As an example, I'd single out (though it is by no means the only example) Microsoft Outlook. The inclusion of active code (scripts, ActiveX controls) in what was formerly static data (SMTP email) combined with defaulting to the least secure configuration (opening and running emails without user intervention) left the door wide open for the Melissa virus and its desendants. What happened here?
Good God, man! You're asking this of a marketroid?!
You were thinking right, but the guy was Canadian. There was no way he could legally subscribe to the service, therefore he wasn't stealing what he couldn't buy.
I was reading the CNET review, and clicked on the Dvorak link on the second page (Interface section).
In addition to the standard Dvorak keyboard, there are two additional Dvorak keyboards, a left-handed and right-handed keyboard. These keyboards are designed for people who have only one hand for typing.
This begs the question: Why aren't these keyboards standard issue for geeks like us?!
Ship the computer with a blank hard drive. Enclose a bootable CD with everything ready-to-install on it. The consumer would turn on the machine, wait for "Missing operating system", insert the CD, then hit the panic button. The machine reboots and installs Windows, productivity apps, whatever. Maybe it'll be a few CDs, with a prompt to insert the next one when needed. Make it DEAD SIMPLE. This way, the machine does indeed ship blank, so no censorware will be needed.
in OS 3.5, but instead they put a little "visible hidden field" feature in. With TealLock activated, a friend of mine tried this feature on his Palm IIIx, and it screwed things up to the point that he had to wipe the Palm and HotSync the data back in.
You're referring to "Mask Records", as opposed to hiding or showing them. The newest version of TealLock (been out for at LEAST six months) fully supports that. My Vx locks and masks private records at 4AM daily.
These batteries have to be replaced every 2-3 years, and are also prone to leak (significant even for small leaks
FWIW, I spoke with a Honda PR guy (yeah, I know), and he said the battery pack in the Insight is designed to last for the service life of the car (8-10 years).
They're sealed lead-acid batteries, so they don't leak unless (a) you fuck something up in the electrical connections, or (b) you crack one of the battery's housings. Even then, you only get sulphuric acid (H2SO4) leaking.
Soon we will be seeing a battle royale in the boardrooms of corporate America. This news is wonderful, however the oil companies will not like it one bit. You bet that Shell, BP, Texaco, Mobil and so on are all lobbying for various taxes to be imposed even as we speak, and considering all sorts of strategies to undermine the Electric car as a serious proposition. However, the government and automotive industries will be all for this technology - expect to see some confrontation between the two.
I couldn't have said it better myself! The petroleum cartel is a group of self-worshipping whores, nothing more.
Here's a true story that might interest you: (Americans, s/sulphur/sulfur/)
Recently, the Canadian government asked all oil companies doing business in Canada to submit their sulphur content data, and the gov't agreed to keep it secret. (Sulphur in gas is bad for engines and emission control systems.) A reporter found out about this and filed an FOIA request. The gov't took him to court, and lost.
The results (for fuel sold in Ontario, and probably Quebec) were shocking:
Esso (Imperial Oil, a division of ExxonMobil): ~750 ppm sulphur
Petro Canada: ~500 ppm sulphur
Shell (Royal Dutch Shell Group NV): ~425 ppm sulphur
Sunoco (div. of Suncor Energy): ~250 ppm sulphur
Comments from Esso's gov't submission were also published, including this (paraphrased) gem: "This information must not be made public to avoid possible consumer boycotts."
Ever since that news broke (18 months ago or so), I have bought less than 120 litres of Esso fuel. Before then, I bought at least 75% of my fuel from Esso. This is fairly major, since I drive 60,000 km per year, so I buy a LOT of gas.
Sunoco now gets as much of my business as I can give it, with Shell second, PetroCan third, and Esso dead last. Even if I'm sucking fumes and the only gas station around is an Esso, I'll buy 1/4 or 1/2 of a tank to get me to the next Sunoco or Shell.
Incidentally, Honda Canada has issued a recall on all 1998 Accord V6 models to replace an intake manifold component with a freer-flowing version as a result of sulphur in fuel clogging the EGR system. Also, excess sulphur in fuel can foul up the fuel level sensor in your fuel tank by changing the resistance of it. Mine had to be replaced (under warranty, thankfully), and I think that's 100% due to my addiction to Esso fuel at the time.
I'll stop ranting now. (This is a subject that really gets me going...)
--
Re:Which other protocols *also* have holes?
on
Security Hole In TCP
·
· Score: 2
Arbor's equipment has been deployed by Merit Network, a major Internet provider in Michigan. It was an easy sell - Arbor's underlying technology was developed at the University of Michigan at Ann Arbor.
Who cares where it was developed?! People generally shop for a new car, for example, because it's reliable, has a high resale value, and fits their budget -- NOT because it's a certain colour and their uncle is/was on the design team...
This technology may or may not be the best thing since sliced bread, but it seems Merit needs some priority straightening.
Yeah, I know 3 and 5 are shared. I think JCB has some 3's, and Discover etc. also use 5.
