Memory protection. handle1 and handle2 are obviously within the process's own memory, and can be reused. But if the handle points to some memory space (buffer, handler, kernel struct, whatever), that the process does not own (regardless if it did in the past), the access should be disallowed. A process can't just willy nilly read and write whatever memory it wants. I can't just set handle1 to a random value and start writing away to it corrupting something else.
In your example, though, handle2 could not be 1000, because the program has not closed handle1 yet, so as far as it knows it is still valid. When it tries to write to it, however, that should fail, because the kernel internals it was pointing to have been flushed and closed. If those internals have been re-used by another process, the access should be disallowed.
That is asinine. Why would the handle be reused in the exact memory space, and why would the original process still have access to it?
Re:Yeah, this is going to be a major problem...
on
Hardware TPM Hacked
·
· Score: 1
Except with TPM, the owner is untrusted, and thus a potential attacker. If you have a TPM computer, and YOU want to trust it, you have to get the key out of the hardware.
Exactly, although I echo the sentiment the presentation could have been better.
Everywhere we turn there are people who think they are smart telling us what to do and what to think, because they know what is best for us. They're the experts with years of training, and we know nothing. Do not question the high priests, do not pay attention to the man behind the curtain.
This is just following the general trend of late, culminating in "this time, it's different, trust us". We think we're smarter, we're better, we have more tools, we have more knowledge, we have more insight, and that things are somehow fundamentally different, and that today we can fix all the problems that our predecessors have been unable to fix in centuries past. In the end, the more we "fix", the more we break.
As a lay person, I know we cannot predict what the weather will be like next week, and all I see around me is global climate hysteria. I don't see science, I don't see deliberation, I don't see openness, I don't see debate. I see politics and dogma. Enough of this "you're not smart enough to understand so just trust me" nonsense. Enough of this "science by consensus". It doesn't exist, and it's not scientific anyways even if it did.
Show everyone the science, open up the process, accept opposing data (heck, accept ALL legitimate data to begin with), interpretations and views, so we can all see why it is that we need to undertake a complete reorganization of economy, society and personal life, at a cost of trillions of dollars and undoubtedly much resulting misery and suffering.
It was global cooling and visions of frozen wastelands and a new ice age. Where did that go? Then it was the ozone hole that would fry anyone not wearing SPF1000 sunblock. Where did that go? Then it was global warming and sea level rise that would make disaster movies seem like documentaries. Where did that go? Now we have the amorphous all-encompassing "climate change".
But THIS TIME, it's different. Really. This time, we're smarter, and we have better science, and we've learned, and we know better, we know for sure. Trust us.
Well, sorry. You're gonna have to do better than that.
The thing is, as we don't care so much about how to properly feed, exercise and clean ponies, normal people don't care so much about computer security.
Oh, what a cop out!
Most of us don't care about the care and feeding of ponies because.... most of us don't have ponies to care for and feed.
On the other hand, most of us do have computers.
Most of us also have cars, and even though most of us do not have mechanical engineering degrees, we know the basics of maintaining them, either ourselves or having someone else do it, because we know negligence can be very expensive. Using public resources to bail out computer user mistakes due to ignorance and negligence will clearly not solve the problem. Like any handholding or subsidizing, it only makes the problem worse in the long run.
As someone who makes his living selling content through the Internet, I want people to think several times before building a tool like AdBlock. If the content industry can't make money from ads, we'll either go out of business or put our information behind a paywall. That may happen whether or not you create the ad block extension because ads don't generate enough money to pay for the kind of reporting that newspapers used to do, but it will definitely happen if a tool for blocking ads gets adopted by any non-trivial subset of society.
That's blowback.
The internet was not made to provide for your income. It does not owe you anything. It is up to you to figure out how to use the internet to make money, and if the majority (or large portion) of the internet has vetoed ads, the message seems pretty clear.
There is plenty of professional-quality content available today, some of it surviving just fine without an ad in sight, amongst a sea of ad-supported content. If I were you, I would not ask how ad-supported content will survive without ads, but how non-ad-supported content thrives. How can one make money, even without an apparent revenue stream.
Most of the professional-quality ad-free content is basically a giant ad itself. An ad for the services, expertise, knowledge, skills and product of the writer who produced it.
That's just one way. You're looking for the easy way out, because "that's how it's always been and I cannot imagine any other way". But you're wrong.
You're begging the question though, aren't you? Saying that since no one wants to explore other planets, NASA should, because it's important. If it's so important, how come no one wants to do it?
NASA is a gigantic bureaucracy. After decades of operation that's cost taxpayers trillions of (inflation adjusted) dollars, we still don't have a manned reusable LEO vehicle that can operate for less than 10s of millions between launches, and can't launch more than once every few months. In fact, as far as practical benefits go, all we have to show for it are some fake moon rocks.
