Yes... that was the trivial case. I meant a non-trivial case.
However, you do make the case for studying the one we’ve got and not wasting time hypothesizing about habitable planets that may or may not ever be found.
If the universe is really infinite*, and if there is any nonzero percentage of planets which are habitable*, then there are infinitely many habitable planets by logical conclusion.
Until or unless we find one, and one that’s close enough to actually learn something useful from it... what difference does it make how many of them are theoretically out there?
Where's the "Allow people to tag me in photos" privacy option?
Right next to the “Allow people to create a blogspot, upload pictures of me, and name me in the description so it gets indexed by Google” privacy option.
In that case, why don’t you go find the post you made on Marsha’s wall and delete it? You can delete any post you’ve made... you don’t have to get Marsha to delete it just because it’s on her wall.
Yes, an at-will employee can be fired for “any reason or no reason at all” – but if you were fired for an illegal reason and you can prove this or at least back it up pretty substantially, then you have a pretty good case for a lawsuit.
It works both ways, though... an at-will employee can also leave for pretty much any reason.
Employees who are contracted in for a longer period of time, on the other hand, will also have terms in their contract that ensure their employer can’t dismiss them for no good reason... but in return for that security, they give up their ability to leave that job whenever they want to find work elsewhere.
It’s a give-and-take, and personally I think it’s better this way than having the government dictate to companies whether they can or can’t hire or fire someone.
Of course, all this information is already available to me. I could click around the site and find everything said between my mutual friends by sifting through their accounts. But that would take ages, and eventually — hopefully — I’d either get bored or ashamed of creeping on my friends. This makes it possible to stalk in seconds.
“Hopefully”? Bored or ashamed? Seriously?
He greatly underestimates the ability of a bored stalker to be creepy...
An arbitrary bytestream is just plain 1s and 0s, and thereby can’t be exploited – only the parsers can.
Yeah, GP’s post sounded okay at first glance but is utterly meaningless in reality. Obviously the data itself can’t be exploited. It’s what happens when something reads the data and tries to parse it that’s the issue... and that’s true of every exploit, whether it’s a binary format or a text-based one.
1. Use Firefox Portable. 2. Tools, Options, Applications. Go down the list and set most of the options to “Save File” or “Always ask”. 3. Just for extra safety, go to Tools, Add-ons, Plugins. Disable Adobe Acrobat,.NET, Silverlight, Windows Media Player, and most of the other junk that gets in there. Do similar in the Extensions tab. (Leave the Mozilla Default Plug-in alone; that’s the one that displays a broken plug-in icon on embedded objects that aren’t associated with any of your installed plug-ins.)
Alternately, you could just let the IT department worry about it.
If you are the IT department... well, I guess you should get a good antivirus.
I keep it on mine along with Firefox / Opera, 7-Zip / WinRAR, DOSBox (GWBasic, QBasic, PowerBASIC for DOS, Windows 3.1, BOWEP), VLC / mplayerc, Notepad++ / Metapad, Jarnal, ResEdit, hjsplit, Process Explorer... all useful and great tools, if you’re interested in looking them up. (On a different USB drive I also have GIMP and SMPlayer, among other things... actually I’m not sure why I haven’t copied SMPlayer to this one...)
I’m not waiting for anything. My browser won’t open drive-by PDFs. It saves them and I see a status indication showing that it downloaded something. If I meant to download a PDF and trust the source, I can open it. If not... I won’t.
Hell, the hackers could have just embedded the mov as an <object>/<embed> in a web page and emailed URLs to a bunch of people in spam for the same effect.
You might think... but the target groups would be different and probably not completely overlapping.
If it's exploits you're looking for, I doubt WebGL is a good vector for attack. It's a relatively small finite API. Where are you going to attack?
Well and good, as long as it’s limited to that.
I remember hearing about a SecondLife virus that spread via an infected QuickTime.MOV embedded in a “picture frame” in the game. IIRC, you didn’t even have to look at the surface onto which the video file was embedded; it could infect the user as soon as they loaded the map.
It’s little stuff like this that makes it easy to miss these infection points. Building a limited API for 3D graphics is well and good but then you extend it to allow videos, link in the original video libraries to support common formats, and suddenly you’ve got all the vulnerabilities of QuickTime and Windows Media Player...
I ran XP on 512K of RAM quite nicely, after a bunch of unnecessary services were turned off. I was even able to afford such niceties as active desktop and font smoothing.
Slashdot Mirror
It also makes it impossible for your real friends to find you. You might as well just not have Facebook.
Yes... that was the trivial case. I meant a non-trivial case.
However, you do make the case for studying the one we’ve got and not wasting time hypothesizing about habitable planets that may or may not ever be found.
Or a unique face...
Still, who cares?
If the universe is really infinite*, and if there is any nonzero percentage of planets which are habitable*, then there are infinitely many habitable planets by logical conclusion.
Until or unless we find one, and one that’s close enough to actually learn something useful from it... what difference does it make how many of them are theoretically out there?
*unproven/unknown
Where's the "Allow people to tag me in photos" privacy option?
