I don't have a problem with the specific thing that Apple is being asked to do. They aren't being asked to break the encryption they are being asked to change the firmware on the device to one that doesn't have an artificial throttle on the number of brute force attempts per second; and to disable the wipe command that is engaged with 10 wrong guesses.
No neither of those things are what the FBI is asking. They already HAVE all of the communications made to and from this phone.
They have every person called or calling the phone and the contents of the conversation. They have every SMS sender and recipient and the contents of those messages. Even in iMessage they have the sender and recipient. .
What the FBI is asking for is every last criminal script kiddie world wide to have free and complete access to hundreds of millions of phones owned by law abiding citizens.
That is the only possible outcome of making this possible, and has happened literally 100% of the time in the past by including a backdoor. Pretending there is some chance it wouldn't happen is at best dishonest and at worst a lie.
Why do you have no problems with harming so many law abiding citizens?
Yea sorry for the messy view of it. I meant to only have the translated line in italics, and to delete the original when I was done using it as a reference.
I think you dropped a decimal. If not, these criminals are dumber than they sound
I would assume "$5 worth of bitcoin" maybe should be "5 bitcoins", which is about $2000 USD at the moment.
Assuming that the dollar amount was meant to be the bitcoin amount, that would translate:
The group is charging $5 worth of Bitcoin for schools and company headquarters, $10 worth of Bitcoin for courthouses and entire school districts, $20 worth of Bitcoin for sports events and major conventions, and $50 worth of Bitcoin for "major" sports events. Additionally, for an extra $5 worth of Bitcoin, the group would also frame someone else for the incident.
To: The group is charging $2000 for schools and company headquarters, $4000 for courthouses and entire school districts, $8000 for sports events and major conventions, and $20000 for "major" sports events. Additionally, for an extra $2000, the group would also frame someone else for the incident.
That would at least seem a bit more in line with what zero-day exploits are sold for and similar hacking services, even if it still sounds (to me) way too low for the risk involved.
Why is it even possible to fake Caller-ID anyway? You are charging a provider to make the call, you know exactly who it's come from.
Because you have a grave misunderstanding that Caller ID and call routing and billing codes have anything to do with each other, and have unrealistic expectations out of Caller ID.
Take the example at my work place. We have over 200 phone extensions, but we only have 60 DIDs from the phone company and thus 60 phone numbers. For those 60 extensions our system reports the DID in the Caller ID field, so you know the outside phone number to call if you want to reach that extension.
But what do you suggest for the other 140 phones?
I argue the incorrect "spoofed" value of our main/reception phone number being sent as Caller ID is hugely more useful than whatever nonsense you are promoting. At least with that data you know it is our company calling, and have a number to call back to at least potentially be transferred to the internal only phone extension you can not possible dial directly from the outside.
Making the Caller ID value "correct" would mean you couldn't dial it (it's a 4 digit number after all), and it wouldn't tell you who is calling you. Completely worthless.
It can't be made a DID since the phone has none. It shouldn't be left blank or you would still be bitching about it.
So what exactly would you suggest as a value that isn't "spoofing" but is also your definition of "correct"?
Does this mean you are not capable of driving your vehicle at 15mph or 10mph or 5mph?
My last car had an engine idle speed around 7-8mph, meaning it was not possible to drive 5mph at all. Simply letting up on the break and not touching the gas at all would result in the car moving faster than 5.
It was also not possible to consistently drive 10mph, as the slightest touch of the gas pedal would cause the car to accelerate to just over that speed.
Mind you that doesn't mean I couldn't abide by a 10mph speed limit, it just means I can't do so while driving AT that limit, I have to not touch the gas and let the engine pull the car along at idle speed just a touch under 10.
However where I live the lowest posted limit on a public road that I've ever seen is 25mph, including the road I live on. I have seen 10mph limit signs at a mall parking lot once, and fair enough since anywhere in the lot where there was people walking idle speed was about the safest one could move at, but I've never seen 10 (or even 5) posted on a public road before so all of this has never really been an issue. (Not to mention I don't own that car anymore)
Today I worked on an addon for a popular open source javascript-based code editor, added some minor features to one of my open source projects and added a bunch of much needed unittests to another of my open source projects.
I also took a few minutes to read some Slashdot posts and make a few comments.
Amazingly, both can be done in a single day!
Indeed! Just as the Hurd team can play on Hurd and contribute to other more useful projects:}
And I apologize for the accusation as well, it's just that the vast majority of people who question others free time activities have a high likelihood of both demanding productivity from others while not living to the same standard themselves.
I suppose it was mostly the fact I quite literally formed the thought "I wonder which of the top three posts will ask 'what is the point?'" as I clicked the article to open the comments, and there this was right at the top in spot 1 with that exact phrase and already modded up to max.
But I am pleasantly surprised for you shattering that expectation.
For the same reason anyone does something they enjoy for fun and recreation, namely so we don't become hollow and joyless, reserved to asking on forums why other people do things they enjoy:P
I note you both read slashdot and posted to slashdot today, as well as aren't out working to do something "useful".
Don't you think it a tad off to spend your free time doing things you enjoy at the same time as questioning other people doing the same?
First, the server admin would have to enable mod_status. Then, by default it's visible only from the server itself - the physical console or an ssh connection. Than to see the request urls, you have to turn ExtendedStatus on as well.