The last thing we should be doing is pinning our hopes on a committee-driven organization like NASA.
I did not mean to imply a political slant. Democrats, Republicans, they're both fundamentally the same: government run by big banks and business, and citizens cowed and bribed with their own money. They have some disagreement as to the content and purpose of the bribes, and which particular industries are their secondary favored (besides the obvious like banks, military- and medical-industrial complexes).
I was more commenting on the idea that somehow Obama will clean house, when he never had the intention to.
Money and wealth are arbitrary values of measurement set by society, businesses, government, or between individuals as it is.
If you are trapped on an desert island with a suitcase full of gold, it won't seem that valuable compared to your neighbors crate of canned foods, or the guy with the can opener.
What is money? On an island where gold is useless, gold would not be money, so no matter how much of you had, it would still be worthless.
Money is not an arbitrary measure of value, nor is it selected arbitrarily. Whatever money is, it must retain the value imputed to it when goods and services are bought and sold.
Which begs the question: how valuable is a fiat currency, aka cotton paper with black and green ink all over it?
Goldman Sachsonites are in every public office that has to do with finances and economics (including treasury and FED). If you think Obama has the "audacity" to get rid of them all, or has even an inkling of an interest to do so, you're certainly ready for "change you can believe in".
It's blackmail, pure and simple. When faced with need to raise taxes, because they've run out of all other options (fees/borrowing/bonds) they always bring out the "oh, we'll have to cut police and emergency services, and increase class sizes, blah blah blah" line, and everyone caves. Instead of cutting the mountains of red tape and the bureaucracies that live off them, the byzantine permits, licenses, registrations that so graciously allow us to do things that we already can.
Yeah, maybe they should spend less. Just because it's the government, doesn't mean they're exempt from the laws and consequences of economics. Even when it's the federal government that can print its own currency on demand. Eventually the chickens come home to roost.
Then why isn't there a registry of murderers, car thieves, house robbers, cheque forgers, purse snatchers? I don't see how a registry rapists keeps a woman safer, but if it does, in some bizzaro imaginary universe, surely a registry of murderers would be even more useful, no?
You are far too paranoid. If that were the case, there would be insurance companies that would start to lower their rates to attract more business, undermining the ones that are overcharging.
Think of it like a natural monopoly buster. (The real reason monopolies would have a very hard time forming and sustaining without government enforcement of their existence.) If you have a monopoly or a cartel overcharging you while delivering crappy product, competing companies would spring up delivering same crappy product without overcharging you. Or delivering a superior product while charging the same. If there are wild profits being made, someone will step in ready and willing to make slightly less wild profits, and so on.
The situation you describe is simply impossible, unless, again, the government steps in and keeps monopolies monopolizing.
As this page here describes (http://deltabravo.net/custody/rorschach.php) how a Rorschach test is scored, the author notes "By now you should be getting the idea that basically it's hard to "win" when taking the Rorschach test." If you are taking such a test, SOMETHING will be found to be wrong with you. What, exactly, will be found wrong, depends on the motivations of the practitioner, and varies greatly between practitioners, which is why this test is 100% complete bunk.
There are RARELY correct or incorrect answers on ANY psychometric exam.
Sure there are. What is the goal of the test? To detect abnormal psychology. What is the goal of a large number of test takers? To appear normal. The statistically normal answers are "correct". If a test taker scores normally, you have no basis to invalidate the results.
If you can't detect someone gaming your test, of what value is it? It is often used to analyze violent and unstable persons, which seems to me like a serious shortcoming.
IE 6 is still used on large corporations and there is no chance you will be able to "upgrade to chrome" unless you want a visit from BOFH with your manager asking what the hell you are trying to achieve. Yes, a managed client these days won't just stop you, it will also alert admin via security solution, "attempt to install unauthorised software" in recession would be a nice excuse for them.
Perhaps, in a recession, you refrain from looking at YouTube during work hours on company resources.
In vanilla WoW, warlocks were a free kill for pretty much every damage class. That included mages. You are also wrong when you speak about Deathcoil, which did nothing for a warlock (healed you for less than a health pot) and was on a 10 minute cooldown.
Back then, the only kind of PvP available was world PvP. Only chance a warlock stood to turn the tables was with succubus, which was only the only pet you'd never use in the world.
Only time warlocks were OP in vanilla was when fear did not break on damage and there were no diminishing returns. Even then, if you could prevent a warlock from casting fear for a few seconds, you were guaranteed a win.
Slashdot Mirror
Memory protection. handle1 and handle2 are obviously within the process's own memory, and can be reused. But if the handle points to some memory space (buffer, handler, kernel struct, whatever), that the process does not own (regardless if it did in the past), the access should be disallowed. A process can't just willy nilly read and write whatever memory it wants. I can't just set handle1 to a random value and start writing away to it corrupting something else.
