I started using Azereus despite the Java crap because it was the only one that used UDP or TCP NAT hole punching (or whatever they call it) so I didn't have to open up any ports. I've since found uTorrent, which is closed source, but I can actually play games while it runs in the background and if they start packaging spyware with their client, I'll just move on to the next one.
Don't ever feel obligated to stick to doing one thing. I suppose that's part of the reason why I go to Digg for my news first now anyway.
I think it was in 2000 that a/. patron actually listed the "complexity"-related proof that Moore's law died in 2000, but here's my contribution:
Who said what? California Institute of Technology Professor Carver Mead was the one who dubbed it Moore's Law, a lofty title Moore said he was too embarrassed to utter himself for about 20 years. David House, a former Intel executive, extrapolated that the doubling of transistors doubles performance every 18 months. Actually, performance doubles more like every 20 months. Moore emphatically says he never said 18 months for anything.
The rule also doesn't apply to hard-drive densities or to the growth of other devices. "Moore's Law has come to be applied to anything that changes exponentially, and I am happy to take credit for it," Moore joked.
This is not about mhz ratings, though for a while these were doubling along the same rate as transistors per square inch were. Moore's comments were about integrated circuit "complexity" minimum component costs, which, if you are talking about transistors, has remained reasonable accurate. If you are talking about mhz per dollar, then you're going to find this is not accurate at all.
Long story short, if you had a 2 ghz machine in early 2003 and you're wondering why you aren't on an 8 ghz machine now, it's because mhz ratings have NOTHING to do with Moore's Law. Which is why I suggest referring to the Wiki entry on it.
Also important is Kryder's Law for HD storage capacity. Within a decade or two we may be able to store all creative works ever created on one drive.
Case in point: Hard drives increase a thousand-fold in storage space every 10.5 years. In 1996 I purchased a Compaq computer with a 1 gig drive. That was an insane amount of space at the time, but now, 10 years later, it looks like I may be able to purchase my first TB drive soon.
How Google gets around this...
on
Cross Site Cooking
·
· Score: 5, Interesting
About two years ago I came up with a mechanism to base session cookies off of a series of md5 hashes along with the user-agent, screen resolution, and the Class B subnet mask and wrote up a document on how it could be done. Lo and behold I find that Google must have also independently figured out a way to do this as well. They implemented something like this into their gmail cookies, making XSS attacks damn near useless unless you're a good guesser or you know what you're doing when you do the cookie stealing and actually include javascript variables and record EVERYTHING you possibly can.
And it should have went like this: Feds: Give us your records Google: No Feds: We need IPs and Searches, plz kkthnxbye Google: No, that's a violation of privacy rights for you to have that and... ACLU: The constitution! Google Customer: Wait, you said "no based on privacy rights" not "no based on that you didn't actually record that information" Google:... Google Customer: So uh, you're recording IPs and searches for those IPs? Google:... ACLU: The constitution! Feds: haha, Google got pwned by teh customer! lollerskates. Your[sic] no better than us! Google::(
Google is putting up a fight (which they'll eventually settle on) simply for the sake of looking good, whereas Yahoo isn't. Granted, there are likely other search engines that don't make up the 99% of searches on the Internet that you could use instead, but they are pretty crappy.
The main point of the post was to suggest people keep email accounts with one provider and do searches on another provider and never accept cookies.
I do state to look at financials as well: Assets and Liabilities also play a huge part in valuation. A company can have a high market cap but have a crappy current ratio or debt to equity ratio.
I was just a little upset by the number of posts saying "$400 is too high" that seemed to come from individuals who had no idea of the concept of market cap.
One thing that really bothers me (and no one as yet has asked) is why Google responded the way they did.
IMHO, when the Federal Government asks for searches, getting a response of: "We don't think it's constitutional for you to be requesting that kind of information on the general public" instead of, "WE'RE NOT ASSHOLISH ENOUGH TO RECORD EVERYONE'S SEARCHES!" is the difference between someone who fights for their stock price (theirself in the eyes of the public), and someone who truly does fight for liberty or freedom.
