CorelDRAW as a package isnt something you buy for the bitmap editing capabilities of Photopaint. As the reviewer rightly pointed out we already have the GIMP for that and it stacks up fairly well against the likes of photoshop so bitmap editing isnt the issue.
The real good news in this article is that CDRAW itself has been ported (although I really agree with the reviewer about the downside of using WINE!) - Vector graphics packages have been conspicuous by their absence in the linux mainstream which reduces the linux desktop users ability to turn out precisely the kind of thing these are designed for - detailed diagrams, simple CAD projects etc etc etc...
If anyone out there knows of an open source or freeware vector drafting package that offers anything like the ease of use and functionality that CorelDRAW does, please post the info because I bet theres many of us out there that would want it. # human firmware exploit # Word will insert into your optic buffer # without bounds checking
Re:Steep learning curve means easy to learn
on
Who's Afraid Of C++?
·
· Score: 1
Your description of the curve and your complaint about its misuse are both accurate but lets look at HOW the misuse came about.
The gradient of a learning curve says nothing at all about how easy it was to learn that much in that time, simply that at time x the amount learned was y. It is reasonable to predict that the more effort you put into learning a subject the steeper your learning curve will be. Now look at a person using that knowledge in their everyday employment. If their learning curve is too flat they will not be very productive very quickly. The misuse of "steep learning curve" could be corrected by restating This subject has a steep learning curve as This subject requires a steep learning curve to be used effectively. With a reasonable distribution of the difficulty of learning it is easy to see that where a steep learning curve is required you're going to have to work your ass off to stay ahead of it and keep up with your work - hence the assumption that steep == difficult. It is simply with the trend towards using fewer words and relying on the context to fill in the blanks (a whole new area of discussion that I'm not going to get into here - I'll flame about the death of literate discussion elsewhere:) ) the phrase has been corrupted in common usage.
Personally I agree with you that it is being misused but the fact remains that communication is the ultimate goal of language and it is therefore common usage that defines words and phrases outside specific contexts where they may be used more precisely. # human firmware exploit # Word will insert into your optic buffer # without bounds checking
First review (preferably with legal assistance) everything you have agreed to either in writing or verbally - make sure that you cover in particular the agreement where they say they will pay you for participating, thsts where the biggest levers they want to use on you will be hidden:)
Now document the hole as completely as you can and notify them by registered mail, including the information that a copy of the report is in the hands of a named third party, preferably your lawyer, and also give some indication of your expectation of a response within a suitable timeframe - be specific.
If they fail to respond within that timeframe write to them again (again by registered mail so they cant deny receipt) urgently requesting a response to your previous mail and stating that if they do not respond within a given time (again be specific, and get your lawyers advice on what timeframes are "reasonable") you will have no choice but to discuss the matter in a reputable full-disclosure forum such as Bugtraq, and that you will take their non-response as releasing you from all obligations of confidentiality whether explicit or implied.
If they respond and work on a fix, theres no need to worry. If they dont you can go public with a clear conscience.
# human firmware exploit # Word will insert into your optic buffer # without bounds checking
First off I hope this article is wrong or that somebody with enough legal knowledge can roll up that so-called patent and make BT eat it. Thats why jokes like this one are so amusing... BUT..
BT aint England. They aint even a national monopoly no more. Anything anyone pays to BT aint paying a UK tax any more than writing a check to USWerst is paying a tax to Uncle Sam. This is a shame because otherwise I'd have been laughing my limey ass off at your post....
# human firmware exploit # Word will insert into your optic buffer # without bounds checking
Re:OK MODERATORS - check the link, its a troll.
on
From Paper To PDF?
·
· Score: 1
when the destination of the link is www.microsoft.com instead of where it claimed to be then yes it should indeed be moderated down. There isnt an OCR HOWTO, at least not on linuxdocs.org there isnt. Had I any points to fling it would have been marked "troll" not "offtopic" though.
Its noise, not signal.
# human firmware exploit # Word will insert into your optic buffer # without bounds checking
Is the x86 architecture obsolete? sure it is but theres so many of 'em out there or at least chips that bear as much resemblance to 'em as a Ferrari does to a VW bug but hey, they are both cars and you drive 'em in more or less the same way...
The issue of whether the design is dead or not will never be settled by the question "Is it obsolete?" but rather by "Does it still work?" The 486 and 386 should already have gone the way of the dodo by any standard of obsolesence but those two old boxes suit me very well thank you as a linux firewall and NFS server respectively. If they ever end up so short on power that they stop working in those roles then they will get upgraded but until then the upgrades are limited to the usual round of patch it, break it, patch it again:) Now admittedly I have no intention of using either as my main workstation (thats a K6,) but for as long as they do the job I need 'em to those older chips may be obsolete but they sure aint dead.
# human firmware exploit # Word will insert into your optic buffer # without bounds checking
Sometimes I wonder why I ever bothered to transplant my limey ass from the far side of the Atlantic to the USA. (Actually untrue, it was less hassle to move me here than to move my wife there, plus you guys value your geeks a little higher than my countrymen do!) Doesnt it ever strike you as odd that the country within which the internet was born and which spawned many of the technological innovations of the last 100 years is lagging behind when it comes to common sense with this technology? In my jobs back in the UK I had to deal with a piece of legislation called the Data Protection Act.. It controls what companies can do with "personal information" - defined as being any information relating to an identifiable living individual - stored on a "computer". If you want to do anything except trivial stuff like maintaining a contacts addressbook you have to register what information you are storing and why. You must provide a complete transcript to the person it relates to on demand and may not charge more for that service than a nominal fee (equivalent to about $15) - theres some exceptions to this but not many. You are required to take steps to ensure the info is accurate and must correct it immediately if it should prove otherwise. You may not use the info for other purposes than those for which you collected it. (cant sell the addresses or phone numbers to marketers, for instance:) ) You may not disclose the information to anyone not authorised to have it under the terms of your registration. Break these rules and you're in serious trouble. ITs not a civil matter its a criminal offence. Company directors and other corporate officers end up looking at jail time and corporate fines large enough to make even large corporations wince.
