The story is about your phone sending your personal data to some 3rd party, not about your phone downloading stuff from some 3rd party. Who has to encrypt and who has to decrypt there?
The only way to "secure" that somehow is to have some unique (and unpredictable) secret token burned into each phone, and derive the encryption key from it. The IMEI or serial number won't cut it.
Even if the data sent from the phone to the Chinese is encrypted, the phone has to have the key, so it's trivial for just anybody to intercept and read your messages. Including the US Govt. or low-key scammers.
The second exploit relies on mysqld_safe (sic) being run as root, otherwise the whole thing falls flat: you can make error_log a symlink to/etc/ld.so.preload as much as you like, but you won't be able to chown the latter and overwrite it.
If you prefer not to give your phone number to Google, don't.
You can no longer do that.
I just tried setting up a gmail address -- it won't work unless I give them a phone number.
And for an old address that you set up before this policy, they have the nice habit of blocking pop3s/smtps access from time to time, forcing you to login via web through a page where they pester you again about adding a phone number
Because of that wanton blocking I can no longer trust to use my gmail address for any serious stuff, and unlike with my phone number, there's no EU directive to force them to port it to another provider;-)
Because the Turkish government changed course since then
At the time of the Ergenekon affair, the gulenist were calling the shots and were setting up
cangoroo courts for those perceived as their opponents; now it's their turn on the other end of the stick, and some lucky victims may be rehabilitated.
It's like that succession of show trials, purges, 'mistakes were made', and purges of purgers in Stalin's and Hrushchev's time.
The funny thing is that with flashblock I could easily prevent videos, audios and animations from auto-playing; with html5 I can't, unless I block all javascript, which makes most news sites completely unusable. Call that progress.
They should have mandated from the start that videos/audios together with their controlling scripts, must be segregated into their own iframes, tagged accordingly.
The C standard requires that all data pointers be the same size.
In fact that's incorrect. The only requirement is that any data pointer could be converted to void* and back without loss. Posix assumes that a function pointer too could be converted to void* and back, which is not guaranteed by the C standard.
There's no requirement in the sizeof(long *) == sizeof(void *) either.
Yes, there is. The C standard requires that all data pointers be the same size.
It's sizeof(void*) == sizeof(void(*)(void)) ie 'function pointers are just data pointers" that's absolutely not guaranteed, though there are many programs and interfaces that make this assumption (eg dlsym(3)).
According to Posix, the absolute largest this define can be is 256 (fortunately, Linux ignores this and goes for 4096).
Have you actually read that POSIX doc?
256 is the smallest acceptable value for PATH_MAX, not the largest.
PATH_MAX >= _POSIX_PATH_MAX >= 256
Most interfaces than return paths (eg. readlink(2), getcwd(3)) take a buffer and a length as arguments, and return an error if the buffer is too short, so most of the time you can allocate the buffers dynamically and completely ignore any system specific limits.
Napoleon was the best general in the world because he bought the
Newspapers.
Where did you get this from?
Is this one of those glib cloying memes and false quotes shared on facebook?
Or are you just confusing the real Napoleon (who beat the shit out of all reactionaries) with his pathetic nephew, Napoleon III? -- they have as much in common as Odessa, TX with the Black Sea city & port.
The funny thing is that you're repeating one of his slogans.
For those who ignore it, Breivik was not a mass killer for kicks, but a terrorist with well-defined beliefs about impending "suicide of Europe" through "cultural marxism", "political correctness" and "islamization". And in his eyes, his victims were not innocent children, but something like the next crop of brainwashed SJWs.
USB keyboards can even interact with
UAC prompts, even when presented on the Secure Desktop where
software input emulation has no effect.
Couldn't they at least flush the keyboard buffer between user prompts?
That used to be the standard procedure on ancient terminal programs; you couldn't drive interactive programs by just sending the strings and hoping for the best; hence the need for programs like chat or expect.
Anyways, the idea that you could reliably drive a gui without reading the screen in some way or another is quite baffling; I wonder how robust those exploits are -- unlike e-mail malware or remote exploits, a 1% percent rate of success for a physical device (that the use is supposed to stick in his computer god knows when and how frequenty) doesn't sound like something to be too excited about.
Would the world have paid any attention to her if she were not a woman?
Yes.
