Re:Gosh, Github.com runs Linux: Isn't it 'secure'?
on
GitHub Hacked
·
· Score: 0
Whoa, whoa, someone really goes on a tangent there! You're saying that if there's for example a security vulnerability in e.g. Spotify I can just go around saying it just proves how insecure whole Windows is?
No, this isn't a security vulnerability in Linux, this was a vulnerability on Github's Ruby on rails - installation, nothing more. Ruby on rails is useable on multiple platforms, too, so this would have been just as big a security issue if they ran it on Windows.
The thing here in Finland is that usually the upload/download speed is limited, not the amount of data you can use. E.g. I'm Saunalahti-customer and they offer this mobile broadband-thing in various "sizes." The smallest one, the Mini, costs 4.99€ a month, has absolutely no throttling or data cap, but the speed is limited to 512KB/s. I think such pricing works great and there is absolutely no worries of going over the cap. Oh, and before someone asks: no, you're not required to sign a 2-year contract or anything, you can end the contract whenever you wish.
That said I have full package myself; no caps, no throttling, and I can upload/download at full available speed. It still costs only 15€ a month, so it's still tens of times better than anything those poor Amercans are gettin'!
This thing could very likely be used for the purposes of doing a complete patent and copyright system reform in small steps. I personally do not seek to completely abolish either, but I wish to bring both of them down to a maximum of 10 years so that people who patent stuff will actually have to also start utilizing their patents and not just hoard them, and copyrights won't keep on benefiting the creator for several lifetimes without them having to do any work ever again.
Do we have any Finns around here on/. that agree? I'm just curious.
even Gaybuntu isn't doing that since they already had the Mauve Mare.
I am deeply disturbed to know that there has actually been something called 'Gaybuntu' for real o_o I have no issue with sexual minorities as I belong in them myself, too, but... that's like a hipster vegetarian only eating non-green products just so she can claim to be minority in a minority.
I wrote a somewhat lengthy Google+ post as I gave Win8 CP a quick run and, well, it was not pleasant. To summarize my feelings: it might work on a mobile device, but on desktop it's ugly, unwieldy, doesn't work well for mouse+keyboard and will be a pain in the arse to look at on a regular-sized screen. Two of the things that will most likely drive people nuts on desktops is how everything, absolutely everything, is spaced out so god damn wide that 50% of the available space is wasted, and that everything has a sidescrolling bar at the bottom; you cannot just drag the screen around to scroll, you must either move your hand around to Page Up/Down every time or slug your mouse to the bottom, drag the bar, and then back to whatever you were doing. It's feels very inefficient.
"That either does not parse into English or the commenter is really so fucking stupid he doesn't know the difference between apostrophe-s and no apostrophe-s. I'm voting for the latter."
I personally use Google+ quite a lot, I find it a lot more useable than Facebook. I only use Facebook for checking what useless crap the people I know have decided to share this time, whereas on Google+ I post stuff I find worth sharing or mentioning publicly. On Facebook I post perhaps once or twice a month, I simply have nothing to say there.
As for people spending less time on Google+ than on Facebook.... well, perhaps the simple reason is that Google+ doesn't push all these useless games and apps on the users and thus caters to entirely different kind of audience? Of course the people who play those crap Facebook games and use all the mindless "Check your daily horoscope!" apps will spend more time on the site than people who only go to Google+ to write a small post or update their details, you don't need to be a brain surgeon to figure that out. But tbh, I prefer it that way. Using the metric of "who spends how much time and where" does not correlate with quality of said service, and that's the whole damn point here.
declaring that "homosexuality makes God want to vomit" and is "a paramount sin."
I've never understood those kinds of people. It's been proven over and over again that homosexuality is perfectly normal among animals, yet when people do it it's suddenly unnatural? Something that happens all the time in the nature is unnatural, but then boxes with moving pictures, metal monstrosities weighing several tonnes and churning out toxic gases and so on are somehow much more natural and acceptable? How the f*ck can e.g. a mobile phone be more natural than having sex with someone?
