But I'll save you the trouble and just tell you that every x86_64 binary kernel image I've ever seen has 32-bit emulation enabled by default. Unless you've compiled the kernel yourself and explicitly disabled 32-bit emulation (like I have on a Gentoo system I run), it's got about a 99% chance of being on.
Just don't use Acrobat Reader to view downloaded PDFs. Grab Foxit or Sumatra instead.
Also, be certain to disable the browser plugin *always*. Using something like NoScript to block external plugins (it works like Flashblock, except with all plugins) also helps some. The largest danger isn't in someone sending you an infected PDF, it's in a webpage embedding an infected PDF that you can't see.
So there are forty unknown applications with an unknown flaw that results in code execution. This sounds like it includes web browsers (given the references to 'viewing a web page' in the article), but it doesn't specify which. It also doesn't specify what sort of file(s) (except in the case of iTunes -- a 'media file') are affected.
So what're we supposed to do? There's no detail here, not even cursory detail, on what filetypes or applications to avoid. I'm fine with no details on the innermost workings of this exploit being widely disseminated, but why announce it with such fanfare if there's not even a way to avoid exposing yourself (i.e., listing these supposed '40 applications')?
The majority of Microsoft edging away from the 'evil' end has been purely practical in my view -- they've improved their products, they're, fairly obviously, working hard to improve the security and stability of them, and as a result are actually producing something useful finally. From a pragmatic point of view, this makes them less evil than a corporation who has all the philosophical evils of today's Microsoft, but produces crap like Windows ME.
My understanding is that whenever someone is named as John or Jane Doe their identity is not known, as you said. Not that they are everyone, but that they could be anyone.
In other words, they're a specific, yet unknown, person from the time the court case is filed onward. A very simple defense against this lawsuit should be to note the filing date/time and that you had not yet visited their music festival at that time (provable by virtue of it simply not having happened yet) and therefore could not be one of the 200 specific, but unknown, people that the case is against.
That link, while interesting, has no direct relevancy to any of these privacy mode features. It describes Mozilla's planned fix for the CSS:visited information leak, where a website can, fairly quickly and easily, determine which websites (of a preselected list) you have visited. The planned fix has nothing, explicitly, to do with privacy mode, as it will be used in all browsing modes.
Quantum computers would cut the effective keysize in half. If we built quantum computers equal to conventional computers (and increasing in power at the same rate), a hundred years probably isn't too insane as a minimum.
I believe the current estimates are conventional computers being able to break 112-bit symmetric around 2030 -- 256-bit symmetric (if quantum computers become viable, remember!) by 2110 isn't too nuts.
Even a reasonably conservative estimate (no quantum computers, approximate following of Moore's law, no useful attacks against AES-256) would peg AES-256 being breakable around 2256 or so -- 'only' 250-300 years.
Of course, there's also the danger that the public could get together and crack your key with distributed computing, and then you lose your leverage...
With AES-256, that danger is probably a hundred years away, if you started today. Even if quantum computers get a lot better, real quick.
If it's crashing, but your GPU still works then it's probably a plain ol' software bug causing the crashes. Not some mythical GPU-melting simple-frame rendering.
If there are enough failures to create a whole market, there's something really wrong.
Sometimes there aren't. A lot of the time, particularly as time wears on and the manufacturing of a particular chip gets better, you end up getting a better chip than you expected (marked/limited as expected, though) and can overclock it further. Desktop i7s are a pretty good example of this, with most of the late-model i7-920s and all of the i7-930s being able to go 500 MHz above spec without even breaking a sweat (i.e., on stock cooling). Pretty much every one can hit 4 GHz with even a basic after-market cooler.
You should be able to get around it by using full-stream encryption (and possibly slightly unusual port numbers -- pick any 5-digit port and you should be fine), but I agree it's an extremely slimy thing to do.
It is somewhat infamous, mostly due to being vastly over-hyped -- running comparably to ATI's six-month-old cards at the time of its release was not worthy of the hype machine Nvidia had going throughout the several delays.
