I installed... security software... The scan found two instances of a commercial keylogger called StarLogger... This key logger is completely undetectable...
So, this program found something which couldn't be found. Check.
After an in-depth analysis of the laptop, my conclusion was that this software was installed by the manufacturer, Samsung. I removed the keylogger software, cleaned up the laptop
Removed the keylogger by removing the folder? Check.
I found the same StarLogger software in the c:\windows\SL folder of the new laptop. The findings are false-positive proof since I have used the tool that discovered it for six years now and I am yet to see it misidentify an item throughout the years.
So, "false-positive proof." Good to know that your extensive experience running an anti-virus program has yielded perfect results. Don't worry about the fact that you don't actually know what you're talking about.
... logged incident 2101163379 with Samsung Support (SS). First, as Sony BMG did six years ago, the SS personnel denied... SS changed its story... SS personnel relented and escalated the incident...
Can we claim Godwin here? I have a feeling Samsung Support doesn't refer to itself as the SS.
You obviously have some kind of agenda, Mohamed Hassan, MSIA, CISSP, CISA. I know now to never trust anything NetSec Consulting Corp does. Also, congrats on being an "adjunct professor of Information Systems in the School of Business at the University of Phoenix."
This does not prey on smart or dumb. This preys on how much information you can hold in your head at the same time. Miller's magic number 7. When you go beyond 7 things, you'll have to access different memory which is where the sleight of hand is at play.
That's not really true though, that you have to download "all of the data" before you can see it, is it? For instance with JPEG2000 you can see the entire image with just a fraction of the file downloaded because the rest of the file is a series of refinements on what came before it.
For practical purposes it is true. What you're referring to is called interlacing. Monitors do it as well as many video and image formats. A simple interlacing technique using two passes would download half of the image and display every other line. This produces a rough idea of what the image will look like ( which looks a little better than garbage ). The subsequent pass fill in the other lines. This does not reduce the amount of bandwidth consumption. If it did, you would see horribly detailed images. All this does is reduce the perception of the actual latency. You can't really use this technique with a video codec, but you can with a still image. Video codecs use different techniques such as dropping frames or only sending data which has changed from the previous frame ( black pixel stays black: don't send ).
Also, this debate assumes TCP. If this product were using TCP ( which I highly doubt ), it would require all of the packets to be there for each frame. Some packets take longer than others so the client would block until all of the packets are there then it would reassemble them in the correct order. I would imagine this service would be using UDP with a custom developed codec which is highly tolerant of missing data.
PNG support works in Internet Explorer 6, but is limited to BOOLEAN ( indexed ) transparency. IE7 and IE8 support alpha transparency. There is a nasty filter hack for IE6 if needed, but I would never use that.
...these games use 99% of the CPU... You're doing it wrong (TM). I am working on a game right now, 2 months so far, which has animations and other eye candy and uses no where near 100% CPU on a 4 year old core2duo laptop. It looks like the original Legend of Zelda on the NES or FF 1-6. http://www.cindervale.com/
... and it runs on everything back to IE 6 AND BEYOND. Fully supported browsers include IE 6 (2001), IE 7, IE 8, Firefox 1.0, Firefox 2.0, Firefox 3.0, Firefox 3.5, Safari 3.1, Safari 4, Opera 9/10, Chrome / Chromium, and iPhone.
What people don't realize is that you don't need the canvas element. If you use the canvas element, you are defeating the purpose of a web game since the web is all about accessibility. In a few years, yes, use it heavily! By using the canvas, you create an artificial barrier to entry for your players by saying "your must be on the bleeding edge to play."
There's no decent way to manipulate sounds 100% agreed! Hell, you can't even use MIDIs anymore!
There's no way to switch to full screen or to capture every key stroke/mouse movement. I can't think of a single key on normal keyboard that can't be captured. Shift, alt, control, etc are all capturable. Mouse movement is the same.
As far as full screen, have the user press F11. All browsers I'm aware of use this same binding. Then use a bit of JS to get the desktop resolution and the window dimensions to verify.
It seems that what you are experiencing is game design problems. Try designing games with the limitations in mind rather than trying to design a game then making it fit with the technology.