Bet it will be only in my grandkids lifetime that this basic protection is available to folks in the USA though.
# human firmware exploit # Word will insert into your optic buffer # without bounds checking
An insightful article, raising many valid concerns for the future of both "free" and "open-source" software. I am personally convinced that the ESR quote was correct, that the current paradigm of software development is not going to be sustainable for long. Companies that develop software in all but niche markets will sooner or later have to open their source or they will get overwhelmed by others that make use of the benefits of open-source development. Corporations are of course ultimately in it for the money - they have no other reason for existence - and therefore every penny they spend is in some way intended as an investment that should show some kind of return, financial or otherwise. Every product they produce is intended to be a revenue stream. The problems described by the author are all derived from this fundamental problem, that if the ground rules of software development are to change in this way then companies are going to have to find some other way to generate revenue streams from their products.
Lets look at this for a moment.. Do you see anything wrong with a company turning a profit from their work? I sure dont, if the guys I worked for didnt profit from that work I'd be broke too. This means that open-source/free software has to show a profit of some kind for a company to want to buy into into it - So how can they make that work? The main "profit" from companies working with open source software is the help they get from folks like us - the guys that not only submit bug reports saying "its broken" but go on to say "heres how I patched it..." Thats really great for the development of better software but a nightmare for a company that wants their product to be the one folks use and preferably pay for. They dont want to GPL anything they can safely keep to themselves and sell... So how about they sell the current version, without source but with all their support services etc.. but MajorVersionNumber-- is available as source for you to compile, use (and support) yourself if you're happy doing that and dont need all the bells and whistles of the current version. There'd be enough new code in the new one that the company keeps its competetive advantage (or at least there damn well SHOULD be) but enough similarity between current and previous that the tweaks by the open-source community can be useful to the in-house development team even if the patches cant be directly applied to the in-house code. When a new version comes out on the commercial side, the source for the previously current version is released and the cycle starts again.
Before you all start flaming that this perverts the nature of open source, Yes, sure it does, but will it work? It carries many of the benefits of true open source for those of us that dont need all the bells and whistles of the latest version (How many windows users do you know who actually use features of office2k that werent in office97?) and it gives the companies what they need to survive as well. Plus its an arrangement the company cant renege on, since if they do theres the previous versions source out there ready to spawn a new open development tree if they try to back out and close up the source again. I bet neither RMS nor ESR would like it though:)
# human firmware exploit # Word will insert into your optic buffer # without bounds checking
I can feel the karmic damage incoming now, but here goes anyway. Sure the potential is there.. but when even an infinitesimal chance - as in too low to even measure without some seriously dodgy mathematical/statistical tricks - is enough to be the kiss of death on a project one wonders wtf is going on...
Remember that theres only two certainties in life. Either we accept that we are doomed to simply overuse our environment to the point that it kills us off, and just try to avoid taking it with us or we wake up and realise that "any risk" is not the same as "unacceptable risk"
C'mon humanity, where did you put your balls?
# human firmware exploit # Word will insert into your optic buffer # without bounds checking
First off I agree with the comment about nuclear fear.. fear of any technology that involves any kind of radioactive material or any way of harnessing that energy has done a hell of a lot to hold back the development of safe and peaceful uses of nuclear tech.
Having said that I can also understand how it happened.. When Greenpeace and the other pressure groups came into being the only large scale use for nuclear anything was making stuff go boom. These groups quite understandably didnt like that and just as happens with all vaguely political causes they used the soundbite, the selective quote, the tame expert and all the whole armoury of political weapons to present their case that this must stop.
Without criticising their goals I most strongly disagree with a side-effect of these tactics which has been to inadvertantly brainwash most of the population into fearing the N-word. They will never stop military R&D, the military is too powerful and too good at hiding behind convenient government rules for all the nuclear fear in the world to get in their way. (This applies no matter which country you are in, so long as it is or wants to be a nuclear power) What they have done, however is kill all opportunity for peaceful safe uses of the technology by the simple means of denying that there could possibly be any such thing as a safe nuclear project. Way to go, Ned Lud.
# human firmware exploit # Word will insert into your optic buffer # without bounds checking
it has to be the first one I found without being told it was there.. in doom2, on the final level, the hidden area with an impaled developer that you can only get to by using the noclip cheat and walking into the the middle of the boss monster:)
# human firmware exploit # Word will insert into your optic buffer # without bounds checking
Yes, its true.. Ask any of the still-surviving telegraph operators if they could tell who was sending by the style of his keying - even if they were sending a stock test phrase like "best bent wire" (-... .... - -... . -. -.--...-. . picked for its distinctive rythym) They'll tell you they could. Fist recognition was even used in allied intelligence ops in WW2 where a common practice on capturing a resistance member along with their codes was for german counterintelligence to impersonate the resistance operator and send fake transmissions. Many of these attempts were detected by experienced operators in England realising that the fist was wrong for the person they expected to be sending.
