One of the problems with Sprint and Verizon is that the radio has to be specifically designed for them
What about the radio needs to be carrier-specific? An EV-DO radio is an EV-DO radio.
The big US carriers are guilty of crippling, but it's got nothing to do with the air interface or the hardware. In the CDMA world, the same exact hardware is, more often than not, sold outside the US without crippled software. In fact, sometimes they're even sold as such inside the US, by smaller carriers that can't afford to heavily customize (cripple) the software.
"We're going to stop offering our subscribers newsgroups," said Alex Dudley, a spokesman for Time Warner Cable. "Some of the early press on this indicated we were going to block certain Web sites. We're not going to do that."
That was a reference to a New York Times article with the headline: "Net Providers to Block Sites With Child Sex." It said "the providers will also cut off access to Web sites that traffic in child pornography."
First, that bug didn't make Firefox "almost" unusable by any stretch. The old code (which was a lot older than two years, by the way) spun a busy loop when you held the mouse button down. The worst-case scenario was that you'd rob some other process of a small amount of processor time during the infrequent periods when you'd hold the mouse button down for no other reason than to complain that this bug hadn't yet been fixed. Big deal.
Second, the bug is in fact fixed in Firefox 2. I should know: I fixed it. You're welcome.
Actually, Will is right. He's discussing trademark principles, which is entirely appropriate because the article is about a trademark. Terms that might qualify as "generic English words" are not necessarily generic terms in the world of trademark law. Here, "scholar" is NOT a generic term for "database." There are plenty of English words that are protected by trademarks.
I also have a sprint phone, and I haven't been able to get in there, yet, but I don't know their voicemail system direct number, so I can't be sure. (I had to use the direct access number for tmobile to get the hack to work on them)
Try your own telephone number, replacing the last four digits with 6245 (MAIL).
Most cell phones also take you straight into your voicemail if you call your own number. Using this CID trick, can you just hit voicemail without knowing the backdoor?
Is that underscore really meant to be there? Because _ is not supposed to be an allowable character for names in the DNS.
The underscore is not supposed to be present in host names. The restrictions on host names are much stricter than any restrictions imposed by the DNS protocol, which can handle just about any raw data as a name. If it resolves to an A record, possibly indirectly through a CNAME, the _ has no business being there.
The world uses DNS for more than host names, though, and there's nothing wrong with using underscores in other contexts. This isn't new. Think SRV records.
Who do they think they are, not prepending "X-" to their weird headers?
You're kidding, right?
The DomainKeys proposal has been submitted as an Internet-Draft. In other words, the DomainKeys-Signature header field is on the best possible track to becoming a recognized field. The only thing that recognition would mean that the DomainKeys-Signature field could not be used for other purposes.
Even so, RFC 822 does not require private header fields (what it calls "user-defined fields") to begin with X-; it is merely offered as good advice to those who never intend to seek official recognition for their fields.
Of course, the extension field name registry endorsed by RFC 822 does not exist, and in fact, no extension field name registry for 822-format messages exists. (It seems like IANA should maintain one, but they don't. RFC 2076 is a good start.) The best guidance is to treat de facto usage as the standard, and allow for expansion through the formal RFC procedures, of which publication as an Internet-Draft is an element.
I went to the system settings and ten seconds later, my Firefox was patched.
So you're concerned that you might be tricked into deleting files from your download directory, but you've got no qualms about having write access to applications you run?
The automotive initiative is to move to what rational people would call 36V. They're calling it 42V because they're using the charging (hot alternator) voltage instead of the traditional nominal battery voltage. I blame the marketing folks who can't get over Big Numbers.
I always figured "complete crash" bugs were high priority. sigh.
Every time I experience this bug, it's a "complete hang," not a crash. Subtle.
I work around it by using "openssl connect" to grab the certificate and stick it in a.cer file manually. Recently, while helping a switcher friend set up shop, I discovered that if you cancel when the certificate warning first pops up, then wait for Mail to become quiescent and issue a "check for new mail" command, you'll be able to option-drag the certificate sans hang.
