That kind of approach is fine. And yes, I have done the e-mail thing to recover or reset a password.
It also seems you are right - the user requests the download and then Facebook e-mails a link. It's not in the Computerworld story but is in the YouTube link to an explanation.
Dude, it is one of the basic tenets in computer security to not click on links in e-mails that take you to websites where you enter login credentials.
Those kinds of e-mails are known as phishing and spear phishing attacks. They are very common and very dangerous.
Facebook has had no end of security problems. Now with the publicity that they will be sending out e-mails that have a link, wait a few days and see what hits in computer security news.
You do know that Intel's biggest, best, and newest research center is in China, right? Also production facilities, I believe. Bet there are stipulations on where the processors are made if they go Intel.
But more importantly, there are reasons to have such big computers and it isn't bragging rights. That's what the managers use to measure by and get their bonuses, but the real value in a super is what you can calculate with it.
As they get more powerful, you can quit doing various approximations and do real calculations. Your simulations get more accurate. You can also do those simulations quicker and do more of them as you explore optimization strategies. While these computers are expensive, being able to trim years or decades off of research programs pays back many times more in first to market, market dominance, etc.
You can do things in simulations that aren't even practical or even feasible in real life. Depending on the problem, it can be that you cannot even simulate it at all without a computer of such a scale.
One thing to keep in mind is that the researchers who use these things, when they get more power, generally are able to make pretty amazing new discoveries. For anyone using these, the advantages are obvious. And so are the opportunites if they can get their hands on even more computing power.
The quest for more computing power is in no way simply a bragging rights kind of thing. There are huge advantages to being able to run on the fastest computer in the world.
I think what it is is that the Xorg server is an easy attack vector for the Linux kernel memory management issue.
The memory management issue is the thing that enables using a flaw in the X server to escalate privilege. If you fix the X server to not allow that kind of manipulation, you still have the kernel memory management issue that could be used by some other application to escalate privilege.
I think that fixing the X server - one mitigation is to disable the MIT-SHM extension as discussed in the pdf - really reduces the exposure but since the real problem is in the kernel, it doesn't completely remove the threat.
An AC says: "OS X (and even Windows) is far more secure than Linux."
Is that why Macs ship with the firewall turned off by default?
No OS is completely secure. It's just how it goes. Not picking on Macs either (though I really wish Apple would default enable the firewall) - I have a Mac laptop and also have a number of Linux boxes. But the AC post is inaccurate and pure troll..
Alex Belits says: "If you want to discuss your most idiotic (though less prominent) claim that one has to be "vigilant" to run Linux servers in a secure manner (as opposed to merely implementing well-known sane policies and apply updates when they are released)..."
Alex, you have to be vigilant to run any server or desktop in a secure manner. Many times there are reconnaissance efforts before an actual exploit. If all you do is set something up and keep it patched, but never inspect logs or other activity on and around the system, you will miss a lot of clues to malicious activity that in many cases predate the actual exploit.
But about high mileage tires being available, they obviously are but I would like to see more information available when buying them. Since tires can make around a 20% difference in mileage, they should be rated similarly to the way the vehicles themselves are rated.
Or even like appliances. Those all now come with comparison ratings so you can make intelligent choices. Tires should be rated at least as well.
There was a trade-off between the tires. The Michelins I got rode very nice and were very sticky compared to the OEM Goodrich tires it came with. The original tires had a pretty hard compound I think and just did not give the impression I could count on them in evasive maneuvering. The Michelins definitely grab and feel very sure and solid but the mileage really took a hit when I put them on. It was so much of a hit that I took the car back to the dealer service department to have it checked out to make sure everything was OK. I also keep the Michelins inflated properly and if anything, overinflated a little.
I almost sold the Michelins and bought OEM tires again because of that mileage hit. I didn't though. Too much trouble. But it still irritates me every time I look at the mpg meter I never reset and see what they did to the long-term average for the car. It's not really a lifetime average since it resets on its own every 32,000 miles or so (32,768?) but I had mileage that people wouldn't believe until I got those tires. The hypermiler folks regularly clock in even higher so 50-54 isn't spectacular. It's just driving with an eye to good mileage.
Sigh. Personally, I think it is about saving money and using less fossil fuels.
I bought a 2005 Honda Civic Hybrid after running the numbers. I broke even at around 27,000 miles and it's been gravy since then.
