First, different people have different perception, so 20 may be enough for some and 60 just right for others.
Second, fast motion on low framerate requires some amount of motion blur to be perceived as "smooth". When shooting a film, this blur is already there thanks to the nature of filming. When rendering, developers have to care about it, and as it can be costly it's often dropped.
It _is_ a Windows bug in kernel mode part of GDI, win32k.sys.
For Safari it's unclear, if it does something wrong to trip the bug win32k.sys - it's a bug in Safari as well, if it uses APIs as documented - they're just (un)lucky to trigger it.
No, it's just posted for the humor of "A thermostat at a town house the Chamber owns on Capitol Hill at one point was communicating with an Internet address in China, they say, and, in March, a printer used by Chamber executives spontaneously started printing pages with Chinese characters.'" According the article, the group "gained access to everything stored on its systems" and may have "had access to the network for more than a year before the breach was uncovered."
Gaining access to everything stored on the thermostat and wasting paper and ink for a year is serious business.
@igursev @therealsaumil not really an integer overflow. Otherwise 18082564 would have also worked;-) 4 hours ago
w3bd3vil webDEViL @ @igursev It probably is, but not theoretically. In simpler terms, I can't build an exploit for it. 12 hours ago
@kernelpool yeah I tried with some help to get code execution but was beyond me... 19 Dec
@r3dsm0k3 Yeah. It's the NtGdiDrawStream which is being called multiple times...leading to a not so interesting crash. 18 Dec
<iframe height='18082563'></iframe> causes a BSoD on win 7 x64 via Safari. Lol! 18 Dec
So a) there's a bug in win32k.sys, tickled by Safari's (allegedly) incorrect API usage, so there's possibility of other exploits, b) "may lead to arbitrary code execution" means "we don't know yet, but we're playing safe", the only confirmed effect is BSoD by memory corruption.
Why the fuck there's so little about it, did nobody research yet what kind of memory corruption it actually does? The tweet's from 4 days ago, FFS.
Home owner? You mean bank owner. In both cases thief get the blame, but in the second, owner deserves his share as well.
Your analogy would work for "$some_random_person mail account was hacked" - and you'll notice there's usually just expected schadenfreude and "I've got same combination on my luggage!" jokes, but no blame assigned to the owner in that case.
> Your Android phone is consistently broadcasting your position to both the cell towers (for communication) and to Google (for marketing) > Not using GMail? So, you read the email on an Google-supported phone, right? Well, they have it then
How many of those searching for earth/calendar/books/reader/wallet simply typed that into google's search box instead of address field, as in ${term}.google.com?
Seems like that to prove it's not most relevant, you first have to prove they are mostly newcomers and not dumb google users unaware about address bar or menu.
Yeah, and then you tell lotion, beach umbrella and flotation device producers "You won't be doing business with me if I catch you dealing with them dredgers. Don't forget your shops are long ago moved to my beaches and you'll be out as soon as you sell anything outside of my beach" and you tell the drinks vendors "You wanna keep them vending machines on my beaches? That means no machines on their lakes".
And as first are almost 100% dependent on your beaches for profit and for second they give a sizable part of revenue too, they will think twice before dealing with newcomers.
So yeah, it will be a booming industry for those dredged lakes, without single umbrella and chaise longue out there.
P.S.: And to be treated as monopoly you don't need to have 100% of market, you need to have "dominant position" in it.
They should be forced to advertise for anyone with money, as long as they don't break the law. Discriminating against specific customers would be anti-competetive.
AppStore is safe. You aren't forced to develop for iOS and all developers are subject to same rules. You could shoehorn sales tying if you could only develop with XCode/MacOSX combination to publish in AppStore.
Same with iPod - it's a proprietary interface and they are not obliged to disclose it. There are non-iPod enabled cars and stereos, so you're not forced in buying iPod (unless they collude with car makers to allow only iPod-enabled stereos in cars).
I'll save some time and quote the message you apparently didn't bother to read before replying to:
... and not "{[how do i] drive|[give me] directions|path|...} [to] $location {, pretty please|and make it fast}?"?
Do you really think it's hard to give specific syntax a bunch of common keyword and grammar variations, instead of relying on "smartness" of algorithms?
