Is there nowhere to turn where I don't have to read partisan political crap? What does this have to do with tech news?
Maybe you'll like this better.
Make your own uranium centrifuge Posted by CmdrTaco, October 3, 2004 Monkey pointed us over to an article at Tom's Hardware that has a howto with plans and schematics for a pretty nice setup on rolling your own nuclear program at home. This could be just the thing for generating your own electricity or raining fiery death down on your neighborhood. Now I know what to do with all my old artillery rocket bodies!
(Read More...|49 of 52 comments)
Don't quit your Google job yet
on
Inside Wal-Mart IT
·
· Score: 4, Informative
I know a guy who has an IT job at Wal-Mart. He says they used to have decent health benefits there, comparable to the rest of the IT industry, but recently they were downgraded to the same benefits that the "associates" on the floor get.
(Kerry voted against the Kyoto agreement in the Senate in 1998)
You know, I've seen so many Republican talking points that come in the form of "Kerry voted against X", that turn out to be based on procedural details and similar bullshit. So I did some Googling and found this article from December 1997 (smothered in an avalanche of right wing blogs essentially parroting what you said).
In Kyoto, a leading Democratic member of the observer delegation agreed that the treaty was not acceptable to the Senate in its current form. "What we have here is not ratifiable in the Senate in my judgment," Sen. John F. Kerry (D-Mass.) said. According to aides in Washington,
Kerry wanted Clinton to sign the deal but hold off submission of it until follow-on conferences scheduled for Bonn in June and Buenos Aires in November.
At those meetings, the next step in the process of designing an international strategy to combat global warming, international delegates will again discuss more active participation by developing countries, which was essentially removed from the pact during the final hours of deliberation in Kyoto because of objections from China and India.
U.S. opponents of a global warming pact, including the Republicans and major American industries, especially coal, oil, steel and electric power producers, have argued that a deal that requires industry in this country to go through the expensive process of significantly cutting emissions of greenhouse gases was unfair unless the same requirements applied to all nations.
In January 1998 the Senate voted 95-0 against Kyoto because the exemptions for developing countries were widely viewed as unfair.
It is just as plausible to say that Watergate was a Democrat plot to make Nixon look bad.
To cover his tracks, one of the Democrats involved (G Gordon Liddy) served five years in prison on charges of conspiracy, burglary, and illegal wiretapping before his 20 year sentence was commuted by President Carter- who, it turns out, just happened to be a Democrat. Coincidence? You decide. Then to make extra sure nobody was onto him, he became a conservative talk show host and pretended not to be a Democrat for years and years. This guy continues to cover up his sabotage of Nixon's reelection campaign to this very day. There is no depth to which these people will not sink.
Yes, standard talking point, repeated a dozen or so times last night.
too negative for the office,
Too "negative"? Bush got us into this mess by being hopelessly idealistic and refusing to consider anything but the best case scenario. He's making things worse by insulating himself from bad news and pretending Iraq isn't degenerating into civil war. Any good candidate will be negative as hell at this point.
and for having an unrealistic expectations for an exit plan.
Excuse me? That's something you think about before a unilateral invasion. Things have been degenerating continuously in Iraq since the "handover of sovereignity", something our idealistic president refuses to acknowledge. If Kerry changes his position to account for the deteriorated situation, he'll get skewered for being "two faced".
If Bush is running on a platform of "I've messed things up so badly, none of my opponent's ideas have any chance of working", he deserves to lose.
Hold on here, being against bush means you can never legitimately criticise him?
Weren't you watching the debate? Bush kept attacking Kerry on the basis that Kerry is critical of Bush's own war policy and is therefore unfit to be president.
Whoops. I knew Quincy (#6) was a relative of John Adams (#2), but didn't know it was a father-son relationship. I don't see how it negates my point though. It makes the hand-wringing about Hillary seem even stranger.
