Back when I was in elementary school, all you did was tell the librarian your name and she'd look you up in the system. I don't recall if there was anything to prevent abuse of the system - they might have asked for a birthday or something. Either way, this just seems unnecessary more than it is concerning.
The real problem isn't as much of an exploit so much as it is Facebook's platform for cross-site publishing is basically broken. They allow any site to act as the user with no confirmation other than a click, which as we've seen is easy to get via an invisible iFrame that follows the mouse. Aside from revamping the way they handle "Likes" and other such things on other sites, there's not much they can do to "fix" it.
The scientists behind the study are actually curious about the same thing:
Of course, in the real world, people infected with Ebola might not get the drug within 30 minutes of infection like these monkeys did. So Geisbert is planning another set of experiments.
"Can we go 24 hours or 48 hours or 72 hours before we start treatment?" he wondered. "Can we increase the window and still achieve 100 percent protection?"
Personally, I find this fascinating and I'd be interested to see the results of their next experiments as well.
I'm interested in seeing how the key exchange is handled. After all, you can have a great encryption algorithm but if your implementation sucks, it won't do you any good.
What I'm more curious about is why there hasn't been (AFAIK) an app that uses an asymmetric public-key encryption method. The solution from TFA takes the combination of the users' keys to generate a password, but couldn't you easily have a private key stored on the handset itself and a public key to interface with others? Granted, the hurdle there would be things like losing the phone, getting new hardware, etc, but it's still interesting to think about.
While I've yet to personally see any subdomain hijacking, I have come across 404 pages that have been turned into drive-by-downloads. Otherwise legitimate sites have all of these extra pages created (www.example.com/search_query_here) that actually just point to malware. While most of them are still fairly easy to pick out because the domain is entirely unrelated to the search term, it's still dangerous and could easily catch many unobservant users.
It's almost like common sense! When you purchase a product, you own it and can use it how you wish, with the only restriction being that you can't duplicate it and sell it to someone else. So if I purchase a DVD, I'm free to put that DVD on my laptop if I want to watch the film on a long flight without being considered a criminal. It's so simple and obvious, you have to wonder why it hasn't caught on elsewhere.
I've had terrible experiences with Bank of America being unwilling to refund any money with clearly fraudulent charges. Had to fight for weeks to get any refund, and they were uncooperative the whole way. In the end I wound up switching to PNC and haven't had any problems with their service.
With that said, however, I think it depends entirely on what branch of each bank you're at and what call center you get routed to when trying to go up the corporate ladder. YMMV.
As much as I wish it was that simple, a lot of these huge corporations just threaten to move overseas (more than they are already) rather than pay taxes.
For the most part, I think that's true. However, the article offers the following as the reason for the success of the MPAA in this case:
Fung previously tried to argue that his sites were just another search engine that just happened to pick up copyrighted content, but the studios countered with evidence that his search code was specifically tuned to find copyrighted material.
An honest question from someone who has never been involved in OSS development: how 'different' does a Linux distribution have to be in order to count as a separate branch? Is someone allowed, for example, to take the current release of Solaris, remove anything Oracle may own the rights to (does that include code? just graphics?) and redistribute it? Where is the line drawn, legally, in the OSS community?
First of all you are not part of the target audience. You won't pay, the sheep will.
Fair enough; I agree.
However, the only people I see paying are people who exclusively read these papers online already and have no other source for news, which seems like a pretty small demographic.
Amusingly enough, one of my professors attempted to show a YouTube video on UA Flight 232 not an hour ago. It worked after refreshing the page, however - doesn't seem like it was much of an outage. He did draw a cry of "Fail!" from one overzealous student, though.:)
For example they often used triple redundant computers and if one of them disagreed the other two would vote it off the island and stop listening to it.
Each of the three precogs generates its own report or prediction. The reports of all the precogs are analyzed by a computer and, if these reports differ from one another, the computer identifies the two reports with the greatest overlap and produces a majority report, taking this as the accurate prediction of the future.
By and large, it would seem that Toyota should probably be looking for exceptional conditions rather than typical ones. Correct me if I'm wrong, but if a relatively small number of vehicles have actually exhibited the acceleration issue, it would seem like any bugs related to that would be in conditions that may not occur very often during typical driving. Seems to me that "outlier" cases or unusual methods of testing would be the best way to start; testing with typical driving conditions might not show anything.
Exactly! You can ban laptops if you want, but it isn't going to make students pay attention if they don't feel like it. As long as they aren't distracting other students, I don't see a problem; they're paying to be there and if they want to use a laptop, that's their business.
I wonder if MS has figured out some way to deal with this issue? I wouldn't bet on it.
