Yes, but the HTML in the eBay posting has a different URL, http://maxpoweraero.com/homes/owner'sflightmanual. html. It's entirely conceivable that they decided to get the domain -after- putting it on eBay, in order to help with publicity.
Of course, it's also possible it's one big joke. Some of the images are obvious fakes (like the one purporting to show an airplane installed on a column.)
There are situations where I would (and do) purposefully sign up to receive email from businesses. There are a number of businesses that I either have bought stuff from or that I have interest in. I can register on their site, and sign up to receive certain types of mailings from them. That might be technical alerts, general newsletters, or even news about new products as they come out. If at some time I no longer want their mailings, I can do so easily and quickly.
A number of companies really do operate ethically in that manner, and I have done this with a number of companies. As a safety precaution, though, I use unique addresses for each one, in case the vendor is slime and sells my email address to somebody. So far, no business I've worked with has done that, but I only do this for companies in whom I have a fair amount of trust.
Now, would I sign up for a general sales pitch mailing, as in "here are my interests, send me commercial email for anything in those fields"? Absolutely not, and I doubt that very many people would.
I tend to divide commercial email into three general categories:
1) Legitimate email that I asked to receive as part of having a relationship or interest with a particular entity. I do not consider this spam, or unwanted.
2) Commercial email that comes from verifiable and traceable email shops, purporting to have your address because you registered on their site, or a partners site. This would be email shops like virtumundo.com, customoffers.com, euniverse.com, etc. If you really did sign up with them and said "ok" to sending email to you, it's not spam. But we all know that a very high percentage of the "opt-in" addresses they send to are obtained in some unethical way, such as tricking you into giving an email address without telling you they intend to spam you, buying a list from somebody else, or harvesting email addresses from web sites and other sources. Most people would agree that this is spam, in the sense that it is unsolicited, and usually unwanted.
3) Slimeballs who send out all those "get rich quick", "herbal viagra", "human growth hormone", and of course the "see me and my friends naked" porn emails. These are most certainly spam, and for me at least, constitute the vast majority of the spam that I receive.
Laws like this one, which require that addresses be opt-in, and that opt-out be simple and effective, will only work against the spammers in category 2 above. If the means of enforcing the laws have enough teeth, and somebody wants to go after such a spammer, they could get the companies to truly clean up their act. They'd either be legitimate mailers with a much smaller list, or go out of business. Either would be fine by me.
However, the law will do virtually nothing against the spam in category 3 above. Tracking down the sender is usually hard, since most header information tends to be forged, and the emails tend to be sent through anonymizing open relays. Even if you can locate the true sender, they will most likely be in some other country (China, Korea, etc.), where you can't stop them.
I welcome a law that will potentially have an effect on even the spam in category 2, but anybody who thinks it's gonna stop more than a smallish fraction of the annoyance in there mailbox is dreaming, or has access to better drugs than I do...
The problem isn't that FreeBSD doesn't have drivers to support the ThinkPad. Instead, the problem is that IBM reused the well-known Partition ID that FreeBSD uses, so that the ThinkPad BIOS thinks the FreeBSD partition is a "suspend" partition, and tries to treat it as such. Of course, it isn't a suspend partition, and the ThinkPad then locks up because of this.
It -is- an IBM problem, they screwed up by reusing a well-known reserved partition ID. But they get to hide behind the "not supported" mantra, which while certainly within their rights, is just plain nose-thumbing at the FreeOS community. They really should fix this...
The general class of "format string" security holes relate to improper treatment of the format string passed to the *printf() family of library routines. The most common form of this that I've seen is when somebody does something like this:
char *buff;
char *output;
...
[some code that sets buff through some
user-supplied data, such as an entry to
a prompt, environment variable, etc.]
...
sprintf(output, buff);
The user then supplies one or more formating sequences of his own into 'buff', and the *printf() functions then go looking for additional arguments.
That sprintf() call should really be this:
sprintf(output, "%s", buff);
Depending on where this happens, what can be placed into 'buff', and a slew of other factors, this can result in many outcomes, including nothing at all, a core dump, buffer overflow, display of "hidden/protected" information, or even root access.
Oh, and contrary to what the C|Net article says, this did not just start being exploited a couple of months ago, although there has been a decided increase in this over the last few months. For example, there was a problem in the qpopper POP3 software from Qualcomm that allowed easy root access via a missing "%s" format string, and that's well over a year old.
Then again, C|Net -usually- gets the technical details of such issues wrong, or at least seriously distorted. They also tend to go for the "omigawd!" reaction in their writing, blowing some things out of proportion. When/if I read them, I always do so through the reality filter that takes that into account...
