well, he apparently managed to "clean machine using the very same machine" so that would make him a bit less "naive" and a bit more "capable".
You don't get it. A good rootkit will only let you see what the rootkit wants you to see (when using the very same machine where rootkit runs). However capable he is, he (if the rootkit was installed) has no way to know whether the trojan was installed, far less being able to clean it.
You looks in the registry, but the rootkit intercept registry API. You looks at disk, but the rootkit intercept disk API. And so on. All he can claim is that he eliminated sindromes visible to him.
For me, his claims that he cleaned the machine worth nothing, they only say that this guy does not deserve his sysadmin's salary.
The author is talking about JPEG processing bug and he claims that "each of those products linked to it individually." But this is not true on XP, where the DLL in question is always loaded from the side-by-side cache (Windows\WinSxS).
So I am afraid you are right that his wife is running Windows 98 - in which case he got just what he deserves.
I regret I don't have moderator points for parent.
He claims to be a "system administrator and have a degree in computer science", and he lets his wife run as admin.
More than that, with all that experience he is naive enough to believe that he can clean machine using the very same machine - have he ever heard of rootkits and stealth program? Maybe he is just an idiot?
I've filed a Mozilla bug three years ago about Mozilla saving internet cache in Application Data folder, instead of Local Settings\Application Data folder. This makes it absolutely impractical to install Mozilla on large office network using Roaming Profiles, since the cache (tens of MBs) is copied over network on every logon/logoff. There are couple of dozens of duplicates, and dozen comments like "I wanted to install Mozilla in my N-thousand office, but this bug does not let me."
The bug is still active. So I agree with you - Mozilla is hard to use in large office network.
No, in no way I implied that Java VM can be crashed by bad bytecode.
But Java programmer should be very careful with public Array<Foo> property. He might think that only objects of type Foo can be inserted into it, becase otherwise he gets compiler error. But it is possible (by fully safe code that does not have priviledges to do unsafe type casts) to insert objects of type Bar into this array.
Sometimes this is not a big problem, but often this assumption can lead to a volnurability, if the code makes security decision based on content of the array.
.NET protects programmer in this case: in.NET Array<Foo> means array of Foo, and safe code can't insert Bar into this collection.
Another case where Java's implementation sucks is security: if you have a property of type Array in C#, you can be sure that runtime checks that only Foo can be inserted inside this Array. C# keeps all the metadata and enforces the correct usage.
In Java, all instanced of Array<T> are the same class, and there is no runtime type-safety. The compiler generates error if generic is incorrectly used, but you can easily bypass compiler by manipulating byte code. So if you have Array<Foo> in Java, be expecting to find Bar inside.
In a few years, even the most upgraded computer will be hopelessly obsolete and will be replaced if you need/want to run the latest and greatest software, especially games.
It looks like with your "upgrades" of HD and RAM you don't even imagine people using PC have a choice to upgrade video card, motherboard and processor too.
But we do it all the time, e.g. my computer is slowly evolving PC which began its life in the end of 2000. I've replaced motherboard/CPU/memory, HD, added CDR and the computer serves fine to me.
If you want the barest of bones function in your den or workshop, get a cheap workable x86 with windows, but if you care about looks in your living or family room you may want to pay a little extra.
What a BS - there are tons of nice cases available for x86, just choose one that suites your taste. Much more than Apple has to offer.
Or maybe because these jurors are from Rochester where Kodak is located and they hope Kodak will return the money it wins from Sun to the state.
There are two problems:
first, Kodak would not return these money, they will instead cut local jobs and outsource
Second, I doubt federal court will uphold this decision (although it may temporary rise Kodak's stock and let several people do some money in between).
Minor error in the calculations: when talking about photo sensor pixel count, most producers mean photo site count. I.e. they will count a single "regular" pixel as three pixels (R, B and G). But they also have 12 bits/"pixel" raw resolution, not 8 as most monitors.
This cuts the time to pass raw uncompressed image twice. But of course, Canon does compress its RAW files, and JPEGs are compressed much more and have 8 bits/color channel.
Agree, I have Dell 2000FP for two years (older model, 2001FP is supposed to be faster), and do not see any delay, everything is instant.
My very old ViewSonic 15" had noticeable trace when dragging a big window - LCDs used to have slow response, but it was very minor one, and I could not see a trace behind small objects like mouse. It did not cause any problem except in some very fast games.
there are still people running NT4, which obviously does not support.Net at all.
