If you've got a firewire port in the machine, you're game over.
Otherwise, it depends on whether there's any direct remote exploits on the version of Windows you're running - I haven't heard of any of those for a long time.
Auto-locating the decryption keys (for multiple products) rather than manually digging through a 16gig ram dump is easily worth $300:) - I'd kinda expect law enforcement companies to have already come up with tools, though (or, perhaps more likely, be paying (lots more) for already-existing products).
In all fairness, he did say Adobe Acrobat (the expensive PDF maker), not Adobe Acrobat Reader (which is free and only reads them). If you're actually generating content then you may very well start with a blank file and run Acrobat from the icon.
True - I just assumed he meant "reader", most "normal people" I've heard refer to the program either calls it "Adobe PDF" or perhaps "Adobe Acrobat":)
I'd kinda assume somebody using the (indeed pretty darn expensive!) Acrobat to know what the program is called... or at least not having an issue typing "Adobe" and then picking acrobat from the result list. Then again, marketing drones...:)
Who actually starts their PDF reader in any other way than through clicking on a.pdf, or selecting "open" as the action in their web browser? (Heck, "normal" people would most likely have the crappy and insecure in-browser AdobePDF, or would be using Chrome).
In DOS, you had to navigate to the directory your application was installed in, or type the full path - and if you hadn't actively installed something like 4DOS, you had to type out everything in full. With the Start Screen (and the new-style Start Menu of Vista and Win7 too), you type a few words (heck, often only a few characters) from the application name. Sure, it takes a bit getting used to the she start-screen of Win8, but it's IMHO more useful than the start menu since it's full-screen and thus can show more information.
But I guess I'm biased - I've always thought the old start menu and it's nested folders was sucky, and have used a combination of quicklaunch bars (DonationCoder's LaunchBarCommander) and keystroke launchers (Find And Run Robot, Launchy) ever since the XP days. I like my keyboard goodness.
FWIW: my X25-E (Intel's SLC based 'enterprise' SSD - firstgen with large fab size) died after a few years of not-so-intensive use. It's been my experience (two of my own drives, and what has happened to a couple of friends) that when an SSD dies, it doesn't seem to be because you exhaust the P/E cycles.
Linux: IPX protocol null-pointer dereference exploit. Apache: chunked-encoding exploit. Not as long-standing as the NTVDM or GDI exploits in NT, but still pretty darn bad.
So there's been a few small details that I think we could have done better, but on the whole I'm *very* happy with git. I think the core design is very solid, and we have almost zero redundant information, and the core model is really built around a few solid concepts that make a lot of sense.
I had hoped to see that answered with "I wish I had started git as libgit+git from the get-go, instead of the hacky shell-script semi-architecture it started with" - but that's (obviously) because I value portability and embeddability in other projects.
Also, while I appreciate Linus' outspoken no-bullshit personality, I find that sometimes it devolves into cursing and rudeness - this is one of the occasions where he's entirely mellow, lucid and reasonable, and that's nice to see:-)
You'd get a +1 if I had mod points - although I would assume Blymie takes offense at the word 'automagic' moreso than the process being... automagic;-)
I guess it wouldn't be a half bad way to manage Gentoo's portage or FreeBSD's ports, but it doesn't seem like a smart idea for binaries - and I wonder if the bulk source (rather than the makefiles, patches and descriptors of a portage/ports system) would be manageable, assuming that most people would want to only download the source for the parts they need. How'd one do that with Git - huge amount of submodules?
I don't think "war dialing" is appropriate here - they didn't just dial random numbers, they had lists of phone numbers with matching names.
Re:Was hoping a faster algorithm would be chosen..
on
SHA-3 Winner Announced
·
· Score: 1
That is a strange criteria though, as 99.9% of the people using SHA3 and depending on it's security will use a software implementation. Practically the only people who deal with hardware implementations anymore are those trying to break a cryptosystem.
...and there you have the answer. *cue mysterious conspiracy music*:)
A decent point, I guess. I'd still go with AdBlockPlus, though, but whitelisting the sites that are worth it - even though you don't get "full protection", at least it helps reducing the risk of random drive-bys on random sites. And as long as you don't have flash, java or the pdf plugin, you're a long way towards safety.