It's easy to miss one of these steps when you're TRYING to turn it on. If you're offering a hidden service, it seeme rather unlikely you'd work so hard to gather and publish extended status.
I just spun up a brand new Debian 8.2 VM instance, apt-get upgraded it to current, and apt-get installed apache2 - everything current as of 10ish minutes ago.
root@dev10:~# ls -l/etc/apache2/mods-enabled/status* lrwxrwxrwx 1 root root 29 Jan 30 21:58/etc/apache2/mods-enabled/status.conf ->../mods-available/status.conf lrwxrwxrwx 1 root root 29 Jan 30 21:58/etc/apache2/mods-enabled/status.load ->../mods-available/status.load
root@dev10:~# grep -i extended/etc/apache2/mods-enabled/status.conf
# Keep track of extended status information for each request
ExtendedStatus On
root@dev10:~# grep -i location -A 2/etc/apache2/mods-enabled/status.conf
<Location/server-status>
SetHandler server-status
Require local
Both mod_status and the extended status mode are enabled by default.
Yes they are restricted to localhost only, however if one ran apache and a tor proxy on the same machine, the tor proxy would be connecting to apache over localhost and so would be allowed.
Being a debian config I would assume many debian based systems may very well have this same default config.
Looking at the first example screenshot in the article, it explicitly shows it to be apache 2.2.16 running on a debian system. That means the server came setup that way and the owner didn't disable it.
I can't speak for other distros or what the defaults are when apache is compiled from original sources and what not. But I would certainly recommend at least looking through your 'mods-enabled' dir Just In Case (tm)
Your post is either a standard Apple troll, or you are just purposely being dense.
Please tell me you're kidding. These are iOS users we're talking about. They have purposely chosen the "easy to use" OS (even with all its limitations).
WE are talking about iOS users, but I'm not sure you are on the same page...
Like hell you're going to get them to figure out how to compile an app
Are you seriously arguing Mac users are too stupid to double click one icon? Trollolol?
Not only that, in order to run XCode you need to have a Mac.
That's very likely why he said: and allow iOS device users who also own a Mac
Or put another way, no you are very incorrect. If one already owns a Mac, there is no need for any additional Mac computers. Just the one will do.
I suppose you bought your Android phone to make phone calls, then went right out to buy two or three more Android phones due to your thinking that one of the things somehow wasn't enough?
You just went from a $200-$600 investment in the iPhone/iPad and added a thousand dollars to it.
If you purchase no computer, you will spend $0. How are you arguing not buying a second computer costs thousands of additional dollars?
There are no shortage of iOS users with Windows machines who like their iDevice but aren't ready to make that leap to a Mac.
Hate to have to be the one to tell you this but MacOS is not Windows, and Windows is not MacOS.
He clearly stated this option is only for Mac users. Why do you feel the need to repeat what was already said and specifically name Windows users as excluded? You forgot to mention Linux users can't do this either, nor can QNX users, nor can Mainframe users...
Quit being dense or try to troll somewhat intelligently next time.
"Only following orders" can sometimes be a valid excuse.
That is less so a "valid excuse" than it is simply a "really Really fucked up position to be in"
It clearly isn't an excuse since legally it excuses nothing. But it IS really fucked up. If you disobey illegal orders you will be shot. If you follow illegal orders you will be held 100% responsible for your actions and can be anything from imprisoned to executed.
Fucked either way, but the point is you ARE fucked either way - claiming "I was just following orders" will NOT in any way reduce your punishment for following them.
I can't see any problem with showing clear icons for the state of the connection, which includes unencrypted being distinguishable from encrypted with a cert signed by an untrusted party (aka self-signed) vs a cert signed by a trusted party.
It's better than the current state of things, where the web browser programmers out right mis-interpret what is going on and potentially lying to the user.
For example, if I run my own CA and sign all of my own certificates, and push my CA public key by hand to computers intended to access my server, verified by hash fingerprints - this is arguably MORE secure than a "secure" public CA signed certificate that I have no control over. After all I know exactly who signs certs with my CA - me - and despite what the public CAs and web browser programmers claim, I in fact do trust myself.
CAs are known to have signed fraudulent certs, so they are not the ultimate high tier of trust.
Of course the self-signed situation described above is very different from random snakeoil.crt style self-signed certs where the only possible way to verify the servers identity is to check the thumbprint hash. And who has time for that?
Displaying the lowest tier of security icon for non-https sounds just as useful as it has been since SSL was invented. (After all, a lock vs a lack of a lock works good enough for anyone that cares about encryption, but I could care less what the two icons actually are of)
At least Googles approach is better than Mozillas by an infinite amount! I'd rather use Chrome and at least have it bitch about the lack of SSL while still actually showing me the webpage. Firefox will soon actively remove non-https support and display an "unknown protocol 'http'" error instead. Hope you don't like browsing.html files locally in firefox:P https://blog.mozilla.org/secur...
Don't steal content by not watching ads, you internet scumbags!
The privileged of reading this highly valuable post is a million dollars - which you now are in debt to me for.
Until your check clears, you stole from me first. Until you feel guilt for stealing from me and decide to pay, I will not feel any differently towards you.
Now stop being a scumbag thief and go get a real job instead of leaching off humanity.
systemd? Seriously? Get over it man! And Gnome 3 and KDE stuff as well.