These people are running NT4 because they have legacy applications that they need running. They tested these apps on NT4, don't want to retest on newer OS, or don't have source code, or don't have anybody who can comprehend that source code.
These people are not interested in any new application on NT4, whether.NET or not.
Patches to operating systems are more analogous to repairs of design faults than gas refill, oil changes or other regular services.
It would be very nice if that was true, but it is not. Neither Windows, nor OS X, nor Linux can work connected to internet without regular patching - this is reality of software development. You can setup a firewal, but you still have to patch IE or Mozilla, probably Office or OpenOffice, etc.
In current state of the art, patching is like oil change and other regular services.
Unlike Ford, which has to guarantee some minimum safety features, neither Windows, nor OS X, nor Linux guarantee you anything. And obviously, Ford would not be liable for accident which happened to a car which went 50k without an oil change.
Microsoft does not have the responsibility to supply the pirates with newer service packs (add more features etc.) but only with security updates.
Security updates are always installed on top of latest service pack, you can't separate one from other.
It is dangerous to the stability of the internet to have a large number of unpactched vulnerable windows machines.
So what? It would also be safer for everybody if those car thefts got their service and oil change - they are very dangerous on our highways in their semi-broken cars.
They can still download security updates from download area. You don't have to use windowsupdate.com to get updates.
Go to technical bulletins, select one that you want to patch, download stand-alone fix.
Re:never-been-rooted claims getting sillier
on
OpenBSD 3.5 Released
·
· Score: 1
2. The stock install comes with apache, an ftp server, X, and routing software ... turned off, so they don't count any exploits in it.
3. No, every recent DoS attack that has effected obsd has been fixed. I would hardly call, same day patches as "ignoring".
I did not say it was not fixed, the discussion was about that stupid claim "8 years..." - they don't count any DoS attacks there.
Re:never-been-rooted claims getting sillier
on
OpenBSD 3.5 Released
·
· Score: 0, Insightful
The funny part is that OpenBSD dudes
1) only count remote vulnurabilities, ignoring any local ones
2) only count default install, i.e. ignoring vulnurabilities in anything that makes system minimally interesting (web, ftp server, XWindows, routing apps)
3) ignore denial of service attacks - even remote ones and even those that allow you to remotely crash system (although they don't explicitly mention it)
There is a good joke about such kind of insurance:
A company calls insurance agent to get an insurance quote. - What are your risks? - We don't know - How much your company costs? - $10M - OK, send them in.
In this case the cost of insurance will probably be equal to SCO price.
In my vocabulary "to reverse engineer" means to find out something internal, hidden and protected. The article talks about "reverse engineering AMD instruction set", which is obviously public. This is called "copying", and has nothing to do with "reverse engineering"
You don't need a special version, you add accessibility features to your application.
If your application is composed of regular dialogs, you don't actually need to do much, since standard controls provide reasonable default implementation of accessibilty API.
In more complex applications, you implement accesibility interfaces that describe your application objects, and the way user may interact with them.
Slashdot Mirror
You don't get it. A good rootkit will only let you see what the rootkit wants you to see (when using the very same machine where rootkit runs). However capable he is, he (if the rootkit was installed) has no way to know whether the trojan was installed, far less being able to clean it.
You looks in the registry, but the rootkit intercept registry API. You looks at disk, but the rootkit intercept disk API. And so on. All he can claim is that he eliminated sindromes visible to him.
For me, his claims that he cleaned the machine worth nothing, they only say that this guy does not deserve his sysadmin's salary.
It is very simple:
1) turn on Windows firewall
2) make her regular user (non admin)
3) turn on automatic install of updates
That is all - after following these simple steps I just don't worry about her computer, and she never got any problem.
So I am afraid you are right that his wife is running Windows 98 - in which case he got just what he deserves.
He claims to be a "system administrator and have a degree in computer science", and he lets his wife run as admin.
More than that, with all that experience he is naive enough to believe that he can clean machine using the very same machine - have he ever heard of rootkits and stealth program? Maybe he is just an idiot?
But to claim that any of them can be mathematically proven to be secure is total bullshit.
What? Mathematically?! What greedy SUN saleman said you this outrageous stupid thing?
Then in what about all these bugs (15 security advisories in SUN JVM in 2 years):
http://secunia.com/product/784/
The bug is still active. So I agree with you - Mozilla is hard to use in large office network.
