I remember those times well, after midnight make sure to wave your arm above your head every 20 minutes or so, otherwise the damn lights turn out as you type away on that thesis (with I guess a not so sensitive motion sensor so that a cockroach doesn't turn on the lights, or your keyboard hidden by your chair for the sensor's view)...
colour depth went up. As soon as you could essentially assume a universal 24-bit colour everything went fisher-price.
I expect it's what most people wanted all along, I remember netscape used to grab all the colours on my X terminal so that as you moused in and out of the netscape window the screen would flip between the netscape window and the rest of the screen showing random color goodness.
Like people want borders on their windows... crazy...
Once that becomes possible, less microsoft-friendly jurisdictions (like say the EU) might demand they open up the interfaces so competitors can use them. People buying chunks of OS from non-microsoft vendors probably isn't in microsoft's best interest...
It's a different problem/solution. Vacuuming a room is something that can be done petty much independently, it's a problem of navigating around obstacles and so on. Telling the robot to pick up object X over there has the additional step of communicating which of the objects X is and then the robot can do the navigation steps.
This is hard enough with people "could you grab the remote for me? No not that one, the one to the left. No the other left. No the big one with the green button at the top. No. No. Yes. Thanks" shining a laser pointer on it would be much simpler. Until of course you want the damn robot to bring you your laser pointer while you expand to fill the available space on the couch...
Doesn't make any sense. Why would you go through the process of sending an email with the information when you could just print it to a file, or throw it in a dialog box.
A developer wanting to collect people's usernames and passwords and realising that since the program talks to gmail already doing so over gmail would make it much less likely to be noticed by people monitoring network connections for "phone home" behaviour, seems the most likely explanation. Of course there mightn't be any malicious intent, just a "cool, look at all the accounts I collected" thing - like those people who get a warez copy of every piece of software ever released without ever actually using any of them...
""" Any skill set that people can bring to the job will be technologically obsolete in a couple of years, anyway, so it's better to hire people that are going to be able to learn any new technology rather than people who happen to know how to make JDBC talk to a MySQL database right this minute. """
Which is exactly the thing you called a "BAD IDEA". So not definitive then I guess...
If anyone takes 15 months to learn anything related to development they are an idiot and shouldn't have been employed in the first place. It takes me longer to get familiar with the existing code base I'm dealing with then it does the language/technology it is implemented in/with. I do not know ruby - I did write one ruby script once upon a time - but I could certainly be productive in that language by next week. But it would take me much longer to get to know an existing ruby code base well enough to not keep wasting my time (and other people's time) finding out where in it some functionality is likely to be, etc. Hence the language/technoology is basically irrelevant.
It's all bad parenting when kids do whatever on their computers.
But 7 year olds should secure the machine so that their parents can't monitor their computer activities.
Something doesn't compute here.
Did you at least set the computer up in a "public" place - i.e. where the parents can observe the activity directly since they can't monitor? Or is it hidden in her room so she can chat with all the pedophiles and then you can blame the parents for not controlling and monitoring her access to the computer?
You have the binary that runs, you have all the internal state. Doesn't matter what it does you can also do the same thing.
Unless there's some way to force part of the state to not be in RAM or disk (a register as you said, but I don't think you can reserve a register on these fancy new "run more than one thing" machines...)
The data has to be being decrypted in the normal use, which means the key is somewhere in RAM. Since this attack is basically "take a snapshot of the RAM, and find the key in it" it will still apply. If loop-AES can decrypt the data then someone with a snapshot of all the internal state at the time can too.
To verify it you would have to have a control group and then the group that you infect with HIV and see if they get AIDS more... Good luck getting that past the ethics board.
And of course Schechter et al in '93, which looked at 715 homosexual men, with about a 50/50 split of HIV positive and HIV negative. All 136 who ended up with AIDS during the study were HIV positive: http://www.ncbi.nlm.nih.gov/pubmed/2112396
Not sure if scientologists are exactly the group I'd want ebay to "we can (and you authorize us to) disclose your User ID, name, street address, city, state, zip code, country, phone number, email, and company name to eBay VeRO Program participants as we in our sole discretion believe necessary or appropriate in connection with an investigation of fraud, intellectual property infringement, piracy, or other unlawful activity."