Don't tell me what to like and hate, "i do wah i want!":P
You are trolling here. Your argument is lame.
Quite right though regarding the parent post. There is plenty to hate in systemd, there's no need to make up lies to imply its worse than it is (and probably gnome3/kde too, though I rarely use DEs enough to have any complaints)
However, I believe Microsoft is perfectly entitled to drop support for newer processors in old versions of Windows. Supporting old versions of Windows cost money and doesn't gather money anymore.
Now there I must disagree, and do so for the exact reason you listed as a counter-argument
*IF* Microsoft went out of their way and spent time, money, and man hours to *write new code* specifically for the purpose of removing an existing feature that came with the product/OS as shipped - I would be very rightfully pissed off. Not to mention actually doing that would COST them money, compared to doing nothing at all and spending no money.
But at least for the topic at hand, Microsoft has not done this and isn't dropping CPU support, so the argument is really moot for now. Of course they have done such things in the past, so I won't claim they will never do such a thing, but we should at least wait for them to do the bad thing before complaining they did the bad thing.
Not writing new code for an old OS, aka not adding new features, which is what the case here is, makes perfect sense to me. Writing new code for an old OS, aka adding or removing existing features, clearly costs money and in the case of a no longer supported OS does not make sense to me (at least in general)
Now, I really fear for the enterprise I am working for these days. They are just starting to migrate from Windows XP to Windows 7 on the desktop. Soon they will be forced to migrate to Windows 10 as the old generations of Intel processors will be phased out.
Ack! Your enterprise consists of nothing but laptops without a desktop in sight??? Yea I must say that would make me fear that enterprise just a bit too. I'm sorry you're in that situation.
At least at my enterprise we thankfully only have a tiny number of laptops (like 10?), and so will be the only concern relating to battery life if I attempted to install Windows 7 on a new Skylake laptop.
We pay industrial rates for electricity so our Windows 7 desktops using the same amperage draw with Skylake chips as they are using right now with Core i7's is perfectly acceptable to us.
Sure it would be nice to use less power with the new Skylake power management features, but not "use windows 10" nice:P
I think I'm going to remove the package until a new, fixed version comes out, or at least detailed information on how to migrate the vulnerability until a fix comes along.
The article suggests a mitigation, however it sounds like it may just be easier to remove the package until your upstream provides updates...
James Darnley of FFmpeg suggests that disabling HLS (HTTP Live Streaming) while building the package should do the trick until a fix is committed. It is also possible to fix the issue by rebuilding the FFmpeg packages without network support, using the --disable-network configure flag, but that seems a bit too much.
A commenter in the arch bug report listing also says:
Btw, one could also do --disable-demuxer='hls,applehttp', but rebuilding without network support looks like a more robust solution for now (until the issue is inspected and fixed upstream).
My understanding is the specific bug reported in russian is exploited via HLS, however it is unconfirmed if the same method could be used and exploited in other network stream demuxers yet.
Unnecessary; a rag, a few squirts of alcohol-based cleaner, and a wipedown will take off all the fingerprints. The omnipresent 'hand sanitizer' goo is near perfect. Pop off a few keys and shake crumbs and hairs out (or run a toothpick between the keys).
Recalling the laundry bags used in ye olden college days, those things were perfect for keeping all the popped off key caps together while in the dishwasher along with the plastic shell of the keyboard.
I noticed in some (rare I admit) cases that the alcohol cleaners and plain wiping would miss gunk in certain crevices and such, in which case a dish washing cycle on cold seemed to always do the trick.
I've done that on some of my more favored gaming and mechanical keyboards, although I've never risked it to run the circuitry through the wash for them.
Lots of modern keyboards use flexible-printed-circuit sandwiches, and will NEVER DRY if you try immersion.
To be fair though its rarely worth it to even bother cleaning a modern el-cheapo keyboard beyond the standard wipedown, seeing as a replacement can be had for $5 full retail price, or less often times second hand (aka "used" but never had the box opened)
Perhaps if there was something special about the keyboard and it would be more than a couple dollars to replace, sure, but generic modern crapboard isn't really worth my time and the effort to clean when it can be replaced so easily and cheaply.
I still have my Apple//e that was bought for me when I was 13 years old, which still functions and typically sees usage once or twice a year still. I last had it powered on this past summer. It was made in 1983 and so even saw plenty of usage by its previous owner for a whole decade before it came to me.
That's a 33 year old piece of still functional equipment, the vast majority of being original hardware. If I care to daisy-chain together the proper networking gear again, it can even browse the Internet. (Localtalk to t-base-2 to 10-base-t to my main 10/100/1000 switch)
I even have some 5.25" floppies that can still be written to and read from afterwards (hearts to ADTPro), though I mainly use a CFFE3000 card with a USB flash drive containing all my floppy disk images.
I also still own a NeXT slab workstation (1988), a SparcStation IPX (1989?), and an SGI o2 (1996) Although those systems haven't been pulled out of storage and booted in some time. They at least worked 12ish years ago before I last moved.
I have an 8" floppy drive and controller for the Apple 2 as well, and although the drive doesn't currently work due to a couple worn belts, assuming no other problems have since happened that would be an easy thing to fix. I would be concerned over the condition of the r/w heads after all this time though.