I didn't take the price difference as between the base Civic and the HCH because the HCH was much closer to the EX version in terms of features. I got a $1500 tax rebate, did not have to pay excise tax, and until I switched to Michelin tires, was getting 50-54 mpg. The closest I came to that mileage before was with the Civic HX where I got 42-44 mpg.
This was also through the time that gas creeped up over $3.50/gallon and such, but it worked for me.
In fairness, my hybrid battery did need to be replaced at 67,000 miles but that was done under warranty and didn't cost me a penny. Spooked me a little though since the repair cost would have been $5000 instead of the $1500 the dealer had told me a replacement pack would cost at the time I bought the car. On the other hand, there are rebuilders out there who will take a bad pack apart, replace the dead cells, match all the other cells, and give it back to you for around $700.
I agree completely about the dick move but I don't think it was an intentional leak. Gizmodo sucks for doing what they did to the guy.
I won't be going back to Gizmodo. That kind of behavior is just unacceptable. It's low. It's despicable.
I really can't believe they thought it newsworthy to ruin the guy's career like that. All I hope is that their own personal details get splashed all over the web.
I could certainly see the removal of lead as being a benefit to decreased effects from radiation. There are a couple of radioactive lead isotopes, one of which is a decay product of 238U. Lead from sources before all of the atmospheric testing is fairly highly prized for sensitive radioactive measurements because of this contamination.
As an aside, dewars used to cool scientific CCD detectors used for spectroscopy used to be welded up with conventional welding rods. The problem was that scientists were noticing very significant background counts on long exposures that were well above what they expected from the detectors themselves. The chips would show a fogging that coincidentally was greater on edges of the chips that were closer to the welds.
Turns out the culprit was the thorium used in the welding rods to help maintain the arc. The radiation from the thorium was generating electron-hole pairs and contributing to the chip dark current.
Cosmic ray events are actually fairly common and are seen with much more regularity in compute clusters that end up having large active chip areas.
They should see a little statistical correlation with altitude, though. The higher up in elevation you are, the more cosmic ray events that are possible because there is less shielding by the atmosphere.
The reason some of the media formats aren't available in the major distributions is because they are proprietary and licensing is required. Some distributions like Mint include support anyway but I don't know anything about how they handle licensing. Ubuntu allows you to purchase a codec pack and the cost covers the price of all of the licensing.
Some distros probably will play the DVD out of the box. With others, it's not that hard to download and install the necessary applications and/or codecs. But I would much rather run Amarok than iTunes anyway.
You have some good points and there are those who will probably be stuck with Windows and whatever Microsoft shoves down their throats. I wish Netflix streaming was available on Linux but I just use a Roku box - which does run Linux (not that that matters).
I think, though, that it's more the average gaming enthusiast that might be more interested in the issues you cite. But many will also have an XBox or whatever since a lot of the gaming industry is moving that direction.
I do think that for a lot of people, Linux is viable and would do everything they want.
It's not true that you have to run a VM to be able to run Windows software. You can look up Mastercam at the Codeweavers website and see if Crossover supports it. Even if software is listed as "untested", it is entirely possible it will install and run perfectly. If it has been noted as not running, that's obviously a different story.
But you can download a copy and see if it works for you. You might not be tied to Windows. Same for Macs - there is a version of Crossover for Macs too that allows you to run Windows applications in OSX without having to install a copy of Windows.
And Crossover is a lot cheaper than a copy of Windows.
True. I was just making the distinction of the distributions that are free like Fedora, openSuSe, Mint, etc, and those where you are paying for support like RHEL, SuSe, and others.
The free ones are totally free. Download, install, copy, and distribute as much as you want.
I really love Linux. KDE and Gnome are both wonderful desktops. And it does everything I need and so much more that I don't need - if I choose to install that functionality.
Apples are great for what they are (and I have a Powerbook laptop) but the features in Linux make it much more versatile.;-)
Slashdot Mirror
As long as the intruder tries to use logins or file access...
Aren't "Bucky Balls" nothing but another allotrope of carbon? (Buckminsterfullerene)
Or was the poster referring to something else?
Meanwhile... Afghanistan has a lot of rare earths. A lot.
Well, that's better than a lot of others that "leer" from the net. ;-)
That kind of approach is fine. And yes, I have done the e-mail thing to recover or reset a password.
It also seems you are right - the user requests the download and then Facebook e-mails a link. It's not in the Computerworld story but is in the YouTube link to an explanation.