It's a bit bothersome indeed, and you risk ending up whitelisting too much on some sites, as it can be slightly difficult figuring out exactly what you need to whitelist - but IMHO it's worth it. And even if you whitelist a bit too much on a site you're purposely trying to get working, you'll probably still be blocking eventual drive-by nasties on other sites.
AdBlockPlus wasn't just mentioned for convenience, btw, but because compromised banner servers is an ideal way to deliver malware - if a legitimate banner server is compromised, serving ads on a site you've got whitelisted...:-)
Ah yes, forgot to list that one in the bunch - EMET is nice indeed! It's not a failsafe security guarantee, but it does add a nice extra bit of security. Do be sure to test configuration before rolling out corporate-wide, as some software is incompatible with some of the mitigations:)
Oh, and one more (and perhaps obvious) thing: disable Flash, Java and Adobe-PDF in your main browser, as those are the main attack vectors these days. Have a secondary browser/profile for the times you need any of these. Use an alternative PDF viewer (like Sumatra or Foxit) unless you need specific Adobe features.
I've had MSE detect & clean that one of the other free products (think it might have been Avast?) didn't catch - and MSE is no-nonsense, doesn't get in your way, haven't given me false positives (it does flag stuff like keygens though:)), and isn't too hard on system resources.
Combine that with FireFox + AdBlockPlus + NoScript + Ghostery + Certificate Patrol and some common sense, and you should be pretty well off.
If they don't do they they deprive every single buyer of the shitload of accessories actually on the market and in the homes of so many potential buyers. And this is a definitive advantages of iPhones over competing products.
And why wouldn't they do this? They know the fanboys will rush out to buy both thew new phone and new gear, and it'll keep money flowing into their greedy pockets.
An encrypted Blackberry remains a device that cannot be successfully examined - I believe you can get an image from the device but it is encrypted at a level that makes cracking the encryption unlikely.
Slashdot Mirror
If you've got a firewire port in the machine, you're game over.
Otherwise, it depends on whether there's any direct remote exploits on the version of Windows you're running - I haven't heard of any of those for a long time.
Auto-locating the decryption keys (for multiple products) rather than manually digging through a 16gig ram dump is easily worth $300 :) - I'd kinda expect law enforcement companies to have already come up with tools, though (or, perhaps more likely, be paying (lots more) for already-existing products).
Acquires protection keys from RAM dumps, hibernation files
What's not to believe?
So, we encode the bitstreams as "viagra" for 1, "penis!" for 0? (same length strings, obviously, to make the processing more efficient).
Not as long as you accept MITM SSL certificates, no :-)
In all fairness, he did say Adobe Acrobat (the expensive PDF maker), not Adobe Acrobat Reader (which is free and only reads them). If you're actually generating content then you may very well start with a blank file and run Acrobat from the icon.
True - I just assumed he meant "reader", most "normal people" I've heard refer to the program either calls it "Adobe PDF" or perhaps "Adobe Acrobat" :)
I'd kinda assume somebody using the (indeed pretty darn expensive!) Acrobat to know what the program is called... or at least not having an issue typing "Adobe" and then picking acrobat from the result list. Then again, marketing drones... :)
Who actually starts their PDF reader in any other way than through clicking on a .pdf, or selecting "open" as the action in their web browser? (Heck, "normal" people would most likely have the crappy and insecure in-browser AdobePDF, or would be using Chrome).
In DOS, you had to navigate to the directory your application was installed in, or type the full path - and if you hadn't actively installed something like 4DOS, you had to type out everything in full. With the Start Screen (and the new-style Start Menu of Vista and Win7 too), you type a few words (heck, often only a few characters) from the application name. Sure, it takes a bit getting used to the she start-screen of Win8, but it's IMHO more useful than the start menu since it's full-screen and thus can show more information.
But I guess I'm biased - I've always thought the old start menu and it's nested folders was sucky, and have used a combination of quicklaunch bars (DonationCoder's LaunchBarCommander) and keystroke launchers (Find And Run Robot, Launchy) ever since the XP days. I like my keyboard goodness.
also.. if she's attracted to you, it doesn't matter a whole lot what you say. as long as it's not disgusting/repulsive/etc.
"So, umm... wanna come home and check out my tub? I've got a lot of bathing salts."
That alone isn't enough to call him a Christian, though.