There are no shortage of ugly, soul destroying buildings and public artwork out there.
Exactly. A lot of of architects that were much more hyped that her have designed things that are worse both from a pedestrian/user/sufferer and from a high-brow artistic point of view.
wish we would award prizes to people who enhance our civilization and not debase it, but my hope won't result in change.
That's very fortunate. We've already had geeks that tried to tried to eradicate the 'degenerate' art and then force their yokel's tastes upon everybody.
an account with sudo access
You need root access to run the chroot command and to modify the mount table. NOTE: Do not run any of the commands listed in this document as root â" the commands themselves will run sudo to get root access when needed.
There should be some harsh physical punishment for the idiots that put sudo calls in Makefiles. And for sudo-heads in general. Why would you need root just to build some fucking binary, should it be a hello-world or your browser/os of the day? Even for building a kernel for the machine it's built on, you need root only for the final step, where you install the kernel/modules/ramdisk.
That piece of shit (sudo) should be banned once for all. If you feel like fucking up your systems and ignoring all the good security practices, go install your own setuid garbage; it's easy.
There are also some apps like the one for my blood pressure monitor that i refuse to install because it wants access to my call log
Try downloading the apk, unpack it with apktool, strip those permissions from AndroidManifest.xml, pack it back and then install it via adb.
In fact, the baksmali 'assembly' format is very readable and easy to understand; you can study and modify the java part of an app almost as if you had the source code.
I'm yet to see an affordable android device that doesn't require proprietary drivers for video, gps, etc.
Even after "rooting" your device with some dubious "tools" downloaded from warez-like sites or by scouring fulldisclosure and writing your own exploit, most of the time you won't be able to install a modified system; for all intents and purposes it's a pure proprietary device.
It's foolish to rely on tail-call elimination because most compilers treat it as an optimization; and there's no way to force a warning or an error if the compiler isn't able to optimize tail calls.
Then there are the idiots that are ideologically prejudiced against CS, Scheme, functional programming, etc and will go out of their way to sabotage it because they find it 'confusing' or because it 'makes debugging harder'.
The only thing you could do is to transform the tail-recursive algorithm into an iterative one by hand, and nicely document it into a big comment & warnings above it. That's almost like writing in assembly.
Interestingly, just reading the preferred environments of winning competition coders, few list a command line editor.
I think this retro movement is a knee-jerk to "user-friendly" or "simplicity", as if that means "not expert".
You're projecting your own snobbery. Not everybody is obsessing about following trends and movements, emulating the elite and continuously assessing his own level of expertise. Some people just think that machines were invented to do the repetitive, mind-numbing tasks instead of them and absolutely hate having to repeat selecting, filling forms, moving windows and clicking menus instead of just issuing some fucking one-line command. Even the most stupid and inconsistent/scriptable/ user interface is worth more than the best designed inextensible gui.
P.S. hat are all these tedious actions? Spend all my time thinking, architecting, then writing... mostly once.
You're a freaking genius -- you conceive everything in your head, and then it just works: no debugging, no refactoring, no revision control is ever needed. More curiously, the interfaces and external libraries you're using are just as perfect and immutable as your code.
It's much easier than you think. Once you broke out of repetitive mechanical editing and learnt to use a programmable editor, should it be ed, teco, edt, ex/vi or emacs, it's easy to switch to a new paradigm, even if you happen to detest it. It's just a matter of taste and
muscle memory from that point on.
On the contrary, going back to some obtuse "user-friendly" interface, where you can't combine actions other than by tediously repeating them, is simply torture; it feels like slaving for the machine that was supposed to be serving you.
You mention flickering fluorescent bulbs, but there's another fairly common cause of some of these symptoms you should check out if you ever come across a case like this; high-pitched whines from malfunctioning electronic devices.
The kind of cellphone chargers used by Nokia (like ac-3) were the worst of all -- I could hear them through closed doors, and it happened to me to wake with nightmares after some cellphone finished charging and the adapter started its whining.
All switching-mode power supply designs generate some kind of annoying whine, but even "fast" USB chargers (which are pretty bad in their own way) are unable to match that high-pitch sizzle/whine alternation.
Fortunately, Nokia's dead now and with it their unique charger designs.
Those printer drivers were working at a higher level, they only cared about some port where to send their data, they didn't do the low level centronics protocol themselves.