In your example, though, handle2 could not be 1000, because the program has not closed handle1 yet, so as far as it knows it is still valid. When it tries to write to it, however, that should fail, because the kernel internals it was pointing to have been flushed and closed. If those internals have been re-used by another process, the access should be disallowed.
That is asinine. Why would the handle be reused in the exact memory space, and why would the original process still have access to it?
Except with TPM, the owner is untrusted, and thus a potential attacker. If you have a TPM computer, and YOU want to trust it, you have to get the key out of the hardware.
Exactly, although I echo the sentiment the presentation could have been better.
Everywhere we turn there are people who think they are smart telling us what to do and what to think, because they know what is best for us. They're the experts with years of training, and we know nothing. Do not question the high priests, do not pay attention to the man behind the curtain.
This is just following the general trend of late, culminating in "this time, it's different, trust us". We think we're smarter, we're better, we have more tools, we have more knowledge, we have more insight, and that things are somehow fundamentally different, and that today we can fix all the problems that our predecessors have been unable to fix in centuries past. In the end, the more we "fix", the more we break.
As a lay person, I know we cannot predict what the weather will be like next week, and all I see around me is global climate hysteria. I don't see science, I don't see deliberation, I don't see openness, I don't see debate. I see politics and dogma. Enough of this "you're not smart enough to understand so just trust me" nonsense. Enough of this "science by consensus". It doesn't exist, and it's not scientific anyways even if it did.
Show everyone the science, open up the process, accept opposing data (heck, accept ALL legitimate data to begin with), interpretations and views, so we can all see why it is that we need to undertake a complete reorganization of economy, society and personal life, at a cost of trillions of dollars and undoubtedly much resulting misery and suffering.
It was global cooling and visions of frozen wastelands and a new ice age. Where did that go? Then it was the ozone hole that would fry anyone not wearing SPF1000 sunblock. Where did that go? Then it was global warming and sea level rise that would make disaster movies seem like documentaries. Where did that go? Now we have the amorphous all-encompassing "climate change".
But THIS TIME, it's different. Really. This time, we're smarter, and we have better science, and we've learned, and we know better, we know for sure. Trust us.
Well, sorry. You're gonna have to do better than that.
The thing is, as we don't care so much about how to properly feed, exercise and clean ponies, normal people don't care so much about computer security.
Oh, what a cop out!
Most of us don't care about the care and feeding of ponies because.... most of us don't have ponies to care for and feed.
On the other hand, most of us do have computers.
Most of us also have cars, and even though most of us do not have mechanical engineering degrees, we know the basics of maintaining them, either ourselves or having someone else do it, because we know negligence can be very expensive. Using public resources to bail out computer user mistakes due to ignorance and negligence will clearly not solve the problem. Like any handholding or subsidizing, it only makes the problem worse in the long run.
As someone who makes his living selling content through the Internet, I want people to think several times before building a tool like AdBlock. If the content industry can't make money from ads, we'll either go out of business or put our information behind a paywall. That may happen whether or not you create the ad block extension because ads don't generate enough money to pay for the kind of reporting that newspapers used to do, but it will definitely happen if a tool for blocking ads gets adopted by any non-trivial subset of society.
That's blowback.
The internet was not made to provide for your income. It does not owe you anything. It is up to you to figure out how to use the internet to make money, and if the majority (or large portion) of the internet has vetoed ads, the message seems pretty clear.
There is plenty of professional-quality content available today, some of it surviving just fine without an ad in sight, amongst a sea of ad-supported content. If I were you, I would not ask how ad-supported content will survive without ads, but how non-ad-supported content thrives. How can one make money, even without an apparent revenue stream.
Most of the professional-quality ad-free content is basically a giant ad itself. An ad for the services, expertise, knowledge, skills and product of the writer who produced it.
That's just one way. You're looking for the easy way out, because "that's how it's always been and I cannot imagine any other way". But you're wrong.
You're begging the question though, aren't you? Saying that since no one wants to explore other planets, NASA should, because it's important. If it's so important, how come no one wants to do it?
NASA is a gigantic bureaucracy. After decades of operation that's cost taxpayers trillions of (inflation adjusted) dollars, we still don't have a manned reusable LEO vehicle that can operate for less than 10s of millions between launches, and can't launch more than once every few months. In fact, as far as practical benefits go, all we have to show for it are some fake moon rocks.
The last thing we should be doing is pinning our hopes on a committee-driven organization like NASA.
I did not mean to imply a political slant. Democrats, Republicans, they're both fundamentally the same: government run by big banks and business, and citizens cowed and bribed with their own money. They have some disagreement as to the content and purpose of the bribes, and which particular industries are their secondary favored (besides the obvious like banks, military- and medical-industrial complexes).
