A lot of people really seem to miss the point about exploits that can only be used locally... These are still every bit as serious as remote exploits!
If you follow best practices, you'll probably end up with a system where any vulnerability only leads to access as a user. But when there are local root exploits available, you can escalate that user access to root access and hide your rootkits there.
So with this Nvidia bug, the real risk is that another service gets compromised and the attacker then uses this exploit to get root. Once they have root, they can install rootkits, etc.
GIMP specific - Color Management, no native way to handle RAW files (dcraw has issues), no 16 bit support last I checked, no decent album / file management solutions.
Linux issues that affect GIMP - no decent off the shelf screen calibration tools (think Spyder here).
Those are just the issues off the top of my head, and the developers have known about these all for quite some time.
Wow... just wow! This is an actual detailed and insightful interview. Compare this with the 'interview with a lawyer' recently and it becomes even clearer how good these responses are.
This guy actually answers insightfully and in detail, rather than fobbing people off with half truths and then being surprised when they are called on the inconsistencies with the facts.
Since "true" HDR consumera camera's don't exist (anyone know?),
HDR is a just technique... you take three images at different exposures and blend those images into one. I personally use 1EV difference between each exposure.
Mostly, this is done because digital camera makers are too focussed on the megapixel war and not focussed enough on real improvements. My new D200 has a dynamic range of 11 stops, making certain exposures with a lot of range between the shadows and highlights difficult or impossible.
The HDR technique solves this for me by allowing me to use one image that captures the shadows correctly, one image that represents the mid-tones well and a final image with the highlights correct. I then use the best features of all of these images to create my final one.
Blending images like this is totally possible without tools like the CS2 HDR tool, and often more reliable.
A friend of mine in the UK ended up being suspended and defending against criminal charges for this kind of thing. A child went batshit in class, chucking tables over, kicking bags all over the place, the whole trip. She made the mistake of grabbing his arm to stop him.
In the preliminary hearings, she was told that because she closed her hand around his arm, it became assault. Had she only used her hand in an open, flat position that would have been allowed.
In the end all charges were dropped and she was re-instated on the student's evidence, but she quit teaching. Who needs the risk of criminal charges just for defending themselves?
Last night I had to re-install Windows XP in VMware so that my wife can access her work systems. Once I had spent 20 minutes on the phone asking Microsoft for permission to use something that I already bought, it was time to do the updates.
The install was Windows XP - no service packs included. I then had to apply patches, install SP2 and apply more patches. The whole time I was doing this, my machine was not, and could not be protected by what was on it. The only thing that saved me is that I run a decent firewall in front of my home network. If I didn't have one (and many people don't - they just plug their cable modem connection to their ethernet port), I would have been owned in short order.
This is a real-life test and it does illustrate a problem with reloading machines!
Has anyone considered that MS is actually trying to make a decent OS here? Sure, it's fun to poke fun at them for all the crashes and bugs, but isn't that the ENTIRE point of the 'release early, release often' mindset?
At least they're trying to find their bugs, at least they are running a widespread beta.
Without resorting to searching the web, can anyone here correctly identify the following acronyms:
CPM BAC BSA KPI EAC OBS RAMP
Hmm - I could get two of those, tops.
All industries have their own acronyms, and most people outside those industries aren't familiar with them. There's just some odd belief out there that computers and technology are supposed to be understood by everyone, and I've never got to grips with that. I have no clue about the functions of my washing machine other than I should put it on 8, set the temperature to whatever my wife tells me and press start.
Bullshit. There is a foreign national suspected of being hostile to the US on the other end of the line. There's a world of difference between those statements.
Re:It follows logically that drinkers would get mo
on
Socializing For The Win?
·
· Score: 4, Interesting
That's probably one of the most outdated bitter views I've ever read.
Most 'execs' these days don't have assistants anymore. That role was killed to save money and now the role falls between them and their line managers. In the rare case where a PA does still exist, she's normally shared among 4+ execs.
Just one last question - where would your job be without those deals and those sales? Ever think that maybe some people hate the whole sales process, but they do it anyway because it's their job? How much fun do you think it is for a woman being pawed by a customer and not being able to say anything because it would cost her the sale? How much fun do you think it is for a family man to have potential clients oggling women and behaving badly, and not be able to say anything about it because it would cost the sale?
