Although they don't seem to take into account the quite probable delays caused by hypothermia, shark attack, or drowning due the physical impossibility of swimming for a month solid..
I once cloned the non-contents of a freshly purchased drive onto the slightly buggy drive it was going to replace. This was about 15 years ago and my own data, with no real backups. I don't think I will ever make the same mistake again...
If this certificate had been invalid because of a DNS poisoning attack rather than an expired certificate, what do you think would have happened? Basically the same thing; 300-odd people would have handed their authentication details to the attackers and only one would have been suspicious enough to contact the bank.
BSD is closer to simulating a world with no copyrights; fairly much the only restriction they make is that you can't claim authorship/copyright or other people's work. In a no-copyright world it would still be dishonest (perhaps fraudulent) to claim authorship of someone else's work, and of course impossible to claim copyright.
Why stop halfway? How about some kind of locked-down/readonly hardware device the size of a pocket calculator that handles the whole transaction, including checking the bank certificate (with no option to ignore it if it's bad), securely encrypting and signing the transaction details, and sending it back to the bank via the computer's USB port as an indecipherable and tamperproof binary blob.
#5 "Game Over"... As long as you can get some crapware installed on their computers.
This is what has always bugged me. Never mind the obvious phishing scams, but all the idiotic solutions banks try to find against "key loggers" are doomed to fail. Idiotic solutions that far too often include forcing everybody to use the most buggy, maleware-prone browser and operating system ever written. FFS.
Here's how this works:
The bank implements some fancy ActiveX moving keypad you have to click with your mouse, followed by a number you get on your cellphone, fingerprint, retinal scan, anal probe, it really doesn't fucking matter because sooner or later the customer wants to make a transaction and they will do whatever it takes to get past all this stuff. Finally the customer gets to the appropriate form and fills in the transaction details.
At this point _malware in your browser_ changes the amount and payee account number around before the form gets encrypted and sent away, and the same piece of malware swaps the numbers back before you get asked to confirm the details.
There's really nothing the bank can do to prevent this kind of attack unless you (via good security) or they (via properly implemented TPM) have control over what software is allowed to run on your computer.
A while back one of the New Zealand banks had their SSL certificate expire, so for an entire afternoon every customer who visited the login page would have got an 'invalid certificate' warning of some sort..
300-odd customers logged in anyway. Only ONE was suspicious enough to contact the bank.
Nice to know I'm not the only person who does that, except over here it's about 10kph under the limit. It's a hell of a lot safer than tapping the brakes and in my experience a hell of a lot more effective too.
I got given two older monochrome xterms and a number of vt220/vt330 terminals ten-odd years ago. I had three text terminals and two xterms all running off my ultra-powerful 486DX100 for basically nothing. I could have run more if I had more serial ports!
I would expect you can get second-hand xterms second hand off ebay fairly cheap these days. If not you can certainly pick up old computers for practically nothing. They might not run win98 and they might not even have a cdrom or hard-drive, but if you can boot them off network or floppy you can still use them as a simple graphical terminal and do all the heavy work on one fairly modest server.
Seriously, I promised myself I wouldn't get a DVD player until Valenti was dead. My wife went out and bought one anyway (about the time he retired, fair enough) so I guess I should go buy a DVD burner instead to celebrate.
I was planning to use up some of my mod points on this thread, but all the "piss on his grave" comments are already at +5. So much love for the man...
Every year for as long as home computers have existed. Try selling a year-old computer on ebay and you'll be lucky to get half what you paid for it, even if it's still in new condition.
And couldn't we sequester CO2 from the atmosphere by converting trees into an inert substance--such as paper--then burying it into landfills?
Easier to just dump the trees in a big pit of mud. Without oxygen they won't rot and they'll sit there for millions of years slowly petrifying into coal.
Here's a better idea. How about we just stop digging up all the trees that already got buried millions of years ago and burning them for fuel?!!
