I see a pattern here. I used to be a frequent user of Flickr, paying Pro account, using it as a primary photo storage and such. After a wave of arrogant, user-hostile redesigns, I have noticed that many of my contacts stopped to come and finally after - as we could label it now - a repulsive "UI remix" two years ago, I too stopped coming. So big congratulations to MM - laying off the customers is quite a feat!
My feelings exactly. I bought a Nexus 7 (2013) last year and loved it. Then, at some unfortunate moment, I have confirmed the "upgrade". The result was ugly UI (not such a surprise, given the Google track record with arrogant GMail changes, but for Material UI they probably hired the brain behind Windows 8 tiles), performance like some 1$ chinese toy (screen massively tearing while scrolling text web page, ffs!), apps crashing just about all the time... and I find myself the great Android device maybe twice a week now.
On a positive side, it is only a tablet. But in near future, having a car botched by similar upgrade experiences, now that is going to be a completely different matter. It is time to realize that the Google is rotting like any other megacorp and no more true innovation (not to be confused with PR innovation) is going to happen unless some drastic measures are put in motion.
Using Nexus 7 (model 2013) I have upgraded about a month ago, but it turned out to wrong decision. Everything is slower now, I observe more frequent crashes and the Material Design is ridiculous and incomprehensible. I don't understand thinking of Material Design designers, but it seems that while graphics is simplified without respect to intuitive understanding (infamous "triangle, circle, square" comes to mind) , procedures often became more complicated. For example, to access settings, 2 swipes and 1 touch (pull the top menu, expand the top menu, select Settings) are necessary now - quite a regression.
Are you sure that Hell's carmakers and bankers are not mixed up? I don't think driving Ferrari or Lamborghini is a torture comparable to driving Renault or Peugeot. (Oh wait, I get it - there is still Multipla!)
"Don't be evil" was probably deemed too obsolete. Judging from some recent cases, such as GMail redesign, recent total crackdown on non-market Chrome extensions or planting a Trojan horse into Yahoo, the current motto is "Prostrate before the evil majesty, you worm!"
I'm writing this on Firefox 22.0 / WinXP. Updates disabled for both. No antivirus, unless Sysinternals tools and system debugger count as one. Running it this way for more than ~3 years.
Would you point out how exactly is a virus going to infect this machine, if I strictly adhere to a couple of basic information hygiene rules?
Firefox has this ability as well, it is not so obvious, though.
Go to a page with some search field, for example amazon.com title page.
In Firefox Search Bar, expand its pop-up menu; one of the items should be "Add Amazon Search Suggestions". Click it
Once again go to Search Bar pop-up menu, this time for "Manage Search Engines..."
Select the appropriate row and click "Edit Keyword..."
Type some reasonably short abbreviation, such as "ama"
You are done, now you can type "ama cthulhu" and there you go. I have there shortcuts for Google (keyword "g"), Wikipedia ("w"), YouTube ("y"), IMDB, CPAN and a couple of other sites and it is really efficient and comfortable.
I think it cannot be a coincidence that an organization that has some kind of "internal/state/etc. security" in its name, turns out to be extremely evil, harassing, arbitrarily strict towards deemed suspects and so on. After all, for DHS translated to Russian, KGB is pretty accurate translation.
The visible partition reports whole 1TB. Truecrypt does not "know" about the hidden partition nor tries to protect it. If you store 1TB of data in the visible part, you will damage whatever was stored in that hidden compartment (the hidden part is stored at the very end of the container file).
For example, I do have a file 2GB large. But it is 99% empty, as I store only passwords, private keys, scans of various personal documents etc. there, all together takes up a couple of megabytes. If there was a need, I could put a 1,5TB hidden partition there. I would argue that the container file size was based on some assumptions regarding future content...
If I remember correctly, Stuxnet targeted Windows machines in the first step too. There it infected developer tools and the damage-causing payload did get compiled into programs for those SCADA systems of certain importance. So Windows systems might not have any obvious importance at all, but they play a role of the weakest link surprisingly well.
As an evil virus author, I would add another twist: make the plain-text part of the virus install the font (we know it does so). Few moments later, from within the encrypted code, uninstall the font (we have no clues what that code actually does).
