After they managed to unlock the phone they made a deal with Microsoft and removed the original tool to release it as a paid (future proof) version. There are other jailbreak tools unrelated to MS though.
I am curious why you got a Windows Phone if you were so interested in running native code and controlling the system. There are plenty of options out there for people who want full access to the system and with Windows Phone Microsoft actually markets the lack of access as kind of a feature. I am pretty happy with my Windows Phone but I cannot understand why people who care about full access would buy it.
I did not say we should believe them. I said that the other numbers are unreliable either. For example the number based on asking 5000 people what phones they were going to get was totally absurd and if true would mean that only 6000 Lumia phones would be sold in the UK which is obviously absurd. It seems like the middle ground of all information is about 800 000 - 1 000 000 Lumias sold till the end of 2011. Different sources do not agree if this is spectacular failure or relative success even if they agree on the numbers.
No, this is not how hashtables work. The hashcode is not identity value but a means to sort elements into buckets for faster lookup. It won't get "confused" by equal hashes, it just gets somewhat slower when a large number of elements with equal hashes are added.
Your statement is correct but your reasons are wrong. First of all the function is not hard to reverse. It is not cryptographic hash its only purpose is to give even distribution in the common case so that it can be used for hashtables. The only way to fix the function would be to add some kind of randomness but chances are that people are depending on the hash being stable (and they shouldn't!) so Java designers will be reluctant to change it. On the other hand if a random salt is added each time the JVM is started that may give a hash distribution that is not even in some real world case which means that some programs may suffer performance hit randomly. And finally this can be patched in the request/response pipeline for web requests. The vendors will probably prefer patching the web parts instead of the whole platform.
In fact Oracle claims that a fix in Java is not needed and they will fix Glassfish. I believe MS will do the same and will fix the ASP.NET request/response pipeline and not the core HashTable implementation.
You've gotta love how/. reports this in an unbiased way:) BTW it is not DDoS but just DoS (no distributed coordinated attack needed just a single request). Also it is not a bug in the hashtable implementation per se. You could argue that in the general case of a library hashtable one should prefer speed and predictability to DoS protection and use separate kind of HashTable for this kind of input. I am curious how companies will choose to patch this vulnerability.
Neal McAllister is an idiot of course. Compiling code at runtime is a side effect from this project. The main purpose of the project is that the compiler now exposes its internal parsing/lexing structures as APIs that can be used from IDEs, refactoring tools, etc. By definition they are the most correct and complete which (at least in theory) would lead to great advancement in productivity tools for C# and VB.NET. There is a bonus - a REPL for C#
I think you have no idea what Embrace Extend Extinguish means. Contrary to your expectations the terms are not applied to everything MS touches. There are alternative strategies to EEE that MS can use. One of them is Buy.
Let me translate the/. title for you:.NET developers in demand despite Microsoft's switch to.NET (which of course does not make sense but hey why do we cre about sense if wecan frame MS as betraying their devs).
If we need to be exact Metro is the UI style. You can develop Metro style apps on any os with any tech if it allows you to go full screen and allows you to draw UI widgets (like tiles). On Windows Phone 7 the apps are Metro style and are developed using Silverlight (an UI framework for.NET). On Windows 8 they are developed either using HTML and JS (there are Windows Specific JS libraries that allow you to draw the widgets and you can call the new Windows API called WinRT). The other way is to use XAML for UI and C++ or C# for backend. XAML is the UI markup language used by Silverlight so in practice the combination XAML + C# is pretty much the same as Silverlight. The controls for metro style apps provided for C++ are the same (i.e. the Silverlight ones). While Silverlight apps themselves won't run without changes the investment in the technology is 100% portable and is in fact the best investment you could have done if you wanted to develop for Windows 8.
You are severely underestimating the number of.NET devs out there and their zealotry. In fact I can bet without checking any numbers that WP7 has the most apps per device sold (let alone that the quality is much higher than Android's)
You also seem to be underestimating the quality of the.NET Framework. Oh yeah... it won't be thrown away in favour of JS and HTML. Just wait till tomorrow and you will see.