So it's back to delaying releasing the fix until every other web browser has also been fixed, leaving mozilla's users exposed for longer than necessary?
And yes given the source code it is trivial for someone interested in security in the slightest to determine what the security hole was. People do it by looking at the changes in disassembled binaries...
It's free software, anyone can see what code changed so if you "mention that there are important security fixes that would be published at a later date" then exactly 17.3 seconds later the bad guys know what it was anyway. Heck they manage that by disassembling binaries, it just takes longer (and hence might be practical).
In fact the curious people will probably find the security problem sightly quicker...
So mozilla should have left their users open to the big for longer, by delaying the fix so that Opera can catch up?
Or are you saying they should have released the fix and not mention what it was fixing - making it less likely people would apply the fix (plus it's open source not saying what it's fixing doesn't really keep it secret)?
Note that mozilla never mentioned Opera in the advisory anyway.
So what you're really saying is that Mozilla should pass all it's security fixes past Opera and IE and Safari and Konqueror and etc and not release them until all of those competitors have said "OK we've fixed it too".
it would be really hard for the Navy to pick it up if it crashed into North Korea, China, Russia, Iran, etc...
Which blind Freddy can see is the reason to blow the thing into hopefully small enough chunks to all burn up before it lands in someone else's backyard. The US doesn't need to show China that "it can too", that's low reward (China already knows they can) and high risk (missing would be embarrassing).
Slashdot Mirror
I remember those times well, after midnight make sure to wave your arm above your head every 20 minutes or so, otherwise the damn lights turn out as you type away on that thesis (with I guess a not so sensitive motion sensor so that a cockroach doesn't turn on the lights, or your keyboard hidden by your chair for the sensor's view)...
This is how the swiss go to the supermarket:
http://en.wikipedia.org/wiki/Image:Caroline-Migros-p1000507.jpg
colour depth went up. As soon as you could essentially assume a universal 24-bit colour everything went fisher-price.
I expect it's what most people wanted all along, I remember netscape used to grab all the colours on my X terminal so that as you moused in and out of the netscape window the screen would flip between the netscape window and the rest of the screen showing random color goodness.
Like people want borders on their windows... crazy...
Once that becomes possible, less microsoft-friendly jurisdictions (like say the EU) might demand they open up the interfaces so competitors can use them. People buying chunks of OS from non-microsoft vendors probably isn't in microsoft's best interest...
They have copyright over some of it. People with copyright over other bits are free to sue as well...
It's a different problem/solution. Vacuuming a room is something that can be done petty much independently, it's a problem of navigating around obstacles and so on. Telling the robot to pick up object X over there has the additional step of communicating which of the objects X is and then the robot can do the navigation steps.
This is hard enough with people "could you grab the remote for me? No not that one, the one to the left. No the other left. No the big one with the green button at the top. No. No. Yes. Thanks" shining a laser pointer on it would be much simpler. Until of course you want the damn robot to bring you your laser pointer while you expand to fill the available space on the couch...
The cost of manufacturing is a factor in determining supply.
Doesn't make any sense. Why would you go through the process of sending an email with the information when you could just print it to a file, or throw it in a dialog box.
A developer wanting to collect people's usernames and passwords and realising that since the program talks to gmail already doing so over gmail would make it much less likely to be noticed by people monitoring network connections for "phone home" behaviour, seems the most likely explanation. Of course there mightn't be any malicious intent, just a "cool, look at all the accounts I collected" thing - like those people who get a warez copy of every piece of software ever released without ever actually using any of them...
That definitive guide says:
"""
Any skill set that people can bring to the job will be technologically obsolete in a couple of years, anyway, so it's better to hire people that are going to be able to learn any new technology rather than people who happen to know how to make JDBC talk to a MySQL database right this minute.
"""
Which is exactly the thing you called a "BAD IDEA". So not definitive then I guess...
