You don't need to be able to overwrite files to cause problems. If you manage to add a new evil.conf file to/etc/httpd/conf.d or/etc/pam.d or/etc/sudoers.d with this exploit, you can do anything you want on the system.
I'm using a Nokia Booklet 3G laptop with Windows 7. Sadly it appears that hardware "accelerated" rendering is actually slower on this laptop than the traditional rendering method. After disabling the acceleration from FF4's settings the browser's speed is again adequate.
Yes, I just noticed that disabling hardware acceleration helped significantly. I picked a random Slashdot news article and scrolled from top to bottom, keeping the down arrow pressed down. With hardware "acceleration" enabled, it took 22 seconds. Without it, 9 seconds. A very unscientific benchmark for sure, but it reflects the impression I got. Without the hardware acceleration the speed seems to be about the same as with older FF3.
After getting disappointed by FF4, I installed Chrome. It seems even a bit snappier than any of the FF versions I've used.
I'm using a Nokia Booklet 3G laptop with Win7. Granted, it's not a particularly fast computer, but it has been sufficient for my web browsing needs with FF3. My main gripe with FF4 is that if the browser is indeed slower with hardware acceleration enabled, FF4 shouldn't enable it by default. Yes, technically enabled folks can tweak the settings to make the browser faster, but tweaking the settings SHOULDN'T be necessary for the average user.
I just downloaded and installed FF4, and unlike what I had expected from the new version, FF4 is actually noticeably slower on most websites, including Slashdot:-/
(clarification to my previous post, sorry for double-posting)
/. subscribers are not redirected to HTTP, they can use HTTPS. And for logging in securely you can use https://slashdot.org/my/login regardless of your subscription status.
Yes, that's unfortunately true.. At this point I'd be happy if Slashdot had an IPv6-only subdomain, such as ipv6.slashdot.org. At this moment that address does resolve (like any subdomain of slashdot.org), but unfortunately only to an IPv4 address:-/
Are you by chance using Adblock Plus? Nearly all the people who have complained about FF's memory usage have used that plugin. Try disabling it for a while to see if it has any effect.
...a new keyboard which converts finger presses into electrical energy and pushes that energy back onto the grid.
Unrelated to this story, but are there keyboards that would convert the keypresses into electricity? Or mice that'd convert the mouse movements into electricity for its own consumption? Wireless keyboard/mice without batteries?
It's true that the majority of NTP servers in the pool are stratum 2 or stratum 3. However, there are already some 120 stratum 1 servers in the pool, so adding a few more stratum 1 servers wouldn't be particularly unusual.
At the moment, running 'dig @8.8.8.8 pool.ntp.org' gives me servers that are across the pond, ie. not relatively close to me. This particular 8.8.8.8 DNS server instance seems to be physically close to me, but based on the responses it gives me, it still acts like it's in the U.S.
Even though there may be several Google DNS servers around the world, I'd guess they're interconnected so they share the same cache. Obviously Google could choose to have a global cache for most domains, but have a local cache for some domains. Whether this is going to be implemented or not remains to be seen..
Any NTP server at any stratum is welcome to join the pool. The only actual requirement is that the server should have a static IP address. The how do I join page has further information. If you already have a functioning NTP server, all you have to do is to log in and add your server's DNS name/IP address and its available bandwidth (for load balancing purposes). I'd say it's a rather simple process.
The NTP pool (which probably needs even more NTP servers, btw) was recently changed so that the project's DNS servers return a list of nearest available NTP servers when queried. If you change your settings to use Google's DNS servers, the pool will now respond with a list of NTP servers close to Google's DNS servers, which may not be what you wanted.
But I thought open recursive DNS servers were bad -- haven't you heard of DNS DDoS amplification attacks? Why would Google's open recursive DNS service be any better in this regard?
I have a display that uses 1920x1200 as its native resolution. After upgrading to 10.5.7, the highest possible resolution was reduced to 1920x1080. Needless to say, this doesn't look particularly good.. See here for details.
Slashdot Mirror
You don't need to be able to overwrite files to cause problems. If you manage to add a new evil.conf file to /etc/httpd/conf.d or /etc/pam.d or /etc/sudoers.d with this exploit, you can do anything you want on the system.
See the robot in action: https://www.youtube.com/watch?...
There is a list of affected sites linked in the comments. The first one on the list is running FreeBSD. I did not bother checking the rest.
Quite simply, Slashdot should be accessible via IPv6. That is all.