Even Judge Gertner's $1 actual damages figure is wildly overstated. 70 cents lost revenue minus 35 cents saved expenses = lost profit of 35 cents, IF you wanted to assume that every unuathorized download represents a lost sale, which it certainly does not. Most likely the real actual damages is 5 or 10 cents on an mp3 download.
You could make an argument that this could actually be several times higher, given the uploading done by many peer-to-peer applications. If you even upload a small bit to another person, they can then upload it to some more -- averaging this out over the entire lifespan of a torrent could enable a few more people to download it. Meaning, I dunno, maybe $5 tops per song, unless you seeded to a real high ratio.
I haven't done it on a Mac, only on a PC under Linux (more or less following this documentation). You may have to find an alternate tool to send the ATA Security commands to the drive, if hdparm isn't working.
Mind you, the drive has to support ATA Security commands (some may not) and has to be in an 'unfrozen' state (many BIOSes/EFI firmware freezes the drive at boot). This may mean you'd need to power cycle (disconnect/connect) the drive while the computer is running to unfreeze it (which, as long as the drive is entirely unmounted, is safe for an SATA drive). You might also be able to boot with it disconnected and plug it once booted instead.
There seems to be some information (some similar to what I've already mentioned) specifically pertaining to Macs/OSX here, though I haven't tested it.
if you read it you'll either get random data, or zeros (probably the later)
If you read a TRIMmed block directly, most drives will kick back zeroes. You can do this with hdparm -- particularly useful as a method to test if TRIM works (and it even uncovered a bug in ext4's TRIM implementation in data=writeback mode, where TRIM only works on metadata). Run hdparm -I on a SSD, and it'll actually say something along the lines of "Deterministic read ZEROs after TRIM" for most drives.
In other words, they don't seem to be using a "clean state" at all, which would explain why there's no difference.
Very true. There are only two methods I know of to 'clean slate' a full drive -- either TRIM the entire thing (with a tool like hdparm -- this is tricky to get right) or run an ATA Secure Erase command. Most SSDs take the secure erase command and just blank every NAND chip they have (taking ~2 minutes compared to the multiple hours that rotational drives take for the Secure Erase command) -- I've done this on my X-25M and it works brilliantly.
Unless Apple's Disk Utility actually does a Secure Erase command (which is very unlikely), then their testing methodology is entirely flawed, and their 'resetting' of the drive instead made it behave as if it was entirely, completely, 100% filled to the brim.
I believe they are currently using a non-linear scale. I don't know the exact relationship, but it sure looked logarithmic at a quick glance. '5 bars' was covered by ~50% of the 'usable' signal reading. From what I understand, this is reasonably representative (perhaps slightly optimistic -- "look we have more bars" marketing strikes again?) of actual performance, so if they do too much tweaking, it'll be much less representative of real quality drops/increases. Plus that doesn't solve the fact that (some) people are actually quantifying this as a drop in data speeds or calls dropping when held in certain ways -- and not solely in 'number of bars'.
The other option would be to re-use it for people you can help in the low-income bracket. An older P-III laptop with a 802.11b card and a 802.11b router/access point is better than no gear at all. Still, my experience says that most people -even those in the lower income bracket- don't want the old gear at all.
An alternative is donating it to charity. Some of them will probably take it and either give it away or set it up for use somewhere.
Charities involving third-world countries (sorry, "developing nations") may be a particularly grateful bunch, even for old equipment.
Slashdot Mirror
Possibly in /boot/config-<version>.
But I'll save you the trouble and just tell you that every x86_64 binary kernel image I've ever seen has 32-bit emulation enabled by default. Unless you've compiled the kernel yourself and explicitly disabled 32-bit emulation (like I have on a Gentoo system I run), it's got about a 99% chance of being on.
Just don't use Acrobat Reader to view downloaded PDFs. Grab Foxit or Sumatra instead.
