Considering copyright has been around for less than one percent of the time that music has, I think it's safe to say:
WTF is wrong with people that this is even a question to be taken seriously?!?
There's something dystopian about the current state of discourse. It's like the bar scene in Cherry 2000 where men and women all have lawyers present to negotiate a one-night stand. They would probably ask: "Is open-source sex possible?"
I don't know about WWI/WWII acronyms but it seems unlikely that they were all exactly five letters long and had letter frequency like this (look at all those Qs, Xs, and Zs). I do know that ciphertext is usually written in groups of five letters to provide spacing without giving clues about the spacing of the plaintext. Also, there is a bit of stuff in the middle of the page below the ciphertext (cropped out of most photos), which if I remember right was used for metadata about what code was used.
This sounds like a case of someone looking at random stuff and trying a bit too hard to make sense of it.
Yes! These things have finally gotten cheap enough (around $20) that those of us with access to a lot of servers ought to have one.
For those not in the know, these things look like a USB flash drive, but have more number-crunching power than storage. You load your SSH private key onto the USB fob and the key never leaves the device. Plug the fob into a USB port and ssh offloads the private-key RSA operations to the fob, which won't do anything unless you enter a PIN. As the private key never leaves the device, it can't be stolen without physically stealing the device or somehow hacking into the firmware. Using the fob requires software (opensc) on the computer you plug the fob in to, but to the server it's just a plain old SSH connection.
Obviously if you lose the fob you're screwed unless you have a backup copy of the key somewhere. The best option seems to be to generate the key on a PC with no network connectivity, save the key to the fob, and also save to removable media as an offline backup.
Speaking of sorting parameters, there is at least one issue I still see in a lot of libraries. The spec says encode things, then sort them. Many of the libs I've seen do it the other way around. Sorting first is the most obvious way to do it, but I guess the spec was trying to avoid issues with locale-specific collations by forcing everything to ASCII first. Most sites uses plain alphanumeric parameter names so people get away with doing it either way.
Still, it goes to show how developers can completely fail to RTFSpec, even when developing a library for use by lots of other people. Seems to be exactly what worries Mr. Hammer.
You have a very valid argument, but there's one aspect that's missing: just like with old-fashioned racketeering, it's not a one-time expense: fold to one patent troll and you'll have to fold to all.
It's much worse than that. Defeating a patent troll doesn't create any sort of immunity against others. Even doing what you are ostensibly supposed to do - license every patent you need to - is no guarantee that someone else won't come along with another patent and shut you down.
Software patents are thousands of swords of Damocles hanging over the heads of every software developer. The idea that this somehow encourages innovation is complete and utter bullshit, shovelled by those who own the swords.
This guy was PLAYING Big Brother and using computers which did not BELONG to him.
Yeah, and all those people wandering around Apple stores STEALING processor cycles should all get the same treatment!/sarcasm
Those machines are obviously there for people to play with, and as far as I know there is nothing saying what they can and can't be used for. Using the webcam to capture images is not necessarily any less legitimate than using the web browser to browse web sites.
People are bizarrely schizophrenic about being photographed. His program is basicly the same as CCTV. CCTV has been around for ages, recording everone day after day. I'd bet there are even a few CCTV cameras in the Apple stores in question. Nobody cares. It's just easier to ignore it. But when you see your own face staring back at you from some computer screen somewhere, everything changes.
People are totally in denial about the death of privacy, and they're just itching to shoot the messenger, because there's nothing else that can be done about it at this point.
I've been using vitual desktops since FVWM in the mid 90s, and it has nothing to do with what this guy is talking about. I'd think Slashdot would know better, but of course times have changed. Am I going to have to start calling it Spaces now?
The PHP docs for header() suggest this was fixed in 4.4.2 and 5.1.2, but beware of regressions.
The bottom line is you should never inject data into a context where there is any potential for it to be interpreted differently from what you are expecting.
If you don't know whether or not such potential exists, assume that it does and find out how. If you assume it doesn't, you're likely to be proven wrong the hard way.
Some people say "don't trust user-supplied data", but that's not quite right either. It'll stop you from being exploited by users, but a well-built system should still DTRT even when given "wéïrd" data, no matter where it comes from.
One suggestion for those that install it, go into your settings and enable plugins 'on-demand' That way you will only get the Flash you want.