The government is going to win this case. It's a business, not a real person, all the arguments Google can make against the government holding the information the government could make against Google themselves holding it. Google will break a deal and keep recording what people search for. If they would have been smart and just never recorded searches in the first place (which they do on the Google Search Appliance) then this wouldn't have been a big deal.
IMHO, their response should not have been "No, we will not give you that information." it should have been, "No, we do not record that information." I've been using Yahoo's streamlined search at http://search.yahoo.com/ now for the last two months, but this alone would be enough to make me switch if I hadn't already. I loathe MSN's search, but I've found Yahoo's to be nice enough that I just never enable cookies.
I think Internet searching at the same place that you hold an active email account is probably the worst thing you could possibly do for privacy right now. And it doesn't matter who it is.
While that is intended to be funny, I think this is pertinent:
I have a feeling of being watched by a Google Robot. What about my privacy? Again, we take great measures to ensure no privacy is ever invaded. Even if there is a Google Robot next to you, it doesn't mean he records everything you say. You can think of him as a quiet neighbor doing gardening work. Do you suspect your neighbor to spy on your life... just because he's within a short distance of you?
"evil" comes from "yfel" and has roots in Germanic languages of High German "ubil" and Gothic "ubils". These are believed to come from the Teutonic root "ubiloz" which carries the meaning of "up" or "over". Basically, it means, "going over the boundaries" or going "above and beyond" in a malicious fashion.
If there is one thing I've learned, it's that geeks make horrible investors.
I've seen a number of posts on here complaining about the Google share price being outrageous. I'd be interested in hearing what they would have to say about Berkshire Hathaway (BRK.A) at an astonishing $89,600 per share. I suppose you think they are overrated too?
It's all in the market cap. While it might seem that might post is a thinly-veiled insult to the Slashdot crowd, I actually intend for it to be encouragement for most of you to go out and take a few stock market classes or read up on investopedia or wikipedia.
Here's your free lesson: Market cap of Google is $130.94 billion. Market cap of Apple is $64.30 billion. Berkshire-Hathaway is $112.99 billion. IBM is $126.93 billion. Microsoft is a whopping $279.74 billion. Yahoo is $49.47 billion. (Current as of EOD 1-24-06)
Based on this, a geek can deduce their interpretation of which company is "worth" more and thus determine which stocks to buy and which ones to "short". (For more on how to short a stock, use your favorite search engine or check with your brokerage)
Assets and Liabilities also play a huge part in valuation. A company can have a high market cap but have a crappy current ratio or debt to equity ratio. Personally I think Google is slightly overvalued, but here's the list that I have with actual market cap and where I think each of the above companies market caps *should* be.
It's up to you how you determine what you currently value a company at, but I think valuing based off of market cap is a good way to get started. For example, Yahoo at one point had a paltry market cap of something like 7 billion after the dot-com crash of 2001-2002. Astute investors (like myself and others) invested in these companies that we suspected would rebound. Several of us make off very well because of it. And it didn't take much more than time for us to learn.
Of course, I gradually taught myself this over the course of about 6 months. I do not regret using the time between graduation and first official full-time job to do so. What a risky time to be playing with my money, though. If I had to do it over again... well, I'd still probably do it.:)
Oh, and I lost money too. But if you invest in safely and stay away from the lure of pink sheets stocks, you'll do fine.
On the one hand, they want you to be secure. On the other hand, they don't want you to be so secure that you no longer need their services.
I think the biggest single testament to this statement being true is the utter lack of insurance in IT security. I've never been a fan of *ANY* type of insurance (think about it, they must be making money or they wouldn't be doing it, which means that the risk is far too low) but IT insurance is one thing that just hasn't taken off. Which means that the risk is far too high of security breaches.