FWIW: my X25-E (Intel's SLC based 'enterprise' SSD - firstgen with large fab size) died after a few years of not-so-intensive use. It's been my experience (two of my own drives, and what has happened to a couple of friends) that when an SSD dies, it doesn't seem to be because you exhaust the P/E cycles.
Linux: IPX protocol null-pointer dereference exploit. Apache: chunked-encoding exploit. Not as long-standing as the NTVDM or GDI exploits in NT, but still pretty darn bad.
So there's been a few small details that I think we could have done better, but on the whole I'm *very* happy with git. I think the core design is very solid, and we have almost zero redundant information, and the core model is really built around a few solid concepts that make a lot of sense.
I had hoped to see that answered with "I wish I had started git as libgit+git from the get-go, instead of the hacky shell-script semi-architecture it started with" - but that's (obviously) because I value portability and embeddability in other projects.
Also, while I appreciate Linus' outspoken no-bullshit personality, I find that sometimes it devolves into cursing and rudeness - this is one of the occasions where he's entirely mellow, lucid and reasonable, and that's nice to see :-)
You'd get a +1 if I had mod points - although I would assume Blymie takes offense at the word 'automagic' moreso than the process being... automagic ;-)
I guess it wouldn't be a half bad way to manage Gentoo's portage or FreeBSD's ports, but it doesn't seem like a smart idea for binaries - and I wonder if the bulk source (rather than the makefiles, patches and descriptors of a portage/ports system) would be manageable, assuming that most people would want to only download the source for the parts they need. How'd one do that with Git - huge amount of submodules?
As long as they don't run mass spectrography tests for LSD!
Who would vote for a nub with ilvl 345? ;p
I don't think "war dialing" is appropriate here - they didn't just dial random numbers, they had lists of phone numbers with matching names.
That is a strange criteria though, as 99.9% of the people using SHA3 and depending on it's security will use a software implementation. Practically the only people who deal with hardware implementations anymore are those trying to break a cryptosystem.
...and there you have the answer. *cue mysterious conspiracy music* :)
You'd choose a Symantec product over MSE? Really? O_o
A decent point, I guess. I'd still go with AdBlockPlus, though, but whitelisting the sites that are worth it - even though you don't get "full protection", at least it helps reducing the risk of random drive-bys on random sites. And as long as you don't have flash, java or the pdf plugin, you're a long way towards safety.
It's a bit bothersome indeed, and you risk ending up whitelisting too much on some sites, as it can be slightly difficult figuring out exactly what you need to whitelist - but IMHO it's worth it. And even if you whitelist a bit too much on a site you're purposely trying to get working, you'll probably still be blocking eventual drive-by nasties on other sites.
AdBlockPlus wasn't just mentioned for convenience, btw, but because compromised banner servers is an ideal way to deliver malware - if a legitimate banner server is compromised, serving ads on a site you've got whitelisted... :-)
Ah yes, forgot to list that one in the bunch - EMET is nice indeed! It's not a failsafe security guarantee, but it does add a nice extra bit of security. Do be sure to test configuration before rolling out corporate-wide, as some software is incompatible with some of the mitigations :)
Oh, and one more (and perhaps obvious) thing: disable Flash, Java and Adobe-PDF in your main browser, as those are the main attack vectors these days. Have a secondary browser/profile for the times you need any of these. Use an alternative PDF viewer (like Sumatra or Foxit) unless you need specific Adobe features.
+1.
I've had MSE detect & clean that one of the other free products (think it might have been Avast?) didn't catch - and MSE is no-nonsense, doesn't get in your way, haven't given me false positives (it does flag stuff like keygens though :)), and isn't too hard on system resources.
Combine that with FireFox + AdBlockPlus + NoScript + Ghostery + Certificate Patrol and some common sense, and you should be pretty well off.
If they don't do they they deprive every single buyer of the shitload of accessories actually on the market and in the homes of so many potential buyers. And this is a definitive advantages of iPhones over competing products.
And why wouldn't they do this? They know the fanboys will rush out to buy both thew new phone and new gear, and it'll keep money flowing into their greedy pockets.
An encrypted Blackberry remains a device that cannot be successfully examined - I believe you can get an image from the device but it is encrypted at a level that makes cracking the encryption unlikely.
I wonder if that's true, given that BlackBerry maker Research in Motion agrees to hand over its encryption keys to India. I do realize that this is traffic encryption keys, which are likely different from device storage keys... but it still does make one wonder.