Earthdawn is a pretty neat P&P RPG, too. It's set in the same universe as Shadowrun, but thousands of years earlier. It's really neat source material for an medieval-fantasy setting alternative to D&D.
Nah, it's far more common that people don't understand what a scientific theory is. They believe in the lay definition, which is "an idea." A comparable term in science for the lay person's definition of theory would be a hypothesis (however it's not an exact correlation.)
And really, more to the point (which I managed to miss in my reply), there's no need to objectively look at Intelligent Design once it's determined that it isn't a scientific theory. Once we see that it cannot be disproven, it can be tossed in the trash or handed back to its creators for refinement into something which is science. However there is no need to teach it as though it were "an alternate theory" any more than Intelligent Falling or any religion's creation story should be taught.
If you have friends who believe in Creationism, respect them and provide for them sound arguments against it. It may be a waste of time to you but it's complete snobbery to write them off. It's not snobbery because it's not science. That's the problem. I don't mind that people believe in various creation stories or hold various religious beliefs. For the record, I am a Christian, but I don't mind that people believe in the Flying Spaghetti Monster (even though I have a hard time believing that they actually believe in it--I'll let that be between them and their god.)
What I do mind is when people elevate such beliefs to the level of science. Intelligent Design is not a scientific theory for the simple reason that it cannot be disproven. Nothing more need be said about the subject, and anyone who disagrees is either ignorant of what science is, or is arrogant enough to think that they know better. So while I don't mind people believing that humans are too complex to have come about through evolution, I do mind when such ideas are taught in the science classroom.
I think that it's more of a size thing than a screen real-estate thing. If you look at the various resolution "standards" out there, you have things like 1024x768 (XGA) and 1280x800 (WXGA). Your model is termed WUXGA, with the equivalent square screen being UXGA (1600x1200). SXGA+ and WSXGA+ are at 1400x1050 and 1680x1050, respectively. The only resolution where you lose horizontal lines going to wide screen is SXGA (1280x1024 vs 1440x900).
But size matters, because if the screen is actually shorter, then it can make things harder to see. I have two Dell notebooks--one is 1600x1200, and one is 1920x1200. The former one is a couple of inches taller than the widescreen one, and while they both fit 3 xterms from top-to bottom, the square screen is much easier to read.
Although this is kind of a non-issue if only Lenovo is doing that because my employer won't buy from China... what with the phone home possibilities of hardware and all. I don't know if you were being sarcastic there or not, but there has been research into BIOS and other hardware hosting malware. Lots of people consider this to be a very real threat.
renting software always fails. It has no purpose and MSFT is going to charge some obscene amount so that a year of renting you can buy a full version. Lots and lots of software is rented in the corporate world. Don't pay the yearly license fee? You don't get to use your enterprisey software anymore.
Yes, it's just an architectural difference. I don't know why they chose to do it this way--honestly, I can't think of any significant advantages. The main one is that you would always know without a doubt that the image on disk is the image in use.
I think you really missed the point. This has nothing to do with being admin on a vulnerable machine or "generating a vulnerability."
The point is that on my own machine, I can examine the patch and the old file, and then generate an exploit. If the vulnerability was in a running service (say, the firewall code or the Server service), then I can create a worm which will propagate through the network.
Maybe to some degree, but my fear is that some system developer will read that, think, "Hey, that's a great idea!" and add it to their patch management system.
You can't overwrite a file that's in use by Windows. You can overwrite a file that's in use by Linux. The old image is still there. Any new processes loading the file will get the new version, and any old processes which still have a file handle to the old file get to use the old image. I don't know if that's the whole reason, but I bet that it's part of it.
It's easy to understand why the researchers picked Microsoft's Windows Update over Apple's Software Update. We're not talking about exploits, we're talking about the paper.
But as pointed out, this is not a flaw specific to Microsoft. The only way that it's reasonable to target a specific vendor in this case is if they don't dump the patches on everyone simultaneously. Users applying patches in a timely fashion isn't the issue.
Well, either that, or you're advocating not issuing patches at all. That sounds like a pretty bad idea.