# human firmware exploit # Word will insert into your optic buffer # without bounds checking
its something to do with napster so the recording industry hates it. Thats so obvious it should be taken as a given fact.
#define _RANT_;
The recording industry has been bleeding us all dry for so long that its about time they got whats coming.. Personally I couldnt give a rats ass whether the legal technicalities are on their side or not, I just wanna see 'em take one in the face!
#undef _RANT_;
# human firmware exploit # Word will insert into your optic buffer # without bounds checking
AGREED! Since moving from the UK to the USA its been a rare week when I havent had to take rather drastic avoiding action to escape the moron with his ear in a cellphone and his head up his ass whilst driving. I too use a cellphone whilst driving but knowing that I would want to I made sure my phone could be fitted with a handsfree kit when I bought it and picked up the kit at the same time. When I asked about the laws over here I was amazed to find that using a cellphone without a handsfree kit whilst driving was not illegal here. In the UK if you are doing anything that keeps your hands occupied (eating your lunch on the move, holding a cellphone to your ear, once I saw a guy not only using his phone but shuffling through his briefcase for stuff at the same time) then you get pulled over and you get a ticket for "driving without due care and attention" which can easily lose you your license. Get involved in an accident whilst using your phone and the insurance co will decide it was your fault for sure.
# human firmware exploit # Word will insert into your optic buffer # without bounds checking
One place I used to work I was involved in a migration of the companies IP link from uunet to another provider - the reason was quite simply cost. We already had a low-bandwidth connection via uunet (REAL low, it was 128k!) and we wanted to boost it to 2M so that the increasing www traffic we were getting (higher profile, more web-delivered product, blah, blah...) didnt slashdot us out of existence. UUNet, in the person of their UK subsidiary Pipex, wasnt prepared to offer a rate we could afford, the other guys (whos name I cant remember - its been a while) were. Sure they didnt have the guaranteed latency limits and all the other nice frills and features of UUNet but they delivered on everything they did promise us. We got what we paid for. If we had felt that the extra service of UUNet was worth the extra cost then we'd have gotten what we paid for there too.
Of course, having said that the folks who are screaming loudest about this kinda thing are not end-users of the internet service, not even corporate end-users. They are the folks that resell service, the ISPs - they have to take the prices they pay and add all their own overheads, plus having to compete with others in one of the most cutthroat marketplaces there is. No wonder they are getting grabbed by the nuts and squeezed till they scream.
Big corporate accounts are what keep ISPs in business, much more than individual customers do. The backbone providers are not only selling the ISPs service they are also competing directly with them for these large corporate connections - and for the same price a backbone provider can give a big company much more bang for the buck. Only way a reseller ISP can handle it is to offer a slightly lesser service but do it at a low enough price that its still attractive whilst covering their network costs... its a very fine line with bankruptcy waiting if you swerve too much either way.
# human firmware exploit # Word will insert into your optic buffer # without bounds checking
Let me guess, you reinstalled from the same media as you used the first time, thereby reinstalling the same security holes and sure enough you got r00ted again.
If you were running a windows machine in the masqing role using winroute or the like and someone got you by installing backorifice on your unprotected C drive share would you say thats a reason not to use windows?
Getting r00ted is not about a good/bad OS! its possible on any architecture, any OS. Its all about YOU taking responsibility to secure YOUR system. If some script kiddie out there cracks my box its my fault for not keeping updated on my patches and properly securing a networked machine. Of course all bets are off if its a zero-day exploit (which are rarely in the hands of the casual script-kiddie) or a real expert trying to take my system down. In the latter case I may as well kiss my ass goodbye because I know my own limitations but those guys need a reason to put in the effort to crack even a lightly-armoured box. Script kiddies dont need any other reason than having a new place to brag about running an eggdrop from but keeping them out is a bit easier.
# human firmware exploit # Word will insert into your optic buffer # without bounds checking
Nice idea.. except for one thing. Terrorists actually DONT CARE if the bomb goes off or not unless they are after a particular individual. The city bombs (the ones that turned up whilst I was living in London and the latest crop of silliness) are placed to cause disruption. It doesnt matter a monkeys fart to these guys whether the disruption is caused by some waste bin blowing itself to hades or by the bomb squad having to clear the area around said can and roll out a wheelbarrow (the name for the standard bomb-disposal robot for those readers unfamiliar with brit army hardware;) ) to carry out a controlled explosion on an old Macdonalds bag that was simply sprinkled with a nitrate fertiliser before being crumpled up and tossed in the enose-equipped bin. In fact they might just prefer that option since this way they get their disruption in the lives of londoners without the bad press of actually blowing anything up..
However it does put a new twist on the long-running jokes at the inefficiencies of the Tube. (As a many-years veteran of the misery line I feel qualified to comment on that one!) "Bank station is closed due to a bad smell and all trains are non-stopping..." Wonder how they'd get it to tell the diff between the nitrates of an explosive and the stench of stale piss in some of those older stations...
# human firmware exploit # Word will insert into your optic buffer # without bounds checking
I've used several distros over the years, mostly Slackware, RH & Debian (in no particular order apart from the random one generated by my twisted mind) and the bottom line has always been convenience. If the most recent version of a pericular distro in my CDROM library has what I want and ends up with an installation that does all I need without major gotchas then I'll use it. If I'm wanting to do down-and-dirty tweaks of the system that aint very standard then I'll likely use Slackware for its cleanness and resonably "generic-unix" nature, if I'm installing on a compaq box I'll likely use RH simply because in the past I've found its best at handling some of the proprietary hardware found in those boxes (particularly the NICs!!!!) I could go on and on quoting examples where one distro is more convenient for me in certain circumstances than another but whats the point?