Unsuspecting folks would devise infection detectors, which will give nice "false negatives".
Pity. I was hoping that this would be a clever part of systemic offensive. Like forcing laser printer to release deadly toner fumes by downloading evil curves of this font. Or making its kerning so bad that the users would collapse with severe headaches.
Judging from the infection vector (i.e. USB sticks), I suspect that the targets are off-line, or at least heavily firewalled. Mind you, the target is most probably some military facility, likely in Iran. I don't think navigating to a non-white-listed web page wouldn't raise alarm, from the virus author's point of view an unnecessary complication.
By the way, TFA says that the virus even installs some font. This unusual step confuses me quite a lot. Is it for some kind of "exposed but not obvious" document watermarking. Or is it preparation for some future infection vector? Questions:-(
Does somebody know whether there is that font ("Palida Narrow") available?
One of my guesses is that both the PATH element and the Program Files item are linked to a single application. That way, as long as the application is installed, the payload would be decryptable. The name check suggests that the application is some in-house project, probably not publicly released.
But maybe the "trigger" is an application in certain environment. Then the Program File would determine application presence. Then the expected item of PATH could refer to some network share, mapped disk, e.g. T:\Repository\bin. Such combination would be pretty unique and therefore an ideal "trigger", IMHO.
The trick in this case is that the key is already available at the targeted machine - the virus tries to combine various pairs of %PATH% paths and names from %PROGRAMFILES% and if some combination has an expected checksum, that's the key. To make cryptanalysis a bit more difficult, it seems that the second part of the key is not in plain ASCII.
Therefore the "key distribution problem" is nicely solved - if the code runs on targeted system, the key will be easily generated. On any other machine you won't obtain any information about the key.
To continue with recommendations, Lem's final work, Fiasco is a superb book. And for more advanced readers (such as those, who read and liked Foucault's Pendulum by Umberto Eco), there are great novels His Master's Voice and Golem XIV.
I would prefer Titan, along the closing lines of one nice book: "Puppet masters -- the free men are coming to kill you! Death and Destruction!"
Now that would be a nice preemptive strike on those parasites:-)
After much research regarding gear for my trips, I came across Eagle Creek stuff, and as for me, they are the best. My beloved Switchback has already suffered plenty of abuse and it still holds together. Not to mention their No Matter What Damage Repair Policy...
I really recommend them, the gear they offer is worth checking! (Now if they made some armored luggage for my camera, I would be really happy.)
As long as they ask for a strictly R/O access, why not let them have it? If I hear "my precious tables", I immediately have to think "unprofessional administrator". Do you have to worry about sensitive contents or are you ashamed of the mess, which most production databases converge into?
Easy, straightforward solution (with some implied assumptions, btw): I would create a set of views with SELECT privileges granted to a new role, let's say ADVANCED_CUSTOMER. Then create a new db user, grant him the role and there he goes.
More advanced solution: I would set up a new database, into which the original data would be replicated. Possibly with some time lag, so the advantage of fresh data remains for you.
Anyway, as a customer, I would just state what I want ("this and that set of data"), and the provider's job would be to make it happen. Preferably in some interface neutral way, e.g. SOAP.
I am aware of the demerits. But will this kind of weapons (temporary incapacitants of individuals) be effective in the hands of terrorists? How will it help them?
Good point. As Schneier's essay published on his blog today states, from the point of view of terrorists it's just a choice of tactic in order to reach the goal: to terrorize. In another words, perform some spectacular violent act which will attract a lot of media coverage. One day, it is an airplane used as a guided missile. Another day, it may have been completely different plot (hijacking and blowing up a supertanker; sniper hidden in the car cruising the country...).
And we need to remember that so far most of the attacks were quite unsofisticated and only crudely coordinated. Despite this they were considered as a success. I don't want to know what would happen if someone skilled in psychology and urban warfare was to plan a blow to the society. Imagine for example this IMO easy to execute (for dedicated terrorists with some training) plan:
A small decoy bombs are blown in several subway stations, preferably geografically near. Casualties ~ virtually zero, the purpose is to ignite panic.
As scared mass of people tries to evacuate, detonate much bigger bombs near to exits from the stations. Not necessarily very lethal, but...