Because it's not trivial to do a diff to find out which files changed.
It'd take a lot longer, and be only slightly harder, if all of the binaries were encrypted. They've still got to run, though, so the images have to be available in memory.
At one time, patches were delivered to corporate customers in a different time frame than standard windows update users, weren't they? Also, beta patches would suffer from flaws, as those are also staggered.
Nonetheless, outside of these two cases, it seems like Microsoft is being targeting because, well, they're Microsoft. They have a huge market share and a really good update management system, so they're a big target for something like this. That coupled with their history of vulnerabilities, and it's easy to understand why they were picked over, say, Apple.
I'd like one laptop that I can use while out and about, but which I can also use for gaming if the mood strikes me. For gaming, I'd almost certainly plug it in, as I can't imagine that it's got a good enough battery life to sustain itself for very long.
Anyway, they've really revamped the XPS line. They have a 13" XPS notebook that doesn't look suited for gaming at all, and a 15" that looks like it might passably play games from 2 years ago. They've moved their gaming laptops to a new section of the site (still labeled XPS though)--they all have 17" screens! Hardly portable at all.
I've seen some pretty spiffy laptops which came with both integrated graphics and higher-end 3d cards. There was a switch to select between them, and apparently you gained about an hour's worth of battery life (performing the same tasks) if you switched off the 3d card.
I wish more laptop makers would follow suit, but I'd imagine that support concerns would prevent that, if not the relatively low market share for such hybrid devices.
So don't offer a default gateway to DHCP clients. THAT is how to avoid routing their packets, not to mention just not giving them an IP address to begin with. When I send a packet to a wireless router, I send it to www.google.com, NOT the access point. If the access point doesn't think it should forward packets from me, or not forward them to www.google.com, it doesn't have to. Awesome. Even more technical solutions for people who don't understand these things.
Is your goal to keep certain people (those who are ignorant of technical details of networking) off of the Internet entirely? I'm not passing judgement, but if that's your goal, at least I'll understand how you can be so elitist.
The two groups overlap significantly. You are basically claiming that people only use wireless access points in their own home, and never go into a cafe, hotel, bar, airport, or any other public place and try to connect to a wireless network. Do not put words in my mouth. I made no such claim, implied or explicit.
All of those latter people might connect to an "unauthorized" access point without any knowledge they are doing so. The people who park in front of people's houses to steal their wireless access are just stupid morons, and could more easily be charged with stalking or harassment than a computer crime. Most of those places that you're talking about advertise wifi, so the point is moot. They're making a human-understandable invitation to use the internet access.
That's what I was trying to say. I don't know if the other people didn't understand that or actually disagreed. Thanks for putting it so succinctly, though.
It would work only if federal taxes were flat (for lack of a better term). No more should New York, Connecticut, California, Michigan and New Jersey have their monies redistributed to New Mexico, Arizona, Louisiana, Missouri, etc... This is important, as I for one don't like giving welfare to people who say welfare is bad (as an example) Well, federal taxes should really only go to things that affect the nation as a whole. Welfare should be relegated to the states (which, I suppose, would not be great for the lower-population states, though treaties amongst the states could be made.) Federal monies would be useful for DARPA (from which a lot of great innovation has come, and which has improved the quality of life over the years), the military, etc.
It's a tough choice. The Fed makes the nation act as one, giving us much power and leverage. Reducing Fed power might result in non-productive squabbling amongst the states. In the new global world, it's certainly a scary step. The EU seems to be doing pretty well, though, and it's a fairly comparable example. I guess we'll see what the future holds for them.
And since we have 2 parties, the likelihood of that party's leader matching your views is 50%, right? Thats the most ridiculous thing I've ever heard. You form you opinions based on which party you are in?? That's not what I said in the post to which you replied. Please don't put words in my mouth.
Neither party matches my views now. They are both beholden to lobbyists and campaign contributers. Yes, we need more parties, and hopefully none of them gets a majority. George Washington had it right when he warned us of the dangers of political parties. None of the three candidates match my views either, but that's neither here nor there.
