An excellent analogy. Both insightful and funny. I like it.
However: This does not do any harm, neither physically nor virtually. In your analogy, it would be releasing the technique of touching someones nose, so everyone can do it. Everyone can alter it to a punch in the face, and they can apply it. I guess it boils down to 'The Physicists - Friedrich Dürrenmatt': Is a developer responsible for the users that apply the product, or is each user responsible himself for how they apply? With the A-bomb and TNT, there are real lives at stake; but with software there aren't.
The thing is, it is not a security bug that you can fix, more a 'I-am-here'-code. You would have to find a exploit first, then apply this code onto it.
For example:
You can get a PHP file onto the webserver, and it allows exec() --> you use this payload to show you got here. User downloads and runs a file without checking if it is authentic --> you use this payload to show you got here. You found a exploit in Firefox --> you piggyback and run this payload to show you got here.
It is a way of more efficiently showing the reach of this exploit, and could become the default way of showing the effectiveness.
There is nothing for programmers, packagers or distros to do. Only Linux admins/users can secure their systems. Some exploits that require users (launcher icons) are documented already... elsewhere.
The thing is, it is not a security bug that you can fix, more a 'I-am-here'-code. You would have to find a exploit first, then apply this code onto it.
For example:
You can get a PHP file onto the webserver, and it allows exec() --> you use this payload to show you got here. User downloads and runs a file without checking if it is authentic --> you use this payload to show you got here. You found a exploit in Firefox --> you piggyback and run this payload to show you got here.
It is a way of more efficiently showing the reach of this exploit, and could become the default way of showing the effectiveness.
There is nothing for programmers, packagers or distros to do. Only Linux admins/users can secure their systems. Some exploits that require users (launcher icons) are documented here already www.geekzone.co. nz/foobar/6229, so it isn't totally news.
Usually I'd say you're fine by using https, as it provides end-to-end encryption. Sadly the last word is that that is not true anymore. Throw a ssh tunnel towards the middle of the internet, preferably 'close' to your mail/banking website in terms of few nodes in between.
For example, you can route your (ssl) traffic through shell.sf.net.
"Results of a blind listening test show that a third of people can't tell the difference between music encoded at 48Kbps and the same music encoded at 160Kbps. The test was conducted by CNet to find out whether streaming music service Spotify sounded better than new rival Sky Songs. Spotify uses 160Kbps OGG compression for its free service, whereas Sky Songs uses 48Kbps AAC+ compression. Over a third of participants thought the lower bit rate sounded better." http://news.slashdot.org/story/09/10/19/176209/13-of-People-Cant-Tell-48Kbps-Audio-From-160Kbps?from=slashdot_itself_duh
Sorry, but I have no duty to treat a murderer the same way I would treat an innocent person, even if they've served their sentence. The German parliament made a poor decision to pass a law protecting a murderer from the disgust of the public.
-jcr
No, they did not made a poor decision. This is just your opinion. The opinion that a convicted person can never reenter society as an equal. Which is not the opinion of Germany.
It is key to Linux technologies that malware is being stopped by incompatibility. This is where Gnash comes in: Having not implemented the full extent of Adobe Flash, phishing swfs will crash and your desktop safe. jk:)... or am I?
picking a station that validate one's political views
This is pretty much the crux of it. People actively seek out the information sources (radio, TV, internet) that support the opinions they already hold. Accuracy of information and facts run a distant second, and meaningful analysis runs an even more distant third.
Even if the news were neutral and objective, people would still only take the bits that support their opinion.
Well, if you are otherwise healthy and have access to good medical infrastructure, the Swine Flu is not deadly (to you!). You could also compare the number of deaths by the seasonal flu to that of the Swine flu (e.g. in Mexico).
No, that's reporting the "news", not reporting the news. Who gives a fuck what the wife of a washed up singer thinks of a new singer?
It seems many people do, otherwise it wouldn't be watched. Why do you think there is bad gangster rap on MTV? Because people vote it up.
Things like these are easier to follow than todays complex coherencies in politics or economy. Watching those the whole day would be quite heavy.
Also, a psychology study found that following celebrities (or other public figures) and relating to them and their everyday situations, playing through the scenarios and solutions, is almost required for psychological balance.
In traditional Microsoft fashion, the company has responded to the author of the breaking bing cashback expoit with a cease & desist letter, rather than by fixing the underlying security problem.
Maybe they are doing both?
