Slashdot Mirror

Well that headline is misleading at best I'd say. I suggest reading pwn2own day one: Safari, IE8 fall, Chrome unchallenged in which it states that both Safari and IE fell at the first attempt, clearly it was a matter of nothing more than the ordering. Apologies for disturbing all the anti-apple ranting but both systems are weak.
 
Please feel free to resume posting uninformed comments now.

An interesting question would be where the line is crossed between public information and illegal electronic surveillance. Many states have very restrictive wire-tapping laws that don't even allow sympathy for the "I did it to protect my baby" defense.

If it's done electronically, without your express consent, it's probably illegal - if you're an individual. Make that a corporation and it seems you're forgiven...

On the whimsical side, perhaps we could get a class action thing going - we're looking at $10,000 per cookie here. Sure, the lawyer will get the lion's share, but even if we only made $10 per cookie ;)

People forgot about it due to the ong solar minimum, but if this many things are dependant upon GPS, they're going to want to find some contingency plans:

• http://arstechnica.com/science/news/2010/02/rise-in-solar-activity-all-but-certain-to-mess-with-gps.ars
• http://spaceflightnow.com/news/n0704/04gpssun/

The most in-depth review of the Xoom was by Ars-Technica, and they use words like: rushed to market, lack of completeness, beta release.

http://arstechnica.com/gadgets/reviews/2011/03/ars-reviews-the-motorola-xoom.ars/10

Is your personal opinion based on actually using both the Xoom and the iPad 2, or are you just comparing spec lists?

This isn't all that different from when Seagate bought Maxtor. Back then, after the sale, Seagate controlled 44% of the market, compared to nearly 50 percent market share which this deal has bestowed upon Western Digital.

Here's the link: http://arstechnica.com/tech-policy/news/2011/02/anonymous-vs-hbgary-the-aftermath.ars

It's here, in the Slashdot story that was already posted about 3 weeks ago:
http://it.slashdot.org/story/11/02/17/0041208/Anatomy-of-the-HBGary-Hack

I missed that. Well ... what would /. be without dupes ...

Another one:

http://arstechnica.com/tech-policy/news/2011/02/how-one-security-firm-tracked-anonymousand-paid-a-heavy-price.ars

Did you miss the part where both Norton and Ultradefrag have screamed bloody murder over the fact Win 7 doesn't allow kernel hooks when it is those same hooks that allow malware and rootkits to penetrate so deeply?

Did you miss the part that Peter and AV friends created vulnerabilities by using such hooks? Meanwhile, the same kernel hooks that all these security companies are bitching about aren't needed or used by MSE. That's right, the software you speak so highly of and want MS to roll out because it's just that good doesn't need to patch the kernel. In fact, MSE was shown to be impervious to this class of attack because it didn't patch the kernel.

At any rate, AV companies bitching about being "kicked out of the kernel" doesn't have much to do with the antitrust allegations other than it's the same parties bitching. While the antitrust concerns may have merit (because Microsoft has a competing product), the rest is just AV companies spinning up press because they would apparently just like to continue selling you the same broken software (kernel hacks and all) instead of developing new.

I still don't see much merit in claiming that there isn't much Microsoft can do. Windows fanboys have been telling us that for years. Clearly they were wrong -OR- Windows 7 is just as much a steaming pile of shit as XP is (pick one). Really there's not a damned thing Peter can do about Microsoft squashing bugs. So yeah, when you say "MSFT can only add so much" of course I'm going to look at you funny and ask you what you're talking about. Sure, they might not be able to include MSE by default, but they are far from having nothing else to do.

Did you miss the part where both Norton and Ultradefrag have screamed bloody murder over the fact Win 7 doesn't allow kernel hooks when it is those same hooks that allow malware and rootkits to penetrate so deeply?

Did you miss the part that Peter and AV friends created vulnerabilities by using such hooks? Meanwhile, the same kernel hooks that all these security companies are bitching about aren't needed or used by MSE. That's right, the software you speak so highly of and want MS to roll out because it's just that good doesn't need to patch the kernel. In fact, MSE was shown to be impervious to this class of attack because it didn't patch the kernel.

At any rate, AV companies bitching about being "kicked out of the kernel" doesn't have much to do with the antitrust allegations other than it's the same parties bitching. While the antitrust concerns may have merit (because Microsoft has a competing product), the rest is just AV companies spinning up press because they would apparently just like to continue selling you the same broken software (kernel hacks and all) instead of developing new.