Let's try a thought experiment. Say that there are three viable parties, parties A, B, and C. That they're viable implies that they've got enough differences to be reasonably distinguishable, and that they've all got a relatively decent chance of winning the election.
Now because we're in a fairly limited party system, I vote for the candidate (A) whose views match the most of my own, in whatever priority I specify. The votes are split fairly evenly, but candidate A comes out on top. Yay! The person who most matched my views won! That's awesome, right?
Well, for me. But for close to 66% of the rest of the nation, the candidate who most matched their views lost. I guess we need to add another party.
A, B, C, and D come up for election. I vote for A again, but this time B wins (because A screwed up last time around and alienated a lot of people.) Ok, that's great for B's supporters, but if the split was fairly even (and the more viable candidates you have, the more likely that it will be fairly evenly split), then 75% of the population is stuck with the presidential candidate who didn't most closely match their views.
Maybe it's ok. Maybe he matched their views second best for 50% of the population. That wouldn't be too bad. Or maybe he didn't. We're making a lot of assumptions and guesses here.
None of that is really relevant to my point, though, which was that if we had 50 different places to live, and where the laws and execution of the laws was enforced based upon the voters of that state, we'd be better off as individuals. If I don't like how Maryland is running things, for example, I could move to New York. Right now, the differences between the states are minimal as the federal government's power has grown over the years. If the president had less power, there'd be less of a hubbub over whether or not he accurately represented me.
And incidentally, I don't form opinions based upon the party I'm in. I choose the party which most agrees with my opinions, or I don't associate with either (when their values start to sway away from mine.) But realistically, when voting for president, you're still basically voting for which party will win, not for the individual.
What part of "the average person" and "human terms" did you not understand? Regardless, you have flaws even in your technical portion:
Not taking this common sense approach means it should be illegal to look up www.google.com on any network, because you're not specifically authorized to use the DNS server Huh. My ISP handles that for me. They give me DNS servers to use, and the use is authorized by the terms of use. If their DNS server goes out and queries Google's servers, that's sort of their issue. Interestingly, there was a recent court case regarding this. Someone was investigating a company, initiated a domain transfer against the company (which the company's DNS servers allowed), and the person was found guilty of illegal computer access.
Operating a device in full compliance with free, open, and public standards utilizing public airwaves simply cannot be construed as unauthorized access if it happens *without user intervention*. Probably not even in the technical sense. What about when you start asking my component to route packets? Do you again imply that allowing the request implies authorization? Because using open airwaves is one thing, but using my own property or leased property is quite another.
Operating a device in full compliance with free, open, and public standards utilizing public airwaves simply cannot be construed as unauthorized access if it happens *without user intervention*. Everyone who argues that access point owners should not be responsible for managing their own devices are ignoring the fact that by doing so, it requires every laptop owner (of which there are arguably more than there are access point owners) to be responsible for managing their device instead, despite the fact that it is the access point which initiates every connection by broadcasting a beacon. Two problems here.
First, we're not talking about laptop owners who open their laptops and find that they're connected. We're talking about people who intentionally connect to and use other people's internet connections.
Second, I think that it's a stretch to say that a beacon shouting "I'm here!" is initiation of a connection.
Yup. He chooses to do so, and he chooses to assume the risks of doing so. Good for him. I'm certainly not suggesting that he shouldn't be allowed to do this.
Even in your example, it is the seller of the home who is at fault, and the owner for not reading the manual. I do think that there's blame to share. Devices should be secure by default. However, a person intentionally connecting to someone else's access point without that person's knowledge or invitation should be wrong. And DHCPOFFER should not constitute invitation (though naming your access point "FREE INTERNET" should.)
Especially given the fact that Windows XP will automatically use any unsecured WiFi it can find, and its technically difficult to stop it from doing so even if you realize it's happening at all! We're talking about people who intentionally connect to their neighbors access points, not people who accidentally do.
