifone delayed

Next Story

They're already working on the next generation of video game consoles


As part of its quarterly earnings report, Garmin announced delays for its first mobile phone, while they had previously announced the Nuvifone would be available sometime during the fourth quarter, now don’t expect to see one until the first half of next year.

See CrunchGear for the full scoop.

  • http://itechreport.com Brenton

    Great post, but you might want to fix the word developer in the sixth paragraph from the top (at the moment it says develoep)

  • Matt

    It’s ok the cybersecurity bill will make it all better.

  • http://fudge.org Jay Cuthrell

    You could almost replace the word “web” with “Microsoft” and that’s not a slam against Microsoft in any sense. It just shows that the foundations have to change before the scaffolding will become more trustworthy.

    The web is overdue for a rewrite.

    I just want to fast forward past Web Vista.

    • Jeff

      We aren’t even at Web 3.0 and you want to skip straight to Web 7? Psh, children these days are so impatient!

  • http://josephscott.org/ Joseph Scott

    About your last paragraph:

    Update: A somewhat ironic twist to this story. When I included the code example above (ie. how to test for XSS) it actually passed through the CMS running this blog and kept triggering when I would attempt to preview or publish this post.

    In WordPress users with the admin role have the ‘unfiltered_html’ capability, as noted in the documentation – http://codex.wordpress.org/Roles_and_Capabilities#Administrator

    This allows admin level users the ability to include raw HTML or Javascript in posts. That’s why there is a warning to only grant this capability to trusted users – http://codex.wordpress.org/Roles_and_Capabilities#unfiltered_html

    • http://crunchbase.com/person/nik-cubrilovic Nik Cubrilovic

      your right, I only realized after checking it out that it is admin-only, so there is not a lot to it. just mentioned it more out of interest – i love wordpress.

      • http://www.e27.sg bjorn

        a long awaited article from u finally :)

  • http://www.firehost.com Chris Drake

    We agree that security is an issue and getting worse. Can users/developers fix this? We think only hosting providers can handle costs and complexities of this efficiently. Just ask Kevin Mitnick…

    WSJ had an article on the subject today: http://online.wsj.com/article/SB125175147081773767.html

    • http://itechreport.com Brenton

      That article was probably the lead for this one.

      • http://crunchbase.com/person/nik-cubrilovic Nik Cubrilovic

        actually i read shit online recently, and have that article open now and haven’t read it yet. my daily is ~20% of techmeme, internal yammer, some email and the few tweets i manage to catch

  • http://www.inkreadyprint.co.il barz

    a bigger solution is needed. A developer can only handle security threats he knows about and it’s impossible to foresee every possible threat. You do your best and must also hope for the best. This problem is even bigger for cloud applications

    • http://www.firehost.com Chris Drake

      Barz – totally agree. We haven’t rolled out a cloud solution as we’re not confident it can be adequately protected at this stage. Trust me, we’ve been trying to do it for over 6-months.

  • Nope

    “Today we are trusting the web with our most personal and important data, from private photos and social graphs to finances and key work documents.”

    Please speak for yourself. YOU do all of that.

    I don’t.

    • @Nope

      This problem is not about you or me Nope. It’s about the safety of the majority. Cloud computing is THE solution for it makes problems the size that can’t be ignored ;-)
      Asking individuals to accepts responsibility is a losing strategy at this point. We need collective solutions so developers & start-ups can start using cloud based services that are safe.

    • Jonathan

      I also do not.

  • http://www.roundersbid.com/dog-training-issues-refusing-to-come-when-called.html/ Dog Training Issues – Refusing to Come When Called Pets

    […] Today we are trusting the web with our most personal and important data, from private photos and social graphs to finances and key work documents. Our hesitation to share such information has dropped over the years as our trust in our favorite services grows. Yet all the while, the web is actually growing less secure, as sites are left open to new attacks that can spread easily and leave users…Read more » […]

  • James Grinter

    Even if you don’t “trust the web”, someone else probably is on your behalf. Or, someone else you’ve had contact with will do something stupid that has an impact upon you. That’s the power of computer networks.

    (Cross-site scripting attacks are, of course, merely attacks of the defensive programming stratagem “sanitise your input”. Just rather a sneaky one, where some thought they could safely sanitise all HTML.)

  • http://www.scriptbasic.org ScriptBasic

    Or use a non-html parsing scripting solution. I remember when php would parse fake gif files and execute embed code skipping the binary headers.

    Your much safer using something like C, Python, Perl or my favorite ScriptBasic. These scripting solutions are real programs that do what they are intended to do instead of parsing /executing whatever is passed their way.

    • Mike

      C is not a scripting solution.

      • http://www.scriptbasic.org ScriptBasic

        It is when you use something BCX Basic to C or BaCon Basic to C to produce fast, small CGI (compiled) scripts.

  • http://www.blog.csit.carleton.ca/?p=139 The Almost Hopeless Challenge Of Web Security | BIT Blog

    […] at ‘cross-site scripting’ one of the latest ‘online security can-of-worms’. Click here to read the original […]

  • http://www.facebook.com/people/Angela_Hayden/507212615 Angela Hayden

    I’m just a simple graphic designer trying to start an online audio tour business and it has been HELL! I can’t express in words how much I hate Dreamweaver, Notepad++, CSS, PHP, etc. I’m a starving artist so I have to do everything myself and I also wanted to host everything myself. Instead I’m having to pay E-Junkie to host my mp3 files. My hosting company can’t even send me instructions on how to stop someone from sending emails from my business account. My head is spinning from all the e-cart solutions.