I write stuff like this at work for monitoring network outages and performance. The text messages enter their system through a standard SMTP (email) server and limit your connections just like a normal mail server. If you flood their mail server, you will get "too many connections from your host" responses and your messages will not go through after the first few.
Also, almost all carriers have a gateway like <number>@messaging.sprintpcs.com (sprint), <number>@vtext.com (verizon), etc. It has been done like this since at least 2001.
There are methods for getting around this, but I don't want to give anyone ideas:)
site X wants to take advantage of your account on site Y(hence XSS right?
XSS is called "Cross Site Scripting" because CSS was taken by Cascading Style Sheets so they went with X. If I wanted to steal your Slashdot password (site Y), I would put some javascript in this message (that _you_ would read in your browser) that would sent your cookie to my server (site X). Fortunately, this part of Slashdot is not vulnerable to XSS (to my knowledge).
You're using a flawed implementation to illustrate your point. The idea of two factor auth does what it is intended to do: make it more difficult to access resources for those it is not intended. Perfect security is an illusion. The point is to make it more difficult, not 100% guaranteed.
Even with two-factor authentication (SecurID), someone can MITM you if they own your PC. You don't keep "something you have" (keys, tokens, etc) or "something you are" (retina, fingers, etc) in your computer. Therefore, MITM (man in the middle) would not work even if someone pwns your computer. That is the whole point of two factor auth.
With all due respect, 10.000km^2 might be 10,000km^2. Some countries use the . instead of , for thousands separators IIRC. Being that km is used instead of miles reinforces this in my mind.
Chargebacks aren't automatic. You have to tell your CC company why you want one, and they will contact the merchant for a response. I doubt it would happen. Also, I don't believe you can charge back purchases less than $50.
I can tell you a few things from my personal experience of writing a system to handle chargebacks. Chargebacks can be for less than $50 ($15 was the case for my software) and the reasons can be quite asinine.
In other words, it requires junk like cookies and javascript, and it does not function with every web browser not with every operating system.
Hate to break it to ya, but HTTP is a stateless protocol. That means that it wasn't designed for user sessions. Therefore, cookies were created as a workaround. Granted some browsers and websites have abused them in the past. If you enjoy not having to put in a username and password in every single time you hit a new page, then you will have to deal with this.
HTML is a limited markup language. It was not initially designed for user interaction (forms came in a later revision). Therefore, we have JavaScript for client side user interaction and events. This means you don't have to wait every time you click a button. Instant gratification if you will.
If you want to blame the creater of the content for not supporting every client known to man, go right ahead, but keep in mind each of these clients had the choice to be built on the standards. "Web Standards" is probably the most disregarded type of standard. <personal rant>Cisco/Foundry don't exactly write to the standards when it comes to implementing telnet servers, but what can you do?</personal rant>
Love 'em or hate 'em, Javascript and cookies make your life easier.
http://en.wikipedia.org/wiki/Internet_troll In Internet terminology, a troll is a person who posts rude or offensive messages on the Internet, such as on online discussion forums, to disrupt discussion or to upset its participants.
Disruting the discussion was not the parent's intent. Moderation abuse.
I've held my tongue for quite a while on this hoping to see some discussion directly related to this. The GPLv2 has a MAJOR flaw in its original design. This could be intentional or unintentional, you decide. You state that "no single group can change the license" yet there remains the
"; either version 2 of the License, or (at your option) any later version"
clause in the original version. One of two things _can_ happen:
1. The FSF _can_ change the license to a MIT/BSD style AT ANY TIME. 2. The GPL _should_only_ (theoretically) become more restrictive by design.
Sure, this may sound impossible, paranoid, and possibly stupid, but it is not out of the realm of legal possibilities. Since a lot of developers (myself included at one point) have not given our code and copyrights much thought, this gives the FSF a tremendous amount of power over a millions of lines of "GPLv2 and later" code. Since the FSF is the only entity capable of modifying or releasing future versions of the GPL (as stated in the GPL), we have to trust they will not tamper with the spirit of the license. If they did alter the license to reflect the spirit of the MIT license (20 years from now or next week), imagine the storm.