Also, be certain to disable the browser plugin *always*. Using something like NoScript to block external plugins (it works like Flashblock, except with all plugins) also helps some. The largest danger isn't in someone sending you an infected PDF, it's in a webpage embedding an infected PDF that you can't see.
So there are forty unknown applications with an unknown flaw that results in code execution. This sounds like it includes web browsers (given the references to 'viewing a web page' in the article), but it doesn't specify which. It also doesn't specify what sort of file(s) (except in the case of iTunes -- a 'media file') are affected.
So what're we supposed to do? There's no detail here, not even cursory detail, on what filetypes or applications to avoid. I'm fine with no details on the innermost workings of this exploit being widely disseminated, but why announce it with such fanfare if there's not even a way to avoid exposing yourself (i.e., listing these supposed '40 applications')?
The majority of Microsoft edging away from the 'evil' end has been purely practical in my view -- they've improved their products, they're, fairly obviously, working hard to improve the security and stability of them, and as a result are actually producing something useful finally. From a pragmatic point of view, this makes them less evil than a corporation who has all the philosophical evils of today's Microsoft, but produces crap like Windows ME.
My understanding is that whenever someone is named as John or Jane Doe their identity is not known, as you said. Not that they are everyone, but that they could be anyone.
In other words, they're a specific, yet unknown, person from the time the court case is filed onward. A very simple defense against this lawsuit should be to note the filing date/time and that you had not yet visited their music festival at that time (provable by virtue of it simply not having happened yet) and therefore could not be one of the 200 specific, but unknown, people that the case is against.
If you do the crowd part right, you'll rocket past the iPhone users in an afternoon...
That link, while interesting, has no direct relevancy to any of these privacy mode features. It describes Mozilla's planned fix for the CSS :visited information leak, where a website can, fairly quickly and easily, determine which websites (of a preselected list) you have visited. The planned fix has nothing, explicitly, to do with privacy mode, as it will be used in all browsing modes.
They sent him to Russia because there is almost no english language reporting about the Russian oil industry, and out of sight is out of mind.
Specifically, they sent him to Siberia. Isn't that pretty much the ISO-approved punishment for screw-ups?
Distribution, sure.
Make sure that it's distribution to others, not distribution from others.
And, y'know, make sure that innocent until proven guilty thing still applies.
Get your own country's shit in order before invading another sovereign nation (no matter how much you disagree with how their country is run).
Quantum computers would cut the effective keysize in half. If we built quantum computers equal to conventional computers (and increasing in power at the same rate), a hundred years probably isn't too insane as a minimum.
I believe the current estimates are conventional computers being able to break 112-bit symmetric around 2030 -- 256-bit symmetric (if quantum computers become viable, remember!) by 2110 isn't too nuts.
Even a reasonably conservative estimate (no quantum computers, approximate following of Moore's law, no useful attacks against AES-256) would peg AES-256 being breakable around 2256 or so -- 'only' 250-300 years.
Is it just me, or is that Judge Dredd on their badges?
Of course, there's also the danger that the public could get together and crack your key with distributed computing, and then you lose your leverage...
With AES-256, that danger is probably a hundred years away, if you started today. Even if quantum computers get a lot better, real quick.
If it's crashing, but your GPU still works then it's probably a plain ol' software bug causing the crashes. Not some mythical GPU-melting simple-frame rendering.
If there are enough failures to create a whole market, there's something really wrong.
Sometimes there aren't. A lot of the time, particularly as time wears on and the manufacturing of a particular chip gets better, you end up getting a better chip than you expected (marked/limited as expected, though) and can overclock it further. Desktop i7s are a pretty good example of this, with most of the late-model i7-920s and all of the i7-930s being able to go 500 MHz above spec without even breaking a sweat (i.e., on stock cooling). Pretty much every one can hit 4 GHz with even a basic after-market cooler.