This is precisely why I trust Microsoft (and other companies that want my money) and not Google. Microsoft have something to lose. They want my money for certain product and they will want my money for the next version of the product. It is in their best interest to keep me happy and not betray my trust because if they do they go out of business. With Google if they don't betray my trust they go out of business anyway because they betray the trust of their customers.
People like the submitter and the ones who filed the bug are the reason hacks occur all the time. They think they know something about security and they've heard that plain text passwords is bad but they have no idea how and why they are bad. These people go and implement "secure" systems that get hacked. Encrypt the password on the same device that has the encryption key and then think it is secure
I know this is/. and facts don't mean much here but I've been using Skydrive for an year and the only place it used Silverlight was the file upload functionality. While it is true that the interface has changed the file upload functionality still uses Silverlight just like before.
This has been known for some time now. The only new thing is the estimate how much they make. HTC signed the deal when Apple sued them. I guess it is not stupid decision to pay instead of get sued by both Apple and MS at the same time. They chose to fight Apple and make peace with MS.
While I agree that software patents are bad for everyone that makes real products (including Apple and MS) I am disgusted by the fact that Google act as if patents somehow don't apply to them. It is one thing to fight for a change in the law and it is another thing to act as if the law does not apply to you.
True. However if you are not on Facebook that won't stop people from uploading pictures of you or even tagging you so you'd better be on Facebook and get the benefits of using it because you are gonna get the negatives anyway. Also you will at least be informed that these pictures exist and are uploaded.
I may be wrong on this but I believe the multiple errors are just theoretically exploitable and practically it is impossible for an exploit to track the information needed to decrypt the cookie that way. Same goes for the timing of the error page.
Slashdot Mirror
After they managed to unlock the phone they made a deal with Microsoft and removed the original tool to release it as a paid (future proof) version. There are other jailbreak tools unrelated to MS though.
I am curious why you got a Windows Phone if you were so interested in running native code and controlling the system. There are plenty of options out there for people who want full access to the system and with Windows Phone Microsoft actually markets the lack of access as kind of a feature. I am pretty happy with my Windows Phone but I cannot understand why people who care about full access would buy it.
I did not say we should believe them. I said that the other numbers are unreliable either. For example the number based on asking 5000 people what phones they were going to get was totally absurd and if true would mean that only 6000 Lumia phones would be sold in the UK which is obviously absurd. It seems like the middle ground of all information is about 800 000 - 1 000 000 Lumias sold till the end of 2011. Different sources do not agree if this is spectacular failure or relative success even if they agree on the numbers.
Yeah, we should believe "the
analysts" they are much better source and deserve our trust.
No, this is not how hashtables work. The hashcode is not identity value but a means to sort elements into buckets for faster lookup. It won't get "confused" by equal hashes, it just gets somewhat slower when a large number of elements with equal hashes are added.
Your statement is correct but your reasons are wrong. First of all the function is not hard to reverse. It is not cryptographic hash its only purpose is to give even distribution in the common case so that it can be used for hashtables. The only way to fix the function would be to add some kind of randomness but chances are that people are depending on the hash being stable (and they shouldn't!) so Java designers will be reluctant to change it. On the other hand if a random salt is added each time the JVM is started that may give a hash distribution that is not even in some real world case which means that some programs may suffer performance hit randomly. And finally this can be patched in the request/response pipeline for web requests. The vendors will probably prefer patching the web parts instead of the whole platform.
In fact Oracle claims that a fix in Java is not needed and they will fix Glassfish. I believe MS will do the same and will fix the ASP.NET request/response pipeline and not the core HashTable implementation.
You've gotta love how /. reports this in an unbiased way :)
BTW it is not DDoS but just DoS (no distributed coordinated attack needed just a single request). Also it is not a bug in the hashtable implementation per se. You could argue that in the general case of a library hashtable one should prefer speed and predictability to DoS protection and use separate kind of HashTable for this kind of input. I am curious how companies will choose to patch this vulnerability.
There is no such thing as a Windows Phone tablet. There will be Windows 8 tablets.
