Using a VPN doesn't exactly protect you from this type of thing. A VPN sets up a point to point encrypted tunnel to send your traffic over. Your network traffic is sent to the other end of the tunnel, and then transmitted plaintext from there.
So if you use a VPN tunnel to visit gmail your network traffic is safe from snooping by your ISP, but may be intercepted anywhere between the other end of the tunnel and the gmail servers themselves.
What you really need is to encrypt all traffic between your system and your destination system. This can be done with VPN technologies if all servers you want to talk to support those technologies, but more commonly this is done with SSL.
I think at the end of the day it all depends on what you need to support. If you're supporting a single high performance system, well then a hand optimized kernel makes sense.
If you're supporting a few hundred servers then any differences between the systems need to be kept to a minimum.
My VW came with Sirius and I eventually decided that I wanted XM instead.
I looked into it a bit, and it turned out that the radio/nav system was connected to a sirius unit in the trunk. For around $500 I was able to get an XM unit installed in its place.
So if they do decide to consolidate on a single hardware platform, replacement should be possible assuming that's how all car makers do it.
On the other hand, if they broadcast all channels on both types of hardware, then my $500 investment was kind of dumb;)
> How are they going to know when the CD was purchased ?
Well, considering these CDs were pulled from the shelves quite some time back, I think it's safe enough for them to assume that if you have a rootkit version of a CD, you bought it before that date.
I look at this the other way. Why waste RAM just because you have a lot? If you thought about it in financial terms, what you said is like saying "I've never understood why people with millions of dollars just leave it in the bank!" I'd rather have free RAM speeding up disk access than have it full of bloated applications.
People with millions generally invest their money, not just leave it all in the bank. Because if you're not using it right now, might as well have it doing other useful things for you. Kind of like memory;)
However, it should be pointed out that social engineering your way onto a wired network is much easier. Than obtaining someone's computer and/or smart card and their password.
The difference is that when you come into a wired network you either need to leave something behind, or you lose your access as soon as you leave the location.
If you manage to get the wireless key off of a laptop, you continue to have access (as long as the key is not revoked).
If they can't fix it immediately, then they should let him know WHEN they're going to fix it. David announced this because he was expecting a fix in the January update, and it was not there.
On top of this, for the past few months he's been complaining about the fact that some of the vulnerabilities he has told Oracle about have gone unpatched for 2+ years. He has already tried the "responsible disclosure" route with Oracle. They're just not being responsive.
I think that his announcement and others like it will be the only way to get Oracle to respond. I'm just worried about what this means for the next X months.
Curse this mozilla featuritis! Just think, if they dropped support for Gopher, they could possibly remove an entire kilobyte of bloat!
Hell yes drop gopher! And its not for bloat reasons. Its just yet another code path that rarely gets executed that could potentially have an exploitable bug.
Just wait until someone can just create a link to a malicious gopher server, and own your machine.
Dell had Pentium IIIs running windows while SGI was stuck with Pentium IIs running... well, windows.
Dell sells systems running Windows, Apple will have systems running OS X. Even if they can't keep up with the latest and greatest CPUs as fast as Dell, they still have OS X as a selling point.
Wrong. The developer kits ship with a pentium 4 running 3.6 Ghz. This is either x86 or x86-64.
Oddly enough x86 CPU doesn't necessarily mean x86 architecture. If anyone remembers the SGI Visual Workstation, then they'll know what I mean. The visual workstation didn't use a standard BIOS, and dropped a lot of the legacy portions of the x86 architecture.
I'm kind of curious here what Apple is planning. Switching to a non-x86 standard architecture for the intel processors would allow them to still have the same kind of architecture lock in that they currently have with the PPC based systems while going with a straight X86 based system would allow them to sell OS X to the current millions of people currently running Windows who may be sick of dealing with Spyware, viruses, and Microsoft in general.
Linus Torvalds could say, tomorrow, that he revokes everyone's right to use the parts of the Linux kernel he wrote. That's his right as copyright holder.
Linus can redistribute code he has written under another license, but he cannot revoke the rights he has already provided. He can also make it so future releases are under a more restrictive license, but someone would just end up forking the last GPLed version.
A good example of this is XFree86. Version 4.4 was released under a more restrictive license that the community did not like. Next thing you know, the last 4.4 prerelease under the old license was forked as X.org.
I don't think there is a need to hold off on a PVR out of concern that the company will go away, at least if your TV service provider is reasonable and you buy one that they support.
The problem is that all of the tv listing data is collected and made available to your TiVo by TiVo themselves. How will your unit get listing updates if they stop providing them?