Thank you! (Mod parent up!)
I installed flash on my N1 and noticed a ton of flash ads, and thought maybe Jobs was right! I normally use an ad blocker when browsing (desktop) and had forgotten how bad it could be. That click to play thing will do the trick until I find a proper ad blocker.
Computers are just so damn logical, working with them is completely removed from normal everyday life. It's well known that people anthropomorphize computers in order to deal with them in our own frame of reference, but conversely we also mentally shift our thinking into a logical form which we aren't evolved to deal with, so that we can work effectively with computers. The more closely you work with computers, the more this will affect you.
I don't think this is a new thing though. Mathematicians and people working in hard sciences have certainly faced the same sort of thing. For example, many early scientists (eg. Galileo) have faced persecution because they have found a mode of thinking that "normal" people have found objectionable.
Virus name: God
Also known as: Jehovah, Allah, Yahweh, YHWH
Spyware: Yes, omnicient.
Damage potential: Armageddon
Prevalence: Ubiquitous
Stealth: Yes (even it's existence is debated)
Threat level: Critical
Notes: This omnipotent entity creates a world by force of will, and then waits until the end times to trigger the armageddon payload.
Cube and Saurbraten ("Cube 2") are designed to be editable in-game. I've played with it a little bit and found it to be rather painful, but then so was my attempt at quake 3 editing (I'm clearly not cut out for that kind of thing). I'm not sure what's involved in editing textures for it though, the in-game stuff seems to be for map structure.
You're all missing the point - this proof-of-concept makes NO system calls. There is NO need for "privilege escalation". Once started, it has enough knowledge of the host filesystem to read and write to files itself.
Bullshit.
User-mode processes - even those running as root - have no access to the hardware, except RAM (and then only pages mapped into the address space by the kernel) and CPU (and then only for a period of time decided by the kernel). There is no way to write to the host filesystem except through the kernel. This restriction is enforced by the CPU itself. The kernel runs in ring 0, code within the process does not.
Don't let the fact that Slony-I is not "built in" deter you from using it. I know the idea of something so critical being a separate project doesn't feel right, but you'll get over that once it's running.
The way Slony-I is built, it just sits on top of PostgreSQL. I would be far more worried about a product that hooks deep into the guts of the RDBMS - there is a lot more that can go wrong that way.
I've evaluated Slony-I and a commercial pgsql replication product*. The commercial one was a bit faster, but under high enough load I was able to break it (it could be fixed, but required restarting the server). I was not able to break Slony-I. If the server becomes overloaded then Slony-I replication can fall behind, resulting in slaves that are farther and farther out of date (this is true of any asynchronous replication product), but once the load drops back down it catches up again with no problem. That's not to say that Slony-I is unbreakable (I wasn't able to break it, but any software can have bugs), but I do think the approach it uses is fundamentally less error-prone than a more integrated design.
* I won't name the product, as this was a long time ago and I'd rather not tarnish the company's name with outdated information.
Just start typing the file path and a "Open Location" dialog will appear - it even has autocomplete
Thank you! Too bad there is no indication of this anywhere in the window.
Still not very good though, in folders with lots of files... When navigating there with the open dialog, it hangs as it reads the first few bytes of every single file in the directory to identify its type and provide an icon - very annoying having to wait when selecting an application from/usr/bin. For some reason typing/usr/bin seems to do the same thing, even though it doesn't need to display any icons...?
In an interview with an anonymous MiroScoft employee, it has been reported that MS has found a working fix!
"We've all turned off our computers, and are sitting on our hands. This has effectively blocked all intrusion attempts."
When asked when the fix would be distributed, he replied:
"Once the threat has passed, it will be safe for us to turn our computers back on and email everyone with instructions for turning their computers off and sitting on their hands. Until that time comes, we're asking everyone to be patient."
Slashdot Mirror
Considering copyright has been around for less than one percent of the time that music has, I think it's safe to say:
WTF is wrong with people that this is even a question to be taken seriously?!?
There's something dystopian about the current state of discourse. It's like the bar scene in Cherry 2000 where men and women all have lawyers present to negotiate a one-night stand. They would probably ask: "Is open-source sex possible?"
And that's where we're at with music.