Keep in mind that some of the best security minds are actually working on the other side of the fence. The guys that you hire to protect you are the ones that cannot make enough money as blackhats/criminals, or have a conscience (aka wife and kids), and couldn't possibly bring themselves to do harm.
The base of the issue is that malware works on multiple levels, but the example he provides (or what he seems to be hinting at, is putting physical security issues into a report? That's great and all, but very few malware authors actually go the physical route. That is more for armed robbery or internal (disgruntled employee) type threats.
I don't think this constitutes much change, just how things are reported, and maybe to who.
Not to mention spelling. The difference between "to" and "too". Taco says he left the mistakes in there, but most of us can use websites like digg or whatnot to get direct links to horribly-written blogs, and come to Slashdot because we expect a little more. I'm finding there is less and less of a reason to come here when: 1) Other websites index blog posts and good tech news items faster 2) Other websites have the same grammar and spelling issues (or in some cases less)
IMHO, purposely leaving spelling and grammar mistakes in an article is promoting a very anti-geek method: learning. I understand when someone who doesn't use English as their first language makes a mistake. Hell, I even empathize with them. But when you get people, who should simply know better, purposely doing this type of stuff on a professional website, you're not promoting learning to international posters. This goes for German sites where USians try to post as well. If they aren't using correct German grammar/spelling, then why should I care when I post in German?
Also, you're causing huge issues when search engines index your site and someone wants to find a previous article and maybe only remembers a phrase. I would do a search on "it needs to be not too long" and I would never find the comment/article.
I simply unregistered the dll file on both work and home XP computers, but not the others I help supervise. The folks that are concerned about hackers "re-registering" it are working with the assumption that there is either another 0-day exploit out there that allows the hackers to do that, or don't understand how the vulnerability works. Also, the need for a patch on Windows 98, NT, or 2K is non-existant.
I honestly think relying on a third-party to patch a system is ridiculous. Someone could tell me there is absolutely no ill-intent on behalf of the person releasing the particular patch, and even tell me exactly what the patch does. I still wouldn't implement it. The reason, of course, is because in five years, Microsoft will still be Microsoft, whereas Ilfak Guilfanov might disappear or ignore requests for help. Who knows if he'll even be contactable?
Also, FYI, this specific "patch" he created hides windows functionality on a kernel level. There are other pieces of software that use this same kind of methodology: rootkits. While this could be considered a white-hat rootkit, it's just not a legitimate fix for the real problem. Unregistering the dll was the best solution for security nuts.
Accountability is a very important factor. Microsoft might be taking a gamble on not releasing an insta-patch that breaks (what amounts to being) unused functionality at the cost of security, but that is their perrogative. Home consumers, and their other clients, get to be the judge on whether or not they are doing the right thing. By releasing this patch early, I think they've quelled some corporate concerns.
Handed down by U. S. District Judge Charles R. Wolle on Dec. 23, the judgment also prohibits McCalla from accessing the Internet for three years.
Whenever you hear of malicious hackers or spammers getting caught you always see these stipulations of "not allowed to use the Internet". If you ask me, it's kind of ridiculous to impose a restriction of that sort on a spammer who probably didn't actually do the spamming, but outsourced that to some kid in Russia.
Also, regarding the judgement. If the only point of the judge issuing such a high fine was to draw attention to himself and/or the case (TFA states that they will likely not see ANY money at all), he should have done something far worse: told the spammer to compose an email of apology to the CIS account holders he spammed with his full name and legitimate email address.
I miss when the punishment used to fit the crime. There was an opportunity here to do something really unique and instead it became something easily forgotten in the coming weeks.
Ignoring that this article is just one big advertisment:
900 MB of text data. Precisely 944,156,137 bytes of text files. AMD 1800 w/1.5 gig of RAM. Cable connection. My objective is often getting the data to someone else.
Comparisons: 7Zip = 5:24 to compress,:55 to decompress, file size 188,380,358 bytes. WinRK = 18:35 to compress, 3:48 to decompress, file size 132,097,001 bytes.