Now you have many instances of hysteric, panicked crowd in a small space (as subway exits tend to be). As was noticed many times during for example fire accidents, such crowd is very lethal thing.
In older times, you would have to consider how to ensure proper access for news crews. It has changed, the victims will without doubt provide their own coverage via phones, and it has the necessary "feel" of authenticity.
Just remember how much fear generated one single guy equipped with a gun. And there you will have multiphase attack simultaneously in several places. Next week, the target could be an armed assault on nearest TV station, with a live broadcast of murders etc. The options for terrorists' goal are virtually endless. So our defense should go deeper and mitigate tactical advantages of terrorists: Media coverage - why? (If nobody in terrorist's tribe knows about his deed, would they celebrate him as a hero? I doubt it.)
I do not have a proper reference (and I'm unable to verify), but I remember somebody to claim that during IRA bombings in UK, the media coverage was inversely proportional to human losses. Sounds plausible to me and logical as well. If you deny access to the media, those terrorists will become just criminals. But here we come across an interesting find: terrorists and media live in a strange symbiosis. Media equation: more terror = more revenue for media. Terrorist's equation: more media coverage - more fear in society. In both cases, the objective is reached. Tough luck for the victims who happen to stay between these two parties.
And though I'm from different country, my memories of IRA times tell me something was fundamentally different: the people were not being scared by their own government. The response was more similar to police investigation than to full-scale military response. But these days no, we are so soft that we even bow down when some unimportant people don't like a sheet of caricatures.
I think unless there is a serious flaw on the side of airport security, the equipment advantage of the bad guys is not so big. The ONLY weapons which caused 911 were surprise and bad assumptions. The terrorists were allowed into cockpit with the assumption that it is just one of "routine hijackings" (scenario: land somewhere, demand something, negotiate, release hostages). The incorectness of the assumption was the moment of surprise and I truly believe that all pilots since then have to consider a 911 scenario as well.
Let us now think about those executions of passengers. We may not prevent them, but we can reduce the casualties. Assume that there are approx. 6 bad guys armed with improvised cold weapons, therefore effective attack range of each member is cca 1 meter. What are tactical options of passengers?
They have vast numeric advantage. Say at least 50 men and don't forget about capabilities of many angry women.
They may create improvised weapons and shields as well. Trays, belts, blankets...
The cramped space onboard in my opinion favors the defense. The movement of attackers can be obstructed by improvised barricades (luggage)
As long as the cockpit is not penetrated, the pilots may help with another effective countermeasures (but they would require a tactically skilled flight attendant coordinating the actions, or some kind of CCTV in the cabin):
Perform sudden maneuvers (rapid descent, steep banking) to incapacitate attackers; they won't probably wear belts during the incident
Change parameters of cabin environment: temperature, light, sound -- anything which may disrupt focus and coordination of the attacking group
Decompress the cabin and therefore restrict the movement of all passengers
I personally can think of merits of equipping flight attendants with tasers, sticky foam, pepper spray (or even stun grenades)
In this mental exercise are some assumptions as well. The foremost is that only cold weapons are available to terrorists. Here we have to rely on the integrity and skill of airport personnel, but even with handguns I believe passengers with improvised shields would stand a chance. When it comes to bombs, well, bad luck, BUT: the bad guys can destroy the plane, but they will not control it.
From formal point of view, regular expressions in Perl (PCRE) are no longer true regular expressions. Since Perl 5.6 and the introduction of look-ahead/subexpression clauses, it is possible to match expressions of classic context-free grammar of correctly parenthesized clauses. I therefore suppose that one day somebody will implement a CFG parser entirely using PCRE engine (and most probably on a sigle line ^__^).
Slashdot Mirror
I see a pattern here. I used to be a frequent user of Flickr, paying Pro account, using it as a primary photo storage and such. After a wave of arrogant, user-hostile redesigns, I have noticed that many of my contacts stopped to come and finally after - as we could label it now - a repulsive "UI remix" two years ago, I too stopped coming. So big congratulations to MM - laying off the customers is quite a feat!
Don't worry, we don't have any sharks in Czech Republic, we are a landlocked country. At best, we could come up with laser-bearing carps or catfish.
