When you put out there a list of words that help flag a domain as "bad", you're just signaling to the malware makers to avoid those words.
Then you can make a new list of words. And then they'll avoid those words.
Eventually, the malware domains will be essentially indistinguishable from the real domains.
That's lose-lose for everyone.
Unfortunately, keeping the list secret does no good either. If it's truly secret, then no one can use it to fight malware. If it's only "secret" as in "not widely published", then the malware makers will still find it and use it.
Any really good company/department is going to find it more important to find the right person than skills in a particular language.
Obviously, a person who is a good fit in other ways and has experience in the exact skill/language is the best, but you're better off hiring someone good who doesn't know the language (and then helping them learn it) than you are hiring someone who's not a good fit but does know the language.
When I'm involved, I want to see at least 2 different similar skills (in this case, programming languages), to prove that the person can learn and has a core understanding of the common principals.
So, learn a few languages (preferably at least one of which is popular), and be prepared to learn a new one for a job.
Do you really want to work at a place that isn't willing to take the time and money to train the right person? Odds are you'll be looking for a new job before long (either by your choice or theirs).
plus, what about sound? Does it come in a sound-proof box? If not, it'll be louder than most conventional heating systems, and probably provides less heat.
Here, I'll tell you: Devops: IT infrastructure folks, devs, QA people, sitting in a room and working together to release software on a timely basis.
How it works: 1) Boss schedules a meeting 2) Everyone shows up 3) Work out a couple of things that'll make everyone's jobs easier. 4) Do that. 5) Repeat.
That's it. Seriously. It's not cloud voodoo, it's not shirt-and-tie marketspeak, it doesn't take expensive consultants or software or anything.
If that's considered "niche" in your world, I sure as fuck don't want to work at whatever miserable place you're working at.
Wow. I've apparently been working in the wrong places for the last 15 years.
Where do I find this place where meetings are simple and productive?
Probably because a lot of us jumped ship from Apache to Nginx. I got tired of my server eating up all the CPU for what little my sites were doing. Moved to Nginx and freed up 75%, and I wasn't doing anything special server-side to account for that.
Exactly. It's not really Microsoft that's gaining (although they are, a little), nor really Apache that's losing (although they are, a lot).
It's that nginx is taking over Apache's place as the best free webserver.
The summary said she gave them her password. That sounds like permission.
A 13 year old can't give permission.
Just like she can't give permission for the school to take her on a field trip or to go off campus for lunch, she can't give the school permission to invade her privacy. Only her parents can.
In some ways, this is really stupid. In other ways, it makes lots of sense. We shouldn't really trust most 13-15 year olds to make intelligent, informed decisions most of the time.
I'd like to say "mod parent up", but it's already at 5.
This "article" lost all credibility the moment they claimed that Kodak was replaced by Instagram. Kodak was functionally dead long before Instagram was a twinkle in someone's eye. If I was going to try to pin one company as replacing Kodak, it would have to be Apple, since more photos are taken with iPhones than with any other single manufacturer's cameras. I guess that's a less sensational claim, since Apple employs ~90,000 people and is still growing.
As to the real reason for Kodak's demise, they waited too long to go digital, and they screwed it up when they did go mainstream digital. For example, early mainstream Kodak digital cameras used more compression on their JPGs so you could fit more into the tiny built-in memory or small Smartmedia cards. Unfortunately for Kodak, most people care more about the quality of the images than the number they can fit on a card. I'm sure that market research said people wanted to be able to take more pictures, but it didn't actually drive sales. Kodak persisted in this for long enough that the reputation for poor image quality stuck even after they stopped using excessive compression by default.
(Sound of loud buzzer.) Ehhhhh... sorry. That's not quite the answer we were looking for. Perhaps you'd prefer to live in Cuba?
These days, if I didn't have a really important reason to stay in this country (my children), I would seriously consider leaving. I don't think Cuba would be at the top of my list.