MY router had WEP enabled out of the box. On the bottom is a removable sticker put there by the factory. It has a copy of the serial #, the device-specific WEP key, and the device-specific default password. It came with a nice thick manual, and a single sided single page colourful "quick start" card that tells you about the sticker and how to use this WEP key in Windows or on a Mac. Every WiFi router should be this way, and should have been from the start. I agree. But they aren't, and yours is the first that I've ever heard of that used WEP by default. Which make/model is that?
Slashdot Mirror
Earthdawn is a pretty neat P&P RPG, too. It's set in the same universe as Shadowrun, but thousands of years earlier. It's really neat source material for an medieval-fantasy setting alternative to D&D.
Nah, it's far more common that people don't understand what a scientific theory is. They believe in the lay definition, which is "an idea." A comparable term in science for the lay person's definition of theory would be a hypothesis (however it's not an exact correlation.)
And really, more to the point (which I managed to miss in my reply), there's no need to objectively look at Intelligent Design once it's determined that it isn't a scientific theory. Once we see that it cannot be disproven, it can be tossed in the trash or handed back to its creators for refinement into something which is science. However there is no need to teach it as though it were "an alternate theory" any more than Intelligent Falling or any religion's creation story should be taught.
What I do mind is when people elevate such beliefs to the level of science. Intelligent Design is not a scientific theory for the simple reason that it cannot be disproven. Nothing more need be said about the subject, and anyone who disagrees is either ignorant of what science is, or is arrogant enough to think that they know better. So while I don't mind people believing that humans are too complex to have come about through evolution, I do mind when such ideas are taught in the science classroom.
I think that it's more of a size thing than a screen real-estate thing. If you look at the various resolution "standards" out there, you have things like 1024x768 (XGA) and 1280x800 (WXGA). Your model is termed WUXGA, with the equivalent square screen being UXGA (1600x1200). SXGA+ and WSXGA+ are at 1400x1050 and 1680x1050, respectively. The only resolution where you lose horizontal lines going to wide screen is SXGA (1280x1024 vs 1440x900).
But size matters, because if the screen is actually shorter, then it can make things harder to see. I have two Dell notebooks--one is 1600x1200, and one is 1920x1200. The former one is a couple of inches taller than the widescreen one, and while they both fit 3 xterms from top-to bottom, the square screen is much easier to read.
Yes, it's just an architectural difference. I don't know why they chose to do it this way--honestly, I can't think of any significant advantages. The main one is that you would always know without a doubt that the image on disk is the image in use.
I think you really missed the point. This has nothing to do with being admin on a vulnerable machine or "generating a vulnerability."
The point is that on my own machine, I can examine the patch and the old file, and then generate an exploit. If the vulnerability was in a running service (say, the firewall code or the Server service), then I can create a worm which will propagate through the network.
Maybe to some degree, but my fear is that some system developer will read that, think, "Hey, that's a great idea!" and add it to their patch management system.
You can't overwrite a file that's in use by Windows. You can overwrite a file that's in use by Linux. The old image is still there. Any new processes loading the file will get the new version, and any old processes which still have a file handle to the old file get to use the old image.
I don't know if that's the whole reason, but I bet that it's part of it.
Did you misunderstand me?
It's easy to understand why the researchers picked Microsoft's Windows Update over Apple's Software Update. We're not talking about exploits, we're talking about the paper.
But as pointed out, this is not a flaw specific to Microsoft. The only way that it's reasonable to target a specific vendor in this case is if they don't dump the patches on everyone simultaneously. Users applying patches in a timely fashion isn't the issue.
Well, either that, or you're advocating not issuing patches at all. That sounds like a pretty bad idea.
Because it's not trivial to do a diff to find out which files changed.
It'd take a lot longer, and be only slightly harder, if all of the binaries were encrypted. They've still got to run, though, so the images have to be available in memory.
At one time, patches were delivered to corporate customers in a different time frame than standard windows update users, weren't they? Also, beta patches would suffer from flaws, as those are also staggered.
