Could this be the death of the PIN? What's next - biometrics? Will this last only as long as it also cannot be spoofed?
The advantage of a PIN over biometrics is that you can always change your PIN.
Once someone finds out how to fool a biometric scanner into returning your biological data; you're hosed. You can't gouge your own eyes out and replace them with new ones.
Any security system whose keys can't be changed is fatally flawed and should not be used -- ever.
If you can, go to a supermarket or any store nearby that gives you cashback on your debit card. I can buy a pack of gum instead of paying stupid ATM fee AND get cashback with NO risk.
Unfortunately, at the gas station down the block from where I work, there were a series of arrests four or five months ago, breaking up a ring of clerks who were double-swiping cards used for purchases at the counter.
So, no, that's not a "NO risk" way of using your card.
The only real bug was the inability of the system to properly handle running out of file entries (or more specifically, consuming too much RAM as the number of file entries increased). However the software should have never have stressed the filesystem to that degree in the first place.
When you can write an embedded operating system that can gracefully and automatically recover from every possible thing that might ever go wrong, perhaps you should send your resume to NASA.
Ok, I'll bite. How about the USS Yorktown shutdown in 1997. A Windows NT bug crashed their engine control system
From the article:
The Yorktown's Standard Monitoring Control System administrator entered zero into the data field for the Remote Data Base Manager program. That caused the database to overflow and crash all LAN consoles and miniature remote terminal units, the memo said.
That's not a Windows NT bug, that's an application bug. Blaming Windows for that makes just as much sense as blaming Ford for drunk drivers.
Told my boss it'd probably take a week. Instead it took me 15 minutes.
So how'd you waste the rest of the week?
Re:Who decides this stuff anyway?
on
WB Cancels Angel
·
· Score: 1
They take a decent show with a devoted following off the air
This is why everyone who cares about what they watch should own a TiVo -- because of the anonymous aggregate viewing data they collect. You may not be able to be counted by the Neilsen rating system unless you happen to get one of their viewing journals; but with a TiVo, your "vote" is always counted.
The diamond industry (mining, cutting, and selling) is quite large. Is it possible they can convince governments to regulate the man-made ones, and have them somehow marked to allow people to note the difference? It may seem a bit out-there, but there's a lot of money at stake for a lot of people.
You can bet that DeBeers will fight until the bitter end to preserve their diamond monopoly.
All I have to say is: ever tried cracking OpenPGP encryption?
Give me the key I'd need to decrypt it for use (for example, to play that DRM-enabled file), and I wouldn't have any problem "cracking" it. The key is the secret, whoever has the key has full access.... in order for a media player to play a file, it has to decrypt it, which means it needs the key. If it's an open media player, that means the key is available to everyone, which makes it not a very good secret.
So they fill the niche because opensource has only been against it instead of offering their alternative. If opensource, etc doesn't want to be completely squeezed out of this market they need to offer an alternative.
DRM relies on a secret within the code that protects the content being played. There are no secrets in Open Source software. There's no enforcement of "rights" when anyone can just modify the player to do whatever they want it to do in the first place.
As a counterpoint, however, consider how many web servers run Linux and Apache versus how many run Windows and IIS. Then consider how many worms and security holes there are for those respective platforms.
That's comparing apples and oranges. Consider how much IIS does compared to how much Apache does:
Apache is a web server. That's all.
IIS is a web server, an FTP server, a name server, a network printer server, a document sharing server, and many, many other things.
If you were to take Apache, wuftpd, BIND, and all the other most popular open source software packages to build a comparable set of services, you'd find just as many, if not more security vulnerabilities compared to IIS.
In fact, very few IIS security vulnerabilities have had to do with it's standard web server functionality -- the most notable that did was a ".." directory escaping vulnerability, and Apache's had its own share of those too.
Are the Tivo watching habits really worth anything. Right now, as I sit here at work typing this message, my Tivo is on. It has no idea if the power to the TV is on or off though. It THINKS the digital cable box is on channel X, but I could have turned it or the TV off, or changed the digital box with a different remote. Does Tivo try to guess if I'm really watching the show on channel X right now by seeing how long it's been since I changed the channel/paused/used rewind/etc? I'm sure there are times when I spend several hours on a single channel and don't press any Tivo remote buttons.