White House spokesman Scott McClellan, asked Tuesday about similarities between Bush's statements about Iraq and Allawi's speech to Congress last week, said he did not know of any help U.S. officials gave with the speech. "None that I know of," he said, adding, "No one at the White House." He also said he did not know if the U.S. Embassy in Baghdad had seen the speech.
But administration officials, speaking on the condition of anonymity, said the prime minister was coached and aided by the U.S. government, its allies and friends of the administration. Among them was Dan Senor, former spokesman for the CPA who has more recently represented the Bush campaign in media appearances. Senor, who has denied writing the speech, sent Allawi recommended phrases. He also helped Allawi rehearse in New York last week, officials said. Senor declined to comment.
If the White House wrote Allawi's speech, that would be one thing. If the Bush campaign wrote it, that would be quite another. But the Bush campaign has never been shy about using the power of the White House to get an upper hand in their campaigning, and this is nothing out of the ordinary for them. They're in a position to do it, but they're not supposed to do it. Apparently they see nothing wrong with it. Recall the terror alert they issued within hours of Kerry's DNC speech. Could have been a real terror alert, so they have plausible deniability and Kerry can't say anything. Now we have the Bush campaign quietly putting phrases directly into Allawi's mouth, and Kerry can't criticize this Pollyanna nonsense without "undercutting a valuable ally". (Like ahemcoughFrancecoughcoughGermanyahem never mind.)
Relying on plausible deniability is OK if you only do it once in a while. But as these terribly convenient events pile up, the probability of the null hypothesis (i.e. that these are all just coincidences, and nobody is abusing his presidential powers) gets smaller and smaller. The electorate starts dividing into people with a healthy level of cynicism and people who are essentially hero worshippers.
Politically Incorrect was a great show. Bill Maher was like a breath of fresh air. It was amazing, hearing someone on the teevee whose opinions and attitudes were so well articulated and sounded so much like my own (or at least what I imagined my own to be).
PI got great ratings, and certainly didn't suffer for a lack of audience. But you don't see it anymore because the advertising dried up. The Man turned that show right off.
One of the few ways to speak your mind with more than a few listening to you is to be rich and not running for office.
This is so true. People wonder why Hollywood celebrities are so leftist, hate America, etc. because actresses and rock stars are always seen conspicuously bashing the president. You hear theories about some leftist cult that's taken over Hollywood, etc.
A much simpler explanation is that these are the loudest non-corporate opinions that the average citizen is likely to hear.
Sorry to be nitpicky here, but this is a trojan horse, not a virus. A virus propagates through replication.
The published exploit sample code may be a trojan horse, but the real issue here is the vulnerability. Vulnerabilities are the raw material from which trojans, worms, and viruses are forged.
Coding a trojan out of this is straightforward (hostile JPEG gains control, deletes hard drive). With some ingenuity you could make it into a virus (hostile JPEG gains control, scans disks and networks for JPEG files to infect, rewrites all JPEGs it finds) or a worm (hostile JPEG gains control, sends self via email/instant message).
JPEG Comment sections (COM) allow for the embedding of comment data into a JPEG image. COM sections are marked beginning with 0xFFFE followed by a 16 bit unsigned integer in network byte order giving the total comment length + the 2 bytes for the length field; a single JPEG COM section could therefore contain 65533 bytes of invisible data (invisible in the sense that it's not rendered as part of the image). Because the JPEG COM field length variable is 2 bytes wide, and itself is included in the length value, the minimum value for this field is 2, this implies an empty comment. If the comment length value is set to 1 or 0, a buffer overflow occurs overwriting heap management structures.
The problem is GDIPlus normalizes the COM length prior to checking it's value; a starting length of 0 becomes -2 after normalization (0xFFFE unsigned), this value is converted to the 32 bit value 0xFFFFFFFE and is eventually passed on to memcpy which attempts to copy ~4G bytes into heap memory.
eEye Digital Security analyzed the bug and found that heap management structures are left in an inconsistent state with execution eventually reaching heap unlink instructions within RTLFreeHeap with EAX pointing to a pointer to data we control and we have direct control of EDX.