:(
It's amazing how quickly they leap from "porn" to "paedophiles". Just two paragraphs in, and both of them very short.
It used to be "gays == paedophiles" but they can no longer get away with that.
I don't know about WWI/WWII acronyms but it seems unlikely that they were all exactly five letters long and had letter frequency like this (look at all those Qs, Xs, and Zs). I do know that ciphertext is usually written in groups of five letters to provide spacing without giving clues about the spacing of the plaintext. Also, there is a bit of stuff in the middle of the page below the ciphertext (cropped out of most photos), which if I remember right was used for metadata about what code was used.
This sounds like a case of someone looking at random stuff and trying a bit too hard to make sense of it.
Yes! These things have finally gotten cheap enough (around $20) that those of us with access to a lot of servers ought to have one.
For those not in the know, these things look like a USB flash drive, but have more number-crunching power than storage. You load your SSH private key onto the USB fob and the key never leaves the device. Plug the fob into a USB port and ssh offloads the private-key RSA operations to the fob, which won't do anything unless you enter a PIN. As the private key never leaves the device, it can't be stolen without physically stealing the device or somehow hacking into the firmware. Using the fob requires software (opensc) on the computer you plug the fob in to, but to the server it's just a plain old SSH connection.
Obviously if you lose the fob you're screwed unless you have a backup copy of the key somewhere. The best option seems to be to generate the key on a PC with no network connectivity, save the key to the fob, and also save to removable media as an offline backup.
Speaking of sorting parameters, there is at least one issue I still see in a lot of libraries. The spec says encode things, then sort them. Many of the libs I've seen do it the other way around. Sorting first is the most obvious way to do it, but I guess the spec was trying to avoid issues with locale-specific collations by forcing everything to ASCII first. Most sites uses plain alphanumeric parameter names so people get away with doing it either way.
Still, it goes to show how developers can completely fail to RTFSpec, even when developing a library for use by lots of other people. Seems to be exactly what worries Mr. Hammer.
You have a very valid argument, but there's one aspect that's missing: just like with old-fashioned racketeering, it's not a one-time expense: fold to one patent troll and you'll have to fold to all.
It's much worse than that. Defeating a patent troll doesn't create any sort of immunity against others. Even doing what you are ostensibly supposed to do - license every patent you need to - is no guarantee that someone else won't come along with another patent and shut you down.
Software patents are thousands of swords of Damocles hanging over the heads of every software developer. The idea that this somehow encourages innovation is complete and utter bullshit, shovelled by those who own the swords.
This guy was PLAYING Big Brother and using computers which did not BELONG to him.
Yeah, and all those people wandering around Apple stores STEALING processor cycles should all get the same treatment! /sarcasm
Those machines are obviously there for people to play with, and as far as I know there is nothing saying what they can and can't be used for. Using the webcam to capture images is not necessarily any less legitimate than using the web browser to browse web sites.
People are bizarrely schizophrenic about being photographed. His program is basicly the same as CCTV. CCTV has been around for ages, recording everone day after day. I'd bet there are even a few CCTV cameras in the Apple stores in question. Nobody cares. It's just easier to ignore it. But when you see your own face staring back at you from some computer screen somewhere, everything changes.
People are totally in denial about the death of privacy, and they're just itching to shoot the messenger, because there's nothing else that can be done about it at this point.
If I remember right, government works automatically fall into public domain. Wikipedia seems to think so too: https://en.wikipedia.org/wiki/Public_domain#Government_works
Yeah look at how the ipad has destroyed the world with its lockdown.
Rome didn't fall in a day.
So we are now seeing top-down control of executable computer code.
The last remnants of user-programmable computing have been swept away forever. Fear will keep the local systems in line... Fear of key revokation!
:(
I accept your resignation. It has been an honor serving with you.
I accept your resignation. It has been an honor serving with you.
I've been using vitual desktops since FVWM in the mid 90s, and it has nothing to do with what this guy is talking about. I'd think Slashdot would know better, but of course times have changed. Am I going to have to start calling it Spaces now?
Header injection attacks.
http://example.com/redirect.php?s=/%0d%0aSome-other-header:%20some-nasty-value
The PHP docs for header() suggest this was fixed in 4.4.2 and 5.1.2, but beware of regressions.
The bottom line is you should never inject data into a context where there is any potential for it to be interpreted differently from what you are expecting.