Note that this is one of the fastest settings on 7Zip, I didn't have time to see if 7zip could beat it in size.
That's a difference of about 50 meg, which may seem like a lot, but imagine if you just wanted to send these 900 megs of text files to someone in the quickest amount of time. With WinRK, immediately add the 18:35 and 3:48 to get 22:23. WinZip is 5:24 plus the:55 to get 6:19. That's a difference of 22:23 minus 6:19 to get 16:04 that the 50 meg needs to be sent in. Or 964 seconds.
Actual amount to transfer: 188,380,358 - 132,097,001 = 56,283,357 bytes.
I have a 256k upload, which is about 32K per second. 32Kpbs at 964 seconds is about 30.8 megs. So while 7zip isn't quite as good in a one peer to one peer transfer with say, a cable modem, it could be argued that the excessive processor time needed to compress and (especially!) decompress the file is ridiculous when compared to the saved space.
I have to agree with parent here. This is a low impact vuln that was already fixed.
From the disclosure: Therefore, when sending an XSS attack payload, encoded in UTF-7, the payload will return in the response without being altered.
For the attack to succeed (script execution), the victim's browser should treat the XSS payload as UTF-7.
This is a complicated vulnerability to have exploited in practice, but now that it has been mentioned, it makes me wonder just how many other encoded XSS vulns could be done with UTF-7 assuming the user's had the ability to get the victims to obtain the pages in that format.
If Firefly doesn't stop now, then how else are we going to have Firefly: The Next Generation here in twenty years, complete with the new River/Jane-daughter wise-cracking empath, a male companion, a cyborg mechanic, and the psychotic-chained-up Reaver named "Thudd" for comedic relief?
It has been tested during the experiment phase several times. AFAIK, it's been a consistent failure. Also, it's never been observed, but I keep getting told by Atheists (note, I didn't say evolution proponents, because it is just a specific subset of them that are going a bit too far) that abiogenesis happened despite evidence to the contrary.
Certainly, ID isn't science, but I'm a bit confused how the atheist form of extending evolution back to spontaneous generation is somehow science.
That's a good point, but you're forgetting that Google isn't an open source company. They are open-source friendly, but they are primarily a commercial enterprise. As a public one at that, their incentive is to make their investors $sys$RICH money.
There are some bright engineers at Opera that are working there for the money. If they were paid by Google to assist some of their Mozilla development staff, how long do you think it'd be before Mozilla had the capability to absolutely crush IE in the browser market?
In essence, you're forgetting that buying the rights to the browser (or the company itself) gets them more than just the product.
I see this as a potentially bad thing. Google could eventually end up paying the salaries for half the Mozilla development team and then threaten to pull those salaries or use these people to push changes that aren't community-driven. Just take it as fair warning in case they *do* end up buying some of the Opera developers and a few months later we see them on the Mozilla dev team.
For fingerprint scanners: 1) Crouch down and breathe hot air on the pad. (Over 80% effectiveness for fingerprint scanners on the market, and probably led to the playdough tests) 2) Put on a latex glove and press with your thumb on the pad. 3) Pour water on it till it shorts, default mechanisms are often to unlock or resort to mechanical locking mechanisms, so get a key that way. (this obviously doesn't work for computers). 4) Get a USB sniffer (this obviously doesn't work for doors).
For ID cards: 1) Get a copy of one and make a mimic'd copy, complain that it isn't working to security, get one reissued or just get in. 2) Run a credit card through, sometimes nearly anything will work. 3) Pass a magnet nearby (this worked every time on a device labeled as an RFID scanner, and the vendor marketing it didn't know why)
For eye scanners: 1) Find a picture of the person offline and blow it up to actual eye size, laminate it. 2) Put a mirror in front of the scanner. (Yes, this works on at least one of them, and no, the vendor didn't specify why)
Slashdot Mirror
Except this is Jimbo Wales, right? So it's not just any "group" of Wikipedians.