Detection could be accomplished by examining the JPEG image for the following byte sequence:
0xFF 0xFE 0x00 0x00 or 0xFF 0xFE 0x00 0x01
So you see what happened. The unchecked library call in this case was memcpy(). The decoder trusts its input and sends a small signed integer (-2) off to memcpy() without checking the sign bit- and memcpy() thinks -2 is a huge unsigned integer (4294967294). What's the difference? Any reasonable number is going to be positive anyway, right? Who would give a comment a negative length!
I saw someone make this kind of goof even in Java, where you have signed-only types forced on you. Someone forgot that InputStream.read() returns an unsigned byte as an int (between 0-255), and they cast it to a signed byte and back without the &0xFF to zero out the 24 high bits. That got caught right before our product release. The consequence in that case would have been a hash algorithm with inconsistent output between stream and byte array inputs- not a security nightmare like this, but a long lasting migraine nevertheless.
you're a goddamn idiot. a suitably constructed jpeg will cause an overflow in the gdi+ library which ie and most msft programs use to render jpegs, when that happens the jpeg can be made such that the overflow will cause virus code to be loaded. god you're an idiot.
Jesus, an obvious end user asks a perfectly legitimate question and you call him an idiot for being surprised by the notion of a hostile JPEG- something that should rightfully amaze everybody. I doubt he understood your high level description. To the grandparent: here is a meandering crappy description of how a buffer overflow attack works:
A function call, in C, pushes the current program counter on the stack. Then it pushes the arguments onto the stack, and control jumps to the function which pops the arguments off the stack and does whatever with them. At the end it invokes a RET instruction that pops the program counter back off the stack and control jumps to the address there (to the point right after the CALL). These are just normal C calling conventions.
Variables defined in the function are stored on the stack. If a string like a URL (for example) needs to be defined, a buffer is allocated for it there. When the function returns, the space is automatically deallocated, the RET pops the program counter off the stack, and the function call returns. By default no bounds checking is done on data stored in these buffers. Some library functions, like gets(), don't do bounds checking. They can't, since they don't know the buffer size and would need to have it provided as an argument. Newer, safer versions exist that do take buffer size arguments, but that means these aren't the same library functions anymore. (FWIW the gets() call takes a pointer to a buffer of unknown size as an argument, reads a newlined string from stdin into the buffer, and returns the buffer pointer that was passed to it.)
It's up to the programmer to do bounds checking if he uses library calls vulnerable in this way. But this is extra work, and people are lazy. It's easier to just allocate a big, big buffer that's probably larger than you'll ever need, that "no reasonable URL" will ever exceed. So the programmer allocates a fixed 10K buffer on the stack and passes its address to a library function like gets().
The attacker gains control in these situations by creating a program input like a long, carefully crafted URL, slightly longer than 10K, that overflows the buffer inside the library function. The goal is to overwrite the return address on the stack with an address that's within the buffer. In the case of the Code Red worm, someone meticulously put together a URL that attacked an obscure ISAPI routine, and not only overwrote the return address, but also had machine code instructions waiting at the replacement address within the buffer- encoded right into the damn URL! (The buffer has been deallocated at this point, but hasn't been zeroed, so it's still there.)
It's harder to explain with a JPEG than with a URL. But a JPEG contains variable length data structures that are read into buffers on the stack. Someone writing the JPEG decoder forgot to do a bounds check- and so a mundane function for decoding JPEGs never returns. Instead it jumps into an endless loop that's been placed within the image buffer by the attacker.
So yes it is a bit like running an.EXE file, except for the fact that the code is hiding inside what is supposed to be data, not code, and it gains control of the CPU by smashing the stack.