Nonetheless, outside of these two cases, it seems like Microsoft is being targeting because, well, they're Microsoft. They have a huge market share and a really good update management system, so they're a big target for something like this. That coupled with their history of vulnerabilities, and it's easy to understand why they were picked over, say, Apple.
That's why I mentioned the small market share.
I'd like one laptop that I can use while out and about, but which I can also use for gaming if the mood strikes me. For gaming, I'd almost certainly plug it in, as I can't imagine that it's got a good enough battery life to sustain itself for very long.
Anyway, they've really revamped the XPS line. They have a 13" XPS notebook that doesn't look suited for gaming at all, and a 15" that looks like it might passably play games from 2 years ago. They've moved their gaming laptops to a new section of the site (still labeled XPS though)--they all have 17" screens! Hardly portable at all.
I wouldn't believe hard-drive maker's specs. "Average usage" is probably booting the machine and checking your e-mail in their minds.
I've seen some pretty spiffy laptops which came with both integrated graphics and higher-end 3d cards. There was a switch to select between them, and apparently you gained about an hour's worth of battery life (performing the same tasks) if you switched off the 3d card.
I wish more laptop makers would follow suit, but I'd imagine that support concerns would prevent that, if not the relatively low market share for such hybrid devices.
Is your goal to keep certain people (those who are ignorant of technical details of networking) off of the Internet entirely? I'm not passing judgement, but if that's your goal, at least I'll understand how you can be so elitist. The two groups overlap significantly. You are basically claiming that people only use wireless access points in their own home, and never go into a cafe, hotel, bar, airport, or any other public place and try to connect to a wireless network. Do not put words in my mouth. I made no such claim, implied or explicit. All of those latter people might connect to an "unauthorized" access point without any knowledge they are doing so. The people who park in front of people's houses to steal their wireless access are just stupid morons, and could more easily be charged with stalking or harassment than a computer crime. Most of those places that you're talking about advertise wifi, so the point is moot. They're making a human-understandable invitation to use the internet access.
That's what I was trying to say. I don't know if the other people didn't understand that or actually disagreed. Thanks for putting it so succinctly, though.
Let's try a thought experiment. Say that there are three viable parties, parties A, B, and C. That they're viable implies that they've got enough differences to be reasonably distinguishable, and that they've all got a relatively decent chance of winning the election.
Now because we're in a fairly limited party system, I vote for the candidate (A) whose views match the most of my own, in whatever priority I specify. The votes are split fairly evenly, but candidate A comes out on top. Yay! The person who most matched my views won! That's awesome, right?
Well, for me. But for close to 66% of the rest of the nation, the candidate who most matched their views lost. I guess we need to add another party.
A, B, C, and D come up for election. I vote for A again, but this time B wins (because A screwed up last time around and alienated a lot of people.) Ok, that's great for B's supporters, but if the split was fairly even (and the more viable candidates you have, the more likely that it will be fairly evenly split), then 75% of the population is stuck with the presidential candidate who didn't most closely match their views.
Maybe it's ok. Maybe he matched their views second best for 50% of the population. That wouldn't be too bad. Or maybe he didn't. We're making a lot of assumptions and guesses here.
None of that is really relevant to my point, though, which was that if we had 50 different places to live, and where the laws and execution of the laws was enforced based upon the voters of that state, we'd be better off as individuals. If I don't like how Maryland is running things, for example, I could move to New York. Right now, the differences between the states are minimal as the federal government's power has grown over the years. If the president had less power, there'd be less of a hubbub over whether or not he accurately represented me.
And incidentally, I don't form opinions based upon the party I'm in. I choose the party which most agrees with my opinions, or I don't associate with either (when their values start to sway away from mine.) But realistically, when voting for president, you're still basically voting for which party will win, not for the individual.
First, we're not talking about laptop owners who open their laptops and find that they're connected. We're talking about people who intentionally connect to and use other people's internet connections.
Second, I think that it's a stretch to say that a beacon shouting "I'm here!" is initiation of a connection.
Yup. He chooses to do so, and he chooses to assume the risks of doing so. Good for him. I'm certainly not suggesting that he shouldn't be allowed to do this.