I still don't see much merit in claiming that there isn't much Microsoft can do. Windows fanboys have been telling us that for years. Clearly they were wrong -OR- Windows 7 is just as much a steaming pile of shit as XP is (pick one). Really there's not a damned thing Peter can do about Microsoft squashing bugs. So yeah, when you say "MSFT can only add so much" of course I'm going to look at you funny and ask you what you're talking about. Sure, they might not be able to include MSE by default, but they are far from having nothing else to do.

"I use adblock, peerguardian, updated blocklists and null routes in my router to avoid spam at all costs... several years ago people were as massively anti ads as I am now, but somehow the new 'politically correct' thing to do is to embrace ads for some odd reason and people actually defend ads nowdays" - by Cito (1725214) on Saturday March 05, @09:17PM (#35393698) Homepage

The ONLY people that "defend ads" are the multiple account using fools that create or profit by the ads... proof? Ok, from a respected someone in the Open SORES world:

----

"It just takes one Ubuntu sympathizer or PR flack to minus-moderate any comment. Unfortunately, once PR agencies and so on started paying people to moderate online communities, and to have hundreds of accounts each, things changed." - by Bruce Perens (3872) on Friday July 30, @03:55PM (#33089192) Homepage Journal

SOURCE -> http://linux.slashdot.org/comments.pl?sid=1738364&cid=33089192

----

Back to my subject-line though now:

20++ ADVANTAGES OF HOSTS FILES OVER DNS SERVERS &/or ADBLOCK ALONE for added layered security:

1.) HOSTS files are useable for all these purposes because they are present on all Operating Systems that have a BSD based IP stack (even ANDROID) and do adblocking for ANY webbrowser, email program, etc. (any webbound program).

2.) ADBLOCK CAN BE DETECTED FOR: See here on that note -> http://arstechnica.com/business/news/2010/03/why-ad-blocking-is-devastating-to-the-sites-you-love.ars

HOSTS files are NOT BLOCKABLE by websites, as was tried on users by ARSTECHNICA (and it worked, proving HOSTS files are a better solution for this because they cannot be blocked & detected for, in that manner), to that websites' users' dismay:

PERTINENT QUOTE/EXCERPT FROM ARSTECHNICA THEMSELVES:

----

An experiment gone wrong - By Ken Fisher | Last updated March 6, 2010 11:11 AM

http://arstechnica.com/business/news/2010/03/why-ad-blocking-is-devastating-to-the-sites-you-love.ars

"Starting late Friday afternoon we conducted a 12 hour experiment to see if it would be possible to simply make content disappear for visitors who were using a very popular ad blocking tool. Technologically, it was a success in that it worked. Ad blockers, and only ad blockers, couldn't see our content."

and

"Our experiment is over, and we're glad we did it because it led to us learning that we needed to communicate our point of view every once in a while. Sure, some people told us we deserved to die in a fire. But that's the Internet!"

Thus, as you can see? Well - THAT all "went over like a lead balloon" with their users in other words, because Arstechnica was forced to change it back to the old way where ADBLOCK still could work to do its job (REDDIT however, has not, for example). However/Again - this is proof that HOSTS files can still do the job, blocking potentially malscripted ads (or ads in general because they slow you down) vs. adblockers like ADBLOCK!

----

3.) Adblock doesn't protect email programs external to FF, Hosts files do. THIS IS GOOD VS. SPAM MAIL or MAILS THAT BEAR MALICIOUS SCRIPT, or, THAT POINT TO MALICIOUS SCRIPT VIA URLS etc.

4.) Adblock won't get you to your favorite sites if a DNS server goes down or is DNS-poisoned, hosts will (this leads to points 4-7 next below).

5.) Adblock doesn't allow you to hardcode in your favorite websites into it so you don't make DNS server calls and so you can avoid tracking by DNS request logs, hosts do (DNS servers are also being abused by the Chinese lately and by the Kaminsky flaw -

"I use adblock, peerguardian, updated blocklists and null routes in my router to avoid spam at all costs... several years ago people were as massively anti ads as I am now, but somehow the new 'politically correct' thing to do is to embrace ads for some odd reason and people actually defend ads nowdays" - by Cito (1725214) on Saturday March 05, @09:17PM (#35393698) Homepage

The ONLY people that "defend ads" are the multiple account using fools that create or profit by the ads... proof? Ok, from a respected someone in the Open SORES world:

----

"It just takes one Ubuntu sympathizer or PR flack to minus-moderate any comment. Unfortunately, once PR agencies and so on started paying people to moderate online communities, and to have hundreds of accounts each, things changed." - by Bruce Perens (3872) on Friday July 30, @03:55PM (#33089192) Homepage Journal

SOURCE -> http://linux.slashdot.org/comments.pl?sid=1738364&cid=33089192

----

Back to my subject-line though now:

20++ ADVANTAGES OF HOSTS FILES OVER DNS SERVERS &/or ADBLOCK ALONE for added layered security:

1.) HOSTS files are useable for all these purposes because they are present on all Operating Systems that have a BSD based IP stack (even ANDROID) and do adblocking for ANY webbrowser, email program, etc. (any webbound program).