Older versions of Notepad gagged on files larger than 64K, which seems suspicious. It's theoretically possible that a vulnerability could exist even in a text editor like Notepad allowing a carefully constructed.TXT file to execute arbitrary code. Who knows?
The 70 layers of fiberglass probably do a good job. The temperature will decrease linearly from one Al pane to the next as you go in. Of course this would imply a temperature gradient, so heat is flowing in, but very slowly (because of the fiberglass) and as the hydrogen warms up I would imagine they have a pressure regulator to let the system burp out a bit of gas once in a while. That robs the liquid of a lot of heat from the PdV term alone. My guess is that if you wait long enough all of the liquid will evaporate to the gas phase and escape via the regulator, and the interior temperature will increase once the hydrogen is gone.
"Hydrogen power" is still a ripoff. What we need are nuclear cars. That would solve the carbon emissions problem, and everyone would be nervous and drive more carefully so it would save lives too.
You want an OSS voting system, write one. Then lobby the government to use it. You've got it all backwards. The government does not fund software projects to reinvent the wheel (at least it shouldn't, not with my money).
"Reinventing the wheel" is a bad analogy in this case. The priority here isn't to save money, it's to correctly count votes. Saving money is a secondary consideration. (This is why we don't fire judges and outsource our courts to India, even though that would save money too.) On a national scale, the amounts of money involved with Diebold are relatively miniscule- they probably wouldn't fund the Iraq War for more than a few hours. (And it isn't even clear that buying Diebold saves money over an in-house solution.) But there is simply no way to know that the votes are being counted if you can't SEE how they are being counted.
DieBold already had a system when the government went looking, the OSS community didn't. Their choices were DieBold, a couple other vendors, or "fantasy vapor product that doesn't exist and even if they funded it's development there's no guarantee the thing will exist by election time".
You are making an assumption without realizing it here- that the Diebold system will be automatically superior to the card-based system that was in place in Florida's 2000 election. Which actually performed remarkably well under the extreme condition of a tie. There is no reason why these new systems have to be in place by 2004 when they may actually compromise the election compared to the system we had before.
I don't want my tax dollars bankrolling OSS dev efforts.
Maybe not GPL software (I'd agree with you that far) but if we're going to use a voting system we should all be allowed to see the code, even if we can't modify or distribute it. Otherwise only Diebold knows who really won, and in fact Diebold is put in a position where they can choose the next president. The key concept is transparency. Counting votes isn't even a hard problem. Diebold (and the rest of the software industry) has succeeded in convincing the government that
numVotes++
is some ingenious discovery like penicillin. So you aren't allowed to see the code, which might really look like
if (vote equals BUSH || (vote equals KERRY && rnd() < 0.9))
numVotes++
Diebold's right to its "intellectual property" has superceded your right to know your vote was counted. Ironic, considering these mounting revelations that Diebold's intellectual property isn't very "intellectual" to begin with.
You'd have to be nuts to click on any link at all that arrived via spam. "Unsubscribe" links have been proven time and again to be feedback mechanisms for helping spammers identify good addresses.
Of course, now that we have HTML email with IMG tags (whoopee.) you don't even need to click on a link anymore.
Don't be dumb in thinking somehow that was a statement of avocation in denying peoples right to vote. It was simply a statement of the obvious, they are taking the stance that inconveniencing is somehow preventing people from voting. If you think this is true then you are just as much a loser as these people. They are not victims of oppression because they can't order their voting cards over the web and nothing you can say would convince a normal person otherwise.
Please RTFA before posting. They quietly shut down access to the site days before the registration deadline. This site had been advertised by the U.S. Government on foreign channels as being the preferred way for expatriates to register. Most overseas voters would probably make a reasonable assumption that the server would be there during the last week before the deadline. If you know you can do something over the web, you'll probably procrastinate. Now you'd be SOL. This is an attempt to boost Bush by running out the clock on expatriate voters- who favor Kerry by a 22 percent margin.