Lets not hold the FSF up to such a dim light; let's imagine a company bought them out. Don't say this is not possible as EVERYONE HAS A PRICE. So, this company altered the GPL to a MIT style. YOUR CODE IS NOW IN THE Public Domain. This company and anyone else could use our "GPLv2 (or any later version)" code to do whatever they want, completely against our initial wishes. We allowed this by leaving that clause intact. You might change your license to use ONLY the GPLv2 at this point, but your "GPLv2 and later" code may still exist in some repository somewhere and you've lost the game.
As for #2, well, the FSF doesn't plan to do #1 intentionally (hopefully) so they will make it more restrictive. If I were to take a piece of GPL code, and GPLv2 says I can't rebrand and sell it without the author's permission, but GPLv15 says I can, I think I'll go with GPLv15. The FSF doesn't want this, so the GPL will only become more restrictive. You don't change the rules of a game unless you do it to your favor.
The only reason to put the "or later" clause in the GPL is to maintain as much control over as much stuff as possible.
Fortunately, we have a crazy hippie captain at the helm, RMS. If the FSF were run like any other company (for profit or not), we would not be where we are today. Hostile takeovers on the board might be possible at the FSF.
* I know Linus removed this from the kernel, but many other developers don't care / don't know. ** This post isn't directed at the parent since the parent specified Linux.
If I were a major software company with money to burn, I would do this.
1. Grab as much "GPL and later" code as possible. 2. Build and brand this code. Prepare to market and copyright it. 3. Buy out the FSF guys and redo the GPL to MIT. 4. Profit.
Yeah, this may be inane paranoid rambling, but hackers have the same thought patterns as slick lawyers. We both look for holes in the system to deliver our payload.
Crime is all about intent. His intent was to bring down the web server. His crime, IMHO, is equivalent to stealing park benches and bringing them back in a few hours.
I'm not saying I agree with the law or what happened, but I don't:)
Slashdot Mirror
Come on then, let's have full disclosure. WHO made the threats?
Why would the World Health Organisation do this?
Perhaps he meant the CDC. I didn't think the Cult of the Dead Cow were still active.
Obligatory full disclosure: http://www.bash.org/?4780
Not to mention these gems:
I installed ... security software ... The scan found two instances of a commercial keylogger called StarLogger ... This key logger is completely undetectable ...
So, this program found something which couldn't be found. Check.
After an in-depth analysis of the laptop, my conclusion was that this software was installed by the manufacturer, Samsung. I removed the keylogger software, cleaned up the laptop
Removed the keylogger by removing the folder? Check.
I found the same StarLogger software in the c:\windows\SL folder of the new laptop. The findings are false-positive proof since I have used the tool that discovered it for six years now and I am yet to see it misidentify an item throughout the years.
So, "false-positive proof." Good to know that your extensive experience running an anti-virus program has yielded perfect results. Don't worry about the fact that you don't actually know what you're talking about.
... logged incident 2101163379 with Samsung Support (SS). First, as Sony BMG did six years ago, the SS personnel denied ... SS changed its story ... SS personnel relented and escalated the incident ...
Can we claim Godwin here? I have a feeling Samsung Support doesn't refer to itself as the SS.
You obviously have some kind of agenda, Mohamed Hassan, MSIA, CISSP, CISA. I know now to never trust anything NetSec Consulting Corp does. Also, congrats on being an "adjunct professor of Information Systems in the School of Business at the University of Phoenix."
This does not prey on smart or dumb. This preys on how much information you can hold in your head at the same time. Miller's magic number 7. When you go beyond 7 things, you'll have to access different memory which is where the sleight of hand is at play.
http://en.wikipedia.org/wiki/The_Magical_Number_Seven,_Plus_or_Minus_Two
That's not really true though, that you have to download "all of the data" before you can see it, is it? For instance with JPEG2000 you can see the entire image with just a fraction of the file downloaded because the rest of the file is a series of refinements on what came before it.
For practical purposes it is true. What you're referring to is called interlacing. Monitors do it as well as many video and image formats. A simple interlacing technique using two passes would download half of the image and display every other line. This produces a rough idea of what the image will look like ( which looks a little better than garbage ). The subsequent pass fill in the other lines. This does not reduce the amount of bandwidth consumption. If it did, you would see horribly detailed images. All this does is reduce the perception of the actual latency. You can't really use this technique with a video codec, but you can with a still image. Video codecs use different techniques such as dropping frames or only sending data which has changed from the previous frame ( black pixel stays black: don't send ).