But Java programmer should be very careful with public Array<Foo> property. He might think that only objects of type Foo can be inserted into it, becase otherwise he gets compiler error. But it is possible (by fully safe code that does not have priviledges to do unsafe type casts) to insert objects of type Bar into this array.
Sometimes this is not a big problem, but often this assumption can lead to a volnurability, if the code makes security decision based on content of the array.
In Java, all instanced of Array<T> are the same class, and there is no runtime type-safety. The compiler generates error if generic is incorrectly used, but you can easily bypass compiler by manipulating byte code. So if you have Array<Foo> in Java, be expecting to find Bar inside.
It looks like with your "upgrades" of HD and RAM you don't even imagine people using PC have a choice to upgrade video card, motherboard and processor too.
But we do it all the time, e.g. my computer is slowly evolving PC which began its life in the end of 2000. I've replaced motherboard/CPU/memory, HD, added CDR and the computer serves fine to me.
If you want the barest of bones function in your den or workshop, get a cheap workable x86 with windows, but if you care about looks in your living or family room you may want to pay a little extra.
What a BS - there are tons of nice cases available for x86, just choose one that suites your taste. Much more than Apple has to offer.
There are two problems: first, Kodak would not return these money, they will instead cut local jobs and outsource
Second, I doubt federal court will uphold this decision (although it may temporary rise Kodak's stock and let several people do some money in between).
This cuts the time to pass raw uncompressed image twice. But of course, Canon does compress its RAW files, and JPEGs are compressed much more and have 8 bits/color channel.
My very old ViewSonic 15" had noticeable trace when dragging a big window - LCDs used to have slow response, but it was very minor one, and I could not see a trace behind small objects like mouse. It did not cause any problem except in some very fast games.
These people are running NT4 because they have legacy applications that they need running. They tested these apps on NT4, don't want to retest on newer OS, or don't have source code, or don't have anybody who can comprehend that source code.
These people are not interested in any new application on NT4, whether .NET or not.
It would be very nice if that was true, but it is not. Neither Windows, nor OS X, nor Linux can work connected to internet without regular patching - this is reality of software development. You can setup a firewal, but you still have to patch IE or Mozilla, probably Office or OpenOffice, etc.
In current state of the art, patching is like oil change and other regular services.
Unlike Ford, which has to guarantee some minimum safety features, neither Windows, nor OS X, nor Linux guarantee you anything. And obviously, Ford would not be liable for accident which happened to a car which went 50k without an oil change.
Security updates are always installed on top of latest service pack, you can't separate one from other.
It is dangerous to the stability of the internet to have a large number of unpactched vulnerable windows machines.
So what? It would also be safer for everybody if those car thefts got their service and oil change - they are very dangerous on our highways in their semi-broken cars.
Don't know about Windows Catalogue, but one can go to "technical" security bulletin, and download individual patch for this vulnerability.
What clients? You mean bloody pirates who did not pay a dime?
And if one stole a TV from a shop, and TV is broken, he should be able to bring it back and request a replacement.
They can still download security updates from download area. You don't have to use windowsupdate.com to get updates. Go to technical bulletins, select one that you want to patch, download stand-alone fix.
3. No, every recent DoS attack that has effected obsd has been fixed. I would hardly call, same day patches as "ignoring".
I did not say it was not fixed, the discussion was about that stupid claim "8 years..." - they don't count any DoS attacks there.
The funny part is that OpenBSD dudes
1) only count remote vulnurabilities, ignoring any local ones
2) only count default install, i.e. ignoring vulnurabilities in anything that makes system minimally interesting (web, ftp server, XWindows, routing apps)
3) ignore denial of service attacks - even remote ones and even those that allow you to remotely crash system (although they don't explicitly mention it)
There is a good joke about such kind of insurance:
A company calls insurance agent to get an insurance quote.
- What are your risks?
- We don't know
- How much your company costs?
- $10M
- OK, send them in.
In this case the cost of insurance will probably be equal to SCO price.
In my vocabulary "to reverse engineer" means to find out something internal, hidden and protected. The article talks about "reverse engineering AMD instruction set", which is obviously public. This is called "copying", and has nothing to do with "reverse engineering"
You don't need a special version, you add accessibility features to your application.
r l= /library/en-us/msaa/msaastart_9w2t.asp
If your application is composed of regular dialogs, you don't actually need to do much, since standard controls provide reasonable default implementation of accessibilty API.
In more complex applications, you implement accesibility interfaces that describe your application objects, and the way user may interact with them.
http://msdn.microsoft.com/library/default.asp?u