...however, I would think the Republicans would be up in arms about this. After all, isn't the military the largest portion of the voting public abroad? And don't they overwhelmingly vote Republican?
This site that's being blocked is intended for civilian expatriates only. Military votes are handled separately.
The military is something like 55% Republican. But civilians living overseas are another matter. According to a Zogby poll, voters with passports favor Kerry over Bush by 55 to 33 percent.
Also, for any expatriates reading this, a proxy server has been set up by the Verified Voting Foundation. Let's see the Pentagon block the proxy.
The very fact of the matter is that people outside the U.S. have little grasp of what America is like -- its politics or its people. All you see of our people is distorted through the lens of Hollywood, and all you see of our politics is distorted through the lens of biased news outlets (especially the spoiled government-funded ones.)
You don't know what I "see of your people", and you don't even know that I'm not an American who can't wait to cast his swing state vote against your beloved Chimperor this November.
Your negative views of Bush mostly stem from the excessively negative portrayal he gets.
Oh really? I thought I was basing my negative views of Bush on what I hear coming out of his mouth! But I guess you must know better, with all that unbiased media you have access to.
Is there nowhere to turn where I don't have to read partisan political crap? What does this have to do with tech news?
Maybe you'll like this better.
Make your own uranium centrifuge
Posted by CmdrTaco, October 3, 2004
Monkey pointed us over to an article at Tom's Hardware that has a howto with plans and schematics for a pretty nice setup on rolling your own nuclear program at home. This could be just the thing for generating your own electricity or raining fiery death down on your neighborhood. Now I know what to do with all my old artillery rocket bodies!
(Read More...|49 of 52 comments)
I know a guy who has an IT job at Wal-Mart. He says they used to have decent health benefits there, comparable to the rest of the IT industry, but recently they were downgraded to the same benefits that the "associates" on the floor get.
I honestly can't tell. Too deadpan.
;)
(Kerry voted against the Kyoto agreement in the Senate in 1998)
You know, I've seen so many Republican talking points that come in the form of "Kerry voted against X", that turn out to be based on procedural details and similar bullshit. So I did some Googling and found this article from December 1997 (smothered in an avalanche of right wing blogs essentially parroting what you said). In January 1998 the Senate voted 95-0 against Kyoto because the exemptions for developing countries were widely viewed as unfair.
It is just as plausible to say that Watergate was a Democrat plot to make Nixon look bad.
To cover his tracks, one of the Democrats involved (G Gordon Liddy) served five years in prison on charges of conspiracy, burglary, and illegal wiretapping before his 20 year sentence was commuted by President Carter- who, it turns out, just happened to be a Democrat. Coincidence? You decide. Then to make extra sure nobody was onto him, he became a conservative talk show host and pretended not to be a Democrat for years and years. This guy continues to cover up his sabotage of Nixon's reelection campaign to this very day. There is no depth to which these people will not sink.
Bush criticized Kerry for being two faced,
Yes, standard talking point, repeated a dozen or so times last night.
too negative for the office,
Too "negative"? Bush got us into this mess by being hopelessly idealistic and refusing to consider anything but the best case scenario. He's making things worse by insulating himself from bad news and pretending Iraq isn't degenerating into civil war. Any good candidate will be negative as hell at this point.
and for having an unrealistic expectations for an exit plan.
Excuse me? That's something you think about before a unilateral invasion. Things have been degenerating continuously in Iraq since the "handover of sovereignity", something our idealistic president refuses to acknowledge. If Kerry changes his position to account for the deteriorated situation, he'll get skewered for being "two faced".
If Bush is running on a platform of "I've messed things up so badly, none of my opponent's ideas have any chance of working", he deserves to lose.
Hold on here, being against bush means you can never legitimately criticise him?
Weren't you watching the debate?
Bush kept attacking Kerry on the basis that Kerry is critical of Bush's own war policy and is therefore unfit to be president.