For me, the real question is fundamental. Why, in the modern "free" world does being outed as a homosexual cause one to prefer suicide rather than live with the shame? As a society, would it not be better to address such a fundamental social problem than to simply treat the symptoms?
That there IS exactly the issue, mate. If you belong in any sexual minority you are constantly bombarded with how "wrong" it is, how "unnatural" it is, how you're a horrible person and so on and so forth. Hell, it is even worse for guys! Not to mention the stage in your life where you still haven't quite figured out who you are and how you wanna be and you're exploring that; you're already in a rather insecure situation, but this kind of stuff can really push you over.
There was this nationwide campaign by Christian church that targeted homosexual teenagers, claiming all kinds of things and going around with the motto "You can be cured!"..Well, that sh*t sent loads of kids into therapy and suicide, all because teenagers are still trying to find their place in the world and then there comes such a large body of people telling you you're a twisted, worthless human being unless you do as they tell you. That right there is your "fundamental social problem", sh*t like that being pulled. The church got enormous amounts of flak for that and they lost government funding, too, but that's already too late, the damage is done.
The problem is that this means any app that wants to access any data needs to ask for permission to do so. I don't see how prompting users for permission for every app that wants permission will help.
Opening standard operating system - provided File Open/Save dialog is in most cases more than enough; the application wouldn't be told the actual path to the file or allowed to get directory listing, but would be able to read and write the file selected in the dialog. There are exceptions, yes, but again that is nothing that couldn't be solved.
On windows, notepad can save a file as foo.exe, and you have an executable.
That's a rather bad example. Go ahead, open some executable file in notepad and save it, then try to run it, what do you get? Yes, that's right, it's totally corrupt. I do actually get your point, but notepad cannot do what you claim.
Very few programs actually need the capability to generate executables (the compiler, and the application installer, for instance). Allowing any and all programs to make executables along with regular file access means that any executable can be compromised into dropping malware onto your system.
How would the system know what the application is writing to a file unless it first allows the application to write to said file? Executables are not some sort of magic thingies, they're just binary data, and if you allow an application to write binary data then you are also allowing that application to write out executable code. There is no way for the operating system to know every possible type of binary file and that's that, what you suggest isn't possible. If you only mean that applications shouldn't be allowed to name their files "*.exe" then yes, that would certainly be possible, but that wouldn't solve the problem. Especially on non-Windows platforms where filename doesn't determine whether or not a file is executable.
This means, for example, that a program run by an administrator can write files virtually anywhere.
Well, indeed, that is the whole reason why administrator accounts exist: they're there so that administrators can do whatever they want!
To install an application means that you must trust the installation program because it can put anything anywhere.
A capability model could restrict a program to its install directory (c:\Program files\) and forbid access to system directories. This would prevent malware from being installed alongside good programs, and removing malware would be much easier (just delete the application install directory).
The real issue isn't where malware can install itself in, the real issue is what files it can read; OS can always be reinstalled should things go totally haywire, but user's personal files cannot. And yes, granular access control -- both reads and writes, like e.g. applications shouldn't just be able to even get a directory listing on the user's files unless the user specifically allows for that -- should be an integral part of any modern OS, too bad it isn't. It isn't a new idea, though, I've seen such mentioned already a decade ago and I'm sure such an idea has existed even longer, I just haven't been aware of it.
It sounds like we've finally come up with modern security models. This should make everyone safer, and perhaps completely eliminate malware.
Please, God, no. The problem is that people use way, WAY too many antibiotics already and they're used even for such things as common cold! And hell, common cold is a virus infection, antibiotics do not kill viruses so it's not only completely useless, it literally ENCOURAGES the growth of antibiotic-resistant bacteria.
We need less antibiotics, we need doctors who do not prescribe antibiotics as a cure-all solution and we need people to understand why it is such a bad idea to just pump more and more of those in yourself, all those around you, and even animals! Since you seem to have excess money use it to instead educate doctors -- and yourself, mate! -- about the dangers of overusing antibiotics.