If Debian change their policy on what to include where and that alters the characteristics of the distro then the circumstances I'll use it will be different, that doesnt mean it will suck or that it will blow the others out of the water, just that the places where I will find it best to use it will change. I'll still happily use it where it suits my needs and sing the praises of free software every chance I get.
This is not such a big fscking deal.
# human firmware exploit # Word will insert into your optic buffer # without bounds checking
Somebody very insightful, and to my shame I cannot remember who it is a quote from, said A gentlemans agreement is all very well unless one party is no gentleman. This is another example of the same principle at work. A set of root servers run for the internet, although based in the US, can get away with delegating TLDs based on a handshake and they did. Now corporations get their hands on the process and it becomes a matter of profit rather than service. Personally I'd like to see a rule in place that ALL TLDs must be administered by not-for-profit groups. As soon as they start concentrating on profits they become vulnerable to all the usual nasty business pressures and can no longer operate an unbiased and equitable service. Sure they can charge for registering domains to cover their costs just as registrars have done since domain registration was in the hands of a few academics. Theres also bound to be a shortfall and there the answer lies in the hands of governments and international NGOs. If a government wants a national TLD, it'd better fund the registrar so that it can operate within these rules otherwise the TLD wont be given to other folks it simply wont exist. The simple test I'd apply is this.. if under currently accepted standards it would not be appropriate to give them a.org domain then they shouldnt be a TLD registrar.
yes, I know its a silly utopian dream but its a damn sight more sustainable and less open to abuse than the current chaos.
# human firmware exploit # Word will insert into your optic buffer # without bounds checking
on second thoughts, scratch the backorifice comment. the windows api for grabbing screenshots aint that complex, if I remember right... Even my ancient version of borland c++ came with an example prog to do just that, I think.. sure it may use older deprecated calls but I bet they are still there in current versions of 'doze for backwards compatibility.
# human firmware exploit # Word will insert into your optic buffer # without bounds checking
I'm pretty certain I know how he got in if it is real.. Just look how often any randomly chosen netblock gets portscanned looking for drives shared in windows without passwords, or alternatively look at the spread of NETWORK.VBS which propagates over this kind of open share. No voodoo involved just a stupid user or lan admin. Having done that you can rape the hard drives at your leisure looking for the pics that will make someone regret the day her bf bought the digicam or the internal memos of the company you wish to discredit...
As for screenshots, you may need some extra help such as backorifice but if you got full access to their C drive then what the hell, just install it yourself!
This is why I block the netbios-over-tcp ports at my boundary router both ways so that even if somebody does have an insecure share it dont get advertised to and cant be reached from the internet at large.
# human firmware exploit # Word will insert into your optic buffer # without bounds checking
The trend to leasing rather than buying goods is very real but the technology is only driving it indirectly. Look at it this way: The productivity per worker of every manufacturing industry has skyrocketed with every advance in technology since the industrial revolution. The price for the goods has reduced in real terms and the percentage of the workforce employed in manufacturing has gone down. All these guys wanting jobs so they can actually afford the things they want cant work making those things anymore, they go into the service sector. They are no longer selling goods, they are selling a service. You license the use of a program you are leasing the binary data that sits on your drive after you install it but you are buying the right to use it within certain limits. You only lease the software but you buy the service.
Now heres the rub... Anyone but a software company sells you this sort of service and then fails to deliver you can get some kind of redress.. very few other services can get away with not delivering what they promise. The only reason software companies get away with it is because they are hoodwinking their users into thinking they've bought a program "as is" and have to cope with the bugs instead of purchasing the right to use a program that will do XYZ... This is why I prefer not to pay for software, and use GPL'd stuff if I can freeware if GPL aint availale to do things the way I want. Paying for such a non-service, leasing a piece of code I cant poke and prod at if it misbehaves is a real last resort.
But then you all know that last part, this is/. after all...
# human firmware exploit # Word will insert into your optic buffer # without bounds checking
Having read it myself, I can support all the points made in the review. I found it informative, interesting and accessible with no need to go beyond my own mathematical knowledge or to bug my brother with dumb questions (He's a physics PhD turned parallel computing guru, I'm just a biochemist turned unixgeek:) ) # human firmware exploit # Word will insert into your optic buffer # without bounds checking
Such BS. If they want to avoid problems they simply refuse to deliver to any address but the billing address of the card - which they can verify with the CC company - until you have established a track record with them. If any company tried to pull this on me my immediate response would be to remind them of this fact and if they still objected tell them they had just lost my business and go and purchase what I wanted elsewhere. # human firmware exploit # Word will insert into your optic buffer # without bounds checking
Technically its very possible and as a previous poster pointed out the extra costs may not be so great when compared to the rest of your fitting-out bill. I've sailed for many years and used a variety of electronic devices aboard small craft, some designed for marine use, some not. Heres some of the things to beware of.
Power consumption: If you are on a sailing craft then your power drain for all your net access gear may be a much higher part of your available wattage than you'd like. Of course this dont apply to a power craft that continuously charges its batteries whilst running.