That's why it's aggregate data. While your data might be skewed because you haven't hit a single button on your remote in a while, or you changed the channel on your cable box manually, most people don't do that, so you'll fall on the outer edges of the statistics.
Why use it to login? Why use it to lock the computer? ctrl-alt-del is hard to type, hard to mistype, so why insist that it be used by novice and expert, making both familiar with this?
It's the entry into what's called the Trusted Path. By having a keystroke that there's no API or possible way for an application to intercept, you can be sure that after hitting it, you're talking to the OS itself, so you can safely enter your username and password and be sure you're not giving it to some trojan horse designed to look like a login box.
NT isn't the first operating system to implement the concept of a Trusted Path, but its certainly the most popular -- and arguably, a Trusted Path is a requirement for a secure computer system. (You can configure Linux to use Ctrl-Alt-Del as an entry to a Trusted Path -- see/etc/inittab)
With that, can anyone give a good reason to keep CTRL-ALT-DEL around for any function except as an old-time legacy habit for DOS/Windows users? Is there a technical reason why that combo is more valuable? I can't think of one...
It's difficult to hit by accident, and it's the only key combination that existing Windows applications are guaranteed not to try to map a function to.
On MIPS and Alpha, the latter is a lesser reason since there were no legacy Windows apps on those platforms, but it IS still a reason since Microsoft was hoping that Windows developers would port their apps freely between the platforms.
The former is an important reason as well. It should be difficult, or impossible to hit the key chord to enter the OS's Trusted Path by accident -- and it should be a key combination that's difficult to mistype as well.
Ctrl-Alt-Del fulfills that purpose. Possibly the deciding reason was that there was no real reason to use anything else. It wasn't a "big read flag that Microsoft didn't get it" unless you can come up with some compelling reason not to use Ctrl-Alt-Del in favor of some other, less-arbitrary key chord that might have been more appropriate and not already with its own meaning across all the platforms NT supported.
If Congress and the President were 'doing their best' and temporarily doing a power grab to defend us poor Americans from the evil terrorist infidels, then why didn't they include a sundown measure in the act where by it would expire after x,y,z number of years?
They did. It expires next year. It was part of Bush's State of the Union address..... "next year the Patriot Act will expire," and during his dramatic pause, the democrats erupted into unexpected applause, delaying him before he could continue the sentence, "we need to renew it to ensure America stays safe".
That it happens to use the superior RAR format makes the decision easy for me.
See how "superior" the RAR format is when you want to extract a single file from the end of a 5 GB archive file.
ZIP is O(1) -- you can extract that file almost instantly, no matter where in the physical file it resides. RAR is O(n), where n is number of bytes in the archive before the target file -- be prepared for a long wait to get to that file.
I don't think we will be able to go after that, due to the moral aspects of interfering with another life-forms destiny. Even if its bacteria.
Yet we're perfectly content pretty much entirely enslaving certain species, like cows and chickens, here on Earth?
The Prime Directive makes compelling science fiction, but the real humanity, as a race, has no real problem with destroying something precious to further itself.
When the developers finally realize that over 20% of visitors can't navigate their site
I think you added an extra 0 that doesn't belong in that percentage value of people who don't use IE.
As popular as Mozilla, Firebird, Opera, Konqueror, and whatever other browsers are popular here on Slashdot, all of them combined are but a mere speck on the overall landscape.... Konqueror less so than others since Apple adopted it.
A monumentally final chapter in the ACiD artpack legacy is upon us as we rapidly approach the release our landmark 100th ACiD Acquisition Update. It's not for me to say what happens afterwards, but this will be *my* final release with ACiD.
Slashdot Mirror
Could this be the death of the PIN? What's next - biometrics? Will this last only as long as it also cannot be spoofed?
The advantage of a PIN over biometrics is that you can always change your PIN.
Once someone finds out how to fool a biometric scanner into returning your biological data; you're hosed. You can't gouge your own eyes out and replace them with new ones.
Any security system whose keys can't be changed is fatally flawed and should not be used -- ever.
If you can, go to a supermarket or any store nearby that gives you cashback on your debit card. I can buy a pack of gum instead of paying stupid ATM fee AND get cashback with NO risk.