I suffer from interrupted sleep on a daily basis, I always have. Even as a child I couldn't sleep a full night and as I get older it just gets worse. I just seem to wake up without any good reason and then I can't get back to sleep anymore and it is not related to apnea, I do not suffer from that. These days I know quite well when I am still sleepy enough to get back to sleep and when I am not, and if I am not sleepy enough I just straight up go and start doing something. Often it takes me anything between 3-6 hours before I feel sleepy again and that makes it quite hard to schedule anything for the next day.
I feel it is natural like this, I feel sleeping the whole night straight is unnatural. However I still wish I could do that as the modern society suits people like me terribly poorly.
It seems that people living in areas where -30C is common are rather good at dealing with the challenges of gasoline/diesel engines at those temperatures.
Gasoline doesn't freeze at -30C, but diesel does start to get clumpy. The real problem at -30C is still the battery; if the battery goes cold the engine cannot charge it before it warms up, and if you start driving and the battery doesn't warm up fast enough your car will suddenly run out of power and shut down. I've seen plenty of such cases this winter, there's not much you can do at that point other than tow the car somewhere and take the battery inside somewhere warm, then recharge it.
As someone mentioned here we use block heaters when the temperature drops enough, but sometimes even that does not seem to be enough. I, too, had my car connected for several hours before I was to leave and still the battery went empty. As such an electric car would have to have pretty good heating systems here and proper thermometers inside both the battery pack and the engine to make sure they don't go cold. At this point however I personally would not trust a fully-electric car at these temperatures at all.
I did say someone would sooner or later notice that, atleast if the application was actually used by more than 10 people -- something that I actually doubt.
Not mentioning the data collection anywhere would be illegal, so even if no one could link them to the TPB one they could still prove it is collecting data. And that would cost them a lot more than lost sales.
If they however did mention that it does data collection someone would sooner or later notice that and replace it with the commercial version, and then the situation would be just as it is already.
1) What would the program actually collect about users? 2) What would you do with the data? 3) Would you do that without informing the users of this or not?
You see, whether or not that is even LEGAL in the first place depends on the answers of yours.
You're confusing things. Lightsquared wants to use a different band than other existing ones, that's the issue here. No LTE implementation in Europe uses the band Lightsquared wishes to use.
That would only work if they could prove the documents were indeed forgeries and that the commenters knew about them being forgeries. Neither of which applies in this case, so no libellous conduct - defense for them. In short, there is nothing they can do about this, they're just pushing out lots of hot air right now.
Doesn't DLNA pretty much obsolete that? DLNA seems to be built into all my devices (tv, xbox, squeezebox) and Windows by default now, and works just fine.
DLNA is not fine and does not work fine. It is a very broken, short-sighted media streaming protocol, lacking in any modern features, and should be replaced as soon as possible.
1) First of all, it streams the whole file, not only relevant portions of the file. For files with multiple streams in them this wastes network bandwidth, especially for files with lots of such streams. This also hampers DLNA-usage on mobile devices.
2) It does not support metadata. Metadata is only available if it's inside the file that is being streamed, and even then it's up to the client to handle metadata.
3) In relation to the above, it does not handle multiple-files-per-item situations.
4) It relies on clients to understand container formats, instead of the server itself reading the container and only sending the relevant streams inside it to clients -> lots of incompatibility issues.
Etc. etc. I've written a lengthy post before about the various shortcomings of DLNA and I am hoping it'll some day in the future be replaced. Unfortunately, it doesn't seem likely.
Slashdot Mirror
Whoa, whoa, someone really goes on a tangent there! You're saying that if there's for example a security vulnerability in e.g. Spotify I can just go around saying it just proves how insecure whole Windows is?
No, this isn't a security vulnerability in Linux, this was a vulnerability on Github's Ruby on rails - installation, nothing more. Ruby on rails is useable on multiple platforms, too, so this would have been just as big a security issue if they ran it on Windows.