Also, if it keeps up, is it possible a new wiki will be taking willing editors from Wikipedia?
I started using Azereus despite the Java crap because it was the only one that used UDP or TCP NAT hole punching (or whatever they call it) so I didn't have to open up any ports. I've since found uTorrent, which is closed source, but I can actually play games while it runs in the background and if they start packaging spyware with their client, I'll just move on to the next one.
Don't ever feel obligated to stick to doing one thing. I suppose that's part of the reason why I go to Digg for my news first now anyway.
You forgot to put 'synergy' in there... Doesn't really matter where you put it, the word is made up anyway.
From:
http://news.com.com/FAQ+Forty+years+of+Moores+Law
This is not about mhz ratings, though for a while these were doubling along the same rate as transistors per square inch were. Moore's comments were about integrated circuit "complexity" minimum component costs, which, if you are talking about transistors, has remained reasonable accurate. If you are talking about mhz per dollar, then you're going to find this is not accurate at all.
Long story short, if you had a 2 ghz machine in early 2003 and you're wondering why you aren't on an 8 ghz machine now, it's because mhz ratings have NOTHING to do with Moore's Law. Which is why I suggest referring to the Wiki entry on it.
Also important is Kryder's Law for HD storage capacity. Within a decade or two we may be able to store all creative works ever created on one drive.
Case in point: Hard drives increase a thousand-fold in storage space every 10.5 years. In 1996 I purchased a Compaq computer with a 1 gig drive. That was an insane amount of space at the time, but now, 10 years later, it looks like I may be able to purchase my first TB drive soon.
About two years ago I came up with a mechanism to base session cookies off of a series of md5 hashes along with the user-agent, screen resolution, and the Class B subnet mask and wrote up a document on how it could be done. Lo and behold I find that Google must have also independently figured out a way to do this as well. They implemented something like this into their gmail cookies, making XSS attacks damn near useless unless you're a good guesser or you know what you're doing when you do the cookie stealing and actually include javascript variables and record EVERYTHING you possibly can.
And it should have went like this: ... ... ... :(
Feds: Give us your records
Google: No
Feds: We need IPs and Searches, plz kkthnxbye
Google: No, that's a violation of privacy rights for you to have that and
ACLU: The constitution!
Google Customer: Wait, you said "no based on privacy rights" not "no based on that you didn't actually record that information"
Google:
Google Customer: So uh, you're recording IPs and searches for those IPs?
Google:
ACLU: The constitution!
Feds: haha, Google got pwned by teh customer! lollerskates. Your[sic] no better than us!
Google:
Depends.
Google is putting up a fight (which they'll eventually settle on) simply for the sake of looking good, whereas Yahoo isn't. Granted, there are likely other search engines that don't make up the 99% of searches on the Internet that you could use instead, but they are pretty crappy.
The main point of the post was to suggest people keep email accounts with one provider and do searches on another provider and never accept cookies.
I do state to look at financials as well:
Assets and Liabilities also play a huge part in valuation. A company can have a high market cap but have a crappy current ratio or debt to equity ratio.
I was just a little upset by the number of posts saying "$400 is too high" that seemed to come from individuals who had no idea of the concept of market cap.
IMHO, when the Federal Government asks for searches, getting a response of: "We don't think it's constitutional for you to be requesting that kind of information on the general public" instead of, "WE'RE NOT ASSHOLISH ENOUGH TO RECORD EVERYONE'S SEARCHES!" is the difference between someone who fights for their stock price (theirself in the eyes of the public), and someone who truly does fight for liberty or freedom.
The government is going to win this case. It's a business, not a real person, all the arguments Google can make against the government holding the information the government could make against Google themselves holding it. Google will break a deal and keep recording what people search for. If they would have been smart and just never recorded searches in the first place (which they do on the Google Search Appliance) then this wouldn't have been a big deal.