It's still what Siri essentially does, looking for known keywords and sentence structure, with some fuzziness and guesswork added, sure. It just doesn't come with a cheatsheet.
If this smartness breaks simple queries - what use it is?
In the end you still just stick to fixed forms for queries so you'll be 90% sure it won't get you surprising results.
Also, do you really think "specific syntax" for voice search means something like "NEWFILE DD DSN=MYFILE01,UNIT=DISK,SPACE=(TRK,50,10),DCB=BLKSIZE=1000," in modern age, and not "{[how do i] drive|[give me] directions|path|...} [to] $location {, pretty please|and make it fast}?"?
"Green screens on the mainframe"? Surely you mean "Hicolor screens on Citrix server"? They are already here and easiest possible way to let them tablet-lovers on the net.
"The technology that has been here for a long time and should have been thoroughly tested has security holes they didn't know before. Let's bring in this new and untested technology, because I don't know about any security holes in it"
All cheating can be basically divided in two groups: providing false information and abusing information you shouldn't know.
For multiplayer, all cheats of first kind - and cheats mentioned in GP are in there - can and must be detected by the server or the peer.
The first principle of all robust network apps - MP games are just a single example of net soft, after all - is "Trust no one".
See, even though "The cheat actually play with the game's memory" it shouldn't matter in this case, because "The game's memory" is not only in cheater's device, it's necessarily on other player's devices as well.
For example, infinite health just won't work when the server keeps tabs on each player's HP. It only works if server blindly trusts when cheater's client tells him "Hey, don't mind those hits, I still have 100HP".
And sniping from outside the map only works when server doesn't ensure players don't move outside the bounds.
But here game devs just said "Naah, too much bother, what can go wrong?". Why shouldn't they be blamed for dismissing basic sanity checks and blindly trusting that there will never-ever-ever-ever be a modified client on the net?
What's wrong with calling it "my network"? It's not much different from builder saying "my project", when he built it for the company, and developer saying "my program", when he wrote it for the company.
He built it. He's responsible for it's operation, security and availability for all users. It's his network, not in the ownership sense, but in the sense of being most involved in it. He _does_ know better.
And really, cut it out with "You're just a liability, do what I want" (or the other popular "IT is just modern plumbing") nonsense.
You will push your sales just well without plumbing - in fact, you'll probably do the sales just fine up to the knee in shit if it's holiday season and management tells you to.
You won't be able to do shit without functioning computer infrastructure in 99% modern office jobs and half of factory jobs.
That's why letting you use your iPad comes distant second after keeping the system oiled and running.
If you need it, prove to the management that it'll help you move more stuff - it can't be hard if you know what you're doing and what you want it to do. Then we'll be able to plan for your needs and research how to let your iPad on our net.
If you don't know, but have a gut feel it'll help you - again, tell the management. We'll figure it out with your management and tell you.
But "I need it because I need it and you must make it happen" doesn't work even with CEO. Really, CEO who knows what's best for him does come to IT to ask how to integrate his stuff in the network. It's not like "Do it in 5 minutes flat or else! And I don't care for security-schmecurity (which he himself approved as well, by the way)"
And surely, employees can have their Android and iPhones, if they don't mind it being set up for security compliance - again, after research and proper planning.
I don't get what you're trying to say, dude, but, damn, you're trying. I'm deeply moved by your words.
I fully agree with you that chopping off an arm up to the elbow is much better than chopping it all the way up to the shoulder, and really, why would someone but zealots and karma-whores care for all them luddites with WinXP and ancient browsers.
Slashdot Mirror
Not really.
First, different people have different perception, so 20 may be enough for some and 60 just right for others.
Second, fast motion on low framerate requires some amount of motion blur to be perceived as "smooth". When shooting a film, this blur is already there thanks to the nature of filming. When rendering, developers have to care about it, and as it can be costly it's often dropped.
A request for a screen element like an iframe 10,000 times the height of of the screen clearly fails any reasonable sanity check you might think of.
And how am I supposed to look at this 30 gigapixel Longcat pic now? You insensitive clod!
It _is_ a Windows bug in kernel mode part of GDI, win32k.sys.
For Safari it's unclear, if it does something wrong to trip the bug win32k.sys - it's a bug in Safari as well, if it uses APIs as documented - they're just (un)lucky to trigger it.
