The Remote Desktop Protocol (RDP) implementation in [...] does not properly process packets in memory, which allows remote attackers to execute arbitrary code by sending crafted RDP packets triggering access to an object that (1) was not properly initialized or (2) is deleted, aka "Remote Desktop Protocol Vulnerability."
And the MS security bulletin also holds it as Maximum Security Impact: Remote Code Execution.
This is not FUD, even if there is no worm completed yet, it is a clear failure of MS security, and their concept of many lines of defense. Also, they promised to implement their own rehash of W^X, but apparently failed.
I hope this is the start of a new war by google against the SEO business, one where humans benefit by being able to find sites that are actually relevant.
The core of the problem is really that people don't want to hear that their site/content is not relevant on a search term, because for them it is relevant. So they will search for ways of "correcting" this picture, and demand creates supply.
get involved in a opensource project, the bigger the better, they often do QA reviews and force you to adhere to their guidelines and coding practices. Your ultimate test will be pushing something into kernel.org.
X is more difficult than the kernel, and probably more important too.
Contribute to open source projects. You'll get plenty of feedback. Some of it might be quite, erm, 'robust', especially with certain projects. But it'll almost all be useful, and you'll be doing something worthwhile.
In open source projects, there are problems of all scales. As a newbie, and unfamiliar with the code base, you will only be able to tackle few bugs. So choose a project and a bug you are interested in, and get into it. Bug after bug, you will be able to tackle bigger problems, improving your programming skills (reading code, design, implementation, testing, communication, etc.). Don't get bummed if your first code contribution doesn't work out or a interesting project isn't communicating with you. Just move on or do your own thing if you really think it is worth it.
He free-fell through the atmosphere for almost four minutes, hitting an estimated top speed of 364 mph. 'I wanted to open the parachute after descending for a while but I noticed that I was still at an altitude of 50,000ft,' he said.
Just starting out, so they didn't teach us that syntax. We've been shown:
if a > 0:
return a + 1 else:
return a - 1 Pretend that there are 4 spaces before the 2nd & 4th lines, since Slashcode doesn't recognize non-breaking spaces.
You don't need the brackets. I'm a bit unsure about the "return a+1 if a > 0 else a-1" syntax. It's a bit harder to read. numpy.where is probably the right thing for the job if you have more than one a for which you want to calculate.
As the GP pointed out, if you're skilled enough to write optimized code in C/C++, why fuck around with Python at all?
Because we don't want to spend our time thinking about pointers and how to iterate over things? Because functional programming is actually really nice? Because in Python, you can download some data from the web, analyse it using a machine learning algorithm, plot the results, and install another package on the fly, combining 4 independent packages, and many ideas, in just 50 lines of code.
ctypes is really easy to use and to interface with C or Fortran. I use it a lot, namely for the 1% of the code that takes 99% of the time. The rest is nice OOP and functional.
I was making a similar point here in a similar recent discussion, saying that syntax isn't enough to capture the success of a language. You need to look at how accessible it is.
For me, there are three important points to discuss programming languages:
1. Syntax
2. Access
3. Community
ad 1) We know all about and can analyse the syntax. Fine. All the discussion happens here. ad 2) But what does the finest Haskell help me if I can't access a CD, Bluetooth or a XMPP server, and whether it makes a difference where I want to run the code (web server, mobile phone, mainframe, laptop). In principle, all languages are Turing-complete and equivalent, and I can write wrappers between languages, but as long as I can't *practically* do all the things I need, I'm stuck. The available libraries/access methods draw a picture of what is possible. Here C due to its age, Java with it's tendency to make package that are reusable and Python are among the best (from my experience). As an aside,.NET lacks here, and massively because there is no spirit to make libraries available to others for free causing a non-availability of free libraries. ad 3) A language is also dominated by its users. This is most noticable with PHP. The background of users dominates what a language should do. Also, this determines the amount of help and easy-to-access documentation. Which again makes a language popular or not.