IMHO, their response should not have been "No, we will not give you that information." it should have been, "No, we do not record that information." I've been using Yahoo's streamlined search at http://search.yahoo.com/ now for the last two months, but this alone would be enough to make me switch if I hadn't already. I loathe MSN's search, but I've found Yahoo's to be nice enough that I just never enable cookies.
I think Internet searching at the same place that you hold an active email account is probably the worst thing you could possibly do for privacy right now. And it doesn't matter who it is.
Also of note:
http://blog.outer-court.com/googlerobot/
While that is intended to be funny, I think this is pertinent:
"evil" comes from "yfel" and has roots in Germanic languages of High German "ubil" and Gothic "ubils". These are believed to come from the Teutonic root "ubiloz" which carries the meaning of "up" or "over". Basically, it means, "going over the boundaries" or going "above and beyond" in a malicious fashion.
So yes, Google, I *do* think you are evil.
If there is one thing I've learned, it's that geeks make horrible investors.
... well, I'd still probably do it. :)
I've seen a number of posts on here complaining about the Google share price being outrageous. I'd be interested in hearing what they would have to say about Berkshire Hathaway (BRK.A) at an astonishing $89,600 per share. I suppose you think they are overrated too?
It's all in the market cap. While it might seem that might post is a thinly-veiled insult to the Slashdot crowd, I actually intend for it to be encouragement for most of you to go out and take a few stock market classes or read up on investopedia or wikipedia.
Here's your free lesson:
Market cap of Google is $130.94 billion. Market cap of Apple is $64.30 billion. Berkshire-Hathaway is $112.99 billion. IBM is $126.93 billion. Microsoft is a whopping $279.74 billion. Yahoo is $49.47 billion.
(Current as of EOD 1-24-06)
Based on this, a geek can deduce their interpretation of which company is "worth" more and thus determine which stocks to buy and which ones to "short". (For more on how to short a stock, use your favorite search engine or check with your brokerage)
Assets and Liabilities also play a huge part in valuation. A company can have a high market cap but have a crappy current ratio or debt to equity ratio. Personally I think Google is slightly overvalued, but here's the list that I have with actual market cap and where I think each of the above companies market caps *should* be.
TICK-ACTUAL-WORTH
GOOG-131-110
AAPL-64-80
BRKA-113-130
IBM-127-100
MSFT-279-230
YHOO-50-80
It's up to you how you determine what you currently value a company at, but I think valuing based off of market cap is a good way to get started. For example, Yahoo at one point had a paltry market cap of something like 7 billion after the dot-com crash of 2001-2002. Astute investors (like myself and others) invested in these companies that we suspected would rebound. Several of us make off very well because of it. And it didn't take much more than time for us to learn.
Of course, I gradually taught myself this over the course of about 6 months. I do not regret using the time between graduation and first official full-time job to do so. What a risky time to be playing with my money, though. If I had to do it over again
Oh, and I lost money too. But if you invest in safely and stay away from the lure of pink sheets stocks, you'll do fine.
There's a reason why that movie was in the top ten bittorrented videos on piratebay, yes.
On the one hand, they want you to be secure. On the other hand, they don't want you to be so secure that you no longer need their services.
I think the biggest single testament to this statement being true is the utter lack of insurance in IT security. I've never been a fan of *ANY* type of insurance (think about it, they must be making money or they wouldn't be doing it, which means that the risk is far too low) but IT insurance is one thing that just hasn't taken off. Which means that the risk is far too high of security breaches.
Keep in mind that some of the best security minds are actually working on the other side of the fence. The guys that you hire to protect you are the ones that cannot make enough money as blackhats/criminals, or have a conscience (aka wife and kids), and couldn't possibly bring themselves to do harm.
The base of the issue is that malware works on multiple levels, but the example he provides (or what he seems to be hinting at, is putting physical security issues into a report? That's great and all, but very few malware authors actually go the physical route. That is more for armed robbery or internal (disgruntled employee) type threats.