On a positive side, it is only a tablet. But in near future, having a car botched by similar upgrade experiences, now that is going to be a completely different matter. It is time to realize that the Google is rotting like any other megacorp and no more true innovation (not to be confused with PR innovation) is going to happen unless some drastic measures are put in motion.
Using Nexus 7 (model 2013) I have upgraded about a month ago, but it turned out to wrong decision. Everything is slower now, I observe more frequent crashes and the Material Design is ridiculous and incomprehensible. I don't understand thinking of Material Design designers, but it seems that while graphics is simplified without respect to intuitive understanding (infamous "triangle, circle, square" comes to mind) , procedures often became more complicated. For example, to access settings, 2 swipes and 1 touch (pull the top menu, expand the top menu, select Settings) are necessary now - quite a regression.
Are you sure that Hell's carmakers and bankers are not mixed up? I don't think driving Ferrari or Lamborghini is a torture comparable to driving Renault or Peugeot. (Oh wait, I get it - there is still Multipla!)
"Don't be evil" was probably deemed too obsolete. Judging from some recent cases, such as GMail redesign, recent total crackdown on non-market Chrome extensions or planting a Trojan horse into Yahoo, the current motto is "Prostrate before the evil majesty, you worm!"
I'm writing this on Firefox 22.0 / WinXP. Updates disabled for both. No antivirus, unless Sysinternals tools and system debugger count as one. Running it this way for more than ~3 years. Would you point out how exactly is a virus going to infect this machine, if I strictly adhere to a couple of basic information hygiene rules?
Is it the same guy as the one responsible for GMail? Or the one behind Flickr? Or is it a sign of coming "bad redesign epidemy"?
You are done, now you can type "ama cthulhu" and there you go. I have there shortcuts for Google (keyword "g"), Wikipedia ("w"), YouTube ("y"), IMDB, CPAN and a couple of other sites and it is really efficient and comfortable.
I think it cannot be a coincidence that an organization that has some kind of "internal/state/etc. security" in its name, turns out to be extremely evil, harassing, arbitrarily strict towards deemed suspects and so on. After all, for DHS translated to Russian, KGB is pretty accurate translation.
For example, I do have a file 2GB large. But it is 99% empty, as I store only passwords, private keys, scans of various personal documents etc. there, all together takes up a couple of megabytes. If there was a need, I could put a 1,5TB hidden partition there. I would argue that the container file size was based on some assumptions regarding future content...
If I remember correctly, Stuxnet targeted Windows machines in the first step too. There it infected developer tools and the damage-causing payload did get compiled into programs for those SCADA systems of certain importance. So Windows systems might not have any obvious importance at all, but they play a role of the weakest link surprisingly well.
As an evil virus author, I would add another twist: make the plain-text part of the virus install the font (we know it does so). Few moments later, from within the encrypted code, uninstall the font (we have no clues what that code actually does).
Unsuspecting folks would devise infection detectors, which will give nice "false negatives".
Pity. I was hoping that this would be a clever part of systemic offensive. Like forcing laser printer to release deadly toner fumes by downloading evil curves of this font. Or making its kerning so bad that the users would collapse with severe headaches.
Judging from the infection vector (i.e. USB sticks), I suspect that the targets are off-line, or at least heavily firewalled. Mind you, the target is most probably some military facility, likely in Iran. I don't think navigating to a non-white-listed web page wouldn't raise alarm, from the virus author's point of view an unnecessary complication.
Does somebody know whether there is that font ("Palida Narrow") available?
One of my guesses is that both the PATH element and the Program Files item are linked to a single application. That way, as long as the application is installed, the payload would be decryptable. The name check suggests that the application is some in-house project, probably not publicly released.
But maybe the "trigger" is an application in certain environment. Then the Program File would determine application presence. Then the expected item of PATH could refer to some network share, mapped disk, e.g. T:\Repository\bin. Such combination would be pretty unique and therefore an ideal "trigger", IMHO.