On the flip side, I've noticed that since not just going to work and going home, but staying around once or twice a month to socialise, my salary has increased by 30%. Just making contacts and networking is far more than learning some new technology.
There's a fix for your OS X navigation issues... Just install quicksilver
I used to know where stuff was on my mac and how to find stuff, then I started using Quicksilver. The other day I was trying to do something on my wife's machine nad I ended up having to install quicksilver first. It's so slick and simple to use that it makes me lazy:)
A lot of people here are commenting that with XP you don't get support, whereas with RHEL Workstation you do. This is true, to an extent.
The real difference though is that Red Hat really do cost A LOT more for support, and you are FORCED to pay for that support year after year just to get bugfixes and security patches to the software you are using.
With XP, you pay per incident for support, and that can add up quite quickly with just a few support calls. But at least you are eligible for every single patch for the lifetime of the product.
With Red Hat, you pay for support for your first year and you get patches. But if you don't cough up in the second year, not only can't you phone in for support anymore (for all the good that's ever done me tbh), but more importantly you can't get patches any more. So the product you choose can lock you into annual fees to a vendor and if you don't pay them, your system is exposed. Not nice at all!
I support copyright fully. If an author releases a work under a license I can't live with, I forgo that work. I also make money off of copyright from time to time (selling photographs).
So here is my problem with DRM...
Copyright eventually expires and the article passes into the public domain. This time limit has been raped by Mickey Mouse several times, but at least stuff still passes into the public domain.
With DRM, it becomes impossible for something to EVER pass into the public domain because of the DMCA and EUCD. To get a DRMd item into a state that you can use it for other works, you will have to break the DRM. Even though you are fully entitled to the content at this point (it has passed the copyright life span and is legally in the public domain), you break the law by getting at the content.
That's before you even get into stuff like fair use of your content while it is still under copyright.
Please, please, PLEASE stop spreading this myth! There was NO attack on any London airport. A plot was uncovered and some people were arrested, but there was no attack. So far, no-one has been charged with making explosives; the most serious charge so far is 'conspiracy to cause damage and loss of life'. Most people charged were charged with the bullshit charge of 'withholding information from the police' (i.e. tattling on your family if they do anything odd).
The people arrested had no plane tickets let alone a fixed timetable. To be clear, none of these people was anywhere near an airport.
Furthermore, their entire 'plan of attack' is thought to be unfeasible by most people in the know. Most of the people involved have been charged with 'failing to disclose information to the police'. One has been charged with this because he didn't disclose information about his brother to the police. Sadly, his brother has not yet been charged with anything, so no-one is clear what this person failed to disclose; the prosecution's case doesn't exactly look airtight.
Setting a good example to others? No way. Threats to nuke Iran if they continue their nuclear programme seem very hypocritical. Their actions in Iraq and Afghanistan were so badly organised the US probably killed more innocent citizens than the terrorists did in 11/09/2001 and 7/7/2005 combined.
You're kidding right? There's no probably about it. Check the numbers on http://www.iraqbodycount.net/. That's excluding the ~2000 allied servicemen who've died.
Death toll for 11/9 and 7/7 combined was less than 4000. So far, the US and their allies have killed TEN TIMES THAT MANY CIVILIANS in Iraq alone. That doesn't count dead innocents in Afghanistan.
And this is why this war will not reduce terrorism, but instead will produce more terrorists. There are 40000 + dead people with friends, families and orphans out there. How much do you think they love they US? How easy do you think it would be to brainwash these vulnerable victims into committing suicide in retaliation attacks?
I see a lot of people here saying that there is no way to stop someone using something in a movie. Like I would be free to use whatever furniture I like or whatever. But I'm sure this isn't true.
I'm sure I read something a couple of years back about a movie being delayed because they used a chair that the designer of the chair objected to.
Microsoft DRM is currently causing Sky in the UK to not honour their contracts with their broadband users. And MS want me to trust me to use them as a music supplier?
Slashdot Mirror
A lot of people really seem to miss the point about exploits that can only be used locally... These are still every bit as serious as remote exploits!
If you follow best practices, you'll probably end up with a system where any vulnerability only leads to access as a user. But when there are local root exploits available, you can escalate that user access to root access and hide your rootkits there.
So with this Nvidia bug, the real risk is that another service gets compromised and the attacker then uses this exploit to get root. Once they have root, they can install rootkits, etc.