I don't think this constitutes much change, just how things are reported, and maybe to who.
...from what I remember, Star Trek X wasn't that big.
Not to mention spelling. The difference between "to" and "too". Taco says he left the mistakes in there, but most of us can use websites like digg or whatnot to get direct links to horribly-written blogs, and come to Slashdot because we expect a little more. I'm finding there is less and less of a reason to come here when:
1) Other websites index blog posts and good tech news items faster
2) Other websites have the same grammar and spelling issues (or in some cases less)
IMHO, purposely leaving spelling and grammar mistakes in an article is promoting a very anti-geek method: learning. I understand when someone who doesn't use English as their first language makes a mistake. Hell, I even empathize with them. But when you get people, who should simply know better, purposely doing this type of stuff on a professional website, you're not promoting learning to international posters. This goes for German sites where USians try to post as well. If they aren't using correct German grammar/spelling, then why should I care when I post in German?
Also, you're causing huge issues when search engines index your site and someone wants to find a previous article and maybe only remembers a phrase. I would do a search on "it needs to be not too long" and I would never find the comment/article.
Regarding the third-party patch...
I simply unregistered the dll file on both work and home XP computers, but not the others I help supervise. The folks that are concerned about hackers "re-registering" it are working with the assumption that there is either another 0-day exploit out there that allows the hackers to do that, or don't understand how the vulnerability works. Also, the need for a patch on Windows 98, NT, or 2K is non-existant.
I honestly think relying on a third-party to patch a system is ridiculous. Someone could tell me there is absolutely no ill-intent on behalf of the person releasing the particular patch, and even tell me exactly what the patch does. I still wouldn't implement it. The reason, of course, is because in five years, Microsoft will still be Microsoft, whereas Ilfak Guilfanov might disappear or ignore requests for help. Who knows if he'll even be contactable?
Also, FYI, this specific "patch" he created hides windows functionality on a kernel level. There are other pieces of software that use this same kind of methodology: rootkits. While this could be considered a white-hat rootkit, it's just not a legitimate fix for the real problem. Unregistering the dll was the best solution for security nuts.
Accountability is a very important factor. Microsoft might be taking a gamble on not releasing an insta-patch that breaks (what amounts to being) unused functionality at the cost of security, but that is their perrogative. Home consumers, and their other clients, get to be the judge on whether or not they are doing the right thing. By releasing this patch early, I think they've quelled some corporate concerns.
Handed down by U. S. District Judge Charles R. Wolle on Dec. 23, the judgment also prohibits McCalla from accessing the Internet for three years.
Whenever you hear of malicious hackers or spammers getting caught you always see these stipulations of "not allowed to use the Internet". If you ask me, it's kind of ridiculous to impose a restriction of that sort on a spammer who probably didn't actually do the spamming, but outsourced that to some kid in Russia.
Also, regarding the judgement. If the only point of the judge issuing such a high fine was to draw attention to himself and/or the case (TFA states that they will likely not see ANY money at all), he should have done something far worse: told the spammer to compose an email of apology to the CIS account holders he spammed with his full name and legitimate email address.
I miss when the punishment used to fit the crime. There was an opportunity here to do something really unique and instead it became something easily forgotten in the coming weeks.
Ignoring that this article is just one big advertisment:
:55 to decompress, file size 188,380,358 bytes.
:55 to get 6:19. That's a difference of 22:23 minus 6:19 to get 16:04 that the 50 meg needs to be sent in. Or 964 seconds.
900 MB of text data. Precisely 944,156,137 bytes of text files. AMD 1800 w/1.5 gig of RAM. Cable connection. My objective is often getting the data to someone else.
Comparisons:
7Zip = 5:24 to compress,
WinRK = 18:35 to compress, 3:48 to decompress, file size 132,097,001 bytes.