I have a Novation CAT 300bps acoustically coupled model which wikipedia claims was introduced in 1981 (and looks identical to the picture at the top of the page), although I must admit it only came to my hands in the mid to late 90's, and I only used it once on a lark and have since lost the power adapter for it. I haven't bothered looking up the voltage/amperage it needs to find a replacement (why oh why wasn't printing that info on the label or by the jack always the standard practice?!)
I always cringe when I hear others refer to 1990's or newer hardware as "anciently old", and I'm not even close to the age of the people around when the computing foundations were laid. (I blame my parents)
Yeah, maybe the Swedes should have used their army, and just invaded the UK to apprehend him! Come on people, we need outside the box thinkers for this.
If you are already committing to ignoring the law yourself, under what pretense do you have left to claim actions by others are illegal?
You can no longer accuse or punish Assange for doing something illegal, since the government is stating doing something illegal isn't a bad thing nor is an action to be punished for doing.
But one thing that really puzzles me: Why are they watching average to below-average players? One would think that watching somebody play would be more fun if that person is especially good at it. From the samples I looked at, the most popular "let's play"ers are not at all talented...
You may just not have found any let's players that are either good at what they do, or that appeal to you personally. (Especially if you only saw the "popular" ones;) but that's another story)
Or it could be any number of things. There are some really talented players I like, but if they are playing a game I have no interest in, there's not much they can do to make me interested.
At least for me, the players personality also has to jive with mine, at least in certain ways. It can be a hard thing for me to explain, and even then I only have examples that fit me and my personality so those examples don't always work well for others.
Somewhat ironically the large majority of let's players I watch, I started watching before "let's play" was a thing, in 2-3 cases before youtube was even a thing. But it just sort of went in that direction since then.
Out of the 20ish people I regularly watch, I think only one or perhaps two could be at all considered popular or famous. There are even many times I completely skip certain videos of theirs since they are of things that don't interest me. Youtube makes that pretty easy with the subscription listing.
Jordan (aka CaptainSparklez) has around 9 million subscribers, and was recently on that Forbes "30 under 30" thing, so I guess he is popular. Mitch (aka TheBajanCanadian) has around 5 million subs, and Taylor (aka AntVenom) has around 3 million. Everyone else isn't even in the 7 digits yet. I've no idea where "popular" starts thou:P
I think one of the most popular let's players out there, for good or ill, is PewDiePie. He specifically targets the very young viewer, a child entertainer of sorts. Obviously there is certainly a place for such entertainers, and just from the results I can only assume he is damn good at what he does, but it's probably safe to say his content won't interest you anymore than me. That doesn't mean he is below average or bad or anything, it only means his content isn't targeted to us adults and so all we see is childishness.
Most of the people I watch are (or started off) for a fairly specific topic, and as they branched out I gave those vids a shot too. Some were a hit, most were a miss, it just depends.
For example, "FMBsChannel" on youtube features two british guys (brothers in fact) Rob and Richard. At the time I first found that channel, Rob was doing tutorials on the Minecraft Tekkit modpack, which I watched to learn all about the particular mods being used and how to use them myself. They only later turned that into Minecraft let's play seasons, and later yet branch out into other games. But I still remember them being best at doing the tekkit modpack tutorial guys and how I learned redstone.
Another example was Minecraft pvp, by which way I found AntVenom and later TheBajanCanadian. Both of them are amazingly top talent at pvp in that game, still to this day IMHO. But both have since branched out into other things, other games, other topics even. But that isn't generally what I watch them for.
The last example is a show hosted by Frasher and Becky, at the most unlikely sounding domain I would ever open, videogamesawesome.com Frasher's personallity is very much like my own, very crass, full of dark and toilet humor. His style just "clicked" with me personally, and since his show is probably what I spend most of my time watching out of all other media combined. He also has three long time friends that make appearances at times, and it's plainly obvious there is no "acting" or "show" going on, but real human interactions and reactions to whatever game is that days subject matter.
It's a lot more likely that dark matter and dark energy are just math errors that don't take into account proper universe/space expansion and doesn't understand how gravity really works.
Care to show your math on that? We can then compare it to all the scientists who already did the math a few million times showing the same results you say are wrong.
There is even a Nobel prize or three in it for you.
I do suppose it depends what countries laws you live under, yes. I (perhaps mistakenly) assumed US laws as that is where Forbes is headquartered.
But under US law it doesn't matter what the computer does, only what the person does and/or intended to do. This has been upheld in cases 100% of the time that I'm aware of.
After all changing a "1" to a "2" in a URL address bar of your browser to access another UID's data is a criminal act under the Computer Abuse and Fraud act, due specifically to such an act making the server give you data that the server owner did not intend, despite the (mis)configuration of that server stating explicitly that such a request was allowed.
Slashdot Mirror
I don't have a problem with the specific thing that Apple is being asked to do. They aren't being asked to break the encryption they are being asked to change the firmware on the device to one that doesn't have an artificial throttle on the number of brute force attempts per second; and to disable the wipe command that is engaged with 10 wrong guesses.
No neither of those things are what the FBI is asking. They already HAVE all of the communications made to and from this phone.
They have every person called or calling the phone and the contents of the conversation.
They have every SMS sender and recipient and the contents of those messages.
Even in iMessage they have the sender and recipient. .