Waterproofing: Even electronics made for marine use are very good at getting damp into the internals and promptly croaking. This is much more of a problem with salt water as a salt deposit attracts moisture out of the air. Gear that is made for freshwater sailors may not cut it. Domestic hardware will almost certainly be much less reliable.
coverage/quality of service: Unless you are a national navy with that kind of resource and budget expect it to be piss-poor for anything other than basic voice transmission unless you are within a few miles of the coast.
Antenna: A small boat may not be a large enough platform to physically mount an antenna suitable for data transmission along with every other piece of clutter up there.. I've seen sailing craft looking positively top-heavy with nav gear, radar reflector, radar antenna etc. Sure net access afloat would be nice but who wants to look like a floating joke?
# human firmware exploit # Word will insert into your optic buffer # without bounds checking
Slashdot Mirror
CorelDRAW as a package isnt something you buy for the bitmap editing capabilities of Photopaint. As the reviewer rightly pointed out we already have the GIMP for that and it stacks up fairly well against the likes of photoshop so bitmap editing isnt the issue.
The real good news in this article is that CDRAW itself has been ported (although I really agree with the reviewer about the downside of using WINE!) - Vector graphics packages have been conspicuous by their absence in the linux mainstream which reduces the linux desktop users ability to turn out precisely the kind of thing these are designed for - detailed diagrams, simple CAD projects etc etc etc...
If anyone out there knows of an open source or freeware vector drafting package that offers anything like the ease of use and functionality that CorelDRAW does, please post the info because I bet theres many of us out there that would want it.
# human firmware exploit
# Word will insert into your optic buffer
# without bounds checking
Your description of the curve and your complaint about its misuse are both accurate but lets look at HOW the misuse came about.
The gradient of a learning curve says nothing at all about how easy it was to learn that much in that time, simply that at time x the amount learned was y. It is reasonable to predict that the more effort you put into learning a subject the steeper your learning curve will be. Now look at a person using that knowledge in their everyday employment. If their learning curve is too flat they will not be very productive very quickly. The misuse of "steep learning curve" could be corrected by restating This subject has a steep learning curve as This subject requires a steep learning curve to be used effectively . With a reasonable distribution of the difficulty of learning it is easy to see that where a steep learning curve is required you're going to have to work your ass off to stay ahead of it and keep up with your work - hence the assumption that steep == difficult. It is simply with the trend towards using fewer words and relying on the context to fill in the blanks (a whole new area of discussion that I'm not going to get into here - I'll flame about the death of literate discussion elsewhere :) ) the phrase has been corrupted in common usage.
Personally I agree with you that it is being misused but the fact remains that communication is the ultimate goal of language and it is therefore common usage that defines words and phrases outside specific contexts where they may be used more precisely.
# human firmware exploit
# Word will insert into your optic buffer
# without bounds checking
IANAL but this is how I'd handle it...
First review (preferably with legal assistance) everything you have agreed to either in writing or verbally - make sure that you cover in particular the agreement where they say they will pay you for participating, thsts where the biggest levers they want to use on you will be hidden :)
Now document the hole as completely as you can and notify them by registered mail, including the information that a copy of the report is in the hands of a named third party, preferably your lawyer, and also give some indication of your expectation of a response within a suitable timeframe - be specific.
If they fail to respond within that timeframe write to them again (again by registered mail so they cant deny receipt) urgently requesting a response to your previous mail and stating that if they do not respond within a given time (again be specific, and get your lawyers advice on what timeframes are "reasonable") you will have no choice but to discuss the matter in a reputable full-disclosure forum such as Bugtraq, and that you will take their non-response as releasing you from all obligations of confidentiality whether explicit or implied.
If they respond and work on a fix, theres no need to worry. If they dont you can go public with a clear conscience.
# human firmware exploit
# Word will insert into your optic buffer
# without bounds checking
First off I hope this article is wrong or that somebody with enough legal knowledge can roll up that so-called patent and make BT eat it. Thats why jokes like this one are so amusing... BUT..
BT aint England. They aint even a national monopoly no more. Anything anyone pays to BT aint paying a UK tax any more than writing a check to USWerst is paying a tax to Uncle Sam. This is a shame because otherwise I'd have been laughing my limey ass off at your post....
# human firmware exploit
# Word will insert into your optic buffer
# without bounds checking
when the destination of the link is www.microsoft.com instead of where it claimed to be then yes it should indeed be moderated down. There isnt an OCR HOWTO, at least not on linuxdocs.org there isnt. Had I any points to fling it would have been marked "troll" not "offtopic" though.
Its noise, not signal.
# human firmware exploit
# Word will insert into your optic buffer
# without bounds checking
Is the x86 architecture obsolete? sure it is but theres so many of 'em out there or at least chips that bear as much resemblance to 'em as a Ferrari does to a VW bug but hey, they are both cars and you drive 'em in more or less the same way...
The issue of whether the design is dead or not will never be settled by the question "Is it obsolete?" but rather by "Does it still work?" The 486 and 386 should already have gone the way of the dodo by any standard of obsolesence but those two old boxes suit me very well thank you as a linux firewall and NFS server respectively. If they ever end up so short on power that they stop working in those roles then they will get upgraded but until then the upgrades are limited to the usual round of patch it, break it, patch it again :) Now admittedly I have no intention of using either as my main workstation (thats a K6,) but for as long as they do the job I need 'em to those older chips may be obsolete but they sure aint dead.