Why should they, at least from their point of view? Corporate thinking here is just "well, maybe we'll get a few false positives, but gee, we'll have stopped those pirates!" They don't give a damn about catching innocents by mistake if it doesn't impact their bottom line. And it won't, because the average user is just going to phone tech support and deal with the grief and hassle, because they don't see any other option.
Spoiler for the story - since it's basically the ending - but the point in question:
As the Tasso models approach, Hendricks notices the bombs clipped to their belts, and recalls that first Tasso used one to destroy other claws. At his end, Hendricks is vaguely comforted by the thought that the claws are designing, developing, and producing weapons meant for killing other claws.
In that case, I don't expect to see HTML5 support, either, considering YouTube and a few other major video streaming sites are experimenting with it now.
Unless, of course, it already supports HTML5 and I've missed it in the onslaught of coverage. A quick scan of TFAs didn't reveal anything, but if anyone knows differently, please let me know.
As far as I know, you're correct in that those figures aren't specified by law. The really sad part here is that if the video had been 2.1 seconds shorter, she would have been well within the widely-accepted standard for fair use - perhaps she's still legally in the right, but it would have been a whole lot easier to argue if she could use the 30-second/10% guideline to support herself.
Generally, I would say that this still falls under fair use, because she isn't attempting to profit from the song in any way. It's a clip of a baby dancing for thirty seconds; have we really gotten so crazy that we're breaking out the lawyers and gearing up for lawsuits over thirty seconds of a dancing baby?
Computer World quotes an anonymous source "familiar with the situation" as saying:
That's because they apparently were able to access a system used to help Google comply with search warrants by providing data on Google users, said a source familiar with the situation, who spoke on condition of anonymity because he was not authorized to speak with the press. "Right before Christmas, it was, 'Holy s***, this malware is accessing the internal intercept [systems],'" he said.
According to that article, what Google had was an internal system that could pull limited amounts of account information to comply with law enforcement requests, not a backdoor that gave access to the account in question. Also, it appears that the malware/attack in question didn't "subvert the system" so much as it piggybacked onto a computer with access and got in that way.
So while he's right as to the general purpose of the system, he seems to be pretty wrong as far as the scope of the 'backdoor'.
Slashdot Mirror
Back when I was in elementary school, all you did was tell the librarian your name and she'd look you up in the system. I don't recall if there was anything to prevent abuse of the system - they might have asked for a birthday or something. Either way, this just seems unnecessary more than it is concerning.
The real problem isn't as much of an exploit so much as it is Facebook's platform for cross-site publishing is basically broken. They allow any site to act as the user with no confirmation other than a click, which as we've seen is easy to get via an invisible iFrame that follows the mouse. Aside from revamping the way they handle "Likes" and other such things on other sites, there's not much they can do to "fix" it.
Warning: This is a clickjacking attempt, obviously, so copy/paste the URL only if you want to see it for yourself. NoScript blocks it for me.
http://www.mprosperstats.info/bananalike/index.htm?ref=search&sid=dpf-GrMT3GTEEuQTlotyMg.3788977952..1
Of course, in the real world, people infected with Ebola might not get the drug within 30 minutes of infection like these monkeys did. So Geisbert is planning another set of experiments. "Can we go 24 hours or 48 hours or 72 hours before we start treatment?" he wondered. "Can we increase the window and still achieve 100 percent protection?"
Personally, I find this fascinating and I'd be interested to see the results of their next experiments as well.
I'm interested in seeing how the key exchange is handled. After all, you can have a great encryption algorithm but if your implementation sucks, it won't do you any good.
What I'm more curious about is why there hasn't been (AFAIK) an app that uses an asymmetric public-key encryption method. The solution from TFA takes the combination of the users' keys to generate a password, but couldn't you easily have a private key stored on the handset itself and a public key to interface with others? Granted, the hurdle there would be things like losing the phone, getting new hardware, etc, but it's still interesting to think about.
This seems like an implementation of Diffie–Hellman key exchange, which is interesting in its own right.
Because having set, tested plans costs money.
While I've yet to personally see any subdomain hijacking, I have come across 404 pages that have been turned into drive-by-downloads. Otherwise legitimate sites have all of these extra pages created (www.example.com/search_query_here) that actually just point to malware. While most of them are still fairly easy to pick out because the domain is entirely unrelated to the search term, it's still dangerous and could easily catch many unobservant users.
It almost seems too simple, like any moment now we're going to find out about the secret clause authorizing the use of deadly force.
It's almost like common sense! When you purchase a product, you own it and can use it how you wish, with the only restriction being that you can't duplicate it and sell it to someone else. So if I purchase a DVD, I'm free to put that DVD on my laptop if I want to watch the film on a long flight without being considered a criminal. It's so simple and obvious, you have to wonder why it hasn't caught on elsewhere.
I've had terrible experiences with Bank of America being unwilling to refund any money with clearly fraudulent charges. Had to fight for weeks to get any refund, and they were uncooperative the whole way. In the end I wound up switching to PNC and haven't had any problems with their service.