What the FBI is asking for is every last criminal script kiddie world wide to have free and complete access to hundreds of millions of phones owned by law abiding citizens.
That is the only possible outcome of making this possible, and has happened literally 100% of the time in the past by including a backdoor. Pretending there is some chance it wouldn't happen is at best dishonest and at worst a lie.
Why do you have no problems with harming so many law abiding citizens?
Yea sorry for the messy view of it. I meant to only have the translated line in italics, and to delete the original when I was done using it as a reference.
I guess that will learn me to not use preview
Yes, you can divide a bitcoin down to 8 decimal places.
$5 is roughly 0.01237 bitcoin ($4.997)
The smallest value you can represent is 0.00000001 of a bitcoin, which is currently $0.00000405 USD, or about 4 ten thousandths of a cent.
I think you dropped a decimal. If not, these criminals are dumber than they sound
I would assume "$5 worth of bitcoin" maybe should be "5 bitcoins", which is about $2000 USD at the moment.
Assuming that the dollar amount was meant to be the bitcoin amount, that would translate:
The group is charging $5 worth of Bitcoin for schools and company headquarters, $10 worth of Bitcoin for courthouses and entire school districts, $20 worth of Bitcoin for sports events and major conventions, and $50 worth of Bitcoin for "major" sports events. Additionally, for an extra $5 worth of Bitcoin, the group would also frame someone else for the incident.
To:
The group is charging $2000 for schools and company headquarters, $4000 for courthouses and entire school districts, $8000 for sports events and major conventions, and $20000 for "major" sports events. Additionally, for an extra $2000, the group would also frame someone else for the incident.
That would at least seem a bit more in line with what zero-day exploits are sold for and similar hacking services, even if it still sounds (to me) way too low for the risk involved.
Why is it even possible to fake Caller-ID anyway? You are charging a provider to make the call, you know exactly who it's come from.
Because you have a grave misunderstanding that Caller ID and call routing and billing codes have anything to do with each other, and have unrealistic expectations out of Caller ID.
Take the example at my work place. We have over 200 phone extensions, but we only have 60 DIDs from the phone company and thus 60 phone numbers.
For those 60 extensions our system reports the DID in the Caller ID field, so you know the outside phone number to call if you want to reach that extension.
But what do you suggest for the other 140 phones?
I argue the incorrect "spoofed" value of our main/reception phone number being sent as Caller ID is hugely more useful than whatever nonsense you are promoting. At least with that data you know it is our company calling, and have a number to call back to at least potentially be transferred to the internal only phone extension you can not possible dial directly from the outside.
Making the Caller ID value "correct" would mean you couldn't dial it (it's a 4 digit number after all), and it wouldn't tell you who is calling you. Completely worthless.
It can't be made a DID since the phone has none.
It shouldn't be left blank or you would still be bitching about it.
So what exactly would you suggest as a value that isn't "spoofing" but is also your definition of "correct"?
Honest question -- who wants to stream media?? Why?
I stream all of my porn because downloading it is too much of a commitment that I'm just not ready for.
No, this is solely to brick the phone if you dare not pay for overpriced Apple repairs.
Then why does Apple replace the hacked-and-completely-compromised broken phone for free with another that has all of its security intact?
Free doesn't sound all that over priced to me.
Seeing as it isn't illegal to drive 3mph under the posted speed limit, I don't see why they wouldn't let me have a license...
Like I already said, I don't drive at the limit when it is that low...
Not sure why you felt the need to tell me to do what I literally just said I already do, but thanks for the accusation anyway.
Does this mean you are not capable of driving your vehicle at 15mph or 10mph or 5mph?
My last car had an engine idle speed around 7-8mph, meaning it was not possible to drive 5mph at all. Simply letting up on the break and not touching the gas at all would result in the car moving faster than 5.
It was also not possible to consistently drive 10mph, as the slightest touch of the gas pedal would cause the car to accelerate to just over that speed.
Mind you that doesn't mean I couldn't abide by a 10mph speed limit, it just means I can't do so while driving AT that limit, I have to not touch the gas and let the engine pull the car along at idle speed just a touch under 10.
However where I live the lowest posted limit on a public road that I've ever seen is 25mph, including the road I live on.
I have seen 10mph limit signs at a mall parking lot once, and fair enough since anywhere in the lot where there was people walking idle speed was about the safest one could move at, but I've never seen 10 (or even 5) posted on a public road before so all of this has never really been an issue.
(Not to mention I don't own that car anymore)
Today I worked on an addon for a popular open source javascript-based code editor, added some minor features to one of my open source projects and added a bunch of much needed unittests to another of my open source projects.
I also took a few minutes to read some Slashdot posts and make a few comments.
Amazingly, both can be done in a single day!
Indeed! Just as the Hurd team can play on Hurd and contribute to other more useful projects :}
And I apologize for the accusation as well, it's just that the vast majority of people who question others free time activities have a high likelihood of both demanding productivity from others while not living to the same standard themselves.
I suppose it was mostly the fact I quite literally formed the thought "I wonder which of the top three posts will ask 'what is the point?'" as I clicked the article to open the comments, and there this was right at the top in spot 1 with that exact phrase and already modded up to max.
But I am pleasantly surprised for you shattering that expectation.
What's the point of continuing with Hurd?