# human firmware exploit
# Word will insert into your optic buffer
# without bounds checking
Sometimes I wonder why I ever bothered to transplant my limey ass from the far side of the Atlantic to the USA. (Actually untrue, it was less hassle to move me here than to move my wife there, plus you guys value your geeks a little higher than my countrymen do!) Doesnt it ever strike you as odd that the country within which the internet was born and which spawned many of the technological innovations of the last 100 years is lagging behind when it comes to common sense with this technology? In my jobs back in the UK I had to deal with a piece of legislation called the Data Protection Act.. It controls what companies can do with "personal information" - defined as being any information relating to an identifiable living individual - stored on a "computer". If you want to do anything except trivial stuff like maintaining a contacts addressbook you have to register what information you are storing and why. You must provide a complete transcript to the person it relates to on demand and may not charge more for that service than a nominal fee (equivalent to about $15) - theres some exceptions to this but not many. You are required to take steps to ensure the info is accurate and must correct it immediately if it should prove otherwise. You may not use the info for other purposes than those for which you collected it. (cant sell the addresses or phone numbers to marketers, for instance :) ) You may not disclose the information to anyone not authorised to have it under the terms of your registration. Break these rules and you're in serious trouble. ITs not a civil matter its a criminal offence. Company directors and other corporate officers end up looking at jail time and corporate fines large enough to make even large corporations wince.
Bet it will be only in my grandkids lifetime that this basic protection is available to folks in the USA though.
# human firmware exploit
# Word will insert into your optic buffer
# without bounds checking
An insightful article, raising many valid concerns for the future of both "free" and "open-source" software. I am personally convinced that the ESR quote was correct, that the current paradigm of software development is not going to be sustainable for long. Companies that develop software in all but niche markets will sooner or later have to open their source or they will get overwhelmed by others that make use of the benefits of open-source development. Corporations are of course ultimately in it for the money - they have no other reason for existence - and therefore every penny they spend is in some way intended as an investment that should show some kind of return, financial or otherwise. Every product they produce is intended to be a revenue stream. The problems described by the author are all derived from this fundamental problem, that if the ground rules of software development are to change in this way then companies are going to have to find some other way to generate revenue streams from their products.
Lets look at this for a moment.. Do you see anything wrong with a company turning a profit from their work? I sure dont, if the guys I worked for didnt profit from that work I'd be broke too. This means that open-source/free software has to show a profit of some kind for a company to want to buy into into it - So how can they make that work? The main "profit" from companies working with open source software is the help they get from folks like us - the guys that not only submit bug reports saying "its broken" but go on to say "heres how I patched it..." Thats really great for the development of better software but a nightmare for a company that wants their product to be the one folks use and preferably pay for. They dont want to GPL anything they can safely keep to themselves and sell... So how about they sell the current version, without source but with all their support services etc.. but MajorVersionNumber-- is available as source for you to compile, use (and support) yourself if you're happy doing that and dont need all the bells and whistles of the current version. There'd be enough new code in the new one that the company keeps its competetive advantage (or at least there damn well SHOULD be) but enough similarity between current and previous that the tweaks by the open-source community can be useful to the in-house development team even if the patches cant be directly applied to the in-house code. When a new version comes out on the commercial side, the source for the previously current version is released and the cycle starts again.
Before you all start flaming that this perverts the nature of open source, Yes, sure it does, but will it work? It carries many of the benefits of true open source for those of us that dont need all the bells and whistles of the latest version (How many windows users do you know who actually use features of office2k that werent in office97?) and it gives the companies what they need to survive as well. Plus its an arrangement the company cant renege on, since if they do theres the previous versions source out there ready to spawn a new open development tree if they try to back out and close up the source again. I bet neither RMS nor ESR would like it though :)
# human firmware exploit
# Word will insert into your optic buffer
# without bounds checking
I can feel the karmic damage incoming now, but here goes anyway. Sure the potential is there.. but when even an infinitesimal chance - as in too low to even measure without some seriously dodgy mathematical/statistical tricks - is enough to be the kiss of death on a project one wonders wtf is going on...
Remember that theres only two certainties in life. Either we accept that we are doomed to simply overuse our environment to the point that it kills us off, and just try to avoid taking it with us or we wake up and realise that "any risk" is not the same as "unacceptable risk"
C'mon humanity, where did you put your balls?
# human firmware exploit
# Word will insert into your optic buffer
# without bounds checking
First off I agree with the comment about nuclear fear.. fear of any technology that involves any kind of radioactive material or any way of harnessing that energy has done a hell of a lot to hold back the development of safe and peaceful uses of nuclear tech.
Having said that I can also understand how it happened.. When Greenpeace and the other pressure groups came into being the only large scale use for nuclear anything was making stuff go boom. These groups quite understandably didnt like that and just as happens with all vaguely political causes they used the soundbite, the selective quote, the tame expert and all the whole armoury of political weapons to present their case that this must stop.
Without criticising their goals I most strongly disagree with a side-effect of these tactics which has been to inadvertantly brainwash most of the population into fearing the N-word. They will never stop military R&D, the military is too powerful and too good at hiding behind convenient government rules for all the nuclear fear in the world to get in their way. (This applies no matter which country you are in, so long as it is or wants to be a nuclear power) What they have done, however is kill all opportunity for peaceful safe uses of the technology by the simple means of denying that there could possibly be any such thing as a safe nuclear project. Way to go, Ned Lud.