The cease and desist letter seems partially reasonable:
Specifically, at this site you are providing information directing users how to misuse the microsoft Bing Cashback program through unauthorized technical means. Further, on this website you admit that you have personally misused the Cashback program in this regard.
It's pretty stupid to admit you violate a law on a blog that has your name on it. He should have used a anonymous blog for that or inform Microsoft of the issue in the first place.
The first sign for me that someone is selling bullshit is when they try to act like this is some never before seen problem, when in fact there is a good four decades of research of database optimization.
Your point is valid, but I think there is more to it. And the problems these solutions try to solve are quite old too. For example:
Ever tried to design a database, but got the requirement that you should be able to reconstruct the modification history? It boils down to not deleting (ever), and 'deleted' flag fields and other uglyness. A multi-version relational database would be nice, you actually don't need modification/delete operations in this scenario, just 'updates' that add to the previous status. CouchDB does append operations.
In some cases you may not need a complete SQL database, just key->value relations, but have them scaling very well. http://project-voldemort.com/ states: "It is basically just a big, distributed, persistent, fault-tolerant hash table." Then they state that they provide horizontal scalability, which MySQL doesn't (OTOH, we should really look at Oracle for these things).
And you can't really say MapReduce/Hadoop is pointless.
Slashdot Mirror
Thank you. You two nailed it.
An excellent analogy. Both insightful and funny. I like it.
However: This does not do any harm, neither physically nor virtually. In your analogy, it would be releasing the technique of touching someones nose, so everyone can do it. Everyone can alter it to a punch in the face, and they can apply it. I guess it boils down to 'The Physicists - Friedrich Dürrenmatt': Is a developer responsible for the users that apply the product, or is each user responsible himself for how they apply? With the A-bomb and TNT, there are real lives at stake; but with software there aren't.
The thing is, it is not a security bug that you can fix, more a 'I-am-here'-code. You would have to find a exploit first, then apply this code onto it.
For example:
You can get a PHP file onto the webserver, and it allows exec() --> you use this payload to show you got here.
User downloads and runs a file without checking if it is authentic --> you use this payload to show you got here.
You found a exploit in Firefox --> you piggyback and run this payload to show you got here.
It is a way of more efficiently showing the reach of this exploit, and could become the default way of showing the effectiveness.
There is nothing for programmers, packagers or distros to do. Only Linux admins/users can secure their systems. ... elsewhere.
Some exploits that require users (launcher icons) are documented already
The thing is, it is not a security bug that you can fix, more a 'I-am-here'-code. You would have to find a exploit first, then apply this code onto it.
For example:
You can get a PHP file onto the webserver, and it allows exec() --> you use this payload to show you got here.
User downloads and runs a file without checking if it is authentic --> you use this payload to show you got here.
You found a exploit in Firefox --> you piggyback and run this payload to show you got here.
It is a way of more efficiently showing the reach of this exploit, and could become the default way of showing the effectiveness.
There is nothing for programmers, packagers or distros to do. Only Linux admins/users can secure their systems.
Some exploits that require users (launcher icons) are documented here already www.geekzone.co. nz/foobar/6229, so it isn't totally news.
Please mod parent up.
Usually I'd say you're fine by using https, as it provides end-to-end encryption. Sadly the last word is that that is not true anymore. Throw a ssh tunnel towards the middle of the internet, preferably 'close' to your mail/banking website in terms of few nodes in between.
For example, you can route your (ssl) traffic through shell.sf.net.
put down the computer; the world won't end if you can't access slashdot and your email for a few months
Maybe, but why take the risk? Just remember the docu 2012
see that?
That drop is you not buying Adobe products. Are you happy now?
I think attaching something unrelated to put your opinion up is actually called thread-hijacking ...
oh now I see what you did there ;-)
"Results of a blind listening test show that a third of people can't tell the difference between music encoded at 48Kbps and the same music encoded at 160Kbps. The test was conducted by CNet to find out whether streaming music service Spotify sounded better than new rival Sky Songs. Spotify uses 160Kbps OGG compression for its free service, whereas Sky Songs uses 48Kbps AAC+ compression. Over a third of participants thought the lower bit rate sounded better." http://news.slashdot.org/story/09/10/19/176209/13-of-People-Cant-Tell-48Kbps-Audio-From-160Kbps?from=slashdot_itself_duh
Simplicity --> greater security (I'm not saying the contest measured something).
http://en.wikipedia.org/wiki/Elections_in_Brazil#The_Brazilian_voting_machines
The source is available to the parties.
Enough with the goddamn excuse culture. You want respect, you earn respect. You want a second chance, then PROVE you deserve it first.