Right next to the “Allow people to create a blogspot, upload pictures of me, and name me in the description so it gets indexed by Google” privacy option.
In that case, why don’t you go find the post you made on Marsha’s wall and delete it? You can delete any post you’ve made... you don’t have to get Marsha to delete it just because it’s on her wall.
Yes, an at-will employee can be fired for “any reason or no reason at all” – but if you were fired for an illegal reason and you can prove this or at least back it up pretty substantially, then you have a pretty good case for a lawsuit.
It works both ways, though... an at-will employee can also leave for pretty much any reason.
Employees who are contracted in for a longer period of time, on the other hand, will also have terms in their contract that ensure their employer can’t dismiss them for no good reason... but in return for that security, they give up their ability to leave that job whenever they want to find work elsewhere.
It’s a give-and-take, and personally I think it’s better this way than having the government dictate to companies whether they can or can’t hire or fire someone.
Put them in your limited profile group and don’t tell them.
Agreed.
Of course, all this information is already available to me. I could click around the site and find everything said between my mutual friends by sifting through their accounts. But that would take ages, and eventually — hopefully — I’d either get bored or ashamed of creeping on my friends. This makes it possible to stalk in seconds.
“Hopefully”? Bored or ashamed? Seriously?
He greatly underestimates the ability of a bored stalker to be creepy...
Hell, why not just generalize it:
An arbitrary bytestream is just plain 1s and 0s, and thereby can’t be exploited – only the parsers can.
Yeah, GP’s post sounded okay at first glance but is utterly meaningless in reality. Obviously the data itself can’t be exploited. It’s what happens when something reads the data and tries to parse it that’s the issue... and that’s true of every exploit, whether it’s a binary format or a text-based one.
Since you obviously use FlashBlock (and I don’t), can you please tell me whether this still works?
http://hackademix.net/2008/06/08/block-rick/
It’s a hole, to be sure, but it’s not an exploit. Unless you still had a tiny bit of innocence left...
Anyone who thinks gimp is a replacement is full of shit.
Or doesn’t need the features that PhotoShop alone offers.
I use GIMP.
1. Use Firefox Portable. .NET, Silverlight, Windows Media Player, and most of the other junk that gets in there. Do similar in the Extensions tab. (Leave the Mozilla Default Plug-in alone; that’s the one that displays a broken plug-in icon on embedded objects that aren’t associated with any of your installed plug-ins.)
2. Tools, Options, Applications. Go down the list and set most of the options to “Save File” or “Always ask”.
3. Just for extra safety, go to Tools, Add-ons, Plugins. Disable Adobe Acrobat,
Alternately, you could just let the IT department worry about it.
If you are the IT department... well, I guess you should get a good antivirus.
Plus, it will run from a USB stick.
I keep it on mine along with Firefox / Opera, 7-Zip / WinRAR, DOSBox (GWBasic, QBasic, PowerBASIC for DOS, Windows 3.1, BOWEP), VLC / mplayerc, Notepad++ / Metapad, Jarnal, ResEdit, hjsplit, Process Explorer... all useful and great tools, if you’re interested in looking them up. (On a different USB drive I also have GIMP and SMPlayer, among other things... actually I’m not sure why I haven’t copied SMPlayer to this one...)
I’m not waiting for anything. My browser won’t open drive-by PDFs. It saves them and I see a status indication showing that it downloaded something. If I meant to download a PDF and trust the source, I can open it. If not... I won’t.
Like I said, you can narrow it down on a site-by-site basis. You could also block specific canvas tags using more complex element hiding rules.
If it’s that much of an issue, just adblock the canvas tag with ##canvas. Plus you can do it on a site-by-site basis if you like.
Hell, the hackers could have just embedded the mov as an <object>/<embed> in a web page and emailed URLs to a bunch of people in spam for the same effect.
You might think... but the target groups would be different and probably not completely overlapping.
512K != 512MB
Ah... yeah, I did indeed miss that.
That being said, you’ve still got to deal with the small possibility that the codec be broken out of its sandbox with a privilege escalation exploit.
exploit in PNG or JPEG, which probably would be noticed elsewhere too
Well, hopefully they’ve found most of those, but I remember hearing about a few of those in the past too.
If it's exploits you're looking for, I doubt WebGL is a good vector for attack. It's a relatively small finite API. Where are you going to attack?
Well and good, as long as it’s limited to that.
I remember hearing about a SecondLife virus that spread via an infected QuickTime .MOV embedded in a “picture frame” in the game. IIRC, you didn’t even have to look at the surface onto which the video file was embedded; it could infect the user as soon as they loaded the map.
It’s little stuff like this that makes it easy to miss these infection points. Building a limited API for 3D graphics is well and good but then you extend it to allow videos, link in the original video libraries to support common formats, and suddenly you’ve got all the vulnerabilities of QuickTime and Windows Media Player...
I ran XP on 512K of RAM quite nicely, after a bunch of unnecessary services were turned off. I was even able to afford such niceties as active desktop and font smoothing.