One individual is not capable of addressing (2). Also, whether a language is picked up by the masses (3), or whether you can build and hold this community, is not a rational, predictable process. When designing a language, you don't have full control over success.
When comparing two languages, don't just look at (1), also look at (2) and (3).
That's the great thing about the JVM... you can try out different paradigms, but you can always reuse the code, no matter if it is written in Java, Jython, JRuby, or any of the more experimental languages I don't even know about.
When one person of one company figures out how much equipment another company has, why is that called "research"? It sounds like high school where you do "research" for your "paper".
Without a lunatic driving at ridiculous speed, there is still a real danger for honest accidents and there'd still be a need to help the old lady across the street. Good guys require bad events, which may or may not include events caused by guys. Likewise, without black hat hackers there'd still be a need to protect against accidental or unintentional damage.
Not bad events. Helping over the street can be helping with the troubles of old age (walking being difficult). There is no actor and no event there, it's just normal.
His analysis — that there can't be good guys without bad guys — helps explain not just the rise of black hat hackers
That is not a explanation, it's just putting the burden of explanation somewhere else (remind you of something?).
Cloning? To what end? Why did they die out in the first place? Ultimately, if they're genetically compatible do you really want to reintroduce their genetic lineage back into the modern human race? Relationships happen. That might be a step backwards for us even if the impact is negligible. Then you start talking about preemptive sterilization.
I can think of at least half dozen ethical issues so far. It's a can of worms I really don't think we should be opening. Just my 2 cents.
What kind of speciest talk is that? There is no direction and no step forwards or backwards in evolution. It is not directed, only adaptive. A concept of destiny is superstition. I don't mind mammoths being cloned, so what's the line?
You're right, of course. The ethical questions are staggering. I guess the geek side of me went "cool, I want to talk to these guys". Wouldn't it be cool to see if they were really like us? Haven't you always wondered if Neanderthals would see you as a fellow (albeit weird) "person"?
Neanderthals wouldn't stand out if you dressed them like us and educated them like our kids. The difference to them is smaller than the variety within homo sampiens. In fact, it hasn't been ruled out that there was mixing between Neanderthals and humans, so we might be all Neanderthals too.
It assumes that the reader tries a dictionary, but it also assumes that words in the dictionary are equally probable. An English dictionary contains about 600,000 words. A typical English speaker uses 2,000 different words over the course of any given week and knows about 20,000. Depending on which of these numbers you use as the search space, the entropy is a lot larger. For example, XKCD's metric would regard 'Natalie Portman is superlatively callipygian' and 'I like to eat apples' as having the same entropy, but the former is probably a lot harder to find with a dictionary attack, because a list of 2,000 common words is not likely to contain callipygian and may not contain superlatively, while it will contain all of the words from the second example.
Read it again. He assumes 16 bits of entropy for 'Troubadour', an uncommon word, and only 11 bits for the four common words. This *is* a lot, as you say, as bits (of entropy) are a log scale though, it doesn't look as impressive. The combination is what makes it so powerful (11^4 vs 16).
Does that mean Nvidia gonna open source the driver for the graphic cards using Nvidia chips?
I don't think they will ever open-source their drivers. It would be embarrassing for them when others discuss their code, they are protective of their work, etc. All you can hope for, and what you should be demanding, is that they give more specs to the nouveau team.
"Nobody doubted that the Stratfor leak was a fake"
Oops I of course meant "Nobody doubted that the Stratfor leak was real" or "Nobody thought that the Stratfor leak was a fake". Yes, cleaning material, as in removing document headers, watermarks, etc.
"Develop a program worth millions of dollars, and give it to us for free.
For whom is it worth millions of dollars? Would anyone pay millions of dollars for this program? It's a challenge of an unsolved problem, probably aimed at academia. If you solve it, you can put it on your CV and use it as a pickup line.
I think the most interesting part of this by far is how the FBI managed to undermine the credibility of Wikileaks by getting them to leak arguably bogus material: Sabu actually used FBI equipment to hack Stratfor while under their employment. So... next time an intelligence leak rolls around, how are we supposed to know it wasn't a three-letter-agency spreading disinformation?