Stuff like this is a total sideshow. It's a distraction from the fact that our government can't seem to get anything productive done.
As long as those in charge of this country (by which I primarily mean Congress and the Senate) spend more time and money bickering with each other and making absolutist "no compromise" stands, nothing here will improve.
What we really need is a changing of the guard. Vote every single incumbent out of office. Having more than two political parties wouldn't hurt either.
It has long been held by US courts that the exteriors of letters and other items sent through the mail are not considered private.
It makes sense that they are allowed to photograph and record them for later use.
I mean, did you really think that a piece of mail sent through a government controlled organization would be hidden from law enforcement?
Now, if they are doing the same for UPS/FedEx/etc, then there might be a slightly larger concern, but still not really a big deal. Or, if they were opening (or scanning the inside without opening) and recording the contents of sealed mail without a warrant, that would also be concerning.
I think he's only referring to union shops with their soon-to-be-taxed-out-of-existence gold level coverage plans.
No, those plans are in the $20k/year ballpark.
$10k/year (employer contribution, plus an additional $2-3k/year employee paid) buys a health plan that doesn't suck. A PPO with no deductible and moderate copayments. Covers most needs but has gaps.
$4k/year only buys a crappy plan that has at least two of these flaws: doesn't cover the right things, high copayments, high deductible.
Project Cauã will aim to put a server system in the basement of all of these tall buildings
(emphasis added)
Did no one learn anything from Hurricane Sandy, which flooded all those basements?
I came here to say this. I'm thinking you might want to put them a little higher up in the building, although I have no idea what the floodplain in Sao Paolo is like.
Great info and analysis, but you made one mistake.
The stats are traffic related fatalities per 100k vehicles per year. A nation with 1000 deaths per 100k vehicles per year does not equal a 1% annual death rate for vehicle owners, or the cumulative 25% over 30 years. The reason is that not all of the traffic related deaths are of vehicle owners, or even vehicle drivers. There are passengers and pedestrians as well. In countries with low average per capita income (or other economic indicator of your choice), the average number of passengers per vehicle tends to be higher. I don't have a study to link to prove this. Sorry.
Joining, and discovering are not the same thing. You don't need to join a network for your phone to register it as near your location.
Absolutely true. But your phone won't give away the MAC address of your previous network unless it's trying to join the fake wifi network. Unless I'm greatly misunderstanding what I read.
From GitHub:
To solicit ARPs from iOS devices, set up an access point with DHCP disabled (e.g. using airbase-ng) and configure your sniffing interface to the same channel.
Once associated, iOS devices will send up to three ARPs destined for the MAC address of the DHCP server on previously joined networks. On typical home WiFi routers, the DHCP server MAC address is the same as the WiFi interface MAC address, which can be used for accurate geolocation. On larger corporate WiFi networks, the MAC of the DHCP server may be different and thus cannot be used for geolocation.
I'm pretty sure that for a device to be associated, it has to be attempting to join the network. I could be wrong, I'm not a WiFi engineer. Please correct me if I'm wrong about that.
And this is why your iDevice should never be set to automatically join wifi networks.
Actually, NO device should be configured to automatically join wifi networks.
(For those who didn't read the docs that go with the software, this relies upon running an access point with no DHCP, which is what forces the iDevice to send ARPs for the last DHCP server it used).
Also, this means that if you want to "hide" your home network, don't run DHCP on your WiFi router, use another device.
So, this guy is trying to be at least semi-pro about this, and we're supposed to care what he thinks and says, but he can't be bothered to watch one episode each of eight different shows before writing an article about it?
How long are these? I'm guessing an hour. You can't spend eight hours WATCHING TV before writing an article you're being paid for?
And then it gets put up on Slashdot?
Has online journalism/tech news fallen so low that this qualifies as worth a front-page mention?
Note that this update is apparently only applied to systems running Windows 7 pre-SP1 or SP1, Windows Server 2008 R2 pre-SP1 or SP1, or Windows Server 2008 non-R2 SP2 (any edition of any of these). If you’re running Windows XP, Vista, or 8, presumably this won’t be an issue as the update would never even have been offered via Windows Update.