I didn't know about the Aussie cards. Neat!
As far as entering CC numbers, I was talking about point-of-sale terminals, not mobile phones. They simply can't handle non-numeric card numbers, period. Thus, letters are out of the question.
Actually, the first digit indicates the card type (Amex is 3, Visa is 4, MC is 5). The remaining three to five digits are assigned to issuing institutions (banks). No big deal here in Canada where there might be 100 issuing banks in total (since independent banks are virtually unheard of), but in the USA (where every podunk town has an independent bank) that pool would be exhausted pretty quickly.
Credit card numbers can have 19 digits, not just 16. This is going to burn lots of people who assume that the cards are only 16.
Can you name one card type in use today with more than 16 digit card numbers? I sure don't know of any... Where did you get that figure from?
There is nothing keeping letters out of the credit card numbers. The mod 10 checksum even allows for it.
The ISO 7810 standard which governs almost all magstripe cards in use today contains provisions for three different types of information recording, referenced as Track 1, Track 2, and Track 3. Track 1 can contain up to 79 alphanumeric characters. Track 2 can contain up to 40 characters of numeric information. Track 3 can contain up to 107 characters.
Track 2 is where the card number is stored. Thus, card numbers could theoretically be up to 38 digits in length (40 minus the start and stop "sentinel" characters), but cannot contain non-numeric characters. Ergo, letters are out. I have no clue where you got the idea they were possible.
Even if that weren't the case, I would imagine a VERY good number (>95%) of POS (point-of-sale, not piece-of-shit) cardswipe terminals would freak out if they read a card number off a stripe as "4512A8F7B7A2C88F". Also, how the fsck do you enter that on the terminal's keypad if the stripe gets demagnetized? You don't.
Large amounts of the number space have been taken by some of the visa 12 digit cards.
The old Visa cards were 13-digit. All Visa cards now issued have 16 digits. (Amex cards are 15-digit.)
Slashdot Mirror
Quebec, I think. I know there's a subsidy for dialup net access that ends in about 15 minutes...
--
subpoena Anonymizer for logs (by law they have to keep them)
Excuse me? Since when was any entity required by law to keep logs of anything?!
--
Except possibly for some big titanium balls.
Check!
--
Vidi, Vici, Veni
:)
We saw, we conquered, we came.
Cute.
--
As an example, I'd single out (though it is by no means the only example) Microsoft Outlook. The inclusion of active code (scripts, ActiveX controls) in what was formerly static data (SMTP email) combined with defaulting to the least secure configuration (opening and running emails without user intervention) left the door wide open for the Melissa virus and its desendants. What happened here?
Good God, man! You're asking this of a marketroid?!
--
Well, at least *one* person got it...
--
$180 for a Black Lotus
I prefer the Blacker Lotus that I have in one of my decks. Fine, it gives new meaning to sacrifice, but it's still worth it... and cheap...
--
You were thinking right, but the guy was Canadian. There was no way he could legally subscribe to the service, therefore he wasn't stealing what he couldn't buy.
--
I was reading the CNET review, and clicked on the Dvorak link on the second page (Interface section).
In addition to the standard Dvorak keyboard, there are two additional Dvorak keyboards, a left-handed and right-handed keyboard. These keyboards are designed for people who have only one hand for typing.
This begs the question: Why aren't these keyboards standard issue for geeks like us?!
(Sorry.)
--
Don't Trust Code Signed by 'Microsoft Corporation'
I've had that one covered for the last 18-24 months or so...
--
Ship the computer with a blank hard drive. Enclose a bootable CD with everything ready-to-install on it. The consumer would turn on the machine, wait for "Missing operating system", insert the CD, then hit the panic button. The machine reboots and installs Windows, productivity apps, whatever. Maybe it'll be a few CDs, with a prompt to insert the next one when needed. Make it DEAD SIMPLE. This way, the machine does indeed ship blank, so no censorware will be needed.
--
If you are going to LinuxWorld and want to be a community representative, write me.
I'm in Toronto, and I'm going to LWCE in August. What does the position entail?
--
Oddly, such obscenities haven't resulted in higher crime or moral turpitude.
Oh, sorry! I thought this was Australia you were talking about...
(Sorry.)
--
in OS 3.5, but instead they put a little "visible hidden field" feature in. With TealLock activated, a friend of mine tried this feature on his Palm IIIx, and it screwed things up to the point that he had to wipe the Palm and HotSync the data back in.
You're referring to "Mask Records", as opposed to hiding or showing them. The newest version of TealLock (been out for at LEAST six months) fully supports that. My Vx locks and masks private records at 4AM daily.
--
O'Reilly goes by ORA and has the email address of ora.com.
I can't resist the cheap shot...
--
I stand corrected.
--
electric cars to overtake petrol based cars in terms of miles/gallon
Miles/gallon for an electric car?! Can we get a reality check in aisle five, please???
--
400 miles on one battery, divided by 0 gallons of gas used..
.. isn't defined.
