"For Friday's implementation of BEAST to work, Duong and Rizzo had to subvert a safety mechanism built into the web known as the same-origin policy, which dictates that data set by one internet domain can't be read or modified by a different address."
"The researchers settled on a Java applet as their means to bypass SOP, leading Firefox developers to discuss blocking the framework in a future version of the browser."
So it sounds like there are two security bugs. One in TLS, and one in Java.
Other parts of the article talks about security features being disabled because of interoperability. As I read the part of the article I quoted, there simply isn't any specification in the protocol to authenticate inhibit command, so this specific problem is not because of interoperability.
> Once a radio has been stunned by the receipt of an inhibit command the standard requires that it remains in-operational and unresponsive to the operator console or device programming interface until it receives an “uninhibit” XFC on the frequency it received the inhibit. The attack exploits the lack of any guarantee of authenticity for the frame Inhibit/Uninhibit types. [...] Note that the XFC message payload may be sent either encrypted (P=1) or un-encrypted (P=0).
Not a desirable property in a supposedly secure crypto system!
Eh? Most of what he said was pointing out obvious things. Like a NP-problem: formulating the solution is hard, but verifying that the given solution really is a solution is easy.
It would probably be easier to just build the wireless networking into the camera, than to build it into each SD card. That way you also don't risk having the antenna buried inside the camera along with the SD card.
You only need to use the USB stick once, to install linux. Thereafter, you can download whatever you need from inside Linux. Surely you can borrow an USB stick from a friend, if you don't own one already.
Get a Linux distro like Ubuntu, if you can live without windows. Their package repository contains gigabytes of software, with practically perfect install and uninstall, and totally malware-risk-free.
This is one of the main reasons I run Linux instead of Windows.
And the search for the Higgs is also religious, because we have a belief that something is there? Of course not; we search to validate (or repudiate) our hypothesis.
It is a perfectly valid scientific hypothesis that intelligent life exists elsewhere, based on current scientific consensus. We are merely trying to confirm that hypothesis.
As in many other cases, such as fx the Kyoto agreement, "world wide" means that the US is the last country to do the obvious. Europe has fx done this long ago: http://news.bbc.co.uk/2/hi/europe/234985.stm
> if they had made a settlement for a half billion dollars, Sony wouldn't exist today. Their operating income last year was just $342M (source [sony.net]). Fat chance that Sony could survive a $500M settlement hit.
If the $500m is 1.5 times their yearly operating income, as you said, then it would just mean they would make no profit for 1.5 years. Of course they would survive that.
The beauty of it is that even if you do not buy your certificate from Comodo, you are still just as vulnerable to false certificates in your name from Comodo (Or any other of the ~650 CAs).
Larry Sanger was employed by Jimmy Wales, and has spend every waking moment dissing Wikipedia since he was kicked out of the project. So Jimmy was the main guy to my mind.
I don't think anybody would deny that other people had the same idea. But Jimmy Wales wins heavily on points for actually making it work (and for donating the initial resources!).
If you decide to only sell DRMed books, then you are selling a lower quality product than the pirates are given away. DRM can be a huge bother.
So I hope they are taking into account people who would have bought a non-DRMed ebook, but will pirate ebooks if only DRMed ebooks are available for sale.
Slashdot Mirror
According to the article:
"For Friday's implementation of BEAST to work, Duong and Rizzo had to subvert a safety mechanism built into the web known as the same-origin policy, which dictates that data set by one internet domain can't be read or modified by a different address."
"The researchers settled on a Java applet as their means to bypass SOP, leading Firefox developers to discuss blocking the framework in a future version of the browser."
So it sounds like there are two security bugs. One in TLS, and one in Java.
Other parts of the article talks about security features being disabled because of interoperability. As I read the part of the article I quoted, there simply isn't any specification in the protocol to authenticate inhibit command, so this specific problem is not because of interoperability.
> Once a radio has been stunned by the receipt of an inhibit command the standard requires that it remains in-operational and unresponsive to the operator console or device programming interface until it receives an “uninhibit” XFC on the frequency it received the inhibit. The attack exploits the lack of any guarantee of authenticity for the frame Inhibit/Uninhibit types. [...] Note that the XFC message payload may be sent either encrypted (P=1) or un-encrypted (P=0).
Not a desirable property in a supposedly secure crypto system!