If that's the case, then why does the linked bulletin list every version of Windows under the sun (including RT and Server 2012!) as affected?
Business class isn't available at most residential addresses (especially apartments) - I've looked into it. The only ISP that was willing to consider it wanted $11,000 to extend their loop one block over to my neighborhood (although they graciously offered to cover the first $1000 of it themselves).
I've had business-class Verizon FiOS at two different apartments.
At one of them, I know Comcast also offered business class.
If you're trying to get an old-school service (like a T1 or something), then I can see the difficulty. However, for a service where the difference between business and home is only in the upstream stuff (e.g. cable modem or FttP), there's no reason for them not to sell business class service to whatever address wants it.
Didn't think about that. The hibernate file doesn't have any special permissions or encryptions or something does it?
It doesn't matter if the file is protected. If you can breach the kernel, and store your malware/rootkit/etc as part of the "session 0" data mentioned in the summary, then the OS will automatically save it all for you. No need to crack the file.
However, the file does provide another vector for attack.
So this legislation makes it mandatory for them to notify the government within 48 hours... What about notifying customers and/or the general public? If someone steals my private info, especially banking info, I need to know ASAP. If they can still wait a week (or a month) before reporting to customers, this legislation is basically useless.
TFA mentions "nationwide" notification, but not a timetable.
Slashdot Mirror
This kind of research is almost self-defeating.
When you put out there a list of words that help flag a domain as "bad", you're just signaling to the malware makers to avoid those words.
Then you can make a new list of words. And then they'll avoid those words.
Eventually, the malware domains will be essentially indistinguishable from the real domains.
That's lose-lose for everyone.
Unfortunately, keeping the list secret does no good either. If it's truly secret, then no one can use it to fight malware. If it's only "secret" as in "not widely published", then the malware makers will still find it and use it.
There is no right choice.
Any really good company/department is going to find it more important to find the right person than skills in a particular language.
Obviously, a person who is a good fit in other ways and has experience in the exact skill/language is the best, but you're better off hiring someone good who doesn't know the language (and then helping them learn it) than you are hiring someone who's not a good fit but does know the language.
When I'm involved, I want to see at least 2 different similar skills (in this case, programming languages), to prove that the person can learn and has a core understanding of the common principals.
So, learn a few languages (preferably at least one of which is popular), and be prepared to learn a new one for a job.
Do you really want to work at a place that isn't willing to take the time and money to train the right person? Odds are you'll be looking for a new job before long (either by your choice or theirs).
It should be a law that you have to be an organ donor in order to legally not wear a helmet while riding a motorcycle.
Had the same idea...
plus, what about sound? Does it come in a sound-proof box? If not, it'll be louder than most conventional heating systems, and probably provides less heat.
DevOps is a niche. Get over it.
Huh?
Do you even know what "DevOps" is?
Here, I'll tell you: Devops: IT infrastructure folks, devs, QA people, sitting in a room and working together to release software on a timely basis.
How it works:
1) Boss schedules a meeting
2) Everyone shows up
3) Work out a couple of things that'll make everyone's jobs easier.
4) Do that.
5) Repeat.
That's it. Seriously. It's not cloud voodoo, it's not shirt-and-tie marketspeak, it doesn't take expensive consultants or software or anything.
If that's considered "niche" in your world, I sure as fuck don't want to work at whatever miserable place you're working at.
Wow. I've apparently been working in the wrong places for the last 15 years.
Where do I find this place where meetings are simple and productive?
Probably because a lot of us jumped ship from Apache to Nginx. I got tired of my server eating up all the CPU for what little my sites were doing. Moved to Nginx and freed up 75%, and I wasn't doing anything special server-side to account for that.
Exactly. It's not really Microsoft that's gaining (although they are, a little), nor really Apache that's losing (although they are, a lot).