# human firmware exploit
# Word will insert into your optic buffer
# without bounds checking
it has to be the first one I found without being told it was there.. in doom2, on the final level, the hidden area with an impaled developer that you can only get to by using the noclip cheat and walking into the the middle of the boss monster :)
# human firmware exploit
# Word will insert into your optic buffer
# without bounds checking
Yes, its true.. Ask any of the still-surviving telegraph operators if they could tell who was sending by the style of his keying - even if they were sending a stock test phrase like "best bent wire" (-... . ... - -... . -. - .-- .. .-. . picked for its distinctive rythym) They'll tell you they could. Fist recognition was even used in allied intelligence ops in WW2 where a common practice on capturing a resistance member along with their codes was for german counterintelligence to impersonate the resistance operator and send fake transmissions. Many of these attempts were detected by experienced operators in England realising that the fist was wrong for the person they expected to be sending.
# human firmware exploit
# Word will insert into your optic buffer
# without bounds checking
its something to do with napster so the recording industry hates it. Thats so obvious it should be taken as a given fact.
#define _RANT_;
The recording industry has been bleeding us all dry for so long that its about time they got whats coming.. Personally I couldnt give a rats ass whether the legal technicalities are on their side or not, I just wanna see 'em take one in the face!
#undef _RANT_;
# human firmware exploit
# Word will insert into your optic buffer
# without bounds checking
AGREED! Since moving from the UK to the USA its been a rare week when I havent had to take rather drastic avoiding action to escape the moron with his ear in a cellphone and his head up his ass whilst driving. I too use a cellphone whilst driving but knowing that I would want to I made sure my phone could be fitted with a handsfree kit when I bought it and picked up the kit at the same time. When I asked about the laws over here I was amazed to find that using a cellphone without a handsfree kit whilst driving was not illegal here. In the UK if you are doing anything that keeps your hands occupied (eating your lunch on the move, holding a cellphone to your ear, once I saw a guy not only using his phone but shuffling through his briefcase for stuff at the same time) then you get pulled over and you get a ticket for "driving without due care and attention" which can easily lose you your license. Get involved in an accident whilst using your phone and the insurance co will decide it was your fault for sure.
# human firmware exploit
# Word will insert into your optic buffer
# without bounds checking
One place I used to work I was involved in a migration of the companies IP link from uunet to another provider - the reason was quite simply cost. We already had a low-bandwidth connection via uunet (REAL low, it was 128k!) and we wanted to boost it to 2M so that the increasing www traffic we were getting (higher profile, more web-delivered product, blah, blah...) didnt slashdot us out of existence. UUNet, in the person of their UK subsidiary Pipex, wasnt prepared to offer a rate we could afford, the other guys (whos name I cant remember - its been a while) were. Sure they didnt have the guaranteed latency limits and all the other nice frills and features of UUNet but they delivered on everything they did promise us. We got what we paid for. If we had felt that the extra service of UUNet was worth the extra cost then we'd have gotten what we paid for there too.
Of course, having said that the folks who are screaming loudest about this kinda thing are not end-users of the internet service, not even corporate end-users. They are the folks that resell service, the ISPs - they have to take the prices they pay and add all their own overheads, plus having to compete with others in one of the most cutthroat marketplaces there is. No wonder they are getting grabbed by the nuts and squeezed till they scream.
Big corporate accounts are what keep ISPs in business, much more than individual customers do. The backbone providers are not only selling the ISPs service they are also competing directly with them for these large corporate connections - and for the same price a backbone provider can give a big company much more bang for the buck. Only way a reseller ISP can handle it is to offer a slightly lesser service but do it at a low enough price that its still attractive whilst covering their network costs... its a very fine line with bankruptcy waiting if you swerve too much either way.
# human firmware exploit
# Word will insert into your optic buffer
# without bounds checking
Let me guess, you reinstalled from the same media as you used the first time, thereby reinstalling the same security holes and sure enough you got r00ted again.
If you were running a windows machine in the masqing role using winroute or the like and someone got you by installing backorifice on your unprotected C drive share would you say thats a reason not to use windows?
Getting r00ted is not about a good/bad OS! its possible on any architecture, any OS. Its all about YOU taking responsibility to secure YOUR system. If some script kiddie out there cracks my box its my fault for not keeping updated on my patches and properly securing a networked machine. Of course all bets are off if its a zero-day exploit (which are rarely in the hands of the casual script-kiddie) or a real expert trying to take my system down. In the latter case I may as well kiss my ass goodbye because I know my own limitations but those guys need a reason to put in the effort to crack even a lightly-armoured box. Script kiddies dont need any other reason than having a new place to brag about running an eggdrop from but keeping them out is a bit easier.
# human firmware exploit
# Word will insert into your optic buffer
# without bounds checking
Nice idea.. except for one thing. Terrorists actually DONT CARE if the bomb goes off or not unless they are after a particular individual. The city bombs (the ones that turned up whilst I was living in London and the latest crop of silliness) are placed to cause disruption. It doesnt matter a monkeys fart to these guys whether the disruption is caused by some waste bin blowing itself to hades or by the bomb squad having to clear the area around said can and roll out a wheelbarrow (the name for the standard bomb-disposal robot for those readers unfamiliar with brit army hardware ;) ) to carry out a controlled explosion on an old Macdonalds bag that was simply sprinkled with a nitrate fertiliser before being crumpled up and tossed in the enose-equipped bin. In fact they might just prefer that option since this way they get their disruption in the lives of londoners without the bad press of actually blowing anything up..
However it does put a new twist on the long-running jokes at the inefficiencies of the Tube. (As a many-years veteran of the misery line I feel qualified to comment on that one!) "Bank station is closed due to a bad smell and all trains are non-stopping..." Wonder how they'd get it to tell the diff between the nitrates of an explosive and the stench of stale piss in some of those older stations...