Also, this debate assumes TCP. If this product were using TCP ( which I highly doubt ), it would require all of the packets to be there for each frame. Some packets take longer than others so the client would block until all of the packets are there then it would reassemble them in the correct order. I would imagine this service would be using UDP with a custom developed codec which is highly tolerant of missing data.
PNG support works in Internet Explorer 6, but is limited to BOOLEAN ( indexed ) transparency. IE7 and IE8 support alpha transparency. There is a nasty filter hack for IE6 if needed, but I would never use that.
You're doing it wrong (TM). I am working on a game right now, 2 months so far, which has animations and other eye candy and uses no where near 100% CPU on a 4 year old core2duo laptop. It looks like the original Legend of Zelda on the NES or FF 1-6. http://www.cindervale.com/
What people don't realize is that you don't need the canvas element. If you use the canvas element, you are defeating the purpose of a web game since the web is all about accessibility. In a few years, yes, use it heavily! By using the canvas, you create an artificial barrier to entry for your players by saying "your must be on the bleeding edge to play."
There's no decent way to manipulate sounds
100% agreed! Hell, you can't even use MIDIs anymore!
There's no way to switch to full screen or to capture every key stroke/mouse movement.
I can't think of a single key on normal keyboard that can't be captured. Shift, alt, control, etc are all capturable. Mouse movement is the same.
As far as full screen, have the user press F11. All browsers I'm aware of use this same binding. Then use a bit of JS to get the desktop resolution and the window dimensions to verify.
It seems that what you are experiencing is game design problems. Try designing games with the limitations in mind rather than trying to design a game then making it fit with the technology.
I write stuff like this at work for monitoring network outages and performance. The text messages enter their system through a standard SMTP (email) server and limit your connections just like a normal mail server. If you flood their mail server, you will get "too many connections from your host" responses and your messages will not go through after the first few.
:)
Also, almost all carriers have a gateway like <number>@messaging.sprintpcs.com (sprint), <number>@vtext.com (verizon), etc. It has been done like this since at least 2001.
There are methods for getting around this, but I don't want to give anyone ideas
Vista supports OpenGL the same way XP, 2000, etc support it: the MSOGL wrapper.
XSS is called "Cross Site Scripting" because CSS was taken by Cascading Style Sheets so they went with X. If I wanted to steal your Slashdot password (site Y), I would put some javascript in this message (that _you_ would read in your browser) that would sent your cookie to my server (site X). Fortunately, this part of Slashdot is not vulnerable to XSS (to my knowledge).
You're using a flawed implementation to illustrate your point. The idea of two factor auth does what it is intended to do: make it more difficult to access resources for those it is not intended. Perfect security is an illusion. The point is to make it more difficult, not 100% guaranteed.
With all due respect, 10.000km^2 might be 10,000km^2. Some countries use the . instead of , for thousands separators IIRC. Being that km is used instead of miles reinforces this in my mind.
Fighting on the internet is like the Special Olympics. Even if you win, you're still retarded.
I disagree.
I can tell you a few things from my personal experience of writing a system to handle chargebacks. Chargebacks can be for less than $50 ($15 was the case for my software) and the reasons can be quite asinine.
For coding, though, I NEED a visual editor that can do code collapsing and other gui-only features.
Vim can do this too. They're called folds.
In other words, it requires junk like cookies and javascript, and it does not function with every web browser not with every operating system.
Hate to break it to ya, but HTTP is a stateless protocol. That means that it wasn't designed for user sessions. Therefore, cookies were created as a workaround. Granted some browsers and websites have abused them in the past. If you enjoy not having to put in a username and password in every single time you hit a new page, then you will have to deal with this.
HTML is a limited markup language. It was not initially designed for user interaction (forms came in a later revision). Therefore, we have JavaScript for client side user interaction and events. This means you don't have to wait every time you click a button. Instant gratification if you will.