You probably mean Vista (security changes were made mainly in Vista) but are afraid to say it publicly since Vista has terrible reputation.
Neal McAllister is an idiot of course. Compiling code at runtime is a side effect from this project. The main purpose of the project is that the compiler now exposes its internal parsing/lexing structures as APIs that can be used from IDEs, refactoring tools, etc. By definition they are the most correct and complete which (at least in theory) would lead to great advancement in productivity tools for C# and VB.NET. There is a bonus - a REPL for C#
I think you have no idea what Embrace Extend Extinguish means. Contrary to your expectations the terms are not applied to everything MS touches. There are alternative strategies to EEE that MS can use. One of them is Buy.
It's their announced shift to C++ (which pulls resources away from C#, as per the original timeline)
You made this up which makes the rest of your comment bullshit.
Let me translate the /. title for you: .NET developers in demand despite Microsoft's switch to .NET (which of course does not make sense but hey why do we cre about sense if wecan frame MS as betraying their devs).
If we need to be exact Metro is the UI style. You can develop Metro style apps on any os with any tech if it allows you to go full screen and allows you to draw UI widgets (like tiles). On Windows Phone 7 the apps are Metro style and are developed using Silverlight (an UI framework for .NET). On Windows 8 they are developed either using HTML and JS (there are Windows Specific JS libraries that allow you to draw the widgets and you can call the new Windows API called WinRT). The other way is to use XAML for UI and C++ or C# for backend. XAML is the UI markup language used by Silverlight so in practice the combination XAML + C# is pretty much the same as Silverlight. The controls for metro style apps provided for C++ are the same (i.e. the Silverlight ones). While Silverlight apps themselves won't run without changes the investment in the technology is 100% portable and is in fact the best investment you could have done if you wanted to develop for Windows 8.
Sure if you know the Windows APIs by heart and don't need to test or if you only need GUI without calling any API.
You are severely underestimating the number of .NET devs out there and their zealotry. In fact I can bet without checking any numbers that WP7 has the most apps per device sold (let alone that the quality is much higher than Android's)
You also seem to be underestimating the quality of the .NET Framework. Oh yeah... it won't be thrown away in favour of JS and HTML. Just wait till tomorrow and you will see.
This is precisely why I trust Microsoft (and other companies that want my money) and not Google. Microsoft have something to lose. They want my money for certain product and they will want my money for the next version of the product. It is in their best interest to keep me happy and not betray my trust because if they do they go out of business. With Google if they don't betray my trust they go out of business anyway because they betray the trust of their customers.
They did not announce it. They RELEASED it!
People like the submitter and the ones who filed the bug are the reason hacks occur all the time. They think they know something about security and they've heard that plain text passwords is bad but they have no idea how and why they are bad. These people go and implement "secure" systems that get hacked. Encrypt the password on the same device that has the encryption key and then think it is secure
I know this is /. and facts don't mean much here but I've been using Skydrive for an year and the only place it used Silverlight was the file upload functionality. While it is true that the interface has changed the file upload functionality still uses Silverlight just like before.
This has been known for some time now. The only new thing is the estimate how much they make. HTC signed the deal when Apple sued them. I guess it is not stupid decision to pay instead of get sued by both Apple and MS at the same time. They chose to fight Apple and make peace with MS.
While I agree that software patents are bad for everyone that makes real products (including Apple and MS) I am disgusted by the fact that Google act as if patents somehow don't apply to them. It is one thing to fight for a change in the law and it is another thing to act as if the law does not apply to you.
Worked for me in IE8 on Win 7. Was 4-5 times slower than Opera.
True. However if you are not on Facebook that won't stop people from uploading pictures of you or even tagging you so you'd better be on Facebook and get the benefits of using it because you are gonna get the negatives anyway. Also you will at least be informed that these pictures exist and are uploaded.
I may be wrong on this but I believe the multiple errors are just theoretically exploitable and practically it is impossible for an exploit to track the information needed to decrypt the cookie that way. Same goes for the timing of the error page.
For four he turned the default (and secure) custom error mode setting to off.