Wikileaks is not just passing on, but also checking and cleaning material. Otherwise it would be Openleaks. Nobody doubted that the Stratfor leak was a fake.
The trouble with Wikileaks is selection bias: More leaks come from the US because more is received by Wikileaks. That doesn't mean the corruption index is higher than some other countries. But Wikileaks also prioritizes, and chooses what to put on the "front page". That is worrisome.
Slashdot Mirror
It cannot "be exploited remotely to execute arbitrary code". It can only crash the service. There is no RCE developed for this vulnerability, yet.
As the CVE says:
And the MS security bulletin also holds it as Maximum Security Impact: Remote Code Execution.
This is not FUD, even if there is no worm completed yet, it is a clear failure of MS security, and their concept of many lines of defense. Also, they promised to implement their own rehash of W^X, but apparently failed.
I hope this is the start of a new war by google against the SEO business, one where humans benefit by being able to find sites that are actually relevant.
The core of the problem is really that people don't want to hear that their site/content is not relevant on a search term, because for them it is relevant. So they will search for ways of "correcting" this picture, and demand creates supply.
Too many site owners are worried about SEO strategies rather than producing good content.
Surely the reaction to this will be producing good content, and not employing more SEO gurus to circumvent the new weights by dodgy techniques.
get involved in a opensource project, the bigger the better, they often do QA reviews and force you to adhere to their guidelines and coding practices. Your ultimate test will be pushing something into kernel.org.
X is more difficult than the kernel, and probably more important too.
Contribute to open source projects. You'll get plenty of feedback. Some of it might be quite, erm, 'robust', especially with certain projects. But it'll almost all be useful, and you'll be doing something worthwhile.
In open source projects, there are problems of all scales. As a newbie, and unfamiliar with the code base, you will only be able to tackle few bugs. So choose a project and a bug you are interested in, and get into it. Bug after bug, you will be able to tackle bigger problems, improving your programming skills (reading code, design, implementation, testing, communication, etc.).
Don't get bummed if your first code contribution doesn't work out or a interesting project isn't communicating with you. Just move on or do your own thing if you really think it is worth it.
and at the 7th level, Kafka says hi
Sorry to hear you got bored halfway, bro.
return a+1 if a>0 else a-1
Just starting out, so they didn't teach us that syntax. We've been shown:
if a > 0:
return a + 1
else:
return a - 1
Pretend that there are 4 spaces before the 2nd & 4th lines, since Slashcode doesn't recognize non-breaking spaces.
You don't need the brackets. I'm a bit unsure about the "return a+1 if a > 0 else a-1" syntax. It's a bit harder to read. numpy.where is probably the right thing for the job if you have more than one a for which you want to calculate.
As the GP pointed out, if you're skilled enough to write optimized code in C/C++, why fuck around with Python at all?
Because we don't want to spend our time thinking about pointers and how to iterate over things? Because functional programming is actually really nice? Because in Python, you can download some data from the web, analyse it using a machine learning algorithm, plot the results, and install another package on the fly, combining 4 independent packages, and many ideas, in just 50 lines of code.
ctypes is really easy to use and to interface with C or Fortran. I use it a lot, namely for the 1% of the code that takes 99% of the time. The rest is nice OOP and functional.
I was making a similar point here in a similar recent discussion, saying that syntax isn't enough to capture the success of a language. You need to look at how accessible it is.
Someone added tools/IDEs as a 4th point.
That's the great thing about the JVM ... you can try out different paradigms, but you can always reuse the code, no matter if it is written in Java, Jython, JRuby, or any of the more experimental languages I don't even know about.
When one person of one company figures out how much equipment another company has, why is that called "research"? It sounds like high school where you do "research" for your "paper".
Without a lunatic driving at ridiculous speed, there is still a real danger for honest accidents and there'd still be a need to help the old lady across the street.
Good guys require bad events, which may or may not include events caused by guys.