Dude, it is one of the basic tenets in computer security to not click on links in e-mails that take you to websites where you enter login credentials.
Those kinds of e-mails are known as phishing and spear phishing attacks. They are very common and very dangerous.
Facebook has had no end of security problems. Now with the publicity that they will be sending out e-mails that have a link, wait a few days and see what hits in computer security news.
Facebook sending users an e-mail with a link to click on just invites spam and fake websites to harvest user's logins and passwords.
Nice move on Facebook's part to help train their users to click on links in e-mails that take them to websites to enter authentication credentials.
Not all the time it doesn't.
Kagato says: "The same company that continued to sell the Nazi's computing hardware used against allied forces..."
Really?... http://en.wikipedia.org/wiki/ENIAC
You do know that Intel's biggest, best, and newest research center is in China, right? Also production facilities, I believe. Bet there are stipulations on where the processors are made if they go Intel.
But more importantly, there are reasons to have such big computers and it isn't bragging rights. That's what the managers use to measure by and get their bonuses, but the real value in a super is what you can calculate with it.
As they get more powerful, you can quit doing various approximations and do real calculations. Your simulations get more accurate. You can also do those simulations quicker and do more of them as you explore optimization strategies. While these computers are expensive, being able to trim years or decades off of research programs pays back many times more in first to market, market dominance, etc.
You can do things in simulations that aren't even practical or even feasible in real life. Depending on the problem, it can be that you cannot even simulate it at all without a computer of such a scale.
One thing to keep in mind is that the researchers who use these things, when they get more power, generally are able to make pretty amazing new discoveries. For anyone using these, the advantages are obvious. And so are the opportunites if they can get their hands on even more computing power.
The quest for more computing power is in no way simply a bragging rights kind of thing. There are huge advantages to being able to run on the fastest computer in the world.
One has to wonder if they are also trying to patent the inadvertent "BSOD" shutdowns. They seem much more complex. ;-)
It will also be much easier to control access.
;-)
Someone should tag it pionenforthefjords, though.
I think ssh counts as access...
I think what it is is that the Xorg server is an easy attack vector for the Linux kernel memory management issue.
The memory management issue is the thing that enables using a flaw in the X server to escalate privilege. If you fix the X server to not allow that kind of manipulation, you still have the kernel memory management issue that could be used by some other application to escalate privilege.
I think that fixing the X server - one mitigation is to disable the MIT-SHM extension as discussed in the pdf - really reduces the exposure but since the real problem is in the kernel, it doesn't completely remove the threat.
At least that is how I understand it...
An AC says: "OS X (and even Windows) is far more secure than Linux."
Is that why Macs ship with the firewall turned off by default?
No OS is completely secure. It's just how it goes. Not picking on Macs either (though I really wish Apple would default enable the firewall) - I have a Mac laptop and also have a number of Linux boxes. But the AC post is inaccurate and pure troll..
Alex Belits says: "If you want to discuss your most idiotic (though less prominent) claim that one has to be "vigilant" to run Linux servers in a secure manner (as opposed to merely implementing well-known sane policies and apply updates when they are released)..."
Alex, you have to be vigilant to run any server or desktop in a secure manner. Many times there are reconnaissance efforts before an actual exploit. If all you do is set something up and keep it patched, but never inspect logs or other activity on and around the system, you will miss a lot of clues to malicious activity that in many cases predate the actual exploit.
That is computer security 101.
But about high mileage tires being available, they obviously are but I would like to see more information available when buying them. Since tires can make around a 20% difference in mileage, they should be rated similarly to the way the vehicles themselves are rated.
Or even like appliances. Those all now come with comparison ratings so you can make intelligent choices. Tires should be rated at least as well.
There was a trade-off between the tires. The Michelins I got rode very nice and were very sticky compared to the OEM Goodrich tires it came with. The original tires had a pretty hard compound I think and just did not give the impression I could count on them in evasive maneuvering. The Michelins definitely grab and feel very sure and solid but the mileage really took a hit when I put them on. It was so much of a hit that I took the car back to the dealer service department to have it checked out to make sure everything was OK. I also keep the Michelins inflated properly and if anything, overinflated a little.
I almost sold the Michelins and bought OEM tires again because of that mileage hit. I didn't though. Too much trouble. But it still irritates me every time I look at the mpg meter I never reset and see what they did to the long-term average for the car. It's not really a lifetime average since it resets on its own every 32,000 miles or so (32,768?) but I had mileage that people wouldn't believe until I got those tires. The hypermiler folks regularly clock in even higher so 50-54 isn't spectacular. It's just driving with an eye to good mileage.