For the same reason anyone does something they enjoy for fun and recreation, namely so we don't become hollow and joyless, reserved to asking on forums why other people do things they enjoy :P
I note you both read slashdot and posted to slashdot today, as well as aren't out working to do something "useful".
Don't you think it a tad off to spend your free time doing things you enjoy at the same time as questioning other people doing the same?
First, the server admin would have to enable mod_status.
Then, by default it's visible only from the server itself - the physical console or an ssh connection.
Than to see the request urls, you have to turn ExtendedStatus on as well.
It's easy to miss one of these steps when you're TRYING to turn it on. If you're offering a hidden service, it seeme rather unlikely you'd work so hard to gather and publish extended status.
I just spun up a brand new Debian 8.2 VM instance, apt-get upgraded it to current, and apt-get installed apache2 - everything current as of 10ish minutes ago.
root@dev10:~# ls -l /etc/apache2/mods-enabled/status* /etc/apache2/mods-enabled/status.conf -> ../mods-available/status.conf /etc/apache2/mods-enabled/status.load -> ../mods-available/status.load
lrwxrwxrwx 1 root root 29 Jan 30 21:58
lrwxrwxrwx 1 root root 29 Jan 30 21:58
root@dev10:~# grep -i extended /etc/apache2/mods-enabled/status.conf
# Keep track of extended status information for each request
ExtendedStatus On
root@dev10:~# grep -i location -A 2 /etc/apache2/mods-enabled/status.conf /server-status>
<Location
SetHandler server-status
Require local
Both mod_status and the extended status mode are enabled by default.
Yes they are restricted to localhost only, however if one ran apache and a tor proxy on the same machine, the tor proxy would be connecting to apache over localhost and so would be allowed.
Being a debian config I would assume many debian based systems may very well have this same default config.
Looking at the first example screenshot in the article, it explicitly shows it to be apache 2.2.16 running on a debian system. That means the server came setup that way and the owner didn't disable it.
I can't speak for other distros or what the defaults are when apache is compiled from original sources and what not.
But I would certainly recommend at least looking through your 'mods-enabled' dir Just In Case (tm)
Your post is either a standard Apple troll, or you are just purposely being dense.
Please tell me you're kidding. These are iOS users we're talking about. They have purposely chosen the "easy to use" OS (even with all its limitations).
WE are talking about iOS users, but I'm not sure you are on the same page...
Like hell you're going to get them to figure out how to compile an app
Are you seriously arguing Mac users are too stupid to double click one icon? Trollolol?
Not only that, in order to run XCode you need to have a Mac.
That's very likely why he said: and allow iOS device users who also own a Mac
Or put another way, no you are very incorrect. If one already owns a Mac, there is no need for any additional Mac computers. Just the one will do.
I suppose you bought your Android phone to make phone calls, then went right out to buy two or three more Android phones due to your thinking that one of the things somehow wasn't enough?
You just went from a $200-$600 investment in the iPhone/iPad and added a thousand dollars to it.
If you purchase no computer, you will spend $0. How are you arguing not buying a second computer costs thousands of additional dollars?
There are no shortage of iOS users with Windows machines who like their iDevice but aren't ready to make that leap to a Mac.
Hate to have to be the one to tell you this but MacOS is not Windows, and Windows is not MacOS.
He clearly stated this option is only for Mac users. Why do you feel the need to repeat what was already said and specifically name Windows users as excluded?
You forgot to mention Linux users can't do this either, nor can QNX users, nor can Mainframe users...
Quit being dense or try to troll somewhat intelligently next time.
"Only following orders" can sometimes be a valid excuse.
That is less so a "valid excuse" than it is simply a "really Really fucked up position to be in"
It clearly isn't an excuse since legally it excuses nothing.
But it IS really fucked up. If you disobey illegal orders you will be shot. If you follow illegal orders you will be held 100% responsible for your actions and can be anything from imprisoned to executed.
Fucked either way, but the point is you ARE fucked either way - claiming "I was just following orders" will NOT in any way reduce your punishment for following them.
I can't see any problem with showing clear icons for the state of the connection, which includes unencrypted being distinguishable from encrypted with a cert signed by an untrusted party (aka self-signed) vs a cert signed by a trusted party.
It's better than the current state of things, where the web browser programmers out right mis-interpret what is going on and potentially lying to the user.
For example, if I run my own CA and sign all of my own certificates, and push my CA public key by hand to computers intended to access my server, verified by hash fingerprints - this is arguably MORE secure than a "secure" public CA signed certificate that I have no control over.
After all I know exactly who signs certs with my CA - me - and despite what the public CAs and web browser programmers claim, I in fact do trust myself.
CAs are known to have signed fraudulent certs, so they are not the ultimate high tier of trust.
Of course the self-signed situation described above is very different from random snakeoil.crt style self-signed certs where the only possible way to verify the servers identity is to check the thumbprint hash. And who has time for that?
Displaying the lowest tier of security icon for non-https sounds just as useful as it has been since SSL was invented.
(After all, a lock vs a lack of a lock works good enough for anyone that cares about encryption, but I could care less what the two icons actually are of)
At least Googles approach is better than Mozillas by an infinite amount! .html files locally in firefox :P
I'd rather use Chrome and at least have it bitch about the lack of SSL while still actually showing me the webpage.
Firefox will soon actively remove non-https support and display an "unknown protocol 'http'" error instead.