2.) ADBLOCK CAN BE DETECTED FOR: See here on that note -> http://arstechnica.com/business/news/2010/03/why-ad-blocking-is-devastating-to-the-sites-you-love.ars

HOSTS files are NOT BLOCKABLE by websites, as was tried on users by ARSTECHNICA (and it worked, proving HOSTS files are a better solution for this because they cannot be blocked & detected for, in that manner), to that websites' users' dismay:

PERTINENT QUOTE/EXCERPT FROM ARSTECHNICA THEMSELVES:

----

An experiment gone wrong - By Ken Fisher | Last updated March 6, 2010 11:11 AM

http://arstechnica.com/business/news/2010/03/why-ad-blocking-is-devastating-to-the-sites-you-love.ars

"Starting late Friday afternoon we conducted a 12 hour experiment to see if it would be possible to simply make content disappear for visitors who were using a very popular ad blocking tool. Technologically, it was a success in that it worked. Ad blockers, and only ad blockers, couldn't see our content."

and

"Our experiment is over, and we're glad we did it because it led to us learning that we needed to communicate our point of view every once in a while. Sure, some people told us we deserved to die in a fire. But that's the Internet!"

Thus, as you can see? Well - THAT all "went over like a lead balloon" with their users in other words, because Arstechnica was forced to change it back to the old way where ADBLOCK still could work to do its job (REDDIT however, has not, for example). However/Again - this is proof that HOSTS files can still do the job, blocking potentially malscripted ads (or ads in general because they slow you down) vs. adblockers like ADBLOCK!

----

3.) Adblock doesn't protect email programs external to FF, Hosts files do. THIS IS GOOD VS. SPAM MAIL or MAILS THAT BEAR MALICIOUS SCRIPT, or, THAT POINT TO MALICIOUS SCRIPT VIA URLS etc.

4.) Adblock won't get you to your favorite sites if a DNS server goes down or is DNS-poisoned, hosts will (this leads to points 4-7 next below).

5.) Adblock doesn't allow you to hardcode in your favorite websites into it so you don't make DNS server calls and so you can avoid tracking by DNS request logs, hosts do (DNS servers are also being abused by the Chinese lately and by the Kaminsky flaw -

They negotiated a levy on all blank CDs long ago, for this same reason.

This is double-dipping.

Better idea - why not make it a levy on iPods and other music players. Why should I have to pay a royalty when I don't download music?

They also negotiated a levy on iPods and other music players long ago. Then got rid of it in 2004-5, and some are trying to bring it back now.*
The same counter argument applies. Just as blank CD-Rs can hold not-music, audio players can play not-music. My mother's iPod puts public library branches to shame with its collection of purchased audiobooks and spoken word podcasts.

I got in on the refunds after buying my iPod Mini. And even that tax didn't stop them from double dipping. Unless the government mandates the removal of a preexisting levy, no way in hell is the industry going to give one up. "That's okay, we're getting enough money over here now." Ain't gonna happen.

*Don't feel like inline linking, so here:
http://www.ilounge.com/index.php/news/comments/apple-canada-begins-claims-process-for-ipod-levy-refunds/
http://arstechnica.com/tech-policy/news/2010/03/canadas-75-ipod-levy-returns.ars

My above link sucks because it's mostly non-US charges against StreetView. This one is more relevant because of quotes like this one:

[Pennsilvania, USA] Judge Reynolds sided with Google and concluded that the Street View service doesn't meet the criteria for an unlawful intrusion. Case law precedents define an actionable intrusion as one that causes "mental suffering, shame, or humiliation to a person of ordinary sensibilities." Reynolds doesn't believe that sufficient evidence was provided to demonstrate that Street View can cause such damage.

sigh. What happens when John Doe tries to do his own private StreetView project all over the USA?

I'm not sure why they are spending so much time on Linux, when it is used so little for actual desktop work. This site should really set its focus on OS X which certified Unix (unlike Linux which is just a non-standard proprietary clone).

By your same logic, they should also devote more time to SCO products ...