Slashdot Mirror
Yes, but the HTML in the eBay posting has a different URL, http://maxpoweraero.com/homes/owner'sflightmanual. html. It's entirely conceivable that they decided to get the domain -after- putting it on eBay, in order to help with publicity.
Of course, it's also possible it's one big joke. Some of the images are obvious fakes (like the one purporting to show an airplane installed on a column.)
There are situations where I would (and do) purposefully sign up to receive email from businesses. There are a number of businesses that I either have bought stuff from or that I have interest in. I can register on their site, and sign up to receive certain types of mailings from them. That might be technical alerts, general newsletters, or even news about new products as they come out. If at some time I no longer want their mailings, I can do so easily and quickly.
A number of companies really do operate ethically in that manner, and I have done this with a number of companies. As a safety precaution, though, I use unique addresses for each one, in case the vendor is slime and sells my email address to somebody. So far, no business I've worked with has done that, but I only do this for companies in whom I have a fair amount of trust.
Now, would I sign up for a general sales pitch mailing, as in "here are my interests, send me commercial email for anything in those fields"? Absolutely not, and I doubt that very many people would.
I tend to divide commercial email into three general categories:
1) Legitimate email that I asked to receive as part of having a relationship or interest with a particular entity. I do not consider this spam, or unwanted.
2) Commercial email that comes from verifiable and traceable email shops, purporting to have your address because you registered on their site, or a partners site. This would be email shops like virtumundo.com, customoffers.com, euniverse.com, etc. If you really did sign up with them and said "ok" to sending email to you, it's not spam. But we all know that a very high percentage of the "opt-in" addresses they send to are obtained in some unethical way, such as tricking you into giving an email address without telling you they intend to spam you, buying a list from somebody else, or harvesting email addresses from web sites and other sources. Most people would agree that this is spam, in the sense that it is unsolicited, and usually unwanted.
3) Slimeballs who send out all those "get rich quick", "herbal viagra", "human growth hormone", and of course the "see me and my friends naked" porn emails. These are most certainly spam, and for me at least, constitute the vast majority of the spam that I receive.
Laws like this one, which require that addresses be opt-in, and that opt-out be simple and effective, will only work against the spammers in category 2 above. If the means of enforcing the laws have enough teeth, and somebody wants to go after such a spammer, they could get the companies to truly clean up their act. They'd either be legitimate mailers with a much smaller list, or go out of business. Either would be fine by me.
However, the law will do virtually nothing against the spam in category 3 above. Tracking down the sender is usually hard, since most header information tends to be forged, and the emails tend to be sent through anonymizing open relays. Even if you can locate the true sender, they will most likely be in some other country (China, Korea, etc.), where you can't stop them.
I welcome a law that will potentially have an effect on even the spam in category 2, but anybody who thinks it's gonna stop more than a smallish fraction of the annoyance in there mailbox is dreaming, or has access to better drugs than I do...
The problem isn't that FreeBSD doesn't have drivers to support the ThinkPad. Instead, the problem is that IBM reused the well-known Partition ID that FreeBSD uses, so that the ThinkPad BIOS thinks the FreeBSD partition is a "suspend" partition, and tries to treat it as such. Of course, it isn't a suspend partition, and the ThinkPad then locks up because of this.
It -is- an IBM problem, they screwed up by reusing a well-known reserved partition ID. But they get to hide behind the "not supported" mantra, which while certainly within their rights, is just plain nose-thumbing at the FreeOS community. They really should fix this...
The general class of "format string" security holes relate to improper treatment of the format string passed to the *printf() family of library routines. The most common form of this that I've seen is when somebody does something like this:
...
...
char *buff;
char *output;
[some code that sets buff through some
user-supplied data, such as an entry to
a prompt, environment variable, etc.]
sprintf(output, buff);
The user then supplies one or more formating sequences of his own into 'buff', and the *printf() functions then go looking for additional arguments.
That sprintf() call should really be this:
sprintf(output, "%s", buff);
Depending on where this happens, what can be placed into 'buff', and a slew of other factors, this can result in many outcomes, including nothing at all, a core dump, buffer overflow, display of "hidden/protected" information, or even root access.
Oh, and contrary to what the C|Net article says, this did not just start being exploited a couple of months ago, although there has been a decided increase in this over the last few months. For example, there was a problem in the qpopper POP3 software from Qualcomm that allowed easy root access via a missing "%s" format string, and that's well over a year old.
Then again, C|Net -usually- gets the technical details of such issues wrong, or at least seriously distorted. They also tend to go for the "omigawd!" reaction in their writing, blowing some things out of proportion. When/if I read them, I always do so through the reality filter that takes that into account...