Hope you don't like browsing
https://blog.mozilla.org/secur...
Don't steal content by not watching ads, you internet scumbags!
The privileged of reading this highly valuable post is a million dollars - which you now are in debt to me for.
Until your check clears, you stole from me first.
Until you feel guilt for stealing from me and decide to pay, I will not feel any differently towards you.
Now stop being a scumbag thief and go get a real job instead of leaching off humanity.
systemd? Seriously? Get over it man! And Gnome 3 and KDE stuff as well.
Don't tell me what to like and hate, "i do wah i want!" :P
You are trolling here. Your argument is lame.
Quite right though regarding the parent post.
There is plenty to hate in systemd, there's no need to make up lies to imply its worse than it is (and probably gnome3/kde too, though I rarely use DEs enough to have any complaints)
However, I believe Microsoft is perfectly entitled to drop support for newer processors in old versions of Windows. Supporting old versions of Windows cost money and doesn't gather money anymore.
Now there I must disagree, and do so for the exact reason you listed as a counter-argument
*IF* Microsoft went out of their way and spent time, money, and man hours to *write new code* specifically for the purpose of removing an existing feature that came with the product/OS as shipped - I would be very rightfully pissed off.
Not to mention actually doing that would COST them money, compared to doing nothing at all and spending no money.
But at least for the topic at hand, Microsoft has not done this and isn't dropping CPU support, so the argument is really moot for now.
Of course they have done such things in the past, so I won't claim they will never do such a thing, but we should at least wait for them to do the bad thing before complaining they did the bad thing.
Not writing new code for an old OS, aka not adding new features, which is what the case here is, makes perfect sense to me.
Writing new code for an old OS, aka adding or removing existing features, clearly costs money and in the case of a no longer supported OS does not make sense to me (at least in general)
Now, I really fear for the enterprise I am working for these days. They are just starting to migrate from Windows XP to Windows 7 on the desktop. Soon they will be forced to migrate to Windows 10 as the old generations of Intel processors will be phased out.
Ack! Your enterprise consists of nothing but laptops without a desktop in sight???
Yea I must say that would make me fear that enterprise just a bit too. I'm sorry you're in that situation.
At least at my enterprise we thankfully only have a tiny number of laptops (like 10?), and so will be the only concern relating to battery life if I attempted to install Windows 7 on a new Skylake laptop.
We pay industrial rates for electricity so our Windows 7 desktops using the same amperage draw with Skylake chips as they are using right now with Core i7's is perfectly acceptable to us.
Sure it would be nice to use less power with the new Skylake power management features, but not "use windows 10" nice :P
I think I'm going to remove the package until a new, fixed version comes out, or at least detailed information on how to migrate the vulnerability until a fix comes along.
The article suggests a mitigation, however it sounds like it may just be easier to remove the package until your upstream provides updates...
James Darnley of FFmpeg suggests that disabling HLS (HTTP Live Streaming) while building the package should do the trick until a fix is committed.
It is also possible to fix the issue by rebuilding the FFmpeg packages without network support, using the --disable-network configure flag, but that seems a bit too much.
A commenter in the arch bug report listing also says:
Btw, one could also do --disable-demuxer='hls,applehttp', but rebuilding without network support looks like a more robust solution for now (until the issue is inspected and fixed upstream).
https://bugs.archlinux.org/tas...
My understanding is the specific bug reported in russian is exploited via HLS, however it is unconfirmed if the same method could be used and exploited in other network stream demuxers yet.
Unnecessary; a rag, a few squirts of alcohol-based cleaner, and a wipedown will take off all the fingerprints. The omnipresent 'hand sanitizer' goo is near perfect. Pop off a few keys and shake crumbs and hairs out (or run a toothpick between the keys).
Recalling the laundry bags used in ye olden college days, those things were perfect for keeping all the popped off key caps together while in the dishwasher along with the plastic shell of the keyboard.
I noticed in some (rare I admit) cases that the alcohol cleaners and plain wiping would miss gunk in certain crevices and such, in which case a dish washing cycle on cold seemed to always do the trick.
I've done that on some of my more favored gaming and mechanical keyboards, although I've never risked it to run the circuitry through the wash for them.
Lots of modern keyboards use flexible-printed-circuit sandwiches, and will NEVER DRY if you try immersion.
To be fair though its rarely worth it to even bother cleaning a modern el-cheapo keyboard beyond the standard wipedown, seeing as a replacement can be had for $5 full retail price, or less often times second hand (aka "used" but never had the box opened)
Perhaps if there was something special about the keyboard and it would be more than a couple dollars to replace, sure, but generic modern crapboard isn't really worth my time and the effort to clean when it can be replaced so easily and cheaply.
Yea 18 years is nothing. That's only 1998.
I still have my Apple //e that was bought for me when I was 13 years old, which still functions and typically sees usage once or twice a year still. I last had it powered on this past summer.
It was made in 1983 and so even saw plenty of usage by its previous owner for a whole decade before it came to me.
That's a 33 year old piece of still functional equipment, the vast majority of being original hardware.
If I care to daisy-chain together the proper networking gear again, it can even browse the Internet. (Localtalk to t-base-2 to 10-base-t to my main 10/100/1000 switch)
I even have some 5.25" floppies that can still be written to and read from afterwards (hearts to ADTPro), though I mainly use a CFFE3000 card with a USB flash drive containing all my floppy disk images.