I was more commenting on the idea that somehow Obama will clean house, when he never had the intention to.
Money and wealth are arbitrary values of measurement set by society, businesses, government, or between individuals as it is.
If you are trapped on an desert island with a suitcase full of gold, it won't seem that valuable compared to your neighbors crate of canned foods, or the guy with the can opener.
What is money? On an island where gold is useless, gold would not be money, so no matter how much of you had, it would still be worthless.
Money is not an arbitrary measure of value, nor is it selected arbitrarily. Whatever money is, it must retain the value imputed to it when goods and services are bought and sold.
Which begs the question: how valuable is a fiat currency, aka cotton paper with black and green ink all over it?
Goldman Sachsonites are in every public office that has to do with finances and economics (including treasury and FED). If you think Obama has the "audacity" to get rid of them all, or has even an inkling of an interest to do so, you're certainly ready for "change you can believe in".
More ISK is lost in the destruction of a ship than insurance pays out. Hence, it is a money drain, not inflationary.
Uhm, how do oil companies have a hold on the auto industry?
You'd also have to drive mostly EV miles, like they did for the MPG calculation.
That's not how the calculation works.
I'd just like to know why all these fancy hybrid and electric cars have to look so goddamn ugly.
It's blackmail, pure and simple. When faced with need to raise taxes, because they've run out of all other options (fees/borrowing/bonds) they always bring out the "oh, we'll have to cut police and emergency services, and increase class sizes, blah blah blah" line, and everyone caves. Instead of cutting the mountains of red tape and the bureaucracies that live off them, the byzantine permits, licenses, registrations that so graciously allow us to do things that we already can.
Everyone wins, except the guy footing the bill, taxpayers, YOU.
Low taxes can have high costs.
Yeah, maybe they should spend less. Just because it's the government, doesn't mean they're exempt from the laws and consequences of economics. Even when it's the federal government that can print its own currency on demand. Eventually the chickens come home to roost.
The French have a higher standard of living than we do, so of course you can expect some prices to be higher.
Wow.... how do you come up with that? The definition of a high standard of living is LOW prices. Relative to wages earned.
Then why isn't there a registry of murderers, car thieves, house robbers, cheque forgers, purse snatchers? I don't see how a registry rapists keeps a woman safer, but if it does, in some bizzaro imaginary universe, surely a registry of murderers would be even more useful, no?
You are far too paranoid. If that were the case, there would be insurance companies that would start to lower their rates to attract more business, undermining the ones that are overcharging.
Think of it like a natural monopoly buster. (The real reason monopolies would have a very hard time forming and sustaining without government enforcement of their existence.) If you have a monopoly or a cartel overcharging you while delivering crappy product, competing companies would spring up delivering same crappy product without overcharging you. Or delivering a superior product while charging the same. If there are wild profits being made, someone will step in ready and willing to make slightly less wild profits, and so on.
The situation you describe is simply impossible, unless, again, the government steps in and keeps monopolies monopolizing.
It's not just fixating on a single concept.
As this page here describes (http://deltabravo.net/custody/rorschach.php) how a Rorschach test is scored, the author notes "By now you should be getting the idea that basically it's hard to "win" when taking the Rorschach test." If you are taking such a test, SOMETHING will be found to be wrong with you. What, exactly, will be found wrong, depends on the motivations of the practitioner, and varies greatly between practitioners, which is why this test is 100% complete bunk.
There are RARELY correct or incorrect answers on ANY psychometric exam.
Sure there are. What is the goal of the test? To detect abnormal psychology. What is the goal of a large number of test takers? To appear normal. The statistically normal answers are "correct". If a test taker scores normally, you have no basis to invalidate the results.
Why is it effective? How does it work?
If you can't detect someone gaming your test, of what value is it? It is often used to analyze violent and unstable persons, which seems to me like a serious shortcoming.
IE 6 is still used on large corporations and there is no chance you will be able to "upgrade to chrome" unless you want a visit from BOFH with your manager asking what the hell you are trying to achieve. Yes, a managed client these days won't just stop you, it will also alert admin via security solution, "attempt to install unauthorised software" in recession would be a nice excuse for them.
Perhaps, in a recession, you refrain from looking at YouTube during work hours on company resources.
Why is this even rated Insightful?
It's plain wrong.
In vanilla WoW, warlocks were a free kill for pretty much every damage class. That included mages. You are also wrong when you speak about Deathcoil, which did nothing for a warlock (healed you for less than a health pot) and was on a 10 minute cooldown.
Back then, the only kind of PvP available was world PvP. Only chance a warlock stood to turn the tables was with succubus, which was only the only pet you'd never use in the world.
Only time warlocks were OP in vanilla was when fear did not break on damage and there were no diminishing returns. Even then, if you could prevent a warlock from casting fear for a few seconds, you were guaranteed a win.