I'm not sure why they are spending so much time on Linux, when it is used so little for actual desktop work. This site should really set its focus on OS X which certified Unix (unlike Linux which is just a non-standard proprietary clone).

Suppose Joe Q User got a high n < 50 emails from Spammer King per day. A few cents a day in 'damage recovery' won't be worth suing for when courts/lawyers charge in the thousands, and he's not the one paying for bayesian algorithm research and footing the power / maintenance bills for monthly SPAM filtering appliances.

WebMail providers and ISPs are the only parties that could USE your so-dubbed 'BS metric' to litigate any useful net values in the high Millions of dollars for millions of filtered emails to their millions of worldwide users. I would support their initiative... but they just aren't interested. It's the same apathy that Microsoft shows by caring only once or twice in ~20 years to sue malware creators who case real damages in IT time, ransomware actually paid, and data loss caused from poorly planned fixes and emergency restores.

How much less could a Webmail provider care compared to giants like MS, when spam is so hard to track that they're gladly footing the bulk-filtering bills mentioned and still giving millions of us "free" webmail?

Okay, then. In my opinion, the color of Steve Ballmer's socks is responsible for Scott Walker, Koch Industries, the explosion of BP's Maconda Well, the disinformation from "Curveball" that the Junior Bush administration chose to use as the pretext for Operation Iraqi Liberation, the increasing rate of unemployment in the United States as well as all the very-long-term-unemployed who no longer qualify to even be included in the "official" unemployment statistics, and, oh yeah, exceptions to H1-B law obtained by Microsoft under false pretenses. I realize some of those connections are a bit tenuous, but Bill Gates certainly didn't use his best judgment when he lied in an op-ed in the Washington Post, in an interview with David Broder, and every time he testified to Congress that the "talent" Microsoft seeks just isn't available in the United States. Maybe Steve Ballmer's socks were playing tricks on his mind. Or maybe he's just a douchebag.

100 degree hot isles are too cold. Hot isles should be the temperature near the maximum component tolerance of the parts in the server. If a part has a maximum temperature of 150 degrees, and runs happily at 120 degrees, the hot isle should be 120 degrees. This way the cooling efficiency is the highest.

See Google and SGI (Rackable) container designs.

http://arstechnica.com/hardware/news/2009/04/the-beast-unveiled-inside-a-google-server.ars

As you can see from the photo there, all the cables in the front. No need to get behind it where the hot isle is.

Trivia:

Wireless television streams ~19 Mbit/s == ~6000 gigabytes per month, per station. Wireless FM streams ~70 GB/month per station. Wireless AM == 13 GB/month per station.

Good point.
This has been noticed before. Using a bi-directional general purpose network to stream video content to a device barely able to run long enough on its battery to finish a movie makes very little sense.

Several proposals have been put forth for OTA TV tuners in phones. Instead of running a transmitter, receiver, and processor intensive decoding, just toss in a receiver and tuner. Way cheaper. Way less power demanding.

Yes, you lose the on-demand capability, but probably 50% of what gets streamed these days would disappear by allowing OTA broadcasts to be seen where ever you happen to be.

This has always been an argument that is badly contended, the data people (Americans) use for these comparisons is definitely flawed just to keep their nationalistic pride. The reason you get those numbers is 1) you are taking Western Europe and Eastern Europe together - the latter has only in the last couple of years been able to afford to pick up the pace. The Russian Federation and China have the same issue - you're adding both poor and rich together while the US is in general considered, very rich throughout.

This chart is more detailed: http://www.worldpoliticsreview.com/Images/commentarynews/broadbandspeedchart.jpg and while the density of those countries has something to do with it (Japan and some European countries) other European countries are far less dense than the US. The difference (through history) is who invested in the infrastructure.

You also have to consider the cost. Look here: http://arstechnica.com/telecom/news/2010/01/us-broadband-still-lagging-in-speed-and-penetration.ars our average speed is 3.9Mbps and costs $40.

As Thursday's show continued, I received confirmation that I, personally, along with members of my family, had been highlighted in Themis' proposed hit job, as ThinkProgress followed up with a second story, based on several other emails from HBGary's CEO Aaron Barr. The email focused on me included names, personal information, home addresses, etc. of myself, family members and a number of other members of VR. Naturally, I reported on the then-confirmed news in the second hour of that night's Malloy Show.

From page 5 of the Ars Technica article:

When asked to investigate pro-union websites and WikiLeaks, Barr turned immediately to his social media toolkit and was ready to deploy personas, Facebook scraping, link analysis, and fake websites; he also suggested computer attacks on WikiLeaks infrastructure and pressure be brought upon journalists like Glenn Greenwald.