You could even save that data to a file instead of sending it to the printer; if you then cat that_file >/dev/lp0 on linux it would print it just fine.
Most method of bit banging on parallel port relies on being able to use hardware IRQ interrupts (which USB can't do). That's because they are really abusing how a parallel port works, and not just using it as a one way data stream.
It's not only that. Those adapters won't update the data pins with new data unless the BUSY line is pulled high then low, with some time constraints, as specified by the Centronics protocol. That means that you can't use it to drive relays, leds, etc just by writing data to a port, as you could with a classic parallel port on 0x378.
or a version of PL2303 that Prolific decided to remove support for your OS).
Use linux. It supports without problem whatever cheap pl2303 knockoff you put into it. It's also easy to hack the driver to leave the dtr/rts lines alone (instead of pulling them high on reset), so you could use them independently via ioctls.
Slashdot Mirror
The story is about your phone sending your personal data to some 3rd party, not about your phone downloading stuff from some 3rd party. Who has to encrypt and who has to decrypt there?
The only way to "secure" that somehow is to have some unique (and unpredictable) secret token burned into each phone, and derive the encryption key from it. The IMEI or serial number won't cut it.
Even if the data sent from the phone to the Chinese is encrypted, the phone has to have the key, so it's trivial for just anybody to intercept and read your messages. Including the US Govt. or low-key scammers.
The second exploit relies on mysqld_safe (sic) being run as root, otherwise the whole thing falls flat: you can make error_log a symlink to /etc/ld.so.preload as much as you like, but you won't be able to chown the latter and overwrite it.
No shit. How is mysqld_safe able to chown that file if it's not running as root?
You can no longer do that.
I just tried setting up a gmail address -- it won't work unless I give them a phone number.
And for an old address that you set up before this policy, they have the nice habit of blocking pop3s/smtps access from time to time, forcing you to login via web through a page where they pester you again about adding a phone number
Because of that wanton blocking I can no longer trust to use my gmail address for any serious stuff, and unlike with my phone number, there's no EU directive to force them to port it to another provider ;-)
At the time of the Ergenekon affair, the gulenist were calling the shots and were setting up cangoroo courts for those perceived as their opponents; now it's their turn on the other end of the stick, and some lucky victims may be rehabilitated.
It's like that succession of show trials, purges, 'mistakes were made', and purges of purgers in Stalin's and Hrushchev's time.
They should have mandated from the start that videos/audios together with their controlling scripts, must be segregated into their own iframes, tagged accordingly.
In fact that's incorrect. The only requirement is that any data pointer could be converted to void* and back without loss. Posix assumes that a function pointer too could be converted to void* and back, which is not guaranteed by the C standard.
Yes, there is. The C standard requires that all data pointers be the same size.
It's sizeof(void*) == sizeof(void(*)(void)) ie 'function pointers are just data pointers" that's absolutely not guaranteed, though there are many programs and interfaces that make this assumption (eg dlsym(3)).
Have you actually read that POSIX doc?
256 is the smallest acceptable value for PATH_MAX, not the largest.
PATH_MAX >= _POSIX_PATH_MAX >= 256
Most interfaces than return paths (eg. readlink(2), getcwd(3)) take a buffer and a length as arguments, and return an error if the buffer is too short, so most of the time you can allocate the buffers dynamically and completely ignore any system specific limits.
But in this case, the judge is right. A recursive acronym does not make much sense. Or, to put it another way, it only makes sense as a joke.
Maybe the judge was trolling a little bit too -- just like asking a catholic why he has to eat his saviour's flesh
Where did you get this from?
Is this one of those glib cloying memes and false quotes shared on facebook?
Or are you just confusing the real Napoleon (who beat the shit out of all reactionaries) with his pathetic nephew, Napoleon III? -- they have as much in common as Odessa, TX with the Black Sea city & port.
The funny thing is that you're repeating one of his slogans.
For those who ignore it, Breivik was not a mass killer for kicks, but a terrorist with well-defined beliefs about impending "suicide of Europe" through "cultural marxism", "political correctness" and "islamization". And in his eyes, his victims were not innocent children, but something like the next crop of brainwashed SJWs.
Couldn't they at least flush the keyboard buffer between user prompts?