You should be able to get around it by using full-stream encryption (and possibly slightly unusual port numbers -- pick any 5-digit port and you should be fine), but I agree it's an extremely slimy thing to do.
If it becomes legal, we'll have to start calling it privateering.
It is somewhat infamous, mostly due to being vastly over-hyped -- running comparably to ATI's six-month-old cards at the time of its release was not worthy of the hype machine Nvidia had going throughout the several delays.
Even Judge Gertner's $1 actual damages figure is wildly overstated. 70 cents lost revenue minus 35 cents saved expenses = lost profit of 35 cents, IF you wanted to assume that every unuathorized download represents a lost sale, which it certainly does not. Most likely the real actual damages is 5 or 10 cents on an mp3 download.
You could make an argument that this could actually be several times higher, given the uploading done by many peer-to-peer applications. If you even upload a small bit to another person, they can then upload it to some more -- averaging this out over the entire lifespan of a torrent could enable a few more people to download it. Meaning, I dunno, maybe $5 tops per song, unless you seeded to a real high ratio.
I haven't done it on a Mac, only on a PC under Linux (more or less following this documentation). You may have to find an alternate tool to send the ATA Security commands to the drive, if hdparm isn't working.
Mind you, the drive has to support ATA Security commands (some may not) and has to be in an 'unfrozen' state (many BIOSes/EFI firmware freezes the drive at boot). This may mean you'd need to power cycle (disconnect/connect) the drive while the computer is running to unfreeze it (which, as long as the drive is entirely unmounted, is safe for an SATA drive). You might also be able to boot with it disconnected and plug it once booted instead.
There seems to be some information (some similar to what I've already mentioned) specifically pertaining to Macs/OSX here, though I haven't tested it.
if you read it you'll either get random data, or zeros (probably the later)
If you read a TRIMmed block directly, most drives will kick back zeroes. You can do this with hdparm -- particularly useful as a method to test if TRIM works (and it even uncovered a bug in ext4's TRIM implementation in data=writeback mode, where TRIM only works on metadata). Run hdparm -I on a SSD, and it'll actually say something along the lines of "Deterministic read ZEROs after TRIM" for most drives.
In other words, they don't seem to be using a "clean state" at all, which would explain why there's no difference.
Very true. There are only two methods I know of to 'clean slate' a full drive -- either TRIM the entire thing (with a tool like hdparm -- this is tricky to get right) or run an ATA Secure Erase command. Most SSDs take the secure erase command and just blank every NAND chip they have (taking ~2 minutes compared to the multiple hours that rotational drives take for the Secure Erase command) -- I've done this on my X-25M and it works brilliantly.
Unless Apple's Disk Utility actually does a Secure Erase command (which is very unlikely), then their testing methodology is entirely flawed, and their 'resetting' of the drive instead made it behave as if it was entirely, completely, 100% filled to the brim.
I believe they are currently using a non-linear scale. I don't know the exact relationship, but it sure looked logarithmic at a quick glance. '5 bars' was covered by ~50% of the 'usable' signal reading. From what I understand, this is reasonably representative (perhaps slightly optimistic -- "look we have more bars" marketing strikes again?) of actual performance, so if they do too much tweaking, it'll be much less representative of real quality drops/increases. Plus that doesn't solve the fact that (some) people are actually quantifying this as a drop in data speeds or calls dropping when held in certain ways -- and not solely in 'number of bars'.
Here's the link with numbers and more info.
It's the balance between fistfuls of money and not having to work to acquire them.
The other option would be to re-use it for people you can help in the low-income bracket. An older P-III laptop with a 802.11b card and a 802.11b router/access point is better than no gear at all. Still, my experience says that most people -even those in the lower income bracket- don't want the old gear at all.
An alternative is donating it to charity. Some of them will probably take it and either give it away or set it up for use somewhere.
Charities involving third-world countries (sorry, "developing nations") may be a particularly grateful bunch, even for old equipment.
Sorry to break it to you, but...