No, it's not related to caching. I actually tried this multiple times and the results were repeatable.
I'm using a Nokia Booklet 3G laptop with Windows 7. Sadly it appears that hardware "accelerated" rendering is actually slower on this laptop than the traditional rendering method. After disabling the acceleration from FF4's settings the browser's speed is again adequate.
Yes, I just noticed that disabling hardware acceleration helped significantly. I picked a random Slashdot news article and scrolled from top to bottom, keeping the down arrow pressed down. With hardware "acceleration" enabled, it took 22 seconds. Without it, 9 seconds. A very unscientific benchmark for sure, but it reflects the impression I got. Without the hardware acceleration the speed seems to be about the same as with older FF3.
After getting disappointed by FF4, I installed Chrome. It seems even a bit snappier than any of the FF versions I've used.
I'm using a Nokia Booklet 3G laptop with Win7. Granted, it's not a particularly fast computer, but it has been sufficient for my web browsing needs with FF3. My main gripe with FF4 is that if the browser is indeed slower with hardware acceleration enabled, FF4 shouldn't enable it by default. Yes, technically enabled folks can tweak the settings to make the browser faster, but tweaking the settings SHOULDN'T be necessary for the average user.
I just downloaded and installed FF4, and unlike what I had expected from the new version, FF4 is actually noticeably slower on most websites, including Slashdot :-/
(clarification to my previous post, sorry for double-posting)
/. subscribers are not redirected to HTTP, they can use HTTPS. And for logging in securely you can use https://slashdot.org/my/login regardless of your subscription status.
More questions?
You can log in securely via https://slashdot.org/my/login
More questions?
HTTPS works fine here. Perhaps you should consider becoming a /. subscriber if you want HTTPS.
p.s. posted over SSL
Yes, that's unfortunately true.. At this point I'd be happy if Slashdot had an IPv6-only subdomain, such as ipv6.slashdot.org. At this moment that address does resolve (like any subdomain of slashdot.org), but unfortunately only to an IPv4 address :-/
Serious question. I already have an IPv6 address, why doesn't Slashdot have one?
Are you by chance using Adblock Plus? Nearly all the people who have complained about FF's memory usage have used that plugin. Try disabling it for a while to see if it has any effect.
...a new keyboard which converts finger presses into electrical energy and pushes that energy back onto the grid.
Unrelated to this story, but are there keyboards that would convert the keypresses into electricity? Or mice that'd convert the mouse movements into electricity for its own consumption? Wireless keyboard/mice without batteries?
It's true that the majority of NTP servers in the pool are stratum 2 or stratum 3. However, there are already some 120 stratum 1 servers in the pool, so adding a few more stratum 1 servers wouldn't be particularly unusual.
At the moment, running 'dig @8.8.8.8 pool.ntp.org' gives me servers that are across the pond, ie. not relatively close to me. This particular 8.8.8.8 DNS server instance seems to be physically close to me, but based on the responses it gives me, it still acts like it's in the U.S.
Even though there may be several Google DNS servers around the world, I'd guess they're interconnected so they share the same cache. Obviously Google could choose to have a global cache for most domains, but have a local cache for some domains. Whether this is going to be implemented or not remains to be seen..
Any NTP server at any stratum is welcome to join the pool. The only actual requirement is that the server should have a static IP address. The how do I join page has further information. If you already have a functioning NTP server, all you have to do is to log in and add your server's DNS name/IP address and its available bandwidth (for load balancing purposes). I'd say it's a rather simple process.
The NTP pool (which probably needs even more NTP servers, btw) was recently changed so that the project's DNS servers return a list of nearest available NTP servers when queried. If you change your settings to use Google's DNS servers, the pool will now respond with a list of NTP servers close to Google's DNS servers, which may not be what you wanted.
But I thought open recursive DNS servers were bad -- haven't you heard of DNS DDoS amplification attacks? Why would Google's open recursive DNS service be any better in this regard?
I have a display that uses 1920x1200 as its native resolution. After upgrading to 10.5.7, the highest possible resolution was reduced to 1920x1080. Needless to say, this doesn't look particularly good.. See here for details.
The obligatory clarification links (from Wikipedia) -- some of us have never heard of MST3K:
Mystery Science Theater 3000 , often abbreviated MST3K , is an American cult television comedy series created by Joel Hodgson and produced by Best Brains, Inc. that ran from 1988 to 1999.
I just saw this ad, I thought it's appropriate for the situation.. Control Me.
.. can be read here.
The pictures can be seen on Interpol's site.