Geesh, you ACs and your ignorant comments..
That's not unlimited then.
The thing here in Finland is that usually the upload/download speed is limited, not the amount of data you can use. E.g. I'm Saunalahti-customer and they offer this mobile broadband-thing in various "sizes." The smallest one, the Mini, costs 4.99€ a month, has absolutely no throttling or data cap, but the speed is limited to 512KB/s. I think such pricing works great and there is absolutely no worries of going over the cap. Oh, and before someone asks: no, you're not required to sign a 2-year contract or anything, you can end the contract whenever you wish.
That said I have full package myself; no caps, no throttling, and I can upload/download at full available speed. It still costs only 15€ a month, so it's still tens of times better than anything those poor Amercans are gettin'!
This thing could very likely be used for the purposes of doing a complete patent and copyright system reform in small steps. I personally do not seek to completely abolish either, but I wish to bring both of them down to a maximum of 10 years so that people who patent stuff will actually have to also start utilizing their patents and not just hoard them, and copyrights won't keep on benefiting the creator for several lifetimes without them having to do any work ever again.
Do we have any Finns around here on /. that agree? I'm just curious.
even Gaybuntu isn't doing that since they already had the Mauve Mare.
I am deeply disturbed to know that there has actually been something called 'Gaybuntu' for real o_o I have no issue with sexual minorities as I belong in them myself, too, but... that's like a hipster vegetarian only eating non-green products just so she can claim to be minority in a minority.
I wrote a somewhat lengthy Google+ post as I gave Win8 CP a quick run and, well, it was not pleasant. To summarize my feelings: it might work on a mobile device, but on desktop it's ugly, unwieldy, doesn't work well for mouse+keyboard and will be a pain in the arse to look at on a regular-sized screen. Two of the things that will most likely drive people nuts on desktops is how everything, absolutely everything, is spaced out so god damn wide that 50% of the available space is wasted, and that everything has a sidescrolling bar at the bottom; you cannot just drag the screen around to scroll, you must either move your hand around to Page Up/Down every time or slug your mouse to the bottom, drag the bar, and then back to whatever you were doing. It's feels very inefficient.
The whole post with screenshots is at https://plus.google.com/111441130100170983404/posts/RrRxzm7dYoD should someone feel interested. I doubt I am saying anything that hasn't already been said, though.
I really, really, REALLY hope the person who did that was drunk, high and totally, completely blind!
that's either does not parse into English
"That either does not parse into English or the commenter is really so fucking stupid he doesn't know the difference between apostrophe-s and no apostrophe-s. I'm voting for the latter."
I personally use Google+ quite a lot, I find it a lot more useable than Facebook. I only use Facebook for checking what useless crap the people I know have decided to share this time, whereas on Google+ I post stuff I find worth sharing or mentioning publicly. On Facebook I post perhaps once or twice a month, I simply have nothing to say there.
As for people spending less time on Google+ than on Facebook.... well, perhaps the simple reason is that Google+ doesn't push all these useless games and apps on the users and thus caters to entirely different kind of audience? Of course the people who play those crap Facebook games and use all the mindless "Check your daily horoscope!" apps will spend more time on the site than people who only go to Google+ to write a small post or update their details, you don't need to be a brain surgeon to figure that out. But tbh, I prefer it that way. Using the metric of "who spends how much time and where" does not correlate with quality of said service, and that's the whole damn point here.
declaring that "homosexuality makes God want to vomit" and is "a paramount sin."
I've never understood those kinds of people. It's been proven over and over again that homosexuality is perfectly normal among animals, yet when people do it it's suddenly unnatural? Something that happens all the time in the nature is unnatural, but then boxes with moving pictures, metal monstrosities weighing several tonnes and churning out toxic gases and so on are somehow much more natural and acceptable? How the f*ck can e.g. a mobile phone be more natural than having sex with someone?