Unless TiVo releases a software update to point to some sort of public source or if they somehow manage to keep releasing updates (bought by someone else maybe?) you're kind of stuck.
Actually I think it's funny how people are so quick to defend Mozilla and say it's not dropping anything. The grandparent is right to point out that they are indeed dropping support. It doesn't matter if they're temporarily turning it off. They're turning off support. They are dropping default support in future versions of Firefox.
I think what we have here is a terminology conflict here.
Support for computer software can mean "ability to use" (eg. does linux support SCSI hard drives?) or "ability to get help with" (eg. is linux 2.2 still a supported kernel?)
IDN is still supported in that the functionality still exists on mozilla once it is turned on.
It is not supported in that it's known broken, and you use it at your own risk if you enable it.
Actually, no, that's quite true. A vulnerability that is undiscovered is not a vulnerability. Just as a word (e.g., "miostizr") is not a word until somebody assigns meaning to it.
What you're describing is more an example of a creation than a discovery. "miostizr" is not a word until someone creates the word "miostizr".
With a discovery the thing being discovered exists before the discovery, it is just not known. A law of physics is an example of this, but I prefer something more concrete like an asteroid. That asteroid damn well existed before someone found it.
Now which of these two examples does a vulnerability fit with? Does someone who looks for software flaws end up creating vulnerabilities in the software, or do they find it?
Although I'm sure plenty of companies would love to jump on the "discovery of a vulnerability is creation of a vulnerability". I'm sure they could push for the prosecution of people who malitiously create vulnerabilties in their software.
I will admit though that an undiscovered vulnerability is less dangerous than a discovered one.
Slashdot Mirror
Using a VPN doesn't exactly protect you from this type of thing. A VPN sets up a point to point encrypted tunnel to send your traffic over. Your network traffic is sent to the other end of the tunnel, and then transmitted plaintext from there.
So if you use a VPN tunnel to visit gmail your network traffic is safe from snooping by your ISP, but may be intercepted anywhere between the other end of the tunnel and the gmail servers themselves.
What you really need is to encrypt all traffic between your system and your destination system. This can be done with VPN technologies if all servers you want to talk to support those technologies, but more commonly this is done with SSL.
Just in case anyone wanted to see how it turned out last time ;)
I think at the end of the day it all depends on what you need to support. If you're supporting a single high performance system, well then a hand optimized kernel makes sense.
If you're supporting a few hundred servers then any differences between the systems need to be kept to a minimum.
If you're looking for a reason why assembly would be a good thing to learn, check out the below article from Joel on Software.
a ctions.html
http://www.joelonsoftware.com/articles/LeakyAbstr
FAIR USE = "Freedom and Innovation Revitalizing U.S. Entrepreneurship"
Somebody please shoot me.
My VW came with Sirius and I eventually decided that I wanted XM instead.
;)
I looked into it a bit, and it turned out that the radio/nav system was connected to a sirius unit in the trunk. For around $500 I was able to get an XM unit installed in its place.
So if they do decide to consolidate on a single hardware platform, replacement should be possible assuming that's how all car makers do it.
On the other hand, if they broadcast all channels on both types of hardware, then my $500 investment was kind of dumb
And a fond welcome to you too ;)
> How are they going to know when the CD was purchased ?
Well, considering these CDs were pulled from the shelves quite some time back, I think it's safe enough for them to assume that if you have a rootkit version of a CD, you bought it before that date.
I look at this the other way. Why waste RAM just because you have a lot? If you thought about it in financial terms, what you said is like saying "I've never understood why people with millions of dollars just leave it in the bank!" I'd rather have free RAM speeding up disk access than have it full of bloated applications.
;)
People with millions generally invest their money, not just leave it all in the bank. Because if you're not using it right now, might as well have it doing other useful things for you. Kind of like memory
Simply add your private key to ~/public_html/secret
Heh. I can't tell if you're making a joke, or are just stupid.
However, it should be pointed out that social engineering your way onto a wired network is much easier. Than obtaining someone's computer and/or smart card and their password.
The difference is that when you come into a wired network you either need to leave something behind, or you lose your access as soon as you leave the location.
If you manage to get the wireless key off of a laptop, you continue to have access (as long as the key is not revoked).
According to the story, it happens with Symantec's Norton Firewall and Norton Internet Security Suites. That's different than Norton Anti-virus.
What if they CANT fix the problem immediately.
If they can't fix it immediately, then they should let him know WHEN they're going to fix it. David announced this because he was expecting a fix in the January update, and it was not there.
On top of this, for the past few months he's been complaining about the fact that some of the vulnerabilities he has told Oracle about have gone unpatched for 2+ years. He has already tried the "responsible disclosure" route with Oracle. They're just not being responsive.