Unfortunately, at the gas station down the block from where I work, there were a series of arrests four or five months ago, breaking up a ring of clerks who were double-swiping cards used for purchases at the counter.
So, no, that's not a "NO risk" way of using your card.
The only real bug was the inability of the system to properly handle running out of file entries (or more specifically, consuming too much RAM as the number of file entries increased). However the software should have never have stressed the filesystem to that degree in the first place.
When you can write an embedded operating system that can gracefully and automatically recover from every possible thing that might ever go wrong, perhaps you should send your resume to NASA.
Ok, I'll bite. How about the USS Yorktown shutdown in 1997. A Windows NT bug crashed their engine control system
From the article:
The Yorktown's Standard Monitoring Control System administrator entered zero into the data field for the Remote Data Base Manager program. That caused the database to overflow and crash all LAN consoles and miniature remote terminal units, the memo said.
That's not a Windows NT bug, that's an application bug. Blaming Windows for that makes just as much sense as blaming Ford for drunk drivers.
Told my boss it'd probably take a week. Instead it took me 15 minutes.
So how'd you waste the rest of the week?
They take a decent show with a devoted following off the air
This is why everyone who cares about what they watch should own a TiVo -- because of the anonymous aggregate viewing data they collect. You may not be able to be counted by the Neilsen rating system unless you happen to get one of their viewing journals; but with a TiVo, your "vote" is always counted.
The diamond industry (mining, cutting, and selling) is quite large. Is it possible they can convince governments to regulate the man-made ones, and have them somehow marked to allow people to note the difference? It may seem a bit out-there, but there's a lot of money at stake for a lot of people.
You can bet that DeBeers will fight until the bitter end to preserve their diamond monopoly.
Let's hope they lose.
All I have to say is: ever tried cracking OpenPGP encryption?
Give me the key I'd need to decrypt it for use (for example, to play that DRM-enabled file), and I wouldn't have any problem "cracking" it. The key is the secret, whoever has the key has full access.... in order for a media player to play a file, it has to decrypt it, which means it needs the key. If it's an open media player, that means the key is available to everyone, which makes it not a very good secret.
The Winsock API is included in the leaked source that's something fantastic hahaha.
Even better, all of the rendering engine and interface code for Internet Explorer is in the leaked source.
What is this:
m ak efile
win2k/private/inet/urlmon/iapp/gnumakefile
win2k/private/inet/urlmon/mon/gnumakefile
win2k/private/inet/xml/xml/tokenizer/parser/gnu
What about it? It's not a violation of the GPL for them to use GNU Make to build commercial software.
Drive an old-style swing needle meter.
Now that's a CPU load meter I'd like to have.
So they fill the niche because opensource has only been against it instead of offering their alternative. If opensource, etc doesn't want to be completely squeezed out of this market they need to offer an alternative.
DRM relies on a secret within the code that protects the content being played. There are no secrets in Open Source software. There's no enforcement of "rights" when anyone can just modify the player to do whatever they want it to do in the first place.
Parodies are usually funny, which our legal system is not.
:(
Nor is it very functional.
As a counterpoint, however, consider how many web servers run Linux and Apache versus how many run Windows and IIS. Then consider how many worms and security holes there are for those respective platforms.
That's comparing apples and oranges. Consider how much IIS does compared to how much Apache does:
Apache is a web server. That's all.
IIS is a web server, an FTP server, a name server, a network printer server, a document sharing server, and many, many other things.
If you were to take Apache, wuftpd, BIND, and all the other most popular open source software packages to build a comparable set of services, you'd find just as many, if not more security vulnerabilities compared to IIS.
In fact, very few IIS security vulnerabilities have had to do with it's standard web server functionality -- the most notable that did was a ".." directory escaping vulnerability, and Apache's had its own share of those too.
Are the Tivo watching habits really worth anything. Right now, as I sit here at work typing this message, my Tivo is on. It has no idea if the power to the TV is on or off though. It THINKS the digital cable box is on channel X, but I could have turned it or the TV off, or changed the digital box with a different remote. Does Tivo try to guess if I'm really watching the show on channel X right now by seeing how long it's been since I changed the channel/paused/used rewind/etc? I'm sure there are times when I spend several hours on a single channel and don't press any Tivo remote buttons.