His compatriots at Palantir and Berico showed, in their many e-mails, few if any qualms about turning their national security techniques upon private dissenting voices. Barr's ideas showed up in Palantir-branded PowerPoints and Berico-branded "scope of work" documents. "Reconnaissance cells" were proposed, network attacks were acceptable, "target dossiers" on "adversaries" would be compiled, and "complex information campaigns" involving fake personas were on the table.

Critics like Glenn Greenwald contend that this nexus of private and public security power is a dangerous mix. "The real issue highlighted by this episode is just how lawless and unrestrained is the unified axis of government and corporate power," he wrote last week.

Especially (though by no means only) in the worlds of the Surveillance and National Security State, the powers of the state have become largely privatized. There is very little separation between government power and corporate power. Those who wield the latter intrinsically wield the former.

The revolving door between the highest levels of government and corporate offices rotates so fast and continuously that it has basically flown off its track and no longer provides even the minimal barrier it once did. It's not merely that corporate power is unrestrained; it's worse than that: corporations actively exploit the power of the state to further entrench and enhance their power.

Even if you don't share this view, the e-mails provide a fascinating glimpse into the origins of government-controlled malware. Given the number of rootkits apparently being developed for government use, one wonders just how many machines around the globe could respond to orders from the US military. Or the Chinese military. Or the Russian military.

While hackers get most of the attention for their rootkits and botnets and malware, state actors use the same tools to play a different game—the Great Game—and it could be coming soon to a computer near you.

Ars Technica has their own piece about this phone:
http://arstechnica.com/gadgets/reviews/2011/03/the-motorola-atrix-4g-jack-of-three-trades-master-of-one.ars

Dead iPad? $1,000 can bring your data back. It explains the process for recovering data from the iPad's flash storage, but SSDs would be fairly similar, although I imagine each one is just different enough to cause some pain.

Oh, you mean something like this? Now granted, the prosecution still messed up the case, but the gist of it is MS went after modders as well. Chances are, any console make will go after someone distributing how to hack their system. If you're caught using said hack, they'll ban you; if you're distributing it, they'll send the lawyers. In general they don't care... it's all about their revenue stream from licensing.

Just put this in perspective here... Let's take track records,

This is what rule of law has accomplished.

This is what rule of law asked these scumbags do

And this is in the plans, not to mention DoJ recommended firms to BoA to do this.

At this point I am wondering where is Thomas Jefferson when we need him now, and you honestly are thinking about the wellbeing of some teenager's personal on-line life? They don't even come close in term of scope! If I have to be a sacrifice for Anon in order to stump out the rampant corruption then so be it! I am Spartacus!

Just put this in perspective here... Let's take track records,

This is what rule of law has accomplished.

This is what rule of law asked these scumbags do

And this is in the plans, not to mention DoJ recommended firms to BoA to do this.

At this point I am wondering where is Thomas Jefferson when we need him now, and you honestly are thinking about the wellbeing of some teenager's personal on-line life? They don't even come close in term of scope! If I have to be a sacrifice for Anon in order to stump out the rampant corruption then so be it! I am Spartacus!

Really?
"Analysis by market research firm IDC shows that Mac sales growth in the last fiscal quarter was nearly seven times that of the overall PC market with Apple outgrowing overall PCs for 19 consecutive quarters, or nearly five years running."

http://arstechnica.com/apple/news/2011/02/apple-outgrows-pc-market-for-nearly-five-years-aided-by-enterprise.ars?comments=1&start=160#comments-bar

This is a bit old but gives a hint to where apple's install base may be today:
http://arstechnica.com/apple/news/2010/03/mac-os-x-north-american-installed-base-almost-11.ars

I would guess that there install base has gone up based on folks being influenced by the iphone and ipad. If I had to guess I would guess 13%. (Not counting ipads as computers)

1) It's the RIAA's fault
2) They're most likely lying.

The RIAA is a dinosaur that is slowly dying. It's their own fault. They've spend unknown millions of dollars fighting the digital age instead of embracing it. By fighting it so feverishly like they did, they forced people to come up with solutions and as we know in the digital age, when people want something, it happens. If the RIAA would've embraced the potential digital revenue, they would have feature rich and mature delivery systems available that they control. Instead, they are running around trying to put out little fires. So instead of capitalizing on a potentially lucrative environment, they decided to attack their fan base. In addition, the changing of the model has led to a huge increase in competition for the relatively short attention span of their usual cash cows. Video games, unlimited on-demand movies, hundreds of TV channels, texting, social networking in general - the RIAA's cut of a dollar has shriveled in the past 20 years.