Sigh. Personally, I think it is about saving money and using less fossil fuels.
I bought a 2005 Honda Civic Hybrid after running the numbers. I broke even at around 27,000 miles and it's been gravy since then.
I didn't take the price difference as between the base Civic and the HCH because the HCH was much closer to the EX version in terms of features. I got a $1500 tax rebate, did not have to pay excise tax, and until I switched to Michelin tires, was getting 50-54 mpg. The closest I came to that mileage before was with the Civic HX where I got 42-44 mpg.
This was also through the time that gas creeped up over $3.50/gallon and such, but it worked for me.
In fairness, my hybrid battery did need to be replaced at 67,000 miles but that was done under warranty and didn't cost me a penny. Spooked me a little though since the repair cost would have been $5000 instead of the $1500 the dealer had told me a replacement pack would cost at the time I bought the car. On the other hand, there are rebuilders out there who will take a bad pack apart, replace the dead cells, match all the other cells, and give it back to you for around $700.
Dr. Zoidberg would understand...
I agree completely about the dick move but I don't think it was an intentional leak. Gizmodo sucks for doing what they did to the guy.
I won't be going back to Gizmodo. That kind of behavior is just unacceptable. It's low. It's despicable.
I really can't believe they thought it newsworthy to ruin the guy's career like that. All I hope is that their own personal details get splashed all over the web.
I could certainly see the removal of lead as being a benefit to decreased effects from radiation. There are a couple of radioactive lead isotopes, one of which is a decay product of 238U. Lead from sources before all of the atmospheric testing is fairly highly prized for sensitive radioactive measurements because of this contamination.
As an aside, dewars used to cool scientific CCD detectors used for spectroscopy used to be welded up with conventional welding rods. The problem was that scientists were noticing very significant background counts on long exposures that were well above what they expected from the detectors themselves. The chips would show a fogging that coincidentally was greater on edges of the chips that were closer to the welds.
Turns out the culprit was the thorium used in the welding rods to help maintain the arc. The radiation from the thorium was generating electron-hole pairs and contributing to the chip dark current.
Cosmic ray events are actually fairly common and are seen with much more regularity in compute clusters that end up having large active chip areas.
They should see a little statistical correlation with altitude, though. The higher up in elevation you are, the more cosmic ray events that are possible because there is less shielding by the atmosphere.
The reason some of the media formats aren't available in the major distributions is because they are proprietary and licensing is required. Some distributions like Mint include support anyway but I don't know anything about how they handle licensing. Ubuntu allows you to purchase a codec pack and the cost covers the price of all of the licensing.
Some distros probably will play the DVD out of the box. With others, it's not that hard to download and install the necessary applications and/or codecs. But I would much rather run Amarok than iTunes anyway.
You have some good points and there are those who will probably be stuck with Windows and whatever Microsoft shoves down their throats. I wish Netflix streaming was available on Linux but I just use a Roku box - which does run Linux (not that that matters).
I think, though, that it's more the average gaming enthusiast that might be more interested in the issues you cite. But many will also have an XBox or whatever since a lot of the gaming industry is moving that direction.
I do think that for a lot of people, Linux is viable and would do everything they want.
Check out Codeweavers.com and Crossover Linux.
It's not true that you have to run a VM to be able to run Windows software. You can look up Mastercam at the Codeweavers website and see if Crossover supports it. Even if software is listed as "untested", it is entirely possible it will install and run perfectly. If it has been noted as not running, that's obviously a different story.
But you can download a copy and see if it works for you. You might not be tied to Windows. Same for Macs - there is a version of Crossover for Macs too that allows you to run Windows applications in OSX without having to install a copy of Windows.
And Crossover is a lot cheaper than a copy of Windows.
True. I was just making the distinction of the distributions that are free like Fedora, openSuSe, Mint, etc, and those where you are paying for support like RHEL, SuSe, and others.
;-)
The free ones are totally free. Download, install, copy, and distribute as much as you want.
I really love Linux. KDE and Gnome are both wonderful desktops. And it does everything I need and so much more that I don't need - if I choose to install that functionality.
Apples are great for what they are (and I have a Powerbook laptop) but the features in Linux make it much more versatile.