Whoops. I knew Quincy (#6) was a relative of John Adams (#2), but didn't know it was a father-son relationship.
I don't see how it negates my point though. It makes the hand-wringing about Hillary seem even stranger.
No other administration in history has used the White House as a springboard to get the First Lady into the Senate, however.
One might argue that never before in history has a father's presidency been used as a springboard for a son's.
What's behind this fixation on Hillary, anyway? Was she not fairly elected?
This applies equally to every other administration in my lifetime, at least.
I'd agree with that statement except for the word "equally".
If the White House wrote Allawi's speech, that would be one thing. If the Bush campaign wrote it, that would be quite another. But the Bush campaign has never been shy about using the power of the White House to get an upper hand in their campaigning, and this is nothing out of the ordinary for them. They're in a position to do it, but they're not supposed to do it. Apparently they see nothing wrong with it. Recall the terror alert they issued within hours of Kerry's DNC speech. Could have been a real terror alert, so they have plausible deniability and Kerry can't say anything. Now we have the Bush campaign quietly putting phrases directly into Allawi's mouth, and Kerry can't criticize this Pollyanna nonsense without "undercutting a valuable ally". (Like ahemcoughFrancecoughcoughGermanyahem never mind.)
Relying on plausible deniability is OK if you only do it once in a while. But as these terribly convenient events pile up, the probability of the null hypothesis (i.e. that these are all just coincidences, and nobody is abusing his presidential powers) gets smaller and smaller. The electorate starts dividing into people with a healthy level of cynicism and people who are essentially hero worshippers.
Come on nerds, someone write this up.
Yes and we spent an enormous amount of money doing everything we could to prevent those bombs from hitting high density civilian targets.
A 500-pound precision bomb has a casualty-producing radius of 400 meters minimum; do the math.
Politically Incorrect was a great show. Bill Maher was like a breath of fresh air. It was amazing, hearing someone on the teevee whose opinions and attitudes were so well articulated and sounded so much like my own (or at least what I imagined my own to be).
PI got great ratings, and certainly didn't suffer for a lack of audience. But you don't see it anymore because the advertising dried up. The Man turned that show right off.
One of the few ways to speak your mind with more than a few listening to you is to be rich and not running for office.
This is so true. People wonder why Hollywood celebrities are so leftist, hate America, etc. because actresses and rock stars are always seen conspicuously bashing the president. You hear theories about some leftist cult that's taken over Hollywood, etc.
A much simpler explanation is that these are the loudest non-corporate opinions that the average citizen is likely to hear.
Sorry to be nitpicky here, but this is a trojan horse, not a virus. A virus propagates through replication.
The published exploit sample code may be a trojan horse, but the real issue here is the vulnerability. Vulnerabilities are the raw material from which trojans, worms, and viruses are forged.
Coding a trojan out of this is straightforward (hostile JPEG gains control, deletes hard drive). With some ingenuity you could make it into a virus (hostile JPEG gains control, scans disks and networks for JPEG files to infect, rewrites all JPEGs it finds) or a worm (hostile JPEG gains control, sends self via email/instant message).
So you see what happened. The unchecked library call in this case was memcpy(). The decoder trusts its input and sends a small signed integer (-2) off to memcpy() without checking the sign bit- and memcpy() thinks -2 is a huge unsigned integer (4294967294). What's the difference? Any reasonable number is going to be positive anyway, right? Who would give a comment a negative length!
I saw someone make this kind of goof even in Java, where you have signed-only types forced on you. Someone forgot that InputStream.read() returns an unsigned byte as an int (between 0-255), and they cast it to a signed byte and back without the &0xFF to zero out the 24 high bits. That got caught right before our product release. The consequence in that case would have been a hash algorithm with inconsistent output between stream and byte array inputs- not a security nightmare like this, but a long lasting migraine nevertheless.