For me, the real question is fundamental. Why, in the modern "free" world does being outed as a homosexual cause one to prefer suicide rather than live with the shame?
As a society, would it not be better to address such a fundamental social problem than to simply treat the symptoms?
That there IS exactly the issue, mate. If you belong in any sexual minority you are constantly bombarded with how "wrong" it is, how "unnatural" it is, how you're a horrible person and so on and so forth. Hell, it is even worse for guys! Not to mention the stage in your life where you still haven't quite figured out who you are and how you wanna be and you're exploring that; you're already in a rather insecure situation, but this kind of stuff can really push you over.
There was this nationwide campaign by Christian church that targeted homosexual teenagers, claiming all kinds of things and going around with the motto "You can be cured!"..Well, that sh*t sent loads of kids into therapy and suicide, all because teenagers are still trying to find their place in the world and then there comes such a large body of people telling you you're a twisted, worthless human being unless you do as they tell you. That right there is your "fundamental social problem", sh*t like that being pulled. The church got enormous amounts of flak for that and they lost government funding, too, but that's already too late, the damage is done.
The problem is that this means any app that wants to access any data needs to ask for permission to do so. I don't see how prompting users for permission for every app that wants permission will help.
Opening standard operating system - provided File Open/Save dialog is in most cases more than enough; the application wouldn't be told the actual path to the file or allowed to get directory listing, but would be able to read and write the file selected in the dialog. There are exceptions, yes, but again that is nothing that couldn't be solved.
On windows, notepad can save a file as foo.exe, and you have an executable.
That's a rather bad example. Go ahead, open some executable file in notepad and save it, then try to run it, what do you get? Yes, that's right, it's totally corrupt. I do actually get your point, but notepad cannot do what you claim.
Very few programs actually need the capability to generate executables (the compiler, and the application installer, for instance). Allowing any and all programs to make executables along with regular file access means that any executable can be compromised into dropping malware onto your system.
How would the system know what the application is writing to a file unless it first allows the application to write to said file? Executables are not some sort of magic thingies, they're just binary data, and if you allow an application to write binary data then you are also allowing that application to write out executable code. There is no way for the operating system to know every possible type of binary file and that's that, what you suggest isn't possible. If you only mean that applications shouldn't be allowed to name their files "*.exe" then yes, that would certainly be possible, but that wouldn't solve the problem. Especially on non-Windows platforms where filename doesn't determine whether or not a file is executable.
This means, for example, that a program run by an administrator can write files virtually anywhere.
Well, indeed, that is the whole reason why administrator accounts exist: they're there so that administrators can do whatever they want!
To install an application means that you must trust the installation program because it can put anything anywhere.
A capability model could restrict a program to its install directory (c:\Program files\) and forbid access to system directories. This would prevent malware from being installed alongside good programs, and removing malware would be much easier (just delete the application install directory).
The real issue isn't where malware can install itself in, the real issue is what files it can read; OS can always be reinstalled should things go totally haywire, but user's personal files cannot. And yes, granular access control -- both reads and writes, like e.g. applications shouldn't just be able to even get a directory listing on the user's files unless the user specifically allows for that -- should be an integral part of any modern OS, too bad it isn't. It isn't a new idea, though, I've seen such mentioned already a decade ago and I'm sure such an idea has existed even longer, I just haven't been aware of it.
It sounds like we've finally come up with modern security models. This should make everyone safer, and perhaps completely eliminate malware.
Not even by a long shot.
Please, God, no. The problem is that people use way, WAY too many antibiotics already and they're used even for such things as common cold! And hell, common cold is a virus infection, antibiotics do not kill viruses so it's not only completely useless, it literally ENCOURAGES the growth of antibiotic-resistant bacteria.
We need less antibiotics, we need doctors who do not prescribe antibiotics as a cure-all solution and we need people to understand why it is such a bad idea to just pump more and more of those in yourself, all those around you, and even animals! Since you seem to have excess money use it to instead educate doctors -- and yourself, mate! -- about the dangers of overusing antibiotics.