Likewise, without black hat hackers there'd still be a need to protect against accidental or unintentional damage.
Not bad events. Helping over the street can be helping with the troubles of old age (walking being difficult). There is no actor and no event there, it's just normal.
That is not a explanation, it's just putting the burden of explanation somewhere else (remind you of something?).
As usual, Science&Nature only provide high-level info, so you'll have to dig deeper than the article ( http://stm.sciencemag.org/content/4/125/125ra31.full )
On the authors website, http://www.tatonetti.com/cv.html there is a paper that describes the machine-learning algorithms used:
Tatonetti, N.P., Fernald, G.H. & Altman, R.B. A novel signal detection algorithm for identifying hidden drug-drug interactions in adverse event reports. J Am Med Inform Assoc (2011) DOI:10.1136/amiajnl-2011-000214
of this eel-like creature... looks like we don't know much about them aside from their teeth?
Meteorites suck. I mean blow.
Cloning? To what end? Why did they die out in the first place? Ultimately, if they're genetically compatible do you really want to reintroduce their genetic lineage back into the modern human race? Relationships happen. That might be a step backwards for us even if the impact is negligible. Then you start talking about preemptive sterilization.
I can think of at least half dozen ethical issues so far. It's a can of worms I really don't think we should be opening. Just my 2 cents.
What kind of speciest talk is that? There is no direction and no step forwards or backwards in evolution. It is not directed, only adaptive. A concept of destiny is superstition. I don't mind mammoths being cloned, so what's the line?
You're right, of course. The ethical questions are staggering. I guess the geek side of me went "cool, I want to talk to these guys". Wouldn't it be cool to see if they were really like us? Haven't you always wondered if Neanderthals would see you as a fellow (albeit weird) "person"?
Neanderthals wouldn't stand out if you dressed them like us and educated them like our kids. The difference to them is smaller than the variety within homo sampiens. In fact, it hasn't been ruled out that there was mixing between Neanderthals and humans, so we might be all Neanderthals too.
The combination is what makes it so powerful (11^4 vs 16).
That should be 11*4 (as it is log, as I mentioned).
Read it again. He assumes 16 bits of entropy for 'Troubadour', an uncommon word, and only 11 bits for the four common words. This *is* a lot, as you say, as bits (of entropy) are a log scale though, it doesn't look as impressive. The combination is what makes it so powerful (11^4 vs 16).
With Tau, you can have two pies.
Good she wasn't there ... she wouldn't have liked people writing all over her face and body!
They should engineer tsunami power plants. And there should be plenty of geothermal power.
Does that mean Nvidia gonna open source the driver for the graphic cards using Nvidia chips?
I don't think they will ever open-source their drivers. It would be embarrassing for them when others discuss their code, they are protective of their work, etc. All you can hope for, and what you should be demanding, is that they give more specs to the nouveau team.
Oops I of course meant "Nobody doubted that the Stratfor leak was real" or "Nobody thought that the Stratfor leak was a fake".
Yes, cleaning material, as in removing document headers, watermarks, etc.
"Develop a program worth millions of dollars, and give it to us for free.
For whom is it worth millions of dollars? Would anyone pay millions of dollars for this program?
It's a challenge of an unsolved problem, probably aimed at academia. If you solve it, you can put it on your CV and use it as a pickup line.
I think the most interesting part of this by far is how the FBI managed to undermine the credibility of Wikileaks by getting them to leak arguably bogus material: Sabu actually used FBI equipment to hack Stratfor while under their employment. So... next time an intelligence leak rolls around, how are we supposed to know it wasn't a three-letter-agency spreading disinformation?
Wikileaks is not just passing on, but also checking and cleaning material. Otherwise it would be Openleaks. Nobody doubted that the Stratfor leak was a fake.
The trouble with Wikileaks is selection bias: More leaks come from the US because more is received by Wikileaks. That doesn't mean the corruption index is higher than some other countries. But Wikileaks also prioritizes, and chooses what to put on the "front page". That is worrisome.