Even with that, I find that X509Anchors no longer appears in Keychain Access unless it's manually added. (It lives in/System/Library/Keychains.)
It's a shame that this is still broken, especially considering that it's Apple's own documented procedure. I was so sure that this bug would be squashed during this update, and am disappointed to hear that it didn't happen. Partially because I hate being wrong, but more because it really is a serious bug, even if the number of people affected are small, and those affected are more likely than average to be able to come up with a workaround, or at least know someone who can do it for them.
Really, it would be nice if Mail could allow the user to add the certificate to X509Anchors itself directly, and if Safari would do the same. As it stands now, Safari won't even show the certificate to the user. Apple, I love ya, but there's really no excuse for this lack of polish, especially when you tout security.
Mark
(Yeah, I realize this post probably won't win me much karma. Too bad.)
Even lower: it was a Federal district court in California. The appeal (and an appeal is highly likely) will be heard by the 9th Circuit.
who usually do the right thing and then get overturned on appeal by Scalia and the Supremes.
Furthermore, the number of decisions out of the 9th Circuit that get overturned is high enough that the rest of the country rarely pays any attention to what they have to say, except possibly to determine what the law isn't (or won't be).
call up your congresscritter
YES! And tell them how touching it was when they applauded after Bush mentioned that portions of USA PATRIOT will expire.
temporary reversal of Patriot
If only. At this point, this decision is only binding in the Central District of California, which consists of Los Angeles and its environs. The world does not revolve around California. (It revolves around New York.)
OpenSSL in the 32-bit environment as the guy configured it was doing 64-bit arithmetic. Just because the guy had 32-bit pointers doesn't mean that his computer wasn't pushing around 64-bit quantities at once. It's called a "long long".
In fact, as he had OpenSSL configured, he was using some crafty assembly code for his 32-bit OpenSSL builds that even used 64-bit registers. His 64-bit builds were using plain old compiled C.
First, anyone with half a brain already knows what his "scientific" results prove. Second, anyone with two thirds of a brain has already performed similar (but probably better) tests and come to the same conclusion.
And third, OpenSSL uses assembly code hand-crafted for the CPU when built for the 32-bit environment (solaris-sparcv9-gcc) and compiles C when built for the 64-bit environment (solaris64-sparcv9-gcc). Great comparison, guy.
An anonymous coward has already remarked that this opens up a DoS attack against the DNS infrastructure
But not a new one. As I've already shown, slashdot (among others) uses wildcard records today. For useless values of [useless], look up [useless].slashdot.com. Practically, this is no different from [useless].com, unless you're close to the 255-character limit.
It uses DNS as the means to some questionable ends, but it doesn't break anything.
As a matter of fact, the master file format (which is not the DNS standard as we care about it in this context anyway) explicitly provides for wildcard records.
Watch your location (URL, address, URI, whatever) bar:
The updated Security.framework will be loaded by ScreenSaverEngine.app the next time it runs - in other words, the next time the screen saver activates.
Have you tried it? I have. No reboot, and no more crashing screen saver.
Anything that is already running retains the old version of Security.framework until it's started again, but ScreenSaverEngine.app and loginwindow are both immune. There may be other (unrealized? unreported?) exploits that the update fixes that require a logout or reboot, but to fix the simple screen saver exploit, no such silliness is required.
Slashdot Mirror
This was a resolution. They were only banning their own dial telephones.
What about the radio needs to be carrier-specific? An EV-DO radio is an EV-DO radio.
The big US carriers are guilty of crippling, but it's got nothing to do with the air interface or the hardware. In the CDMA world, the same exact hardware is, more often than not, sold outside the US without crippled software. In fact, sometimes they're even sold as such inside the US, by smaller carriers that can't afford to heavily customize (cripple) the software.
First, that bug didn't make Firefox "almost" unusable by any stretch. The old code (which was a lot older than two years, by the way) spun a busy loop when you held the mouse button down. The worst-case scenario was that you'd rob some other process of a small amount of processor time during the infrequent periods when you'd hold the mouse button down for no other reason than to complain that this bug hadn't yet been fixed. Big deal.