It's that nginx is taking over Apache's place as the best free webserver.
The summary said she gave them her password. That sounds like permission.
A 13 year old can't give permission.
Just like she can't give permission for the school to take her on a field trip or to go off campus for lunch, she can't give the school permission to invade her privacy. Only her parents can.
In some ways, this is really stupid. In other ways, it makes lots of sense. We shouldn't really trust most 13-15 year olds to make intelligent, informed decisions most of the time.
I'd like to say "mod parent up", but it's already at 5.
This "article" lost all credibility the moment they claimed that Kodak was replaced by Instagram. Kodak was functionally dead long before Instagram was a twinkle in someone's eye. If I was going to try to pin one company as replacing Kodak, it would have to be Apple, since more photos are taken with iPhones than with any other single manufacturer's cameras. I guess that's a less sensational claim, since Apple employs ~90,000 people and is still growing.
As to the real reason for Kodak's demise, they waited too long to go digital, and they screwed it up when they did go mainstream digital. For example, early mainstream Kodak digital cameras used more compression on their JPGs so you could fit more into the tiny built-in memory or small Smartmedia cards. Unfortunately for Kodak, most people care more about the quality of the images than the number they can fit on a card. I'm sure that market research said people wanted to be able to take more pictures, but it didn't actually drive sales. Kodak persisted in this for long enough that the reputation for poor image quality stuck even after they stopped using excessive compression by default.
Top of the rack tends to get toasty, but is this too simple?
I logged in to say that.
It seems obvious -- heat rises, I would expect top of rack components to fail more often unless the cooling design is well done.
Completely fabricated statistic: Only 10% of datacenters have proper cooling design.
(Sound of loud buzzer.) Ehhhhh... sorry. That's not quite the answer we were looking for. Perhaps you'd prefer to live in Cuba?
These days, if I didn't have a really important reason to stay in this country (my children), I would seriously consider leaving. I don't think Cuba would be at the top of my list.
Stuff like this is a total sideshow. It's a distraction from the fact that our government can't seem to get anything productive done.
As long as those in charge of this country (by which I primarily mean Congress and the Senate) spend more time and money bickering with each other and making absolutist "no compromise" stands, nothing here will improve.
What we really need is a changing of the guard. Vote every single incumbent out of office. Having more than two political parties wouldn't hurt either.
It has long been held by US courts that the exteriors of letters and other items sent through the mail are not considered private.
It makes sense that they are allowed to photograph and record them for later use.
I mean, did you really think that a piece of mail sent through a government controlled organization would be hidden from law enforcement?
Now, if they are doing the same for UPS/FedEx/etc, then there might be a slightly larger concern, but still not really a big deal.
Or, if they were opening (or scanning the inside without opening) and recording the contents of sealed mail without a warrant, that would also be concerning.
I think he's only referring to union shops with their soon-to-be-taxed-out-of-existence gold level coverage plans.
No, those plans are in the $20k/year ballpark.
$10k/year (employer contribution, plus an additional $2-3k/year employee paid) buys a health plan that doesn't suck. A PPO with no deductible and moderate copayments. Covers most needs but has gaps.
$4k/year only buys a crappy plan that has at least two of these flaws: doesn't cover the right things, high copayments, high deductible.
You forgot Windows 95 OSR2
OSR2 isn't nearly as fun as the ultimate version of Windows 95--OSR 2.5.
http://en.wikipedia.org/wiki/Windows_95#Editions
Project Cauã will aim to put a server system in the basement of all of these tall buildings
(emphasis added)
Did no one learn anything from Hurricane Sandy, which flooded all those basements?
I came here to say this. I'm thinking you might want to put them a little higher up in the building, although I have no idea what the floodplain in Sao Paolo is like.
Please mod parent up.
Who wants to be that the Windows Power option for JavaScript timer frequency only affects IE, and not other browsers on the machine?
Great info and analysis, but you made one mistake.
