This sounds pretty cool, but unfortunately Via have a long, long history of announcing really cool products that then take years to appear, if they ever appear. This is particularly distressing with the EPIA stuff, where you can wait, literally, years after some cool new technology is announced before it's generally available, if it becomes available at all. Something like a SheevaPlug may cost a bit more, but then it's available right now and has an active dev community going for it.
Having such a unique barcode would have many advantages. In war soldiers could easily differentiate legitimate targets in a population from non combatants.
"I say, would you chaps mind stopping your shooting at us for a few minutes? I'd like to come over with a barcode scanner to verify which if you are supposed to be the enemy, so I don't accidentally hit the wrong person. I'll be right over as soon as I've finished this cup of tea".
Western Digital has had self-destructing drives for years.
There's also Intel's 320 series and its notorious Bad Context 13x Error, which destroys all data on your drive at arbitrary moments. After first claiming they'd fixed it, Intel then went on to just ignore the problem. So they beat RunCore to the market by at least a year, and unlike RunCore the Intel drives don't even require you to push a button in order to destroy all data on them.
It seems like Microsoft is really going out of it's way to innovate in Windows 8
Naah, this ReFS stuff is nothing. Once they ship Object File System^H^H^H^HStorage+^H^H^H^HRelational File System^H^H^H^HWinFS, then we'll really be cooking with plasma!
That LED tape looks fun, pity there are no prices on their website.
Go to any Chinese factory-outlet site like Alibaba or Dealextreme and you can buy these things in 10, 20, 50-metre rolls in any colour and power range you like.
Ferroresonant conditioners are pretty awesome. Technically they're not transformers but saturable-core reactors, in effect a giant 50/60Hz oscillator that generates its own 110/220V output no matter what you feed into it (that's simplified somewhat to avoid having this drag on for half a page, the main downside is that they're a bit frequency-sensitive so you can't run them off e.g. a generator whose output frequency wanders all over the place, and that they suck up about 10% of their rated power running the oscillator circuit). I have an ancient Sola 1500KVA model that stops spikes and whatnot not with some dinky little toy MOV but with 40kg of copper and iron. Although they're rated for a mere 25 years of 24/7 operation, they'll probably survive longer than you do (there are radio hams still using crinkle-finish units from the 1960s). They're pretty hard to destroy, even if you (for example) short the outputs together they'll run indefinitely without going up in smoke. In addition since they store quite a lot of energy internally they'll ride through short brownouts. While they won't withstand a lightning strike, they will survive things that would take out pretty much any other type of power conditioner.
> But jebus will protect me so I don't need your silly anti-virus
Jesus answered him, âoeIt is also written: âDo not put the Lord your God to the test.'"
'Of course it will sink if you put a hole in it,' Mr Palmer said in response to questions from reporters on whether the Titanic replica would sink.
Lowering the bar a bit this time, then.
And in news from 2016, the Titanic was reported as sinking off the coast of Queensland when a group of feral dropbears gnawed a hole in the hull.
The solution is to have routers verify that the IP address blocks announced by others routers actually belong to their networks. One method, Resource Public Key Infrastructure (RPKI), uses a system of cryptographic certificates that verify an IP address block indeed belongs to a certain network.
Well duh! You would have thought this was the case already. Why are we worrying about state sponsored cyber attacks if we leave a hole this big wide open?
The issue here is that trying to solve any problem using PKI leaves you with two problems. What's new in this case is that it doesn't require successfully deploying a PKI, which means it's not predestined to failure.
Another issue in this case is that a large percentage of BGP issues are due to glitches caused by legitimate ASes (misconfiguration, that sort of thing). Authenticating an erroneous mesage from a legit AS isn't going to help the problem.
I dunno, Atlas Shrugged doesn't dissuade people from becoming libertarians...I dare anyone to say that it isn't a horribly written egowankfest. Say it with a straight face.
I dunno, it certainly dissuaded me (although mostly just from reading another Ayn Rand book). It was like some revenge fantasy written by a hyperactive 14-year-old. It's actually a good comparison to Mein Kampf, the main difference being that Hitler had the good grace to shut up hundreds of pages before Rand did.
I came here to say the same thing. Banning publication is a service to anyone who, like me, might have the misguided belief that they'd learn something by reading it.
This is an argument in favour of publishing it, not suppressing it. Anyone with neo-nazi pretensions who tries to read this pile of crap (I gave it a go out of curiosity when I saw our University library had a 1933 copy, never made it past the first chapter) will pretty quickly give up and follow some other agenda. It's the best inoculation against Hitler-ism I know of.
Rather than a version control system, I think it would be more useful to put the law into a requirements management system (after all, what is the law but a set of requirements?) That *might* help lawmakers to see if they are complete (cover what is intended to be covered), consistent and measurable.