The RIAA seems to be very shortsighted and making a series of VERY bad moves. Now the ball is rolling downhill and they may not be able to stop their demise. I say good riddance. It's not like it's going to affect ACTUAL music that much. God forbid we lose a few autotuned teen friendly beat mixes!

As for the lying part, I doubt that I have to go into detail about that. I'm sure everyone knows that the RIAA has never been fully upfront about their true profit streams. They'll cry about how "Sales are decreasing" when it only refers to one outmoded part of their revenues. It's another reason why nobody takes them seriously anymore.

For instance, even though digital sales have skyrocketed, you hardly even hear the RIAA mention them:

http://arstechnica.com/media/news/2009/08/global-digital-music-sales-to-overtake-physical-by-2016.ars

Splintering DNS forks the Internet so that Internet users might never know where to go to get domains, or what they might get.

Which is worse: Injecting forged data into the DNS, or eliminating data that you don't like?

Kashpureff was guilty of the former. Now the US government is doing the latter - seizing domain names on behalf of commercial interests.

http://arstechnica.com/tech-policy/news/2010/12/meet-the-people-who-want-julian-assange-whacked.ars

http://news.change.org/stories/brits-arrest-assange-us-politicians-seek-to-hang-him

http://www.tomchambless.com/2010/12/01/fox-analyst-mike-huckabee-wants-to-execute-julian-assange-but-let-murderers-go-free/

http://www.esquire.com/blogs/politics/julian-assange-pentagon-072910

There was physically no room for discrete graphics if they wanted to go beyond core2duo. This was discussed last time the 15 and 17 models were refreshed.
See http://arstechnica.com/apple/news/2010/04/why-the-13-macbook-pro-didnt-get-a-core-i5-upgrade.ars

As Flyerman points out, the 16 year old was posing as a man, and she social engineered a female within the organization. So, no, the girl didn't manipulate a guy via his hormones at all. The "security experts" failed repeatedly, on a number of fronts. Would you like the links to the real story? http://arstechnica.com/tech-policy/news/2011/02/how-one-security-firm-tracked-anonymousand-paid-a-heavy-price.ars http://arstechnica.com/tech-policy/news/2011/02/black-ops-how-hbgary-wrote-backdoors-and-rootkits-for-the-government.ars http://arstechnica.com/tech-policy/news/2011/02/anonymous-speaks-the-inside-story-of-the-hbgary-hack.ars http://arstechnica.com/tech-policy/news/2011/02/the-ridiculous-plan-to-attack-wikileaks.ars Please note, that I do not agree with a lot of what Anonymous does, but sometimes, they really do get things right. http://mashable.com/2011/02/19/anonymous-westboro/

As Flyerman points out, the 16 year old was posing as a man, and she social engineered a female within the organization. So, no, the girl didn't manipulate a guy via his hormones at all. The "security experts" failed repeatedly, on a number of fronts. Would you like the links to the real story? http://arstechnica.com/tech-policy/news/2011/02/how-one-security-firm-tracked-anonymousand-paid-a-heavy-price.ars http://arstechnica.com/tech-policy/news/2011/02/black-ops-how-hbgary-wrote-backdoors-and-rootkits-for-the-government.ars http://arstechnica.com/tech-policy/news/2011/02/anonymous-speaks-the-inside-story-of-the-hbgary-hack.ars http://arstechnica.com/tech-policy/news/2011/02/the-ridiculous-plan-to-attack-wikileaks.ars Please note, that I do not agree with a lot of what Anonymous does, but sometimes, they really do get things right. http://mashable.com/2011/02/19/anonymous-westboro/

As Flyerman points out, the 16 year old was posing as a man, and she social engineered a female within the organization. So, no, the girl didn't manipulate a guy via his hormones at all. The "security experts" failed repeatedly, on a number of fronts. Would you like the links to the real story? http://arstechnica.com/tech-policy/news/2011/02/how-one-security-firm-tracked-anonymousand-paid-a-heavy-price.ars http://arstechnica.com/tech-policy/news/2011/02/black-ops-how-hbgary-wrote-backdoors-and-rootkits-for-the-government.ars http://arstechnica.com/tech-policy/news/2011/02/anonymous-speaks-the-inside-story-of-the-hbgary-hack.ars http://arstechnica.com/tech-policy/news/2011/02/the-ridiculous-plan-to-attack-wikileaks.ars Please note, that I do not agree with a lot of what Anonymous does, but sometimes, they really do get things right. http://mashable.com/2011/02/19/anonymous-westboro/