The stats are traffic related fatalities per 100k vehicles per year. A nation with 1000 deaths per 100k vehicles per year does not equal a 1% annual death rate for vehicle owners, or the cumulative 25% over 30 years. The reason is that not all of the traffic related deaths are of vehicle owners, or even vehicle drivers. There are passengers and pedestrians as well. In countries with low average per capita income (or other economic indicator of your choice), the average number of passengers per vehicle tends to be higher. I don't have a study to link to prove this. Sorry.
Joining, and discovering are not the same thing. You don't need to join a network for your phone to register it as near your location.
Absolutely true. But your phone won't give away the MAC address of your previous network unless it's trying to join the fake wifi network. Unless I'm greatly misunderstanding what I read.
From GitHub:
To solicit ARPs from iOS devices, set up an access point with DHCP disabled (e.g. using airbase-ng) and configure your sniffing interface to the same channel.
Once associated, iOS devices will send up to three ARPs destined for the MAC address of the DHCP server on previously joined networks. On typical home WiFi routers, the DHCP server MAC address is the same as the WiFi interface MAC address, which can be used for accurate geolocation. On larger corporate WiFi networks, the MAC of the DHCP server may be different and thus cannot be used for geolocation.
I'm pretty sure that for a device to be associated, it has to be attempting to join the network. I could be wrong, I'm not a WiFi engineer. Please correct me if I'm wrong about that.
And this is why your iDevice should never be set to automatically join wifi networks.
Actually, NO device should be configured to automatically join wifi networks.
(For those who didn't read the docs that go with the software, this relies upon running an access point with no DHCP, which is what forces the iDevice to send ARPs for the last DHCP server it used).
Also, this means that if you want to "hide" your home network, don't run DHCP on your WiFi router, use another device.
So, this guy is trying to be at least semi-pro about this, and we're supposed to care what he thinks and says, but he can't be bothered to watch one episode each of eight different shows before writing an article about it?
How long are these? I'm guessing an hour. You can't spend eight hours WATCHING TV before writing an article you're being paid for?
And then it gets put up on Slashdot?
Has online journalism/tech news fallen so low that this qualifies as worth a front-page mention?
Note that this update is apparently only applied to systems running Windows 7 pre-SP1 or SP1, Windows Server 2008 R2 pre-SP1 or SP1, or Windows Server 2008 non-R2 SP2 (any edition of any of these). If you’re running Windows XP, Vista, or 8, presumably this won’t be an issue as the update would never even have been offered via Windows Update.
If that's the case, then why does the linked bulletin list every version of Windows under the sun (including RT and Server 2012!) as affected?
Business class isn't available at most residential addresses (especially apartments) - I've looked into it. The only ISP that was willing to consider it wanted $11,000 to extend their loop one block over to my neighborhood (although they graciously offered to cover the first $1000 of it themselves).
I've had business-class Verizon FiOS at two different apartments.
At one of them, I know Comcast also offered business class.
If you're trying to get an old-school service (like a T1 or something), then I can see the difficulty. However, for a service where the difference between business and home is only in the upstream stuff (e.g. cable modem or FttP), there's no reason for them not to sell business class service to whatever address wants it.
Didn't think about that. The hibernate file doesn't have any special permissions or encryptions or something does it?
It doesn't matter if the file is protected. If you can breach the kernel, and store your malware/rootkit/etc as part of the "session 0" data mentioned in the summary, then the OS will automatically save it all for you. No need to crack the file.
However, the file does provide another vector for attack.
I'm a bit late to the party, but yes, a real geek would use an HP, because all real geeks know that RPN is superior to DAL.
So this legislation makes it mandatory for them to notify the government within 48 hours... What about notifying customers and/or the general public? If someone steals my private info, especially banking info, I need to know ASAP. If they can still wait a week (or a month) before reporting to customers, this legislation is basically useless.
TFA mentions "nationwide" notification, but not a timetable.
Apparently you need a 'mirror' to view these optical illusions...