If you try and push this, you'll run into serious real-world acceptance problems. In some cases the law is deliberately obtuse, obscure, open to misinterpretation, and so on. It's this way by design, because two various groups couldn't agree on any wording, or they were under pressure to create a law that violates the laws of physics but managed to word it in such a way that it may not, or it's meant to be interpreted in a way that's more or less the opposite of what it says, or a thousand other reasons. The law is not a Turing machine, and never will be. The last thing most politicians or lawyers would want is a comprehensive overview system of the kind that's being proposed in the above posts.
before Iran retaliates and the whole thing escalates into WW3
There's almost nothing of any note on Kharq Island any more, most of it was destroyed during the Iran/Iraq war and never rebuilt. Have a look on Google Maps/Earth, there's a handful of oil storage tanks down the southern end, most of them completely empty, and one single ship that's almost certainly a bulk carrier (not an oil ship) docked there. The only reason Iran bothers to maintain a presence there is to extend their territorial claims into the Persian Gulf.
This is some sort of political shenanigans being played by Iran, nothing more.
For the most part it's relatively rare to handle untrusted certificate keys. I suppose it's possible if you're doing some form of authenticating the client end as well as the server end via SSL.
It really depends. If you're using OpenSSL purely as an SSL server and never use client certs then you should be OK (there are some weird-ass things involving OCSP response pinning where you can still get the server if you can impersonate the CA that it gets the OCSP info from, but that's getting a bit esoteric and I'm not sure how far OpenSSL supports that stuff yet). OTOH if you use client certs, or use it to run an OCSP server, or a CA, or do any kind of cert processing (including the relatively common use of 'openssl x509...' as a cert-handling swiss-army-chainsaw) then you're vulnerable. So I'd say it is of general concern, because so many things that involve using OpenSSL end up bringing it into contact with certs or other ASN.1 data.
Does this mean my client can be overrun if a server throws me a bad packet or two?
Yes.
I guess my other question is, how can the most utilized utility on a system still have unchecked overflows?
Have you ever looked at the OpenSSL code? It could have the Ark of the Covenant hidden in all that mess somewhere for all we know and we'd never find it.
Vagus nerve stimulation (VNS) via electrical impulses has been around for about two decades as a means of treating depression. It's a bit of a method of last resort though because it's rather invasive, and not all patients benefit from it. Even the currently-reported work isn't that new, the story about the crocus blooms has been going around for a couple of years now. It's certainly exciting work, but still quite bleeding-edge, and like VNS is expensive and invasive enough that it'll remain a method of last resort when everything else has failed.
It's not just too low, it's absolutely mindboggling that it still exists. Nearly twenty-five years ago my first ever colour monitor had a resolution of 1024x768. It's taken a quarter of a century to exceed that resolution (as the most-common one), and even then only by uselessly stretching the screen out sideways. In the meantime we seem to have stagnated at 1200 vertical resolution max for consumer-level gear unless you go to ridiculously expensive monitors.
Donâ(TM)t worry I donâ(TM)t do much work with databases any more (nor web apps)... but isnâ(TM)t the whole SQL injection problem pretty much solved by using prepared statements to decouple data from the query?
Not only is the problem not solved (see other comments above), but you often don't even know you're running an SQL database as part of some other app. For example I recently noticed that my dad's computer was running two full-blown SQL database servers,one (Firebird) was included in some crappy photo-editing program he was using and another (SQL Server Express) was part of something that I never managed to track down. So without even knowing it he was running at least two full SQL database engines, as well as a cut-down embedded one, SQLite,all without ever consciously doing anything that you'd think would involve databases. Holy fsck, he uses his computer to send email, order crap off ebay, and create photo slideshows, and it's running at least three SQL database engines! So you may be vulnerable to this problem, in multiple forms, without even knowing about it.
Same thing happens here. Your tax return is something you deal with while waiting for your tea to brew.
(I've also had to fill out a 1040. I was absolutely stunned at how complex such a (theoretically) simple thing can be made (the guide to filling your return, if formatted in standard octavo size, would literally be an entire book). I'd hate to imagine how much it costs the US economy each year for the entire country to fight their way through one of these monstrosities).
Slashdot Mirror
This sounds pretty cool, but unfortunately Via have a long, long history of announcing really cool products that then take years to appear, if they ever appear. This is particularly distressing with the EPIA stuff, where you can wait, literally, years after some cool new technology is announced before it's generally available, if it becomes available at all. Something like a SheevaPlug may cost a bit more, but then it's available right now and has an active dev community going for it.
Having such a unique barcode would have many advantages. In war soldiers could easily differentiate legitimate targets in a population from non combatants.
"I say, would you chaps mind stopping your shooting at us for a few minutes? I'd like to come over with a barcode scanner to verify which if you are supposed to be the enemy, so I don't accidentally hit the wrong person. I'll be right over as soon as I've finished this cup of tea".