With that said, however, I think it depends entirely on what branch of each bank you're at and what call center you get routed to when trying to go up the corporate ladder. YMMV.
As much as I wish it was that simple, a lot of these huge corporations just threaten to move overseas (more than they are already) rather than pay taxes.
Fung previously tried to argue that his sites were just another search engine that just happened to pick up copyrighted content, but the studios countered with evidence that his search code was specifically tuned to find copyrighted material.
Oh, sorry, I didn't realize "Oracle Solaris" and "OpenSolaris" were referring to two separate products. Mod parent informative. :)
An honest question from someone who has never been involved in OSS development: how 'different' does a Linux distribution have to be in order to count as a separate branch? Is someone allowed, for example, to take the current release of Solaris, remove anything Oracle may own the rights to (does that include code? just graphics?) and redistribute it?
Where is the line drawn, legally, in the OSS community?
First of all you are not part of the target audience. You won't pay, the sheep will.
Fair enough; I agree. However, the only people I see paying are people who exclusively read these papers online already and have no other source for news, which seems like a pretty small demographic.
Unless you consider all of the other sites out there that currently don't charge for their content.
Amusingly enough, one of my professors attempted to show a YouTube video on UA Flight 232 not an hour ago. It worked after refreshing the page, however - doesn't seem like it was much of an outage. He did draw a cry of "Fail!" from one overzealous student, though. :)
For example they often used triple redundant computers and if one of them disagreed the other two would vote it off the island and stop listening to it.
Sounds a little like Minority Report, doesn't it?
Each of the three precogs generates its own report or prediction. The reports of all the precogs are analyzed by a computer and, if these reports differ from one another, the computer identifies the two reports with the greatest overlap and produces a majority report, taking this as the accurate prediction of the future.
By and large, it would seem that Toyota should probably be looking for exceptional conditions rather than typical ones. Correct me if I'm wrong, but if a relatively small number of vehicles have actually exhibited the acceleration issue, it would seem like any bugs related to that would be in conditions that may not occur very often during typical driving. Seems to me that "outlier" cases or unusual methods of testing would be the best way to start; testing with typical driving conditions might not show anything.
Exactly! You can ban laptops if you want, but it isn't going to make students pay attention if they don't feel like it. As long as they aren't distracting other students, I don't see a problem; they're paying to be there and if they want to use a laptop, that's their business.
I wonder if MS has figured out some way to deal with this issue? I wouldn't bet on it.
Why should they, at least from their point of view? Corporate thinking here is just "well, maybe we'll get a few false positives, but gee, we'll have stopped those pirates!" They don't give a damn about catching innocents by mistake if it doesn't impact their bottom line. And it won't, because the average user is just going to phone tech support and deal with the grief and hassle, because they don't see any other option.
I'm not sure why you would want to send your tax papers to the US Patent Office.
Three times the work!
Spoiler for the story - since it's basically the ending - but the point in question:
As the Tasso models approach, Hendricks notices the bombs clipped to their belts, and recalls that first Tasso used one to destroy other claws. At his end, Hendricks is vaguely comforted by the thought that the claws are designing, developing, and producing weapons meant for killing other claws.
In that case, I don't expect to see HTML5 support, either, considering YouTube and a few other major video streaming sites are experimenting with it now.
Unless, of course, it already supports HTML5 and I've missed it in the onslaught of coverage. A quick scan of TFAs didn't reveal anything, but if anyone knows differently, please let me know.
As far as I know, you're correct in that those figures aren't specified by law. The really sad part here is that if the video had been 2.1 seconds shorter, she would have been well within the widely-accepted standard for fair use - perhaps she's still legally in the right, but it would have been a whole lot easier to argue if she could use the 30-second/10% guideline to support herself.
Generally, I would say that this still falls under fair use, because she isn't attempting to profit from the song in any way. It's a clip of a baby dancing for thirty seconds; have we really gotten so crazy that we're breaking out the lawyers and gearing up for lawsuits over thirty seconds of a dancing baby?
Computer World quotes an anonymous source "familiar with the situation" as saying:
That's because they apparently were able to access a system used to help Google comply with search warrants by providing data on Google users, said a source familiar with the situation, who spoke on condition of anonymity because he was not authorized to speak with the press. "Right before Christmas, it was, 'Holy s***, this malware is accessing the internal intercept [systems],'" he said.
According to that article, what Google had was an internal system that could pull limited amounts of account information to comply with law enforcement requests, not a backdoor that gave access to the account in question. Also, it appears that the malware/attack in question didn't "subvert the system" so much as it piggybacked onto a computer with access and got in that way.
So while he's right as to the general purpose of the system, he seems to be pretty wrong as far as the scope of the 'backdoor'.