As Flyerman points out, the 16 year old was posing as a man, and she social engineered a female within the organization. So, no, the girl didn't manipulate a guy via his hormones at all. The "security experts" failed repeatedly, on a number of fronts. Would you like the links to the real story? http://arstechnica.com/tech-policy/news/2011/02/how-one-security-firm-tracked-anonymousand-paid-a-heavy-price.ars http://arstechnica.com/tech-policy/news/2011/02/black-ops-how-hbgary-wrote-backdoors-and-rootkits-for-the-government.ars http://arstechnica.com/tech-policy/news/2011/02/anonymous-speaks-the-inside-story-of-the-hbgary-hack.ars http://arstechnica.com/tech-policy/news/2011/02/the-ridiculous-plan-to-attack-wikileaks.ars Please note, that I do not agree with a lot of what Anonymous does, but sometimes, they really do get things right. http://mashable.com/2011/02/19/anonymous-westboro/

I'm not sure how stuxnet is a proper illustration of old vulnerabilities being ignored. From what I recall of stuxnet, it is a WORM that exploits multiple zero-day vulnerabilities, at least one of which was due to security certs stolen from a hardware vendor in Asia.. Sure, best practices were ignored wherein industrial centrifuge controllers should have been physically firewalled from any devices that connect with other networks or devices.

But seriously, stuxnet isn't as good an example of a glaring security incompetence as the recent HBGary intrusion. That started with a simple SQL injection, and ended up with executive emails revealing nefarious corporate dealings by a company pretending to be a security consultant.

Here is an EXCELLENT technical dissection of the HBGary attack. Nothing spectacular involved. Just nuts-and-bolts hacking with impressive results.

Seth

According to this article

http://arstechnica.com/microsoft/news/2011/02/everything-that-can-go-wrong-with-windows-phone-7-update-does.ars

there is a percentage of users where that procedure does NOT fix the problem. In those cases, Microsoft advises the user to return the phone to the place of purchase to obtain a replacement phone.

Sounds like the correct use of the term "bricked" to me.

This Ars Technica article (linked below) is a good summary on how the first five numbers can be determined. Apparently for persons born after 1988 (note that here we are dealing with a children's art contest, so this will likely be the case), the number can be accurately guessed 44% of the time if you know the date/place of birth. The odds vary by region - some states the first five digits can be guessed 90% of the time. http://arstechnica.com/tech-policy/news/2009/07/social-insecurity-numbers-open-to-hacking.ars

It's really bricked. See here:

"... If this is successful, it should allow the handset to recover its original firmware and resume operation. But not everyone can get this to work, indicating that the devices are truly bricked, with the only option being to return them to the network operator and have them replaced under warranty."

The article has more details; the problems appear to be restricted to a few samsung firmware versions. Given how religious MS is about testing every combination of everything come patch time (how many times have we bitched about the slowness of a patch), I'm going to speculate the source of the cock-up is a miscommunication regarding which firmware versions are out there (MS didn't know they existed) or what the differences between them are (MS thought the differences were irrelevant come patch time) and at least half the blame lies with Samsung.

If you use GNOME and use only GNOME programs (or, to a lesser extent, KDE and only KDE programs) you get a clean minimal interface (yes, Linux still sucks on the games department), but really, Windows isn't much better. (see http://origin.arstechnica.com/articles/culture/microsoft-learn-from-apple-II.media/vista-small.png ). The problems with graphical inconstancy comes when people choose programs for their features rather than their UI and different people have different preferences.

There are two barriers to widespread Linux adoption the first is niche software support. Things like professional audio and photography programs and games. And the second is that people expect it to work just like Windows. OS X avoids this because people are getting a brand new computer when they get OS X and they expect it to be different. People don't know what an operating system is and assume that if its running on the same box it should be the same if its running Linux or Windows.

The main reason being likely the corruption. The more centralized is the decision making, the more likely it is to happen.

I find it strange that amid the wikileaks debacle and now that some of the black-hat works ordered by US govt is becoming publicized ( http://arstechnica.com/tech-policy/news/2011/02/black-ops-how-hbgary-wrote-backdoors-and-rootkits-for-the-government.ars/ ) I find it strange that a strategical office like foreign affairs is going back to the vendor-lock-in cradle of MS products.

Some recent Shuffle with lockout of unauthorized headset controls?

To what are you refering? If you're referring to the iLounge article, you should do your homework. Despite the hysteria of the iLounge article, Ars Technica found that there is no authentication in the headsets. iPod Shuffle 3rd generation headset have to have the controls built-in to the headsets but there is no DRM chip. At least two 3rd parties in the article confirmed that they had headsets available and that they didn't require authentication but merely a change in design from other headsets.