Note that this is one of the fastest settings on 7Zip, I didn't have time to see if 7zip could beat it in size.
That's a difference of about 50 meg, which may seem like a lot, but imagine if you just wanted to send these 900 megs of text files to someone in the quickest amount of time. With WinRK, immediately add the 18:35 and 3:48 to get 22:23. WinZip is 5:24 plus the
Actual amount to transfer: 188,380,358 - 132,097,001 = 56,283,357 bytes.
I have a 256k upload, which is about 32K per second. 32Kpbs at 964 seconds is about 30.8 megs. So while 7zip isn't quite as good in a one peer to one peer transfer with say, a cable modem, it could be argued that the excessive processor time needed to compress and (especially!) decompress the file is ridiculous when compared to the saved space.
I have to agree with parent here. This is a low impact vuln that was already fixed.
From the disclosure:
Therefore, when sending an XSS attack payload, encoded in UTF-7, the payload will return in the response without being altered.
For the attack to succeed (script execution), the victim's browser should treat the XSS payload as UTF-7.
This is a complicated vulnerability to have exploited in practice, but now that it has been mentioned, it makes me wonder just how many other encoded XSS vulns could be done with UTF-7 assuming the user's had the ability to get the victims to obtain the pages in that format.
Probably because I was thinking of Red Dwarf when I wrote it. I think the Cyborg mechanic part might have done it, too.
If Firefly doesn't stop now, then how else are we going to have Firefly: The Next Generation here in twenty years, complete with the new River/Jane-daughter wise-cracking empath, a male companion, a cyborg mechanic, and the psychotic-chained-up Reaver named "Thudd" for comedic relief?
So then, is abiogenesis science?
It has been tested during the experiment phase several times. AFAIK, it's been a consistent failure. Also, it's never been observed, but I keep getting told by Atheists (note, I didn't say evolution proponents, because it is just a specific subset of them that are going a bit too far) that abiogenesis happened despite evidence to the contrary.
Certainly, ID isn't science, but I'm a bit confused how the atheist form of extending evolution back to spontaneous generation is somehow science.
Does anyone know if programming actually started in 2000 for this? It seems like Perl 6 has been in development for forever.
That's a good point, but you're forgetting that Google isn't an open source company. They are open-source friendly, but they are primarily a commercial enterprise. As a public one at that, their incentive is to make their investors $sys$RICH money.
There are some bright engineers at Opera that are working there for the money. If they were paid by Google to assist some of their Mozilla development staff, how long do you think it'd be before Mozilla had the capability to absolutely crush IE in the browser market?
In essence, you're forgetting that buying the rights to the browser (or the company itself) gets them more than just the product.
I see this as a potentially bad thing. Google could eventually end up paying the salaries for half the Mozilla development team and then threaten to pull those salaries or use these people to push changes that aren't community-driven. Just take it as fair warning in case they *do* end up buying some of the Opera developers and a few months later we see them on the Mozilla dev team.
I know of a few ways as well.
For fingerprint scanners:
1) Crouch down and breathe hot air on the pad. (Over 80% effectiveness for fingerprint scanners on the market, and probably led to the playdough tests)
2) Put on a latex glove and press with your thumb on the pad.
3) Pour water on it till it shorts, default mechanisms are often to unlock or resort to mechanical locking mechanisms, so get a key that way. (this obviously doesn't work for computers).
4) Get a USB sniffer (this obviously doesn't work for doors).
For ID cards:
1) Get a copy of one and make a mimic'd copy, complain that it isn't working to security, get one reissued or just get in.
2) Run a credit card through, sometimes nearly anything will work.
3) Pass a magnet nearby (this worked every time on a device labeled as an RFID scanner, and the vendor marketing it didn't know why)
For eye scanners:
1) Find a picture of the person offline and blow it up to actual eye size, laminate it.
2) Put a mirror in front of the scanner. (Yes, this works on at least one of them, and no, the vendor didn't specify why)