"Oh I say! the Cads!"
Western Digital has had self-destructing drives for years.
There's also Intel's 320 series and its notorious Bad Context 13x Error, which destroys all data on your drive at arbitrary moments. After first claiming they'd fixed it, Intel then went on to just ignore the problem. So they beat RunCore to the market by at least a year, and unlike RunCore the Intel drives don't even require you to push a button in order to destroy all data on them.
It seems like Microsoft is really going out of it's way to innovate in Windows 8
Naah, this ReFS stuff is nothing. Once they ship Object File System^H^H^H^HStorage+^H^H^H^HRelational File System^H^H^H^HWinFS, then we'll really be cooking with plasma!
That LED tape looks fun, pity there are no prices on their website.
Go to any Chinese factory-outlet site like Alibaba or Dealextreme and you can buy these things in 10, 20, 50-metre rolls in any colour and power range you like.
Ferroresonant conditioners are pretty awesome. Technically they're not transformers but saturable-core reactors, in effect a giant 50/60Hz oscillator that generates its own 110/220V output no matter what you feed into it (that's simplified somewhat to avoid having this drag on for half a page, the main downside is that they're a bit frequency-sensitive so you can't run them off e.g. a generator whose output frequency wanders all over the place, and that they suck up about 10% of their rated power running the oscillator circuit). I have an ancient Sola 1500KVA model that stops spikes and whatnot not with some dinky little toy MOV but with 40kg of copper and iron. Although they're rated for a mere 25 years of 24/7 operation, they'll probably survive longer than you do (there are radio hams still using crinkle-finish units from the 1960s). They're pretty hard to destroy, even if you (for example) short the outputs together they'll run indefinitely without going up in smoke. In addition since they store quite a lot of energy internally they'll ride through short brownouts. While they won't withstand a lightning strike, they will survive things that would take out pretty much any other type of power conditioner.
> But jebus will protect me so I don't need your silly anti-virus Jesus answered him, âoeIt is also written: âDo not put the Lord your God to the test.'"
Why would I want to test Linus?
'Of course it will sink if you put a hole in it,' Mr Palmer said in response to questions from reporters on whether the Titanic replica would sink. Lowering the bar a bit this time, then.
And in news from 2016, the Titanic was reported as sinking off the coast of Queensland when a group of feral dropbears gnawed a hole in the hull.
The solution is to have routers verify that the IP address blocks announced by others routers actually belong to their networks. One method, Resource Public Key Infrastructure (RPKI), uses a system of cryptographic certificates that verify an IP address block indeed belongs to a certain network.
Well duh! You would have thought this was the case already. Why are we worrying about state sponsored cyber attacks if we leave a hole this big wide open?
The issue here is that trying to solve any problem using PKI leaves you with two problems. What's new in this case is that it doesn't require successfully deploying a PKI, which means it's not predestined to failure.
Another issue in this case is that a large percentage of BGP issues are due to glitches caused by legitimate ASes (misconfiguration, that sort of thing). Authenticating an erroneous mesage from a legit AS isn't going to help the problem.
I dunno, Atlas Shrugged doesn't dissuade people from becoming libertarians...I dare anyone to say that it isn't a horribly written egowankfest. Say it with a straight face.
I dunno, it certainly dissuaded me (although mostly just from reading another Ayn Rand book). It was like some revenge fantasy written by a hyperactive 14-year-old. It's actually a good comparison to Mein Kampf, the main difference being that Hitler had the good grace to shut up hundreds of pages before Rand did.
IT'S TERRIBLE! It's boring, repetitious, tedious, egowank
I came here to say the same thing. Banning publication is a service to anyone who, like me, might have the misguided belief that they'd learn something by reading it.
This is an argument in favour of publishing it, not suppressing it. Anyone with neo-nazi pretensions who tries to read this pile of crap (I gave it a go out of curiosity when I saw our University library had a 1933 copy, never made it past the first chapter) will pretty quickly give up and follow some other agenda. It's the best inoculation against Hitler-ism I know of.
Rather than a version control system, I think it would be more useful to put the law into a requirements management system (after all, what is the law but a set of requirements?) That *might* help lawmakers to see if they are complete (cover what is intended to be covered), consistent and measurable.
If you try and push this, you'll run into serious real-world acceptance problems. In some cases the law is deliberately obtuse, obscure, open to misinterpretation, and so on. It's this way by design, because two various groups couldn't agree on any wording, or they were under pressure to create a law that violates the laws of physics but managed to word it in such a way that it may not, or it's meant to be interpreted in a way that's more or less the opposite of what it says, or a thousand other reasons. The law is not a Turing machine, and never will be. The last thing most politicians or lawyers would want is a comprehensive overview system of the kind that's being proposed in the above posts.