Here you go...
GIMP specific - Color Management, no native way to handle RAW files (dcraw has issues), no 16 bit support last I checked, no decent album / file management solutions.
Linux issues that affect GIMP - no decent off the shelf screen calibration tools (think Spyder here).
Those are just the issues off the top of my head, and the developers have known about these all for quite some time.
In a sane world, the book would not be protected by copyright in 20 years, so it could be offered by project gutenberg.
Unfortunately, we live in a world where Mickey Rat writes laws, so we are stuck with an insane copyright duration.
Then and than are two completely different words with completly different meanings.
Wow... just wow! This is an actual detailed and insightful interview. Compare this with the 'interview with a lawyer' recently and it becomes even clearer how good these responses are.
This guy actually answers insightfully and in detail, rather than fobbing people off with half truths and then being surprised when they are called on the inconsistencies with the facts.
Thanks!
Since "true" HDR consumera camera's don't exist (anyone know?),
HDR is a just technique... you take three images at different exposures and blend those images into one. I personally use 1EV difference between each exposure.
Mostly, this is done because digital camera makers are too focussed on the megapixel war and not focussed enough on real improvements. My new D200 has a dynamic range of 11 stops, making certain exposures with a lot of range between the shadows and highlights difficult or impossible.
The HDR technique solves this for me by allowing me to use one image that captures the shadows correctly, one image that represents the mid-tones well and a final image with the highlights correct. I then use the best features of all of these images to create my final one.
Blending images like this is totally possible without tools like the CS2 HDR tool, and often more reliable.
A friend of mine in the UK ended up being suspended and defending against criminal charges for this kind of thing. A child went batshit in class, chucking tables over, kicking bags all over the place, the whole trip. She made the mistake of grabbing his arm to stop him.
In the preliminary hearings, she was told that because she closed her hand around his arm, it became assault. Had she only used her hand in an open, flat position that would have been allowed.
In the end all charges were dropped and she was re-instated on the student's evidence, but she quit teaching. Who needs the risk of criminal charges just for defending themselves?
The judge just wanted to get a copy early, that's all this is about :)
Last night I had to re-install Windows XP in VMware so that my wife can access her work systems. Once I had spent 20 minutes on the phone asking Microsoft for permission to use something that I already bought, it was time to do the updates.
The install was Windows XP - no service packs included. I then had to apply patches, install SP2 and apply more patches. The whole time I was doing this, my machine was not, and could not be protected by what was on it. The only thing that saved me is that I run a decent firewall in front of my home network. If I didn't have one (and many people don't - they just plug their cable modem connection to their ethernet port), I would have been owned in short order.
This is a real-life test and it does illustrate a problem with reloading machines!
Has anyone considered that MS is actually trying to make a decent OS here? Sure, it's fun to poke fun at them for all the crashes and bugs, but isn't that the ENTIRE point of the 'release early, release often' mindset?
At least they're trying to find their bugs, at least they are running a widespread beta.
Get out of the plane!
How much money have you spent on clothes and make-up, and lotions, and shoes? Attractive women spend A TON!
Bollocks! Many attractive women look fantastice in a £10 pair of jeans, a t-shirt and no make-up or other rubbish. I should know - I married one :)
Without resorting to searching the web, can anyone here correctly identify the following acronyms:
CPM
BAC
BSA
KPI
EAC
OBS
RAMP
Hmm - I could get two of those, tops.
All industries have their own acronyms, and most people outside those industries aren't familiar with them. There's just some odd belief out there that computers and technology are supposed to be understood by everyone, and I've never got to grips with that. I have no clue about the functions of my washing machine other than I should put it on 8, set the temperature to whatever my wife tells me and press start.
Bullshit. There is a foreign national suspected of being hostile to the US on the other end of the line. There's a world of difference between those statements.
You say that like it's a bad thing ?
That's probably one of the most outdated bitter views I've ever read.
Most 'execs' these days don't have assistants anymore. That role was killed to save money and now the role falls between them and their line managers. In the rare case where a PA does still exist, she's normally shared among 4+ execs.
Just one last question - where would your job be without those deals and those sales? Ever think that maybe some people hate the whole sales process, but they do it anyway because it's their job? How much fun do you think it is for a woman being pawed by a customer and not being able to say anything because it would cost her the sale? How much fun do you think it is for a family man to have potential clients oggling women and behaving badly, and not be able to say anything about it because it would cost the sale?