That's why it's aggregate data. While your data might be skewed because you haven't hit a single button on your remote in a while, or you changed the channel on your cable box manually, most people don't do that, so you'll fall on the outer edges of the statistics.
Why use it to login? Why use it to lock the computer? ctrl-alt-del is hard to type, hard to mistype, so why insist that it be used by novice and expert, making both familiar with this?
/etc/inittab)
It's the entry into what's called the Trusted Path. By having a keystroke that there's no API or possible way for an application to intercept, you can be sure that after hitting it, you're talking to the OS itself, so you can safely enter your username and password and be sure you're not giving it to some trojan horse designed to look like a login box.
NT isn't the first operating system to implement the concept of a Trusted Path, but its certainly the most popular -- and arguably, a Trusted Path is a requirement for a secure computer system. (You can configure Linux to use Ctrl-Alt-Del as an entry to a Trusted Path -- see
With that, can anyone give a good reason to keep CTRL-ALT-DEL around for any function except as an old-time legacy habit for DOS/Windows users? Is there a technical reason why that combo is more valuable? I can't think of one...
It's difficult to hit by accident, and it's the only key combination that existing Windows applications are guaranteed not to try to map a function to.
On MIPS and Alpha, the latter is a lesser reason since there were no legacy Windows apps on those platforms, but it IS still a reason since Microsoft was hoping that Windows developers would port their apps freely between the platforms.
The former is an important reason as well. It should be difficult, or impossible to hit the key chord to enter the OS's Trusted Path by accident -- and it should be a key combination that's difficult to mis type as well.
Ctrl-Alt-Del fulfills that purpose. Possibly the deciding reason was that there was no real reason to use anything else. It wasn't a "big read flag that Microsoft didn't get it" unless you can come up with some compelling reason not to use Ctrl-Alt-Del in favor of some other, less-arbitrary key chord that might have been more appropriate and not already with its own meaning across all the platforms NT supported.
If Congress and the President were 'doing their best' and temporarily doing a power grab to defend us poor Americans from the evil terrorist infidels, then why didn't they include a sundown measure in the act where by it would expire after x,y,z number of years?
They did. It expires next year. It was part of Bush's State of the Union address..... "next year the Patriot Act will expire," and during his dramatic pause, the democrats erupted into unexpected applause, delaying him before he could continue the sentence, "we need to renew it to ensure America stays safe".
That it happens to use the superior RAR format makes the decision easy for me.
See how "superior" the RAR format is when you want to extract a single file from the end of a 5 GB archive file.
ZIP is O(1) -- you can extract that file almost instantly, no matter where in the physical file it resides. RAR is O(n), where n is number of bytes in the archive before the target file -- be prepared for a long wait to get to that file.
I don't think we will be able to go after that, due to the moral aspects of interfering with another life-forms destiny. Even if its bacteria.
Yet we're perfectly content pretty much entirely enslaving certain species, like cows and chickens, here on Earth?
The Prime Directive makes compelling science fiction, but the real humanity, as a race, has no real problem with destroying something precious to further itself.
When the developers finally realize that over 20% of visitors can't navigate their site
I think you added an extra 0 that doesn't belong in that percentage value of people who don't use IE.
As popular as Mozilla, Firebird, Opera, Konqueror, and whatever other browsers are popular here on Slashdot, all of them combined are but a mere speck on the overall landscape.... Konqueror less so than others since Apple adopted it.
According to the site:
A monumentally final chapter in the ACiD artpack legacy is upon us as we rapidly approach the release our landmark 100th ACiD Acquisition Update. It's not for me to say what happens afterwards, but this will be *my* final release with ACiD.
(Emphasis mine)
It's not the end of ACiD at all.
this represents the first leap beyond what the ordinary person could ever hope to use
Write this comment down, then look at it again in 10 years. You'll find you're quite wrong.
meaning their fortuitous ccTLD could go the way of .su
.nu TLD?
1500 people have had their homes and their community destroyed and the tragedy is that we might lose the
Basically, I just watch less of NBC now
Any network that would deliberatly go out of their way just to screw up my recording setup is one that I won't watch.
Remove your local NBC affiliate from your TiVo's "Channels I Receive" list and you won't even get screwed by them with TiVo Suggestions.