# human firmware exploit
# Word will insert into your optic buffer
# without bounds checking
I've used several distros over the years, mostly Slackware, RH & Debian (in no particular order apart from the random one generated by my twisted mind) and the bottom line has always been convenience. If the most recent version of a pericular distro in my CDROM library has what I want and ends up with an installation that does all I need without major gotchas then I'll use it. If I'm wanting to do down-and-dirty tweaks of the system that aint very standard then I'll likely use Slackware for its cleanness and resonably "generic-unix" nature, if I'm installing on a compaq box I'll likely use RH simply because in the past I've found its best at handling some of the proprietary hardware found in those boxes (particularly the NICs!!!!) I could go on and on quoting examples where one distro is more convenient for me in certain circumstances than another but whats the point?
If Debian change their policy on what to include where and that alters the characteristics of the distro then the circumstances I'll use it will be different, that doesnt mean it will suck or that it will blow the others out of the water, just that the places where I will find it best to use it will change. I'll still happily use it where it suits my needs and sing the praises of free software every chance I get.
This is not such a big fscking deal.
# human firmware exploit
# Word will insert into your optic buffer
# without bounds checking
Somebody very insightful, and to my shame I cannot remember who it is a quote from, said A gentlemans agreement is all very well unless one party is no gentleman. This is another example of the same principle at work. A set of root servers run for the internet, although based in the US, can get away with delegating TLDs based on a handshake and they did. Now corporations get their hands on the process and it becomes a matter of profit rather than service. Personally I'd like to see a rule in place that ALL TLDs must be administered by not-for-profit groups. As soon as they start concentrating on profits they become vulnerable to all the usual nasty business pressures and can no longer operate an unbiased and equitable service. Sure they can charge for registering domains to cover their costs just as registrars have done since domain registration was in the hands of a few academics. Theres also bound to be a shortfall and there the answer lies in the hands of governments and international NGOs. If a government wants a national TLD, it'd better fund the registrar so that it can operate within these rules otherwise the TLD wont be given to other folks it simply wont exist. The simple test I'd apply is this.. if under currently accepted standards it would not be appropriate to give them a .org domain then they shouldnt be a TLD registrar.
yes, I know its a silly utopian dream but its a damn sight more sustainable and less open to abuse than the current chaos.
# human firmware exploit
# Word will insert into your optic buffer
# without bounds checking
# human firmware exploit
# Word will insert into your optic buffer
# without bounds checking
I'm pretty certain I know how he got in if it is real.. Just look how often any randomly chosen netblock gets portscanned looking for drives shared in windows without passwords, or alternatively look at the spread of NETWORK.VBS which propagates over this kind of open share. No voodoo involved just a stupid user or lan admin. Having done that you can rape the hard drives at your leisure looking for the pics that will make someone regret the day her bf bought the digicam or the internal memos of the company you wish to discredit...
As for screenshots, you may need some extra help such as backorifice but if you got full access to their C drive then what the hell, just install it yourself!
This is why I block the netbios-over-tcp ports at my boundary router both ways so that even if somebody does have an insecure share it dont get advertised to and cant be reached from the internet at large.
# human firmware exploit
# Word will insert into your optic buffer
# without bounds checking
The trend to leasing rather than buying goods is very real but the technology is only driving it indirectly. Look at it this way: The productivity per worker of every manufacturing industry has skyrocketed with every advance in technology since the industrial revolution. The price for the goods has reduced in real terms and the percentage of the workforce employed in manufacturing has gone down. All these guys wanting jobs so they can actually afford the things they want cant work making those things anymore, they go into the service sector. They are no longer selling goods, they are selling a service. You license the use of a program you are leasing the binary data that sits on your drive after you install it but you are buying the right to use it within certain limits. You only lease the software but you buy the service.
Now heres the rub... Anyone but a software company sells you this sort of service and then fails to deliver you can get some kind of redress.. very few other services can get away with not delivering what they promise. The only reason software companies get away with it is because they are hoodwinking their users into thinking they've bought a program "as is" and have to cope with the bugs instead of purchasing the right to use a program that will do XYZ... This is why I prefer not to pay for software, and use GPL'd stuff if I can freeware if GPL aint availale to do things the way I want. Paying for such a non-service, leasing a piece of code I cant poke and prod at if it misbehaves is a real last resort.
But then you all know that last part, this is /. after all...
# human firmware exploit
# Word will insert into your optic buffer
# without bounds checking
Having read it myself, I can support all the points made in the review. I found it informative, interesting and accessible with no need to go beyond my own mathematical knowledge or to bug my brother with dumb questions (He's a physics PhD turned parallel computing guru, I'm just a biochemist turned unixgeek :) )
# human firmware exploit
# Word will insert into your optic buffer
# without bounds checking
Such BS. If they want to avoid problems they simply refuse to deliver to any address but the billing address of the card - which they can verify with the CC company - until you have established a track record with them. If any company tried to pull this on me my immediate response would be to remind them of this fact and if they still objected tell them they had just lost my business and go and purchase what I wanted elsewhere.
# human firmware exploit
# Word will insert into your optic buffer
# without bounds checking
Technically its very possible and as a previous poster pointed out the extra costs may not be so great when compared to the rest of your fitting-out bill. I've sailed for many years and used a variety of electronic devices aboard small craft, some designed for marine use, some not. Heres some of the things to beware of.
# human firmware exploit
# Word will insert into your optic buffer
# without bounds checking