If anyone takes 15 months to learn anything related to development they are an idiot and shouldn't have been employed in the first place. It takes me longer to get familiar with the existing code base I'm dealing with then it does the language/technology it is implemented in/with. I do not know ruby - I did write one ruby script once upon a time - but I could certainly be productive in that language by next week. But it would take me much longer to get to know an existing ruby code base well enough to not keep wasting my time (and other people's time) finding out where in it some functionality is likely to be, etc. Hence the language/technoology is basically irrelevant.
Since modern IQ tests scores are equivalent to the rank on a Gaussian bell curve, they'd be right...
It's all bad parenting when kids do whatever on their computers.
But 7 year olds should secure the machine so that their parents can't monitor their computer activities.
Something doesn't compute here.
Did you at least set the computer up in a "public" place - i.e. where the parents can observe the activity directly since they can't monitor? Or is it hidden in her room so she can chat with all the pedophiles and then you can blame the parents for not controlling and monitoring her access to the computer?
Yes.
You have the binary that runs, you have all the internal state. Doesn't matter what it does you can also do the same thing.
Unless there's some way to force part of the state to not be in RAM or disk (a register as you said, but I don't think you can reserve a register on these fancy new "run more than one thing" machines...)
And I'm sure the Chinese will lease some of it the US.
But that's where the alien moon base is...
The data has to be being decrypted in the normal use, which means the key is somewhere in RAM. Since this attack is basically "take a snapshot of the RAM, and find the key in it" it will still apply. If loop-AES can decrypt the data then someone with a snapshot of all the internal state at the time can too.
You mean things like stop signs, traffic lights, broken down cars blocking the lane, 5 year olds standing still at the side of the road?
It's missing that vital bomb component: the explosive...
Something like 75% of the TSA's own covert bomb tests end up with the TSA guys letting the bomb through. It's all just theater...
To verify it you would have to have a control group and then the group that you infect with HIV and see if they get AIDS more... Good luck getting that past the ethics board.
There is Blattner et al in '93 looking at three lab workers who were exposed to HIV, http://gateway.nlm.nih.gov/MeetingAbstracts/102203749.html
And of course Schechter et al in '93, which looked at 715 homosexual men, with about a 50/50 split of HIV positive and HIV negative. All 136 who ended up with AIDS during the study were HIV positive: http://www.ncbi.nlm.nih.gov/pubmed/2112396
Not sure if scientologists are exactly the group I'd want ebay to "we can (and you authorize us to) disclose your User ID, name, street address, city, state, zip code, country, phone number, email, and company name to eBay VeRO Program participants as we in our sole discretion believe necessary or appropriate in connection with an investigation of fraud, intellectual property infringement, piracy, or other unlawful activity."
So it's back to delaying releasing the fix until every other web browser has also been fixed, leaving mozilla's users exposed for longer than necessary?
And yes given the source code it is trivial for someone interested in security in the slightest to determine what the security hole was. People do it by looking at the changes in disassembled binaries...
It's free software, anyone can see what code changed so if you "mention that there are important security fixes that would be published at a later date" then exactly 17.3 seconds later the bad guys know what it was anyway. Heck they manage that by disassembling binaries, it just takes longer (and hence might be practical).
In fact the curious people will probably find the security problem sightly quicker...
So mozilla should have left their users open to the big for longer, by delaying the fix so that Opera can catch up?
Or are you saying they should have released the fix and not mention what it was fixing - making it less likely people would apply the fix (plus it's open source not saying what it's fixing doesn't really keep it secret)?
Note that mozilla never mentioned Opera in the advisory anyway.
So what you're really saying is that Mozilla should pass all it's security fixes past Opera and IE and Safari and Konqueror and etc and not release them until all of those competitors have said "OK we've fixed it too".
He called Bush and incompetent liar and fascist...in so many words.
Wow, he's never done that before. Certainly not every 47 seconds or so.
it would be really hard for the Navy to pick it up if it crashed into North Korea, China, Russia, Iran, etc...
Which blind Freddy can see is the reason to blow the thing into hopefully small enough chunks to all burn up before it lands in someone else's backyard. The US doesn't need to show China that "it can too", that's low reward (China already knows they can) and high risk (missing would be embarrassing).