Um, yeah? They were in prison?
These guys killed someone and now they want the world to pretend it has never happened.
No, they just want the rights they have to be applied.
Sorry, but I have no duty to treat a murderer the same way I would treat an innocent person, even if they've served their sentence. The German parliament made a poor decision to pass a law protecting a murderer from the disgust of the public.
-jcr
No, they did not made a poor decision. This is just your opinion. The opinion that a convicted person can never reenter society as an equal. Which is not the opinion of Germany.
You are advocating lifetime punishment. But the punishment should be that one defined by court.
Interesting. Gnash is broke. It is a high-priority project of the FSF, but the FSF doesn't support any software projects financially.
Here is the donate button :) http://www.openmedianow.org/?q=node/32
It is key to Linux technologies that malware is being stopped by incompatibility. This is where Gnash comes in: Having not implemented the full extent of Adobe Flash, phishing swfs will crash and your desktop safe. :) ... or am I?
jk
Use trinary. You can count up to 59049 with 10 fingers (up to 243 with 5).
What exactly does Skype have to do with Sweden?
picking a station that validate one's political views
This is pretty much the crux of it. People actively seek out the information sources (radio, TV, internet) that support the opinions they already hold. Accuracy of information and facts run a distant second, and meaningful analysis runs an even more distant third.
Even if the news were neutral and objective, people would still only take the bits that support their opinion.
http://en.wikipedia.org/wiki/Selective_perception also interesting: http://en.wikipedia.org/wiki/Hostile_media_effect
Well, if you are otherwise healthy and have access to good medical infrastructure, the Swine Flu is not deadly (to you!). You could also compare the number of deaths by the seasonal flu to that of the Swine flu (e.g. in Mexico).
No, that's reporting the "news", not reporting the news. Who gives a fuck what the wife of a washed up singer thinks of a new singer?
It seems many people do, otherwise it wouldn't be watched. Why do you think there is bad gangster rap on MTV? Because people vote it up.
Things like these are easier to follow than todays complex coherencies in politics or economy. Watching those the whole day would be quite heavy.
Also, a psychology study found that following celebrities (or other public figures) and relating to them and their everyday situations, playing through the scenarios and solutions, is almost required for psychological balance.
______
http://www.scientificamerican.com/article.cfm?id=the-science-of-gossip http://www.psychologytoday.com/articles/199607/the-real-slant-gossip
It could do things the average person might want (such as generating customized nutrition labels) as well as [...].
Generating customized nutrition labels! The average person! I just laughed so hard, I needed a complete change of clothing.
That guy has never seen a women on a diet. And I think you missed a level of <quote>-tags
Has anyone actually tried out Bing to get Wolfram Alpha results? They don't work for me. Is this only for within the US?
http://www.bing.com/search?q=plot%20x^2&form=QBLH
http://www.bing.com/search?q=BMI+Calculator&FORM=R5FD
These just show the web results for me, no WA. I even enabled JS and there is nothing in the preferences. :-/
"sudo !!" does the same and is so much better semantically.
In traditional Microsoft fashion, the company has responded to the author of the breaking bing cashback expoit with a cease & desist letter, rather than by fixing the underlying security problem.
Maybe they are doing both?
The cease and desist letter seems partially reasonable:
Specifically, at this site you are providing information directing users how to misuse the microsoft Bing Cashback program through unauthorized technical means. Further, on this website you admit that you have personally misused the Cashback program in this regard.
It's pretty stupid to admit you violate a law on a blog that has your name on it. He should have used a anonymous blog for that or inform Microsoft of the issue in the first place.
The first sign for me that someone is selling bullshit is when they try to act like this is some never before seen problem, when in fact there is a good four decades of research of database optimization.
Your point is valid, but I think there is more to it. And the problems these solutions try to solve are quite old too. For example:
Ever tried to design a database, but got the requirement that you should be able to reconstruct the modification history? It boils down to not deleting (ever), and 'deleted' flag fields and other uglyness. A multi-version relational database would be nice, you actually don't need modification/delete operations in this scenario, just 'updates' that add to the previous status. CouchDB does append operations.
In some cases you may not need a complete SQL database, just key->value relations, but have them scaling very well. http://project-voldemort.com/ states: "It is basically just a big, distributed, persistent, fault-tolerant hash table." Then they state that they provide horizontal scalability, which MySQL doesn't (OTOH, we should really look at Oracle for these things).
And you can't really say MapReduce/Hadoop is pointless.