You are wrong. One's Slashdot UID is the sole determiner of technical proficiency, age, penis size, and validity of opinion, .
I have still trouble deciding whether one's UID correlates with such qualities in reverse or not.
I suffer from interrupted sleep on a daily basis, I always have. Even as a child I couldn't sleep a full night and as I get older it just gets worse. I just seem to wake up without any good reason and then I can't get back to sleep anymore and it is not related to apnea, I do not suffer from that. These days I know quite well when I am still sleepy enough to get back to sleep and when I am not, and if I am not sleepy enough I just straight up go and start doing something. Often it takes me anything between 3-6 hours before I feel sleepy again and that makes it quite hard to schedule anything for the next day.
I feel it is natural like this, I feel sleeping the whole night straight is unnatural. However I still wish I could do that as the modern society suits people like me terribly poorly.
It seems that people living in areas where -30C is common are rather good at dealing with the challenges of gasoline/diesel engines at those temperatures.
Gasoline doesn't freeze at -30C, but diesel does start to get clumpy. The real problem at -30C is still the battery; if the battery goes cold the engine cannot charge it before it warms up, and if you start driving and the battery doesn't warm up fast enough your car will suddenly run out of power and shut down. I've seen plenty of such cases this winter, there's not much you can do at that point other than tow the car somewhere and take the battery inside somewhere warm, then recharge it.
As someone mentioned here we use block heaters when the temperature drops enough, but sometimes even that does not seem to be enough. I, too, had my car connected for several hours before I was to leave and still the battery went empty. As such an electric car would have to have pretty good heating systems here and proper thermometers inside both the battery pack and the engine to make sure they don't go cold. At this point however I personally would not trust a fully-electric car at these temperatures at all.
Electrolyte of Li-ion battery completely freezes somewhere around -30C.
That makes them extremely unwieldy here in Finland as -30C is quite common.
Mine has a completely different problem: it doesn't have a 300HP engine.
I did say someone would sooner or later notice that, atleast if the application was actually used by more than 10 people -- something that I actually doubt.
Not mentioning the data collection anywhere would be illegal, so even if no one could link them to the TPB one they could still prove it is collecting data. And that would cost them a lot more than lost sales.
If they however did mention that it does data collection someone would sooner or later notice that and replace it with the commercial version, and then the situation would be just as it is already.
Please do clarify as to:
1) What would the program actually collect about users?
2) What would you do with the data?
3) Would you do that without informing the users of this or not?
You see, whether or not that is even LEGAL in the first place depends on the answers of yours.
You're confusing things. Lightsquared wants to use a different band than other existing ones, that's the issue here. No LTE implementation in Europe uses the band Lightsquared wishes to use.
I guess you could try to claim libellous conduct
That would only work if they could prove the documents were indeed forgeries and that the commenters knew about them being forgeries. Neither of which applies in this case, so no libellous conduct - defense for them. In short, there is nothing they can do about this, they're just pushing out lots of hot air right now.
Doesn't DLNA pretty much obsolete that? DLNA seems to be built into all my devices (tv, xbox, squeezebox) and Windows by default now, and works just fine.
DLNA is not fine and does not work fine. It is a very broken, short-sighted media streaming protocol, lacking in any modern features, and should be replaced as soon as possible.
1) First of all, it streams the whole file, not only relevant portions of the file. For files with multiple streams in them this wastes network bandwidth, especially for files with lots of such streams. This also hampers DLNA-usage on mobile devices.
2) It does not support metadata. Metadata is only available if it's inside the file that is being streamed, and even then it's up to the client to handle metadata.
3) In relation to the above, it does not handle multiple-files-per-item situations.
4) It relies on clients to understand container formats, instead of the server itself reading the container and only sending the relevant streams inside it to clients -> lots of incompatibility issues.
Etc. etc. I've written a lengthy post before about the various shortcomings of DLNA and I am hoping it'll some day in the future be replaced. Unfortunately, it doesn't seem likely.