Not enough. vista looks at things other than the filename to decide if your program is an installer, and I've heard that it's infuriatingly good at recognizing them too. So if you want to take a look at some potentially interesting but non fully trusted program, setting it up in a special 'sandbox' login just to try it out is just not an option. You're just going to have to let the installer have access to your entire system, like it or not.
Re:Will anyone gain anything from this? Not Linux
on
The End is Nigh for XP
·
· Score: 1
seveas had flash9 within days of them releasing the beta. The kids were using a lot of flash sites that just didn't work with the official flash7 plugin at the time. I guess the official repos have flash9 now, but there's still a lot of other stuff in seveas that they don't have.
Anyhow, when fiesty comes out this all changes:
"You need flash to view this website. Click OK and enter your password to have it installed for you"
Same for java, media plugins, nvidia binaries....
Hey, I still want someone to package up google earth and second life though.
Re:Will anyone gain anything from this? Not Linux
on
The End is Nigh for XP
·
· Score: 1
FFS it takes a lengthy tutorial to install Flash!
1) Open apt, add (paste in) one line for the seveas repository. 2) Click reload. 3) Check the box for "flashplugin-nonfree" 4) Click OK
They didn't say MAC address. There will be thousands of identical dells or compaqs with the same network card and PCI id, even if they each have a unique MAC.
OTOH the RIAA seem to believe an IP address alone is enough to identify a user, and it sure narrows things down to a single company or a household 99% of the time.
OTOOH Microsoft have confirmed that things like WGA and OGA do report validation failures, and on the fourth hand what they send back is encrypted and could well contain any kind of unique identifiers at all. We have only Microsoft's word as to how much or little is sent back and I wouldn't trust Microsoft as far as I could throw a chair.
You can't make that comparison. In ubuntu practically everything is installed through apt. In windows practically nothing can be installed through add/remove programs.
I think I have about two programs (second life and google earth) that were installed by hand. Everything else I use here came from packages.
"It sends anonymous statistics on what packages you have installed throught apt"
Anonymous, apart from being associated with your IP address if they happen to keep it in the logs.
You have to admit that if Microsoft had a program preinstalled in Windows (even if it was turned off by default) which regularly reported every single piece of software you installed and the date you last used it.. I can barely imagine the reaction!
I'm not sure windows update sends all that much back either. As I understand it Microsoft sends the list of available updates and your machine then downloads anything it doesn't already have. But I might be wrong..
From memory, the transistors that drove the scanning coils would burn out. Funny thing is I never really saw this with any xorg users, but I saw quite a few cases firsthand when Win95 came out. Lots of people trying to get 1024x768 resolution out of their old monitor that was only designed for 640x480 or 800x600.
Monitors these days are a lot smarter and have their own little computer built in which does a little onscreen menu and manages all the fine tuning. If you send a refresh rate they can't handle (or no signal at all) the onboard computer displays at 640x480x60Hz and tells you about it.
For anyone who thinks that running recovery media is a copout, you should try talking some customers through finding their address bar, or maybe the return key on their keyboard. Data isn't under warranty anyways (remember to backup, kids).
Do you let them know that system recovery is going to trash all their documents and email before they start? Because if not that's just about the shittiest thing you can do to someone. I agree that everybody ought to have backups, but I know that most people don't and even people who think they do have sometimes turned out to have burned a CD full of desktop shortcuts...
Doesn't have how many different versions? Last week I was trying to reinstall a computer which has a legit serial number for Windows XP Professional. Shouldn't be a problem, since I have the disks for XP home and XP pro, Right? Nope. It seems that XP Pro (Retail) won't accept a serial for XP Pro (OEM)
So apparently there are already five slightly different versions of Windows XP:
XP Home (OEM)
XP Home (Retail)
XP Pro (OEM)
XP pro (Retail)
XP Pro (VLK)
There's only 7 versions of Vista, so it's hardly a big jump. And on the plus side there's only one DVD for all the different versions. Yay!
Slashdot Mirror
There's one important feature of Microsoft's Legacy Document Formats that ODF simply cannot support; vendor lock-in.
That one feature is a total deal-breaker for Microsoft.