Maybe it actually printed Quotations from Chairman Mao, or "AHAHAHA, WHITE DEVILS ARE STUPID! PWNED BY LI MING" repeatedly?
Actually, there are a lot of anecdotes along the lines of "Found unsecured printer on the internet, told it to print War and Peace. 10 times."
No, it's just posted for the humor of "A thermostat at a town house the Chamber owns on Capitol Hill at one point was communicating with an Internet address in China, they say, and, in March, a printer used by Chamber executives spontaneously started printing pages with Chinese characters.'" According the article, the group "gained access to everything stored on its systems" and may have "had access to the network for more than a year before the breach was uncovered."
Gaining access to everything stored on the thermostat and wasting paper and ink for a year is serious business.
For now it's unclear how bad is this, as the only concrete detail is Secunia's link to "original advisory"
From digging around bug submitter's twitter:
@igursev @therealsaumil not really an integer overflow. Otherwise 18082564 would have also worked ;-)
4 hours ago
w3bd3vil webDEViL @
@igursev It probably is, but not theoretically. In simpler terms, I can't build an exploit for it.
12 hours ago
@kernelpool yeah I tried with some help to get code execution but was beyond me...
19 Dec
@r3dsm0k3 Yeah. It's the NtGdiDrawStream which is being called multiple times...leading to a not so interesting crash.
18 Dec
<iframe height='18082563'></iframe> causes a BSoD on win 7 x64 via Safari. Lol!
18 Dec
So a) there's a bug in win32k.sys, tickled by Safari's (allegedly) incorrect API usage, so there's possibility of other exploits, b) "may lead to arbitrary code execution" means "we don't know yet, but we're playing safe", the only confirmed effect is BSoD by memory corruption.
Why the fuck there's so little about it, did nobody research yet what kind of memory corruption it actually does? The tweet's from 4 days ago, FFS.
Home owner? You mean bank owner. In both cases thief get the blame, but in the second, owner deserves his share as well.
Your analogy would work for "$some_random_person mail account was hacked" - and you'll notice there's usually just expected schadenfreude and "I've got same combination on my luggage!" jokes, but no blame assigned to the owner in that case.
Won't work if all paper trash is unconditionally sent to shredder/incinerator, which should be common sense for any serious business.
> Your Android phone is consistently broadcasting your position to both the cell towers (for communication) and to Google (for marketing)
> Not using GMail? So, you read the email on an Google-supported phone, right? Well, they have it then
Care to give prooflinks to those?
> How much do web advertisers pay to have Google peek at Gmail, web searches and every other interaction with Google?
Care to give prooflinks to those?
How many of those searching for earth/calendar/books/reader/wallet simply typed that into google's search box instead of address field, as in ${term}.google.com?
Seems like that to prove it's not most relevant, you first have to prove they are mostly newcomers and not dumb google users unaware about address bar or menu.
Yeah, and then you tell lotion, beach umbrella and flotation device producers "You won't be doing business with me if I catch you dealing with them dredgers. Don't forget your shops are long ago moved to my beaches and you'll be out as soon as you sell anything outside of my beach" and you tell the drinks vendors "You wanna keep them vending machines on my beaches? That means no machines on their lakes".
And as first are almost 100% dependent on your beaches for profit and for second they give a sizable part of revenue too, they will think twice before dealing with newcomers.
So yeah, it will be a booming industry for those dredged lakes, without single umbrella and chaise longue out there.
P.S.: And to be treated as monopoly you don't need to have 100% of market, you need to have "dominant position" in it.
So nobody had the determination to write replacements for Google's tools, and it's Google's fault how?
They should be forced to advertise for anyone with money, as long as they don't break the law. Discriminating against specific customers would be anti-competetive.
AppStore is safe. You aren't forced to develop for iOS and all developers are subject to same rules. You could shoehorn sales tying if you could only develop with XCode/MacOSX combination to publish in AppStore.
Same with iPod - it's a proprietary interface and they are not obliged to disclose it. There are non-iPod enabled cars and stereos, so you're not forced in buying iPod (unless they collude with car makers to allow only iPod-enabled stereos in cars).