    AnyHoo, thanks for listening. I have to go produce 100 images in photoshop for another project. Oh yea, my shitty site is http://www.hereandthereaudiotours.com I’m editing the page now with a set-up css template using notepad++. I have much work to do.

    Okay, now I’m crying. Damn it. And another thing, in the last year and a half I’ve lost data on 3 external hard drives. I’m going to bomb my office. I really have to go now.

  • ambert ho

    “browser manufacturers themselves do not completely understand the issues involved, and in some cases are moving backwards (ie. the new IE8 is now allowing XmlHttpRequest across-ports)”

    Curious, what’s the big deal with allowing XHRs to any port?

    The API only allows you to initialize the xhr to make HTTP requests with HTTP headers (so it’s not like I can open an FTP request, or start arbitrarily talking SQL to port 3306) and even with the IE8 change it’s not like you can open connections to other servers – Same-Origin-Policy is still enforced, just not to the same port.

    So I don’t really see how this makes the browser less secure – seems like it was just a feature added to better support SOAP, REST, etc. since some people are going to have their web services listening on nonstandard ports.

  • http://bizyinc.com sh

    Read this about another security issue:

    http://www.eff.org/deeplinks/2009/04/cybersecurity-act

    Federal Authority Over the Internet? The Cybersecurity Act of 2009

  • http://bizyinc.com sh

    Federal Authority Over the Internet? The Cybersecurity Act of 2009

    http://www.eff.org/deeplinks/2009/04/cybersecurity-act

  • http://www.mykonossoftware.com David Koretz

    There are a lot of smart people working on this problem such as White Hat Security, Mykonos Software, Fortify, and others.

    The end result is going to be a strategy that attacks multiple layers via code scanning, code-level protection, intrusion detection, etc.

    It’s no different than physical security: you lock your doors, and buy an alarm system.

    The real problem is that the average developer is not trained on application security, and under the pressure of corporate deadlines builds features, not security.

  • http://technology.jaredrimer.net/2009/09/01/the-almost-hopeless-challenge-of-web-security/ The Almost Hopeless Challenge Of Web Security « Jared Rimer’s Technology blog and podcast

    […] The Almost Hopeless Challenge Of Web Security. […]

  • http://todaytips.ebali.web.id/12555-successful-mlm-business/ Today Free Tips

    […] has dropped over the years as our trust in our favorite services grows Yet all the while the… read more or search more on challenge hopeless web » Other posts in Marketing”TheTime is Now” For […]

  • SpaceMan

    If PHP is the center of Web technology… PHP will stand for Pretty Hopeless PHP

  • http://www.techcrunchit.com/2009/09/03/rubyonrails-xss-vulnerability-claims-twitter-basecamp-my-confidenc/ RubyOnRails XSS Vulnerability Claims Twitter, Basecamp And My Confidence

    […] was only three days ago that I wrote about the almost hopeless challenge of web security, specifically around new vectors […]

  • http://www.opsourcecloud.net Rick Lebherz

    Good article.

    I think the nature of the challenge isnt just with in IT and the Tech world. It comes down to human nature and pushing the limits of what is possible.

    As long as someone creates something of value, someone else will be there trying to pick it a part and poke holes in it. Hopefully the intention is to improve and alert the community and not leverage this for personal gain. But many people are selfish creatures. All you can do is try and stay ahead of the curve.

    Also along the same lines in case you missed it, OpSource is improving Cloud Security and performance to meet enterprise expectations and requirements. A multitiered architecture, firewalls and load balancing standard (not an option), dedicated private VLANs, Encryptions, SAS 70…yada yada yada…check it out

    http://www.techcrunchit.com/2009/08/27/opsource-unveils-hybrid-cloud-solution-for-the-enterprise/

  • http://www.scrumster.com/techcrunch/2009/09/04/rubyonrails-xss-vulnerability-claims-twitter-basecamp-and-my-confidence/ Techcrunch » Blog Archive » RubyOnRails XSS Vulnerability Claims Twitter, Basecamp And My Confidence

    […] was only three days ago that I wrote about the almost hopeless challenge of web security, specifically around new vectors […]

  • http://www.dreamnest.in/technology/rubyonrails-xss-vulnerability-claims-twitter-basecamp-and-my-confidence.html RubyOnRails XSS Vulnerability Claims Twitter, Basecamp And My Confidence | Technology

    […] was only three days ago that I wrote about the almost hopeless challenge of web security, specifically around new vectors […]

  • http://www.webmaster-source.com/2009/09/05/blogbuzz-september-5-2009/ BlogBuzz September 5, 2009

    […] The Almost Hopeless Challenge Of Web Security […]

  • http://www.codedstyle.com/rubyonrails-xss-vulnerability-claims-twitter-basecamp-and-my-confidence/ RubyOnRails XSS Vulnerability Claims Twitter, Basecamp And My Confidence | Codedstyle

    […] was only three days ago that I wrote about the almost hopeless challenge of web security, specifically around new vectors […]

blog comments powered by Disqus