Lack of access to those players via file system or MTP?

I think you're confusing a method and a requirement. See the requirement is that you needed to sync up your music on your computer with the player. It used to be necessary that you needed file access to move your files onto your PMP player as few had syncing software that worked well. The method was required. If you still want to be able to do that, then that's your choice. It's not a requirement these days.

One-off DRM? (no, it isn't gone - look at, say, e-books; or generally "one appstore to rule them all")

I don't think you quite understand how content systems work. See the content provider whether it is music company or a book publisher gets to decide whether they want DRM. If Apple or MS or whoever wants to be able to sell their content, they have to negotiate with the content provider. Amazon was able to get DRM-free music because the music companies realized too late that their insistence on DRM only made Apple more powerful; however, if you remember correctly Apple offered DRM free music before Amazon as EMI had allowed them to sell it although at a slightly higher price. The other music companies did not agree until about a year later. If you have a problem with DRM, I suggest you have a talk with the content providers.

They don't appear to have much of a very clear position when it comes to promoting open standards... just when it seems practical to them, I guess.

And how is that different from any other company?

Since this is an Intel standard (albeit sponsored and pushed by Apple) it doesn't come with the restrictions that Apple would have placed on it if it were their own standard.

This is complete and total bullshit. Apple has promoted open standards FOR YEARS. Webkit? Apple's (yes I know it was built off of khtml). CUPS? Apple owns and maintains it. HTML5 vs. flash? Apple supports the open standard. Firewire? Apple was one of the few major players to support it. USB? Apple helped drive the wide-spread adoption of USB by forcing its use with the imacs.

The bottom line is that if you think Apple doesn't support open standards, you're either a troll or badly misinformed. It could be you're thinking of another major industry player who likes to buy off standards committees.

Two points here. First of all, any such "risk" is caused by the very same legal system in the form of otherwise frivolous lawsuits that may still succeed. That's the location of the problem and it is there that any solution needs to be applied.

We don't disagree here, yet this is one form of legal solution. It's probably about as effective as the proverbial finger in the dike, but it's one way to tackle the problem.

That's why the security requirements need to start from first principles (bottom-up) and not from authoritarian fiat to meet some arbitrary set of legal requirements (top-down). The former comes from experts in the field who can make a solid case for their position.

To give a recent example of why that isn't sufficient, look at the HBGary hack. These guys were self-proclaimed security "experts," who were summarily stomped by a combination of SQL injection, lousy passwords, lousy encryption, unpatched servers, and social engineering. Some expertise.

Mind you, which is the more likely outcome of this certification? That companies who hire security consultants will be able to demand a certain quality of service? Or that security consultants will be able to hide their incompetence behind a government rubber stamp? I think we both know the answer to that one.

http://arstechnica.com/tech-policy/news/2010/09/claimed-hdcp-master-key-leak-could-be-fatal-to-drm-scheme.ars

the DRM schemes are not for protecting content, it's for making high-level management think they are protecting content.

There's an article about that at arstechnica. It seems the air force can dial up a company called HBGary to purchase such account services, presumably using an analog line and PSTN number in order to reach HBGary. Still, I wouldn't bet that even the phone is operational.

http://arstechnica.com/tech-policy/news/2011/02/black-ops-how-hbgary-wrote-backdoors-and-rootkits-for-the-government.ars

In June 2010, the government was expressing real interest in social networks. The Air Force issued a public request for "persona management software," which might sound boring until you realize that the government essentially wanted the ability to have one agent run multiple social media accounts at once.

proof

http://arstechnica.com/media/news/2011/02/bug-lets-humans-grab-daily-double-as-watson-triumphs-on-jeopardy.ars

Is it true that on DSL I can choose any provider I want

It used to be, but then the FCC "deregulated" it and phone companies pretty much immediately stopped allowing other companies to have access once the government stopped telling them they had to. In Canada there are still resellers, but they're at the mercy of the telco (see Bell Canada's throttling of reseller connections), so it's likely that even if we hadn't had "deregulation" here in the US, we'd still be having the same issues, with the added bonus that no matter which competitor you chose, all of them would be getting throttled.

you can kiss privacy, anonymity? http://en.wikipedia.org/wiki/Room_641A
as for 'unregulated capitalist' aspects are very locked down http://arstechnica.com/tech-policy/news/2010/01/municipal-fiber-needs-more-fdr-localism-fewer-state-bans.ars