If you don't know whether or not such potential exists, assume that it does and find out how. If you assume it doesn't, you're likely to be proven wrong the hard way.
Some people say "don't trust user-supplied data", but that's not quite right either. It'll stop you from being exploited by users, but a well-built system should still DTRT even when given "wéïrd" data, no matter where it comes from.
One suggestion for those that install it, go into your settings and enable plugins 'on-demand' That way you will only get the Flash you want.
Thank you! (Mod parent up!)
I installed flash on my N1 and noticed a ton of flash ads, and thought maybe Jobs was right! I normally use an ad blocker when browsing (desktop) and had forgotten how bad it could be. That click to play thing will do the trick until I find a proper ad blocker.
Yes. Computing is warping our minds.
Computers are just so damn logical, working with them is completely removed from normal everyday life. It's well known that people anthropomorphize computers in order to deal with them in our own frame of reference, but conversely we also mentally shift our thinking into a logical form which we aren't evolved to deal with, so that we can work effectively with computers. The more closely you work with computers, the more this will affect you.
I don't think this is a new thing though. Mathematicians and people working in hard sciences have certainly faced the same sort of thing. For example, many early scientists (eg. Galileo) have faced persecution because they have found a mode of thinking that "normal" people have found objectionable.
It'll only get worse as technology progresses.
Virus name: God
Also known as: Jehovah, Allah, Yahweh, YHWH
Spyware: Yes, omnicient.
Damage potential: Armageddon
Prevalence: Ubiquitous
Stealth: Yes (even it's existence is debated)
Threat level: Critical
Notes: This omnipotent entity creates a world by force of will, and then waits until the end times to trigger the armageddon payload.
Cube and Saurbraten ("Cube 2") are designed to be editable in-game. I've played with it a little bit and found it to be rather painful, but then so was my attempt at quake 3 editing (I'm clearly not cut out for that kind of thing). I'm not sure what's involved in editing textures for it though, the in-game stuff seems to be for map structure.
Linus Torvalds: "Don't have a COW, man!"
Bullshit.
User-mode processes - even those running as root - have no access to the hardware, except RAM (and then only pages mapped into the address space by the kernel) and CPU (and then only for a period of time decided by the kernel). There is no way to write to the host filesystem except through the kernel. This restriction is enforced by the CPU itself. The kernel runs in ring 0, code within the process does not.
Don't let the fact that Slony-I is not "built in" deter you from using it. I know the idea of something so critical being a separate project doesn't feel right, but you'll get over that once it's running.
The way Slony-I is built, it just sits on top of PostgreSQL. I would be far more worried about a product that hooks deep into the guts of the RDBMS - there is a lot more that can go wrong that way.
I've evaluated Slony-I and a commercial pgsql replication product*. The commercial one was a bit faster, but under high enough load I was able to break it (it could be fixed, but required restarting the server). I was not able to break Slony-I. If the server becomes overloaded then Slony-I replication can fall behind, resulting in slaves that are farther and farther out of date (this is true of any asynchronous replication product), but once the load drops back down it catches up again with no problem. That's not to say that Slony-I is unbreakable (I wasn't able to break it, but any software can have bugs), but I do think the approach it uses is fundamentally less error-prone than a more integrated design.
* I won't name the product, as this was a long time ago and I'd rather not tarnish the company's name with outdated information.
"Won't go away" is a proper medical term now, since "chronic" has been re-purposed.
Thank you! Too bad there is no indication of this anywhere in the window.
Still not very good though, in folders with lots of files... When navigating there with the open dialog, it hangs as it reads the first few bytes of every single file in the directory to identify its type and provide an icon - very annoying having to wait when selecting an application from /usr/bin. For some reason typing /usr/bin seems to do the same thing, even though it doesn't need to display any icons...?
I must disagree with the article.
I hate waking up.
In an interview with an anonymous MiroScoft employee, it has been reported that MS has found a working fix!
"We've all turned off our computers, and are sitting on our hands. This has effectively blocked all intrusion attempts."
When asked when the fix would be distributed, he replied:
"Once the threat has passed, it will be safe for us to turn our computers back on and email everyone with instructions for turning their computers off and sitting on their hands. Until that time comes, we're asking everyone to be patient."