Although they don't seem to take into account the quite probable delays caused by hypothermia, shark attack, or drowning due the physical impossibility of swimming for a month solid..
I once cloned the non-contents of a freshly purchased drive onto the slightly buggy drive it was going to replace. This was about 15 years ago and my own data, with no real backups. I don't think I will ever make the same mistake again...
Boy are you missing the point...
If this certificate had been invalid because of a DNS poisoning attack rather than an expired certificate, what do you think would have happened? Basically the same thing; 300-odd people would have handed their authentication details to the attackers and only one would have been suspicious enough to contact the bank.
So tell me again how well SSL certificates work?
BSD is closer to simulating a world with no copyrights; fairly much the only restriction they make is that you can't claim authorship/copyright or other people's work. In a no-copyright world it would still be dishonest (perhaps fraudulent) to claim authorship of someone else's work, and of course impossible to claim copyright.
Why stop halfway? How about some kind of locked-down/readonly hardware device the size of a pocket calculator that handles the whole transaction, including checking the bank certificate (with no option to ignore it if it's bad), securely encrypting and signing the transaction details, and sending it back to the bank via the computer's USB port as an indecipherable and tamperproof binary blob.
#5 "Game Over" ... As long as you can get some crapware installed on their computers.
This is what has always bugged me. Never mind the obvious phishing scams, but all the idiotic solutions banks try to find against "key loggers" are doomed to fail. Idiotic solutions that far too often include forcing everybody to use the most buggy, maleware-prone browser and operating system ever written. FFS.
Here's how this works:
The bank implements some fancy ActiveX moving keypad you have to click with your mouse, followed by a number you get on your cellphone, fingerprint, retinal scan, anal probe, it really doesn't fucking matter because sooner or later the customer wants to make a transaction and they will do whatever it takes to get past all this stuff. Finally the customer gets to the appropriate form and fills in the transaction details.
At this point _malware in your browser_ changes the amount and payee account number around before the form gets encrypted and sent away, and the same piece of malware swaps the numbers back before you get asked to confirm the details.
There's really nothing the bank can do to prevent this kind of attack unless you (via good security) or they (via properly implemented TPM) have control over what software is allowed to run on your computer.
You wish!!!
A while back one of the New Zealand banks had their SSL certificate expire, so for an entire afternoon every customer who visited the login page would have got an 'invalid certificate' warning of some sort..
300-odd customers logged in anyway. Only ONE was suspicious enough to contact the bank.
Did you pay the Harry Fox agency the appropriate license fee to reproduce those lyrics?
No?
Nice to know I'm not the only person who does that, except over here it's about 10kph under the limit. It's a hell of a lot safer than tapping the brakes and in my experience a hell of a lot more effective too.
Really?
I got given two older monochrome xterms and a number of vt220/vt330 terminals ten-odd years ago. I had three text terminals and two xterms all running off my ultra-powerful 486DX100 for basically nothing. I could have run more if I had more serial ports!
I would expect you can get second-hand xterms second hand off ebay fairly cheap these days. If not you can certainly pick up old computers for practically nothing. They might not run win98 and they might not even have a cdrom or hard-drive, but if you can boot them off network or floppy you can still use them as a simple graphical terminal and do all the heavy work on one fairly modest server.
Seriously, I promised myself I wouldn't get a DVD player until Valenti was dead. My wife went out and bought one anyway (about the time he retired, fair enough) so I guess I should go buy a DVD burner instead to celebrate.
I was planning to use up some of my mod points on this thread, but all the "piss on his grave" comments are already at +5. So much love for the man...
Every year for as long as home computers have existed. Try selling a year-old computer on ebay and you'll be lucky to get half what you paid for it, even if it's still in new condition.
Jack Valenti just died and I'm thinking about buying a DVD burner to celebrate.
Fuck you too.
And couldn't we sequester CO2 from the atmosphere by converting trees into an inert substance--such as paper--then burying it into landfills?