On the flip side, I've noticed that since not just going to work and going home, but staying around once or twice a month to socialise, my salary has increased by 30%. Just making contacts and networking is far more than learning some new technology.
There's a fix for your OS X navigation issues... Just install quicksilver
:)
I used to know where stuff was on my mac and how to find stuff, then I started using Quicksilver. The other day I was trying to do something on my wife's machine nad I ended up having to install quicksilver first. It's so slick and simple to use that it makes me lazy
A lot of people here are commenting that with XP you don't get support, whereas with RHEL Workstation you do. This is true, to an extent.
The real difference though is that Red Hat really do cost A LOT more for support, and you are FORCED to pay for that support year after year just to get bugfixes and security patches to the software you are using.
With XP, you pay per incident for support, and that can add up quite quickly with just a few support calls. But at least you are eligible for every single patch for the lifetime of the product.
With Red Hat, you pay for support for your first year and you get patches. But if you don't cough up in the second year, not only can't you phone in for support anymore (for all the good that's ever done me tbh), but more importantly you can't get patches any more. So the product you choose can lock you into annual fees to a vendor and if you don't pay them, your system is exposed. Not nice at all!
That would be me then...
I support copyright fully. If an author releases a work under a license I can't live with, I forgo that work. I also make money off of copyright from time to time (selling photographs).
So here is my problem with DRM...
Copyright eventually expires and the article passes into the public domain. This time limit has been raped by Mickey Mouse several times, but at least stuff still passes into the public domain.
With DRM, it becomes impossible for something to EVER pass into the public domain because of the DMCA and EUCD.
To get a DRMd item into a state that you can use it for other works, you will have to break the DRM. Even though you are fully entitled to the content at this point (it has passed the copyright life span and is legally in the public domain), you break the law by getting at the content.
That's before you even get into stuff like fair use of your content while it is still under copyright.
In a lot of cases, places only have enough stock to serve the people who preordered; so in many cases, if you don't preorder, you don't get.
Urk - I hadn't read that anywhere... Could you point me at some more info please. I think Mr Fitzpatrick (my MP) will be hearing from me again.
Please, please, PLEASE stop spreading this myth! There was NO attack on any London airport. A plot was uncovered and some people were arrested, but there was no attack. So far, no-one has been charged with making explosives; the most serious charge so far is 'conspiracy to cause damage and loss of life'. Most people charged were charged with the bullshit charge of 'withholding information from the police' (i.e. tattling on your family if they do anything odd).
The people arrested had no plane tickets let alone a fixed timetable. To be clear, none of these people was anywhere near an airport.
Furthermore, their entire 'plan of attack' is thought to be unfeasible by most people in the know. Most of the people involved have been charged with 'failing to disclose information to the police'. One has been charged with this because he didn't disclose information about his brother to the police. Sadly, his brother has not yet been charged with anything, so no-one is clear what this person failed to disclose; the prosecution's case doesn't exactly look airtight.
Setting a good example to others? No way. Threats to nuke Iran if they continue their nuclear programme seem very hypocritical. Their actions in Iraq and Afghanistan were so badly organised the US probably killed more innocent citizens than the terrorists did in 11/09/2001 and 7/7/2005 combined.
You're kidding right? There's no probably about it. Check the numbers on http://www.iraqbodycount.net/. That's excluding the ~2000 allied servicemen who've died.
Death toll for 11/9 and 7/7 combined was less than 4000. So far, the US and their allies have killed TEN TIMES THAT MANY CIVILIANS in Iraq alone. That doesn't count dead innocents in Afghanistan.
And this is why this war will not reduce terrorism, but instead will produce more terrorists. There are 40000 + dead people with friends, families and orphans out there. How much do you think they love they US? How easy do you think it would be to brainwash these vulnerable victims into committing suicide in retaliation attacks?
Doh!
I see a lot of people here saying that there is no way to stop someone using something in a movie. Like I would be free to use whatever furniture I like or whatever. But I'm sure this isn't true.
I'm sure I read something a couple of years back about a movie being delayed because they used a chair that the designer of the chair objected to.
Microsoft DRM is currently causing Sky in the UK to not honour their contracts with their broadband users. And MS want me to trust me to use them as a music supplier?