Eh? Most of what he said was pointing out obvious things. Like a NP-problem: formulating the solution is hard, but verifying that the given solution really is a solution is easy.
It would probably be easier to just build the wireless networking into the camera, than to build it into each SD card. That way you also don't risk having the antenna buried inside the camera along with the SD card.
> cost of the USB
You only need to use the USB stick once, to install linux. Thereafter, you can download whatever you need from inside Linux. Surely you can borrow an USB stick from a friend, if you don't own one already.
Since Ubuntu fits a single CD, you could buy a 2GB USB stick for $6: http://www.newegg.com/Store/SubCategory.aspx?SubCategory=522&name=USB-Flash-Drives&Order=PRICE
> time/cost of downloading Linux
This is getting silly.
> CPU Heatsink?
The included CPU includes a heatsink at the price they specify: http://www.newegg.com/Product/Product.aspx?Item=N82E16819103953&Tpk=Athlon%20II%20X2%20270
> I didn't see the cost of HD cable either
Every motherboard I have bought has included SATA cables in the box. According to http://www.techemporium.com/ssproduct.asp?pf_id=1018895174 , the selected motherboard includes 2 SATA cable.
From the Bug report:
> Confirming, some very recent update broke it - right now unit tests fail on SVN. I wonder if nobody run it before release?
So they do have a unit test for that. They just didn't run it before release :).
Get a Linux distro like Ubuntu, if you can live without windows. Their package repository contains gigabytes of software, with practically perfect install and uninstall, and totally malware-risk-free.
This is one of the main reasons I run Linux instead of Windows.
And the search for the Higgs is also religious, because we have a belief that something is there? Of course not; we search to validate (or repudiate) our hypothesis.
It is a perfectly valid scientific hypothesis that intelligent life exists elsewhere, based on current scientific consensus. We are merely trying to confirm that hypothesis.
As in many other cases, such as fx the Kyoto agreement, "world wide" means that the US is the last country to do the obvious. Europe has fx done this long ago: http://news.bbc.co.uk/2/hi/europe/234985.stm
Europe banned this use of antibiotics long ago, for this reason: http://news.bbc.co.uk/2/hi/europe/234985.stm
> if they had made a settlement for a half billion dollars, Sony wouldn't exist today. Their operating income last year was just $342M (source [sony.net]). Fat chance that Sony could survive a $500M settlement hit.
If the $500m is 1.5 times their yearly operating income, as you said, then it would just mean they would make no profit for 1.5 years. Of course they would survive that.
But how do you know whether google is being impersonated, or if they has really switched to Comodo? You can't as far as I can tell.
The beauty of it is that even if you do not buy your certificate from Comodo, you are still just as vulnerable to false certificates in your name from Comodo (Or any other of the ~650 CAs).
Not just porn. How long will it be before somebody insists that http://en.wikipedia.org/wiki/Human_penis only be available from .xxx?
Your reference is not about the same topic as mine.
Yours is about 10 hours of work comparing Linux and Minix.
Mine is about 4-6 months of work comparing Linux and Unix.
This has been publicly known since 2005: http://en.wikipedia.org/wiki/SCO-Linux_controversies#The_Michael_Davidson_E-Mail
> Your MP3's and movies do not require the high throughput.
And more importantly, your MP3's and movies do not require the random reads and writes which is an SSD's greatest strengths.
Why would there be any connection? The Sandy Bridge chipset recall had nothing to do with the BIOS, as far as I am aware.
> Some are so buggy they won't even run.
I have never had this problem with a Debian package. My strong impression is that buggy packages are removed before a Major Debian release is made.
I am sure that the US is pursuing those who DDoSed WikiLeaks with equal energy.
I would imagine that the shielding has to be especially robust in military equipment, as it should be EMP resistant.
Larry Sanger was employed by Jimmy Wales, and has spend every waking moment dissing Wikipedia since he was kicked out of the project. So Jimmy was the main guy to my mind.
I don't think anybody would deny that other people had the same idea. But Jimmy Wales wins heavily on points for actually making it work (and for donating the initial resources!).
If you decide to only sell DRMed books, then you are selling a lower quality product than the pirates are given away. DRM can be a huge bother.
So I hope they are taking into account people who would have bought a non-DRMed ebook, but will pirate ebooks if only DRMed ebooks are available for sale.