I wasn't referring to the jailbreaking from the Xephyr server in the sandbox. I meant to say that SELinux was exactly one of the fancy stuff that were supposed to protect the system from unknown vulnerabilities.
Yes, the attacker is able to break out of the sandbox and further escalate to root by attacking the Xorg server; but under a well-secured SELinux system the actual damage can be nullified by the SELinux mechanism because the attacker cannot escape from the security context even if he has root privileges. The attacker will be unable to access the resources that are not supposed to be accessed (e.g. making the stack executable) so the scope of the damage can be greatly limited.
Admittedly total lock-down of a system with SELinux is very difficult, but theoretically this is not impossible.
It is not clear from TFA whether the histogram displayed there was drawn from the sample of experimentally measured _maximum_ speeds or just the "daily usage" speeds.
If it was the former, then it gives us a snapshot of the underlying distribution of the maximum speed, and we can estimate the probability of "ISP lying about the speed", along with the variance of this estimator, directly from it.
If it was the latter, the distribution of the maximum can still be estimated. However, this is usually difficult to be done in a model-independent way.
1. URL shorteners could possibly be used to work around it.
2. "tie3" (http://zdic.net/zd/zi/ZdicE5ZdicB8Zdic96.htm) is a better alternative than "biao1". There's a more idiomatic Chinese jargon for "first post" which is prevalent among Internet users: "the sofa";)
Still, the concern addressed in my original holds, I think. You are not suddenly safer or freer on the Internet just because the communication between you and ONE SINGLE WEBSITE has been encrypted, even if the website is one of the top search engines.
It's meaningless. You search for some keywords over SSL and click on a non-https link in the result page. BAM, the Referer now points to the result page, which contains the keywords you just used in its URL.
Of course Referer is easily spoofed, but you get the idea: Google search is only one aspect of a person's online activities, and the secret hiding in it can be analysed using side channels.
SSL adds protection to both ends of the communication. This may look like a circus from the user's perspective; but for Google themselves, it's better self-defense.
It means MITM attacks are more unlikely, but your data is still in Google's hand. Everyone using Google's products should be fully aware of the privacy implications as usual.
In other words, you still trade your privacy for the service provided by Google; the difference is the trade being less likely to be interrupted now.
Native software is fine, but a compatibility layer won't hurt. In fact, WINE is great for running legacy, closed-source software whose development is long dead with no native build going to be made.
There's been an awful lot of discussion about what is or isn't simple, and people have gotten a pretty sophisticated notion of simplicity, but I'm not sure it has helped.
-- Ward Cunningham
Slashdot Mirror
in the modern era of ACPI most of us just go shutdown -p now,
Unfortunately, he may not be totally invulnerable to this patent, either
I wasn't referring to the jailbreaking from the Xephyr server in the sandbox. I meant to say that SELinux was exactly one of the fancy stuff that were supposed to protect the system from unknown vulnerabilities.
Yes, the attacker is able to break out of the sandbox and further escalate to root by attacking the Xorg server; but under a well-secured SELinux system the actual damage can be nullified by the SELinux mechanism because the attacker cannot escape from the security context even if he has root privileges. The attacker will be unable to access the resources that are not supposed to be accessed (e.g. making the stack executable) so the scope of the damage can be greatly limited.
Admittedly total lock-down of a system with SELinux is very difficult, but theoretically this is not impossible.
Hopefully, Wayland could be able to fix most of these kind of mess in Xorg (assuming it ever comes out).
The author who wrote this certainly didn't count SELinux as one of the "fancy" security mechanisms...
It is not clear from TFA whether the histogram displayed there was drawn from the sample of experimentally measured _maximum_ speeds or just the "daily usage" speeds.
If it was the former, then it gives us a snapshot of the underlying distribution of the maximum speed, and we can estimate the probability of "ISP lying about the speed", along with the variance of this estimator, directly from it.
If it was the latter, the distribution of the maximum can still be estimated. However, this is usually difficult to be done in a model-independent way.
Or a gratuitous attack on stupidity?
You don't want to be sued out of existence *before* you could begin with the engineering...
1. URL shorteners could possibly be used to work around it.
2. "tie3" (http://zdic.net/zd/zi/ZdicE5ZdicB8Zdic96.htm) is a better alternative than "biao1". There's a more idiomatic Chinese jargon for "first post" which is prevalent among Internet users: "the sofa" ;)
Give up. The 2.4GHz bands are hopelessly cluttered. Adopt 802.11n before your neighbor does.
As soon as he looks at some copyrighted material, the *AA will find him and gouge out his blood-dripping, cyborg eye.
"Pirates need to die, really."
At first I thought it was about British Computer Society declaring war against the UK government.
Meh. nothingtoseeheremovealong
Because selling crap is easy while real artistic creation is hard and demanding and does not guarantee quick money.
I guess I'm from the 1st category "people who own America" according to your hierarchy. I'm Chinese.
Your UID sounds un-American. All your bases will be belong to US.
If Solaris can do it, other exoplanets can probably do it too.
Sadly he didn't secure a business model patent.
Wow, I didn't know that. Thank you.
Still, the concern addressed in my original holds, I think. You are not suddenly safer or freer on the Internet just because the communication between you and ONE SINGLE WEBSITE has been encrypted, even if the website is one of the top search engines.
The government can still get quite clear a picture about your online activities from the DNS queries during your supposedly "safe" browsing sessions.
It's meaningless. You search for some keywords over SSL and click on a non-https link in the result page. BAM, the Referer now points to the result page, which contains the keywords you just used in its URL.
Of course Referer is easily spoofed, but you get the idea: Google search is only one aspect of a person's online activities, and the secret hiding in it can be analysed using side channels.
SSL adds protection to both ends of the communication. This may look like a circus from the user's perspective; but for Google themselves, it's better self-defense.
It means MITM attacks are more unlikely, but your data is still in Google's hand. Everyone using Google's products should be fully aware of the privacy implications as usual.
In other words, you still trade your privacy for the service provided by Google; the difference is the trade being less likely to be interrupted now.
You can't (legally) run a Windows VM without paying Microsoft for the OS.
It's even funnier if you consider the option of running WINE on Windows: http://wiki.winehq.org/WineOnWindows
Native software is fine, but a compatibility layer won't hurt. In fact, WINE is great for running legacy, closed-source software whose development is long dead with no native build going to be made.
There's been an awful lot of discussion about what is or isn't simple, and people have gotten a pretty sophisticated notion of simplicity, but I'm not sure it has helped.
-- Ward Cunningham