Only a matter of time before some "Good Samaritan" releases a JPEG that contacts Microsoft and downloads a patch!
you're a goddamn idiot. a suitably constructed jpeg will cause an overflow in the gdi+ library which ie and most msft programs use to render jpegs, when that happens the jpeg can be made such that the overflow will cause virus code to be loaded. god you're an idiot.
.EXE file, except for the fact that the code is hiding inside what is supposed to be data, not code, and it gains control of the CPU by smashing the stack.
.TXT file to execute arbitrary code. Who knows?
Jesus, an obvious end user asks a perfectly legitimate question and you call him an idiot for being surprised by the notion of a hostile JPEG- something that should rightfully amaze everybody. I doubt he understood your high level description. To the grandparent: here is a meandering crappy description of how a buffer overflow attack works:
A function call, in C, pushes the current program counter on the stack. Then it pushes the arguments onto the stack, and control jumps to the function which pops the arguments off the stack and does whatever with them. At the end it invokes a RET instruction that pops the program counter back off the stack and control jumps to the address there (to the point right after the CALL). These are just normal C calling conventions.
Variables defined in the function are stored on the stack. If a string like a URL (for example) needs to be defined, a buffer is allocated for it there. When the function returns, the space is automatically deallocated, the RET pops the program counter off the stack, and the function call returns. By default no bounds checking is done on data stored in these buffers. Some library functions, like gets(), don't do bounds checking. They can't, since they don't know the buffer size and would need to have it provided as an argument. Newer, safer versions exist that do take buffer size arguments, but that means these aren't the same library functions anymore. (FWIW the gets() call takes a pointer to a buffer of unknown size as an argument, reads a newlined string from stdin into the buffer, and returns the buffer pointer that was passed to it.)
It's up to the programmer to do bounds checking if he uses library calls vulnerable in this way. But this is extra work, and people are lazy. It's easier to just allocate a big, big buffer that's probably larger than you'll ever need, that "no reasonable URL" will ever exceed. So the programmer allocates a fixed 10K buffer on the stack and passes its address to a library function like gets().
The attacker gains control in these situations by creating a program input like a long, carefully crafted URL, slightly longer than 10K, that overflows the buffer inside the library function. The goal is to overwrite the return address on the stack with an address that's within the buffer. In the case of the Code Red worm, someone meticulously put together a URL that attacked an obscure ISAPI routine, and not only overwrote the return address, but also had machine code instructions waiting at the replacement address within the buffer- encoded right into the damn URL! (The buffer has been deallocated at this point, but hasn't been zeroed, so it's still there.)
It's harder to explain with a JPEG than with a URL. But a JPEG contains variable length data structures that are read into buffers on the stack. Someone writing the JPEG decoder forgot to do a bounds check- and so a mundane function for decoding JPEGs never returns. Instead it jumps into an endless loop that's been placed within the image buffer by the attacker.
So yes it is a bit like running an
Older versions of Notepad gagged on files larger than 64K, which seems suspicious. It's theoretically possible that a vulnerability could exist even in a text editor like Notepad allowing a carefully constructed
The 70 layers of fiberglass probably do a good job. The temperature will decrease linearly from one Al pane to the next as you go in. Of course this would imply a temperature gradient, so heat is flowing in, but very slowly (because of the fiberglass) and as the hydrogen warms up I would imagine they have a pressure regulator to let the system burp out a bit of gas once in a while. That robs the liquid of a lot of heat from the PdV term alone. My guess is that if you wait long enough all of the liquid will evaporate to the gas phase and escape via the regulator, and the interior temperature will increase once the hydrogen is gone.
"Hydrogen power" is still a ripoff. What we need are nuclear cars. That would solve the carbon emissions problem, and everyone would be nervous and drive more carefully so it would save lives too.
You want an OSS voting system, write one. Then lobby the government to use it. You've got it all backwards. The government does not fund software projects to reinvent the wheel (at least it shouldn't, not with my money).