I think that his announcement and others like it will be the only way to get Oracle to respond. I'm just worried about what this means for the next X months.
And, speaking as an Alaskan, how could it get me if I run to the hills?
Hmm.. I don't think it worked for this guy:
"The mapping for the gene sequence was found on a victim frozen in Alaskan permafrost."
Not to be mistaken with the related groundhog exploit.
Curse this mozilla featuritis! Just think, if they dropped support for Gopher, they could possibly remove an entire kilobyte of bloat!
Hell yes drop gopher! And its not for bloat reasons. Its just yet another code path that rarely gets executed that could potentially have an exploitable bug.
Just wait until someone can just create a link to a malicious gopher server, and own your machine.
I love how they reported the results in megabits. So is that 5000000 bits? Whee! I usually do my data in bytes.... Divide by 8, no?
If you divide by 8 you get a smaller number, which sounds less impressiveDell had Pentium IIIs running windows while SGI was stuck with Pentium IIs running... well, windows.
Dell sells systems running Windows, Apple will have systems running OS X. Even if they can't keep up with the latest and greatest CPUs as fast as Dell, they still have OS X as a selling point.
SGI didn't create an altered intel CPU. They used a stock CPU, but made instead changes to the bus and supporting chipsets.
Apple could do the same.
Wrong. The developer kits ship with a pentium 4 running 3.6 Ghz. This is either x86 or x86-64.
Oddly enough x86 CPU doesn't necessarily mean x86 architecture. If anyone remembers the SGI Visual Workstation, then they'll know what I mean. The visual workstation didn't use a standard BIOS, and dropped a lot of the legacy portions of the x86 architecture.
I'm kind of curious here what Apple is planning. Switching to a non-x86 standard architecture for the intel processors would allow them to still have the same kind of architecture lock in that they currently have with the PPC based systems while going with a straight X86 based system would allow them to sell OS X to the current millions of people currently running Windows who may be sick of dealing with Spyware, viruses, and Microsoft in general.
Linus Torvalds could say, tomorrow, that he revokes everyone's right to use the parts of the Linux kernel he wrote. That's his right as copyright holder.
No, he can't.
From the FAQ
Linus can redistribute code he has written under another license, but he cannot revoke the rights he has already provided. He can also make it so future releases are under a more restrictive license, but someone would just end up forking the last GPLed version.
A good example of this is XFree86. Version 4.4 was released under a more restrictive license that the community did not like. Next thing you know, the last 4.4 prerelease under the old license was forked as X.org.
Physical attacks are just as valid as network attacks. Now where did I put my Dell technician uniform...
Based on the company involved here, hopefully your uniform is in India.
I don't think there is a need to hold off on a PVR out of concern that the company will go away, at least if your TV service provider is reasonable and you buy one that they support.
The problem is that all of the tv listing data is collected and made available to your TiVo by TiVo themselves. How will your unit get listing updates if they stop providing them?
Unless TiVo releases a software update to point to some sort of public source or if they somehow manage to keep releasing updates (bought by someone else maybe?) you're kind of stuck.
Actually I think it's funny how people are so quick to defend Mozilla and say it's not dropping anything. The grandparent is right to point out that they are indeed dropping support. It doesn't matter if they're temporarily turning it off. They're turning off support. They are dropping default support in future versions of Firefox.
I think what we have here is a terminology conflict here.
Support for computer software can mean "ability to use" (eg. does linux support SCSI hard drives?) or "ability to get help with" (eg. is linux 2.2 still a supported kernel?)
IDN is still supported in that the functionality still exists on mozilla once it is turned on.
It is not supported in that it's known broken, and you use it at your own risk if you enable it.
Actually, no, that's quite true. A vulnerability that is undiscovered is not a vulnerability. Just as a word (e.g., "miostizr") is not a word until somebody assigns meaning to it.
What you're describing is more an example of a creation than a discovery. "miostizr" is not a word until someone creates the word "miostizr".
With a discovery the thing being discovered exists before the discovery, it is just not known. A law of physics is an example of this, but I prefer something more concrete like an asteroid. That asteroid damn well existed before someone found it.
Now which of these two examples does a vulnerability fit with? Does someone who looks for software flaws end up creating vulnerabilities in the software, or do they find it?
Although I'm sure plenty of companies would love to jump on the "discovery of a vulnerability is creation of a vulnerability". I'm sure they could push for the prosecution of people who malitiously create vulnerabilties in their software.
I will admit though that an undiscovered vulnerability is less dangerous than a discovered one.