If you want to blame the creater of the content for not supporting every client known to man, go right ahead, but keep in mind each of these clients had the choice to be built on the standards. "Web Standards" is probably the most disregarded type of standard. <personal rant>Cisco/Foundry don't exactly write to the standards when it comes to implementing telnet servers, but what can you do?</personal rant>
Love 'em or hate 'em, Javascript and cookies make your life easier.
Agreed. How this was modded a troll is beyond me.
http://en.wikipedia.org/wiki/Internet_troll
In Internet terminology, a troll is a person who posts rude or offensive messages on the Internet, such as on online discussion forums, to disrupt discussion or to upset its participants.
Disruting the discussion was not the parent's intent. Moderation abuse.
I've held my tongue for quite a while on this hoping to see some discussion directly related to this. The GPLv2 has a MAJOR flaw in its original design. This could be intentional or unintentional, you decide. You state that "no single group can change the license" yet there remains the
"; either version 2 of the License, or (at your option) any later version"
clause in the original version. One of two things _can_ happen:
1. The FSF _can_ change the license to a MIT/BSD style AT ANY TIME.
2. The GPL _should_only_ (theoretically) become more restrictive by design.
Sure, this may sound impossible, paranoid, and possibly stupid, but it is not out of the realm of legal possibilities. Since a lot of developers (myself included at one point) have not given our code and copyrights much thought, this gives the FSF a tremendous amount of power over a millions of lines of "GPLv2 and later" code. Since the FSF is the only entity capable of modifying or releasing future versions of the GPL (as stated in the GPL), we have to trust they will not tamper with the spirit of the license. If they did alter the license to reflect the spirit of the MIT license (20 years from now or next week), imagine the storm.
Lets not hold the FSF up to such a dim light; let's imagine a company bought them out. Don't say this is not possible as EVERYONE HAS A PRICE. So, this company altered the GPL to a MIT style. YOUR CODE IS NOW IN THE Public Domain. This company and anyone else could use our "GPLv2 (or any later version)" code to do whatever they want, completely against our initial wishes. We allowed this by leaving that clause intact. You might change your license to use ONLY the GPLv2 at this point, but your "GPLv2 and later" code may still exist in some repository somewhere and you've lost the game.
As for #2, well, the FSF doesn't plan to do #1 intentionally (hopefully) so they will make it more restrictive. If I were to take a piece of GPL code, and GPLv2 says I can't rebrand and sell it without the author's permission, but GPLv15 says I can, I think I'll go with GPLv15. The FSF doesn't want this, so the GPL will only become more restrictive. You don't change the rules of a game unless you do it to your favor.
The only reason to put the "or later" clause in the GPL is to maintain as much control over as much stuff as possible.
Fortunately, we have a crazy hippie captain at the helm, RMS. If the FSF were run like any other company (for profit or not), we would not be where we are today. Hostile takeovers on the board might be possible at the FSF.
* I know Linus removed this from the kernel, but many other developers don't care / don't know.
** This post isn't directed at the parent since the parent specified Linux.
If I were a major software company with money to burn, I would do this.
1. Grab as much "GPL and later" code as possible.
2. Build and brand this code. Prepare to market and copyright it.
3. Buy out the FSF guys and redo the GPL to MIT.
4. Profit.
Yeah, this may be inane paranoid rambling, but hackers have the same thought patterns as slick lawyers. We both look for holes in the system to deliver our payload.
I guess in the future world of 24 we're on IPv8.
Perhaps they didn't want some random person to get attacked. Same principle as 555-xxxx in phone numbers.
... it's simplest to just think of yourself as a virtual-wartime profiteer.
Where I come from, we call them carpetbaggers.
That seems like design
Intelligent Design?
We're talking about Microsoft here.
#def begin: }
#def loop: if
and so on
This is wrong on so many levels. Time to implement this into my code.
Crime is all about intent. His intent was to bring down the web server. His crime, IMHO, is equivalent to stealing park benches and bringing them back in a few hours.
:)
I'm not saying I agree with the law or what happened, but I don't
Last time I checked there were a lot more than 30 states .. I'm not even American, and I know that.
States like Alaska, Hawaii, and Europe don't count. Go learn some geography.
bah humbug
#include <unistd.h>