I also still own a NeXT slab workstation (1988), a SparcStation IPX (1989?), and an SGI o2 (1996)
Although those systems haven't been pulled out of storage and booted in some time. They at least worked 12ish years ago before I last moved.
I have an 8" floppy drive and controller for the Apple 2 as well, and although the drive doesn't currently work due to a couple worn belts, assuming no other problems have since happened that would be an easy thing to fix. I would be concerned over the condition of the r/w heads after all this time though.
I have a Novation CAT 300bps acoustically coupled model which wikipedia claims was introduced in 1981 (and looks identical to the picture at the top of the page), although I must admit it only came to my hands in the mid to late 90's, and I only used it once on a lark and have since lost the power adapter for it. I haven't bothered looking up the voltage/amperage it needs to find a replacement (why oh why wasn't printing that info on the label or by the jack always the standard practice?!)
I always cringe when I hear others refer to 1990's or newer hardware as "anciently old", and I'm not even close to the age of the people around when the computing foundations were laid. (I blame my parents)
Yeah, maybe the Swedes should have used their army, and just invaded the UK to apprehend him! Come on people, we need outside the box thinkers for this.
If you are already committing to ignoring the law yourself, under what pretense do you have left to claim actions by others are illegal?
You can no longer accuse or punish Assange for doing something illegal, since the government is stating doing something illegal isn't a bad thing nor is an action to be punished for doing.
But one thing that really puzzles me: Why are they watching average to below-average players? One would think that watching somebody play would be more fun if that person is especially good at it. From the samples I looked at, the most popular "let's play"ers are not at all talented...
You may just not have found any let's players that are either good at what they do, or that appeal to you personally. (Especially if you only saw the "popular" ones ;) but that's another story)
Or it could be any number of things. There are some really talented players I like, but if they are playing a game I have no interest in, there's not much they can do to make me interested.
At least for me, the players personality also has to jive with mine, at least in certain ways. It can be a hard thing for me to explain, and even then I only have examples that fit me and my personality so those examples don't always work well for others.
Somewhat ironically the large majority of let's players I watch, I started watching before "let's play" was a thing, in 2-3 cases before youtube was even a thing. But it just sort of went in that direction since then.
Out of the 20ish people I regularly watch, I think only one or perhaps two could be at all considered popular or famous. There are even many times I completely skip certain videos of theirs since they are of things that don't interest me. Youtube makes that pretty easy with the subscription listing.
Jordan (aka CaptainSparklez) has around 9 million subscribers, and was recently on that Forbes "30 under 30" thing, so I guess he is popular. :P
Mitch (aka TheBajanCanadian) has around 5 million subs, and Taylor (aka AntVenom) has around 3 million.
Everyone else isn't even in the 7 digits yet. I've no idea where "popular" starts thou
I think one of the most popular let's players out there, for good or ill, is PewDiePie.
He specifically targets the very young viewer, a child entertainer of sorts.
Obviously there is certainly a place for such entertainers, and just from the results I can only assume he is damn good at what he does, but it's probably safe to say his content won't interest you anymore than me.
That doesn't mean he is below average or bad or anything, it only means his content isn't targeted to us adults and so all we see is childishness.
Most of the people I watch are (or started off) for a fairly specific topic, and as they branched out I gave those vids a shot too. Some were a hit, most were a miss, it just depends.
For example, "FMBsChannel" on youtube features two british guys (brothers in fact) Rob and Richard.
At the time I first found that channel, Rob was doing tutorials on the Minecraft Tekkit modpack, which I watched to learn all about the particular mods being used and how to use them myself.
They only later turned that into Minecraft let's play seasons, and later yet branch out into other games.
But I still remember them being best at doing the tekkit modpack tutorial guys and how I learned redstone.
Another example was Minecraft pvp, by which way I found AntVenom and later TheBajanCanadian. Both of them are amazingly top talent at pvp in that game, still to this day IMHO.
But both have since branched out into other things, other games, other topics even. But that isn't generally what I watch them for.
The last example is a show hosted by Frasher and Becky, at the most unlikely sounding domain I would ever open, videogamesawesome.com
Frasher's personallity is very much like my own, very crass, full of dark and toilet humor. His style just "clicked" with me personally, and since his show is probably what I spend most of my time watching out of all other media combined.
He also has three long time friends that make appearances at times, and it's plainly obvious there is no "acting" or "show" going on, but real human interactions and reactions to whatever game is that days subject matter.
There have be
It's a lot more likely that dark matter and dark energy are just math errors that don't take into account proper universe/space expansion and doesn't understand how gravity really works.
Care to show your math on that? We can then compare it to all the scientists who already did the math a few million times showing the same results you say are wrong.
There is even a Nobel prize or three in it for you.
I do suppose it depends what countries laws you live under, yes. I (perhaps mistakenly) assumed US laws as that is where Forbes is headquartered.
But under US law it doesn't matter what the computer does, only what the person does and/or intended to do. This has been upheld in cases 100% of the time that I'm aware of.
After all changing a "1" to a "2" in a URL address bar of your browser to access another UID's data is a criminal act under the Computer Abuse and Fraud act, due specifically to such an act making the server give you data that the server owner did not intend, despite the (mis)configuration of that server stating explicitly that such a request was allowed.