That used to be the standard procedure on ancient terminal programs; you couldn't drive interactive programs by just sending the strings and hoping for the best; hence the need for programs like chat or expect.
Anyways, the idea that you could reliably drive a gui without reading the screen in some way or another is quite baffling; I wonder how robust those exploits are -- unlike e-mail malware or remote exploits, a 1% percent rate of success for a physical device (that the use is supposed to stick in his computer god knows when and how frequenty) doesn't sound like something to be too excited about.
Yes.
Exactly. A lot of of architects that were much more hyped that her have designed things that are worse both from a pedestrian/user/sufferer and from a high-brow artistic point of view.
That's very fortunate. We've already had geeks that tried to tried to eradicate the 'degenerate' art and then force their yokel's tastes upon everybody.
The IMEI has the same magical immutability as the MAC of an ethernet adapter.
There should be some harsh physical punishment for the idiots that put sudo calls in Makefiles. And for sudo-heads in general. Why would you need root just to build some fucking binary, should it be a hello-world or your browser/os of the day? Even for building a kernel for the machine it's built on, you need root only for the final step, where you install the kernel/modules/ramdisk.
That piece of shit (sudo) should be banned once for all. If you feel like fucking up your systems and ignoring all the good security practices, go install your own setuid garbage; it's easy.
Try downloading the apk, unpack it with apktool, strip those permissions from AndroidManifest.xml, pack it back and then install it via adb.
In fact, the baksmali 'assembly' format is very readable and easy to understand; you can study and modify the java part of an app almost as if you had the source code.
No, it's not.
I'm yet to see an affordable android device that doesn't require proprietary drivers for video, gps, etc.
Even after "rooting" your device with some dubious "tools" downloaded from warez-like sites or by scouring fulldisclosure and writing your own exploit, most of the time you won't be able to install a modified system; for all intents and purposes it's a pure proprietary device.
Or "tivoized", if you like the term better.
Then there are the idiots that are ideologically prejudiced against CS, Scheme, functional programming, etc and will go out of their way to sabotage it because they find it 'confusing' or because it 'makes debugging harder'.
The only thing you could do is to transform the tail-recursive algorithm into an iterative one by hand, and nicely document it into a big comment & warnings above it. That's almost like writing in assembly.
You're projecting your own snobbery. Not everybody is obsessing about following trends and movements, emulating the elite and continuously assessing his own level of expertise. Some people just think that machines were invented to do the repetitive, mind-numbing tasks instead of them and absolutely hate having to repeat selecting, filling forms, moving windows and clicking menus instead of just issuing some fucking one-line command. Even the most stupid and inconsistent /scriptable/ user interface is worth more than the best designed inextensible gui.
You're a freaking genius -- you conceive everything in your head, and then it just works: no debugging, no refactoring, no revision control is ever needed. More curiously, the interfaces and external libraries you're using are just as perfect and immutable as your code.
It's much easier than you think. Once you broke out of repetitive mechanical editing and learnt to use a programmable editor, should it be ed, teco, edt, ex/vi or emacs, it's easy to switch to a new paradigm, even if you happen to detest it. It's just a matter of taste and muscle memory from that point on.
On the contrary, going back to some obtuse "user-friendly" interface, where you can't combine actions other than by tediously repeating them, is simply torture; it feels like slaving for the machine that was supposed to be serving you.
The kind of cellphone chargers used by Nokia (like ac-3) were the worst of all -- I could hear them through closed doors, and it happened to me to wake with nightmares after some cellphone finished charging and the adapter started its whining.
All switching-mode power supply designs generate some kind of annoying whine, but even "fast" USB chargers (which are pretty bad in their own way) are unable to match that high-pitch sizzle/whine alternation.
Fortunately, Nokia's dead now and with it their unique charger designs.
You could even save that data to a file instead of sending it to the printer; if you then cat that_file > /dev/lp0 on linux it would print it just fine.
It's not only that. Those adapters won't update the data pins with new data unless the BUSY line is pulled high then low, with some time constraints, as specified by the Centronics protocol. That means that you can't use it to drive relays, leds, etc just by writing data to a port, as you could with a classic parallel port on 0x378.
Use linux. It supports without problem whatever cheap pl2303 knockoff you put into it. It's also easy to hack the driver to leave the dtr/rts lines alone (instead of pulling them high on reset), so you could use them independently via ioctls.