Second, the bug is in fact fixed in Firefox 2. I should know: I fixed it. You're welcome.
Actually, Will is right. He's discussing trademark principles, which is entirely appropriate because the article is about a trademark. Terms that might qualify as "generic English words" are not necessarily generic terms in the world of trademark law. Here, "scholar" is NOT a generic term for "database." There are plenty of English words that are protected by trademarks.
I also have a sprint phone, and I haven't been able to get in there, yet, but I don't know their voicemail system direct number, so I can't be sure. (I had to use the direct access number for tmobile to get the hack to work on them)
Try your own telephone number, replacing the last four digits with 6245 (MAIL).
Most cell phones also take you straight into your voicemail if you call your own number. Using this CID trick, can you just hit voicemail without knowing the backdoor?
Is that underscore really meant to be there? Because _ is not supposed to be an allowable character for names in the DNS.
The underscore is not supposed to be present in host names. The restrictions on host names are much stricter than any restrictions imposed by the DNS protocol, which can handle just about any raw data as a name. If it resolves to an A record, possibly indirectly through a CNAME, the _ has no business being there.
The world uses DNS for more than host names, though, and there's nothing wrong with using underscores in other contexts. This isn't new. Think SRV records.
Who do they think they are, not prepending "X-" to their weird headers?
You're kidding, right?
The DomainKeys proposal has been submitted as an Internet-Draft. In other words, the DomainKeys-Signature header field is on the best possible track to becoming a recognized field. The only thing that recognition would mean that the DomainKeys-Signature field could not be used for other purposes.
Even so, RFC 822 does not require private header fields (what it calls "user-defined fields") to begin with X-; it is merely offered as good advice to those who never intend to seek official recognition for their fields.
Of course, the extension field name registry endorsed by RFC 822 does not exist, and in fact, no extension field name registry for 822-format messages exists. (It seems like IANA should maintain one, but they don't. RFC 2076 is a good start.) The best guidance is to treat de facto usage as the standard, and allow for expansion through the formal RFC procedures, of which publication as an Internet-Draft is an element.
And remember, it's already an Internet-Draft.
Mark
I went to the system settings and ten seconds later, my Firefox was patched.
So you're concerned that you might be tricked into deleting files from your download directory, but you've got no qualms about having write access to applications you run?
No, it replaced a private framework.
Lots and lots of other programs could potentially use it.
No, only iChat and Mail use it. Any program that link against it is relying on an unpublished API.
Someone please mod parent DOWN, and also mod down the guy asking to mod the parent UP.
The automotive initiative is to move to what rational people would call 36V. They're calling it 42V because they're using the charging (hot alternator) voltage instead of the traditional nominal battery voltage. I blame the marketing folks who can't get over Big Numbers.
I always figured "complete crash" bugs were high priority. sigh.
.cer file manually. Recently, while helping a switcher friend set up shop, I discovered that if you cancel when the certificate warning first pops up, then wait for Mail to become quiescent and issue a "check for new mail" command, you'll be able to option-drag the certificate sans hang.
/System/Library/Keychains.)
Every time I experience this bug, it's a "complete hang," not a crash. Subtle.
I work around it by using "openssl connect" to grab the certificate and stick it in a
Even with that, I find that X509Anchors no longer appears in Keychain Access unless it's manually added. (It lives in
It's a shame that this is still broken, especially considering that it's Apple's own documented procedure. I was so sure that this bug would be squashed during this update, and am disappointed to hear that it didn't happen. Partially because I hate being wrong, but more because it really is a serious bug, even if the number of people affected are small, and those affected are more likely than average to be able to come up with a workaround, or at least know someone who can do it for them.
Really, it would be nice if Mail could allow the user to add the certificate to X509Anchors itself directly, and if Safari would do the same. As it stands now, Safari won't even show the certificate to the user. Apple, I love ya, but there's really no excuse for this lack of polish, especially when you tout security.