.
before Iran retaliates and the whole thing escalates into WW3
There's almost nothing of any note on Kharq Island any more, most of it was destroyed during the Iran/Iraq war and never rebuilt. Have a look on Google Maps/Earth, there's a handful of oil storage tanks down the southern end, most of them completely empty, and one single ship that's almost certainly a bulk carrier (not an oil ship) docked there. The only reason Iran bothers to maintain a presence there is to extend their territorial claims into the Persian Gulf.
This is some sort of political shenanigans being played by Iran, nothing more.
2011: Stuxnet, Iran takes its nuclear enrichment facilities off the net.
2012: Oil refineries hack, Iran takes its oil refineries off the net.
2013: Iran takes its power plants off the net.
2014: Iran takes its water treatment plants off the net.
2015: Iran takes ...
The sad thing is that other countries are much worse than that, so Iran is actually ahead of the pack.
Just when I thought Iran was the safest place to stash my money now THIS happens? Where should I go next? Somalia?
I put all mine in the Bank of Atlantis. At least I don't have to worry about someone else getting it.
I used to do that too, and then one day they told me they'd lost it all. Some nonsense about "water damage".
But not unclear *why* he left.
"Behram, make a hole in the desert".
For the most part it's relatively rare to handle untrusted certificate keys. I suppose it's possible if you're doing some form of authenticating the client end as well as the server end via SSL.
It really depends. If you're using OpenSSL purely as an SSL server and never use client certs then you should be OK (there are some weird-ass things involving OCSP response pinning where you can still get the server if you can impersonate the CA that it gets the OCSP info from, but that's getting a bit esoteric and I'm not sure how far OpenSSL supports that stuff yet). OTOH if you use client certs, or use it to run an OCSP server, or a CA, or do any kind of cert processing (including the relatively common use of 'openssl x509 ...' as a cert-handling swiss-army-chainsaw) then you're vulnerable. So I'd say it is of general concern, because so many things that involve using OpenSSL end up bringing it into contact with certs or other ASN.1 data.
I'd be patching pretty quickly, in any case.
Is this a remote exploit?
Yes.
Does this mean my client can be overrun if a server throws me a bad packet or two?
Yes.
I guess my other question is, how can the most utilized utility on a system still have unchecked overflows?
Have you ever looked at the OpenSSL code? It could have the Ark of the Covenant hidden in all that mess somewhere for all we know and we'd never find it.
Vagus nerve stimulation (VNS) via electrical impulses has been around for about two decades as a means of treating depression. It's a bit of a method of last resort though because it's rather invasive, and not all patients benefit from it. Even the currently-reported work isn't that new, the story about the crocus blooms has been going around for a couple of years now. It's certainly exciting work, but still quite bleeding-edge, and like VNS is expensive and invasive enough that it'll remain a method of last resort when everything else has failed.
768 lines of resolution is too few.
It's not just too low, it's absolutely mindboggling that it still exists. Nearly twenty-five years ago my first ever colour monitor had a resolution of 1024x768. It's taken a quarter of a century to exceed that resolution (as the most-common one), and even then only by uselessly stretching the screen out sideways. In the meantime we seem to have stagnated at 1200 vertical resolution max for consumer-level gear unless you go to ridiculously expensive monitors.
Rant, rave, rant.
That's right, they've chosen the Shetland Islands flag for their Shetland pony OS...
Have you ever seen the ratio of dong to pony on those things? Perhaps they're trying to tell us something.
Donâ(TM)t worry I donâ(TM)t do much work with databases any more (nor web apps)... but isnâ(TM)t the whole SQL injection problem pretty much solved by using prepared statements to decouple data from the query?
Not only is the problem not solved (see other comments above), but you often don't even know you're running an SQL database as part of some other app. For example I recently noticed that my dad's computer was running two full-blown SQL database servers,one (Firebird) was included in some crappy photo-editing program he was using and another (SQL Server Express) was part of something that I never managed to track down. So without even knowing it he was running at least two full SQL database engines, as well as a cut-down embedded one, SQLite,all without ever consciously doing anything that you'd think would involve databases. Holy fsck, he uses his computer to send email, order crap off ebay, and create photo slideshows, and it's running at least three SQL database engines! So you may be vulnerable to this problem, in multiple forms, without even knowing about it.
Or a doberman. They're motion-activated, will notify you of entry, etc etc.
The government does all the calculations.
Same thing happens here. Your tax return is something you deal with while waiting for your tea to brew.
(I've also had to fill out a 1040. I was absolutely stunned at how complex such a (theoretically) simple thing can be made (the guide to filling your return, if formatted in standard octavo size, would literally be an entire book). I'd hate to imagine how much it costs the US economy each year for the entire country to fight their way through one of these monstrosities).