--
These batteries have to be replaced every 2-3 years, and are also prone to leak (significant even for small leaks
FWIW, I spoke with a Honda PR guy (yeah, I know), and he said the battery pack in the Insight is designed to last for the service life of the car (8-10 years).
They're sealed lead-acid batteries, so they don't leak unless (a) you fuck something up in the electrical connections, or (b) you crack one of the battery's housings. Even then, you only get sulphuric acid (H2SO4) leaking.
--
I couldn't have said it better myself! The petroleum cartel is a group of self-worshipping whores, nothing more.
Here's a true story that might interest you: (Americans, s/sulphur/sulfur/)
Recently, the Canadian government asked all oil companies doing business in Canada to submit their sulphur content data, and the gov't agreed to keep it secret. (Sulphur in gas is bad for engines and emission control systems.) A reporter found out about this and filed an FOIA request. The gov't took him to court, and lost.
The results (for fuel sold in Ontario, and probably Quebec) were shocking:
- Esso (Imperial Oil, a division of ExxonMobil): ~750 ppm sulphur
- Petro Canada: ~500 ppm sulphur
- Shell (Royal Dutch Shell Group NV): ~425 ppm sulphur
- Sunoco (div. of Suncor Energy): ~250 ppm sulphur
Comments from Esso's gov't submission were also published, including this (paraphrased) gem: "This information must not be made public to avoid possible consumer boycotts."Ever since that news broke (18 months ago or so), I have bought less than 120 litres of Esso fuel. Before then, I bought at least 75% of my fuel from Esso. This is fairly major, since I drive 60,000 km per year, so I buy a LOT of gas.
Sunoco now gets as much of my business as I can give it, with Shell second, PetroCan third, and Esso dead last. Even if I'm sucking fumes and the only gas station around is an Esso, I'll buy 1/4 or 1/2 of a tank to get me to the next Sunoco or Shell.
Incidentally, Honda Canada has issued a recall on all 1998 Accord V6 models to replace an intake manifold component with a freer-flowing version as a result of sulphur in fuel clogging the EGR system. Also, excess sulphur in fuel can foul up the fuel level sensor in your fuel tank by changing the resistance of it. Mine had to be replaced (under warranty, thankfully), and I think that's 100% due to my addiction to Esso fuel at the time.
I'll stop ranting now. (This is a subject that really gets me going...)
--
What security holes lurk in SMB, for example?
SMB is a security hole!
--
Arbor's equipment has been deployed by Merit Network, a major Internet provider in Michigan. It was an easy sell - Arbor's underlying technology was developed at the University of Michigan at Ann Arbor.
Who cares where it was developed?! People generally shop for a new car, for example, because it's reliable, has a high resale value, and fits their budget -- NOT because it's a certain colour and their uncle is/was on the design team...
This technology may or may not be the best thing since sliced bread, but it seems Merit needs some priority straightening.
--
Yeah, I know 3 and 5 are shared. I think JCB has some 3's, and Discover etc. also use 5.
I didn't know about the Aussie cards. Neat!
As far as entering CC numbers, I was talking about point-of-sale terminals, not mobile phones. They simply can't handle non-numeric card numbers, period. Thus, letters are out of the question.
--
This is the CVV (Card Verification Value). It is not present on the stripe.
--
Oh boy... where to start?
The 1st 6 digits are assigned in blocks.
Actually, the first digit indicates the card type (Amex is 3, Visa is 4, MC is 5). The remaining three to five digits are assigned to issuing institutions (banks). No big deal here in Canada where there might be 100 issuing banks in total (since independent banks are virtually unheard of), but in the USA (where every podunk town has an independent bank) that pool would be exhausted pretty quickly.
Credit card numbers can have 19 digits, not just 16. This is going to burn lots of people who assume that the cards are only 16.
Can you name one card type in use today with more than 16 digit card numbers? I sure don't know of any... Where did you get that figure from?
There is nothing keeping letters out of the credit card numbers. The mod 10 checksum even allows for it.
The ISO 7810 standard which governs almost all magstripe cards in use today contains provisions for three different types of information recording, referenced as Track 1, Track 2, and Track 3. Track 1 can contain up to 79 alphanumeric characters. Track 2 can contain up to 40 characters of numeric information. Track 3 can contain up to 107 characters.
Track 2 is where the card number is stored. Thus, card numbers could theoretically be up to 38 digits in length (40 minus the start and stop "sentinel" characters), but cannot contain non-numeric characters. Ergo, letters are out. I have no clue where you got the idea they were possible.
Even if that weren't the case, I would imagine a VERY good number (>95%) of POS (point-of-sale, not piece-of-shit) cardswipe terminals would freak out if they read a card number off a stripe as "4512A8F7B7A2C88F". Also, how the fsck do you enter that on the terminal's keypad if the stripe gets demagnetized? You don't.
Large amounts of the number space have been taken by some of the visa 12 digit cards.
The old Visa cards were 13-digit. All Visa cards now issued have 16 digits. (Amex cards are 15-digit.)
Speak not from whence you know not.
--