Mark
(Yeah, I realize this post probably won't win me much karma. Too bad.)
The article has a banner ad from BMW (at least it does for me at the moment). Interesting sponsor.
Mark
It was the 9th Circuit Federal court
Even lower: it was a Federal district court in California. The appeal (and an appeal is highly likely) will be heard by the 9th Circuit.
who usually do the right thing and then get overturned on appeal by Scalia and the Supremes.
Furthermore, the number of decisions out of the 9th Circuit that get overturned is high enough that the rest of the country rarely pays any attention to what they have to say, except possibly to determine what the law isn't (or won't be).
call up your congresscritter
YES! And tell them how touching it was when they applauded after Bush mentioned that portions of USA PATRIOT will expire.
temporary reversal of Patriot
If only. At this point, this decision is only binding in the Central District of California, which consists of Los Angeles and its environs. The world does not revolve around California. (It revolves around New York.)
Mark
IAAL. Well, almost. So sue me.
Maybe it's me
It's you.
OpenSSL in the 32-bit environment as the guy configured it was doing 64-bit arithmetic. Just because the guy had 32-bit pointers doesn't mean that his computer wasn't pushing around 64-bit quantities at once. It's called a "long long".
In fact, as he had OpenSSL configured, he was using some crafty assembly code for his 32-bit OpenSSL builds that even used 64-bit registers. His 64-bit builds were using plain old compiled C.
But he didn't even know that.
Big whoop.
Mark
Assembly code vs. C code refers to the big-number library. No substitutions, exchanges, or refunds.
First, anyone with half a brain already knows what his "scientific" results prove. Second, anyone with two thirds of a brain has already performed similar (but probably better) tests and come to the same conclusion.
And third, OpenSSL uses assembly code hand-crafted for the CPU when built for the 32-bit environment (solaris-sparcv9-gcc) and compiles C when built for the 64-bit environment (solaris64-sparcv9-gcc). Great comparison, guy.
Apples, meet Oranges (or Wintels).
Mark
An anonymous coward has already remarked that this opens up a DoS attack against the DNS infrastructure
But not a new one. As I've already shown, slashdot (among others) uses wildcard records today. For useless values of [useless], look up [useless].slashdot.com. Practically, this is no different from [useless].com, unless you're close to the 255-character limit.
Mark
This is most certainly breaking the DNS standard
No, it's most certainly not.
It uses DNS as the means to some questionable ends, but it doesn't break anything.
As a matter of fact, the master file format (which is not the DNS standard as we care about it in this context anyway) explicitly provides for wildcard records.
Watch your location (URL, address, URI, whatever) bar:
See?
Again?
One more time?
Now, what standards have we broken? What's to prevent the web server from deciding what content to give us based on the Host header field we send?
Mark
The advice up until now: Do not use the word "password" as your password.
The advice from this point forward: Do not associate an inkblot with inkblots.
Mark
The updated Security.framework will be loaded by ScreenSaverEngine.app the next time it runs - in other words, the next time the screen saver activates.
Have you tried it? I have. No reboot, and no more crashing screen saver.
Anything that is already running retains the old version of Security.framework until it's started again, but ScreenSaverEngine.app and loginwindow are both immune. There may be other (unrealized? unreported?) exploits that the update fixes that require a logout or reboot, but to fix the simple screen saver exploit, no such silliness is required.
Mark
This story should have been from the we-can-sell-you-the-brooklyn-bridge department.
Mark
1. Come up with ridiculous business model
Wouldn't you think that it'd be easier to package a simple oscillator circuit and a speaker in a plastic box and charge $5 for it?
2. ???
Now, I know what you're saying: when you do it with cell phones, you get to charge $2.50 a month, and recurring revenue beats one-shot, right?
3. Profit!
But this is Korea we're talking about, here. When was the last time a Hyundai lasted longer than a month without needing to be replaced?
Duct Tape
Will there be a standard 36V/42V power outlet, or are we forever stuck with the horrible 12V cigarette lighter "socket?"
Mark