Easier to just dump the trees in a big pit of mud. Without oxygen they won't rot and they'll sit there for millions of years slowly petrifying into coal.
Here's a better idea. How about we just stop digging up all the trees that already got buried millions of years ago and burning them for fuel?!!
Not enough. vista looks at things other than the filename to decide if your program is an installer, and I've heard that it's infuriatingly good at recognizing them too. So if you want to take a look at some potentially interesting but non fully trusted program, setting it up in a special 'sandbox' login just to try it out is just not an option. You're just going to have to let the installer have access to your entire system, like it or not.
seveas had flash9 within days of them releasing the beta. The kids were using a lot of flash sites that just didn't work with the official flash7 plugin at the time. I guess the official repos have flash9 now, but there's still a lot of other stuff in seveas that they don't have.
....
Anyhow, when fiesty comes out this all changes:
"You need flash to view this website. Click OK and enter your password to have it installed for you"
Same for java, media plugins, nvidia binaries
Hey, I still want someone to package up google earth and second life though.
FFS it takes a lengthy tutorial to install Flash!
1) Open apt, add (paste in) one line for the seveas repository.
2) Click reload.
3) Check the box for "flashplugin-nonfree"
4) Click OK
They didn't say MAC address. There will be thousands of identical dells or compaqs with the same network card and PCI id, even if they each have a unique MAC.
OTOH the RIAA seem to believe an IP address alone is enough to identify a user, and it sure narrows things down to a single company or a household 99% of the time.
OTOOH Microsoft have confirmed that things like WGA and OGA do report validation failures, and on the fourth hand what they send back is encrypted and could well contain any kind of unique identifiers at all. We have only Microsoft's word as to how much or little is sent back and I wouldn't trust Microsoft as far as I could throw a chair.
You can't make that comparison. In ubuntu practically everything is installed through apt. In windows practically nothing can be installed through add/remove programs.
I think I have about two programs (second life and google earth) that were installed by hand. Everything else I use here came from packages.
"It sends anonymous statistics on what packages you have installed throught apt"
Anonymous, apart from being associated with your IP address if they happen to keep it in the logs.
You have to admit that if Microsoft had a program preinstalled in Windows (even if it was turned off by default) which regularly reported every single piece of software you installed and the date you last used it.. I can barely imagine the reaction!
I'm not sure windows update sends all that much back either. As I understand it Microsoft sends the list of available updates and your machine then downloads anything it doesn't already have. But I might be wrong..
Why does it always have to get worse before it gets better?
Why do you assume it will ever get better?
From memory, the transistors that drove the scanning coils would burn out. Funny thing is I never really saw this with any xorg users, but I saw quite a few cases firsthand when Win95 came out. Lots of people trying to get 1024x768 resolution out of their old monitor that was only designed for 640x480 or 800x600.
Monitors these days are a lot smarter and have their own little computer built in which does a little onscreen menu and manages all the fine tuning. If you send a refresh rate they can't handle (or no signal at all) the onboard computer displays at 640x480x60Hz and tells you about it.
For anyone who thinks that running recovery media is a copout, you should try talking some customers through finding their address bar, or maybe the return key on their keyboard. Data isn't under warranty anyways (remember to backup, kids).
Do you let them know that system recovery is going to trash all their documents and email before they start? Because if not that's just about the shittiest thing you can do to someone. I agree that everybody ought to have backups, but I know that most people don't and even people who think they do have sometimes turned out to have burned a CD full of desktop shortcuts...
Doesn't have how many different versions? Last week I was trying to reinstall a computer which has a legit serial number for Windows XP Professional. Shouldn't be a problem, since I have the disks for XP home and XP pro, Right? Nope. It seems that XP Pro (Retail) won't accept a serial for XP Pro (OEM)
So apparently there are already five slightly different versions of Windows XP:
XP Home (OEM)
XP Home (Retail)
XP Pro (OEM)
XP pro (Retail)
XP Pro (VLK)
There's only 7 versions of Vista, so it's hardly a big jump. And on the plus side there's only one DVD for all the different versions. Yay!