The trick in this case is that the key is already available at the targeted machine - the virus tries to combine various pairs of %PATH% paths and names from %PROGRAMFILES% and if some combination has an expected checksum, that's the key. To make cryptanalysis a bit more difficult, it seems that the second part of the key is not in plain ASCII. Therefore the "key distribution problem" is nicely solved - if the code runs on targeted system, the key will be easily generated. On any other machine you won't obtain any information about the key.
To continue with recommendations, Lem's final work, Fiasco is a superb book. And for more advanced readers (such as those, who read and liked Foucault's Pendulum by Umberto Eco), there are great novels His Master's Voice and Golem XIV.
I would prefer Titan, along the closing lines of one nice book: "Puppet masters -- the free men are coming to kill you! Death and Destruction!" Now that would be a nice preemptive strike on those parasites :-)
I really recommend them, the gear they offer is worth checking! (Now if they made some armored luggage for my camera, I would be really happy.)
As long as they ask for a strictly R/O access, why not let them have it? If I hear "my precious tables", I immediately have to think "unprofessional administrator". Do you have to worry about sensitive contents or are you ashamed of the mess, which most production databases converge into?
Easy, straightforward solution (with some implied assumptions, btw): I would create a set of views with SELECT privileges granted to a new role, let's say ADVANCED_CUSTOMER. Then create a new db user, grant him the role and there he goes.
More advanced solution: I would set up a new database, into which the original data would be replicated. Possibly with some time lag, so the advantage of fresh data remains for you.
Anyway, as a customer, I would just state what I want ("this and that set of data"), and the provider's job would be to make it happen. Preferably in some interface neutral way, e.g. SOAP.
I am aware of the demerits. But will this kind of weapons (temporary incapacitants of individuals) be effective in the hands of terrorists? How will it help them?
And we need to remember that so far most of the attacks were quite unsofisticated and only crudely coordinated. Despite this they were considered as a success. I don't want to know what would happen if someone skilled in psychology and urban warfare was to plan a blow to the society. Imagine for example this IMO easy to execute (for dedicated terrorists with some training) plan:
Just remember how much fear generated one single guy equipped with a gun. And there you will have multiphase attack simultaneously in several places. Next week, the target could be an armed assault on nearest TV station, with a live broadcast of murders etc. The options for terrorists' goal are virtually endless. So our defense should go deeper and mitigate tactical advantages of terrorists: Media coverage - why? (If nobody in terrorist's tribe knows about his deed, would they celebrate him as a hero? I doubt it.)
I do not have a proper reference (and I'm unable to verify), but I remember somebody to claim that during IRA bombings in UK, the media coverage was inversely proportional to human losses. Sounds plausible to me and logical as well. If you deny access to the media, those terrorists will become just criminals. But here we come across an interesting find: terrorists and media live in a strange symbiosis. Media equation: more terror = more revenue for media. Terrorist's equation: more media coverage - more fear in society. In both cases, the objective is reached. Tough luck for the victims who happen to stay between these two parties.
And though I'm from different country, my memories of IRA times tell me something was fundamentally different: the people were not being scared by their own government. The response was more similar to police investigation than to full-scale military response. But these days no, we are so soft that we even bow down when some unimportant people don't like a sheet of caricatures.
Let us now think about those executions of passengers. We may not prevent them, but we can reduce the casualties. Assume that there are approx. 6 bad guys armed with improvised cold weapons, therefore effective attack range of each member is cca 1 meter. What are tactical options of passengers?
As long as the cockpit is not penetrated, the pilots may help with another effective countermeasures (but they would require a tactically skilled flight attendant coordinating the actions, or some kind of CCTV in the cabin):
In this mental exercise are some assumptions as well. The foremost is that only cold weapons are available to terrorists. Here we have to rely on the integrity and skill of airport personnel, but even with handguns I believe passengers with improvised shields would stand a chance. When it comes to bombs, well, bad luck, BUT: the bad guys can destroy the plane, but they will not control it.
From formal point of view, regular expressions in Perl (PCRE) are no longer true regular expressions. Since Perl 5.6 and the introduction of look-ahead/subexpression clauses, it is possible to match expressions of classic context-free grammar of correctly parenthesized clauses.
I therefore suppose that one day somebody will implement a CFG parser entirely using PCRE engine (and most probably on a sigle line ^__^).