I'll save some time and quote the message you apparently didn't bother to read before replying to:
... and not "{[how do i] drive|[give me] directions|path|...} [to] $location {, pretty please|and make it fast}?"?
Do you really think it's hard to give specific syntax a bunch of common keyword and grammar variations, instead of relying on "smartness" of algorithms?
It's still what Siri essentially does, looking for known keywords and sentence structure, with some fuzziness and guesswork added, sure. It just doesn't come with a cheatsheet.
If this smartness breaks simple queries - what use it is?
Weeks 0-4 of PLACEHOLDER STRING - DO NOT USE are best for writing buggy code.
Once the early adopters of 4S settle down, Apple will say "Great news, Siri's no longer in beta!" and flip the switch for all iOS5 devices.
Yeah, sure, because NLP can show you George Washington and call you an ambulance.
In the end you still just stick to fixed forms for queries so you'll be 90% sure it won't get you surprising results.
Also, do you really think "specific syntax" for voice search means something like "NEWFILE DD DSN=MYFILE01,UNIT=DISK,SPACE=(TRK,50,10),DCB=BLKSIZE=1000," in modern age, and not "{[how do i] drive|[give me] directions|path|...} [to] $location {, pretty please|and make it fast}?"?
I always felt that this image was put together by some anti-Apple troll and less clever of Apple fans swallowed it hook, line and sinker.
"Green screens on the mainframe"? Surely you mean "Hicolor screens on Citrix server"? They are already here and easiest possible way to let them tablet-lovers on the net.
"The technology that has been here for a long time and should have been thoroughly tested has security holes they didn't know before. Let's bring in this new and untested technology, because I don't know about any security holes in it"
Sounds good.
All cheating can be basically divided in two groups: providing false information and abusing information you shouldn't know.
For multiplayer, all cheats of first kind - and cheats mentioned in GP are in there - can and must be detected by the server or the peer.
The first principle of all robust network apps - MP games are just a single example of net soft, after all - is "Trust no one".
See, even though "The cheat actually play with the game's memory" it shouldn't matter in this case, because "The game's memory" is not only in cheater's device, it's necessarily on other player's devices as well.
For example, infinite health just won't work when the server keeps tabs on each player's HP. It only works if server blindly trusts when cheater's client tells him "Hey, don't mind those hits, I still have 100HP".
And sniping from outside the map only works when server doesn't ensure players don't move outside the bounds.
But here game devs just said "Naah, too much bother, what can go wrong?". Why shouldn't they be blamed for dismissing basic sanity checks and blindly trusting that there will never-ever-ever-ever be a modified client on the net?
What's wrong with calling it "my network"? It's not much different from builder saying "my project", when he built it for the company, and developer saying "my program", when he wrote it for the company.
He built it. He's responsible for it's operation, security and availability for all users. It's his network, not in the ownership sense, but in the sense of being most involved in it. He _does_ know better.
And really, cut it out with "You're just a liability, do what I want" (or the other popular "IT is just modern plumbing") nonsense.
You will push your sales just well without plumbing - in fact, you'll probably do the sales just fine up to the knee in shit if it's holiday season and management tells you to.
You won't be able to do shit without functioning computer infrastructure in 99% modern office jobs and half of factory jobs.
That's why letting you use your iPad comes distant second after keeping the system oiled and running.
If you need it, prove to the management that it'll help you move more stuff - it can't be hard if you know what you're doing and what you want it to do. Then we'll be able to plan for your needs and research how to let your iPad on our net.
If you don't know, but have a gut feel it'll help you - again, tell the management. We'll figure it out with your management and tell you.
But "I need it because I need it and you must make it happen" doesn't work even with CEO. Really, CEO who knows what's best for him does come to IT to ask how to integrate his stuff in the network. It's not like "Do it in 5 minutes flat or else! And I don't care for security-schmecurity (which he himself approved as well, by the way)"
And surely, employees can have their Android and iPhones, if they don't mind it being set up for security compliance - again, after research and proper planning.
I don't get what you're trying to say, dude, but, damn, you're trying. I'm deeply moved by your words.
I fully agree with you that chopping off an arm up to the elbow is much better than chopping it all the way up to the shoulder, and really, why would someone but zealots and karma-whores care for all them luddites with WinXP and ancient browsers.
Go on, you've won my heart.