"Reinventing the wheel" is a bad analogy in this case. The priority here isn't to save money, it's to correctly count votes. Saving money is a secondary consideration. (This is why we don't fire judges and outsource our courts to India, even though that would save money too.) On a national scale, the amounts of money involved with Diebold are relatively miniscule- they probably wouldn't fund the Iraq War for more than a few hours. (And it isn't even clear that buying Diebold saves money over an in-house solution.) But there is simply no way to know that the votes are being counted if you can't SEE how they are being counted.
DieBold already had a system when the government went looking, the OSS community didn't. Their choices were DieBold, a couple other vendors, or "fantasy vapor product that doesn't exist and even if they funded it's development there's no guarantee the thing will exist by election time".
You are making an assumption without realizing it here- that the Diebold system will be automatically superior to the card-based system that was in place in Florida's 2000 election. Which actually performed remarkably well under the extreme condition of a tie. There is no reason why these new systems have to be in place by 2004 when they may actually compromise the election compared to the system we had before.
I don't want my tax dollars bankrolling OSS dev efforts.
Maybe not GPL software (I'd agree with you that far) but if we're going to use a voting system we should all be allowed to see the code, even if we can't modify or distribute it. Otherwise only Diebold knows who really won, and in fact Diebold is put in a position where they can choose the next president. The key concept is transparency.
Counting votes isn't even a hard problem. Diebold (and the rest of the software industry) has succeeded in convincing the government that
numVotes++
is some ingenious discovery like penicillin. So you aren't allowed to see the code, which might really look like
if (vote equals BUSH || (vote equals KERRY && rnd() < 0.9))
numVotes++
Diebold's right to its "intellectual property" has superceded your right to know your vote was counted. Ironic, considering these mounting revelations that Diebold's intellectual property isn't very "intellectual" to begin with.
You'd have to be nuts to click on any link at all that arrived via spam. "Unsubscribe" links have been proven time and again to be feedback mechanisms for helping spammers identify good addresses.
Of course, now that we have HTML email with IMG tags (whoopee.) you don't even need to click on a link anymore.
Don't be dumb in thinking somehow that was a statement of avocation in denying peoples right to vote. It was simply a statement of the obvious, they are taking the stance that inconveniencing is somehow preventing people from voting. If you think this is true then you are just as much a loser as these people. They are not victims of oppression because they can't order their voting cards over the web and nothing you can say would convince a normal person otherwise.
Please RTFA before posting. They quietly shut down access to the site days before the registration deadline. This site had been advertised by the U.S. Government on foreign channels as being the preferred way for expatriates to register. Most overseas voters would probably make a reasonable assumption that the server would be there during the last week before the deadline. If you know you can do something over the web, you'll probably procrastinate. Now you'd be SOL. This is an attempt to boost Bush by running out the clock on expatriate voters- who favor Kerry by a 22 percent margin.
This site that's being blocked is intended for civilian expatriates only. Military votes are handled separately.
The military is something like 55% Republican. But civilians living overseas are another matter. According to a Zogby poll, voters with passports favor Kerry over Bush by 55 to 33 percent.
Also, for any expatriates reading this, a proxy server has been set up by the Verified Voting Foundation. Let's see the Pentagon block the proxy.
The very fact of the matter is that people outside the U.S. have little grasp of what America is like -- its politics or its people. All you see of our people is distorted through the lens of Hollywood, and all you see of our politics is distorted through the lens of biased news outlets (especially the spoiled government-funded ones.)
You don't know what I "see of your people", and you don't even know that I'm not an American who can't wait to cast his swing state vote against your beloved Chimperor this November.
Your negative views of Bush mostly stem from the excessively negative portrayal he gets.
Oh really? I thought I was basing my negative views of Bush on what I hear coming out of his mouth! But I guess you must know better, with all that unbiased media you have access to.