Have you even checked how this attack looks like? The traffic is *NOT* coming from Chinese servers, but that's not the point. That's actually why it's so powerful.
Baidu serves the malicious JavaScript in place of their analytics tracking script. Inside of China it's normal, but when it goes through the Great Firewall it gets changed to malicious script that turns any visitors of webpages with Baidu script (Google Analytics equivalent) attached to them into part of DDoS.
The way that script worked initially was actually pretty hilarious. It attached new tag to the page with src attribute being github URL. This allowed github to replace content under those URLs to "alert('WARNING: malicious script detected');", which got executed in every browser that was turned into an attacker (and due to blocking nature of alert, limiting the impact).
Of course there's more to that and the techniques used by attackers changed over past days - for instance, now TCP SYN floods started as well. But the fact is that there's definitely some big Chinese player behind it, even if it's actually not the most likely one - the government.
But the actual traffic is international and there's nothing odd in it. It's the actual source of the attack - the hijacked Baidu script that changed non-Chinese visitors of Chinese pages into botnet (well, not really, but very botnet-like) nodes instructed to attack GitHub - that without any doubt came from the Great Firewall of China. It might not be the government, but unless there's a massive man-in-the-middle attack covering the whole non-Chinese Internet, it's definitely something that comes from China.
Your info is out of date - a few days ago AtScript merge with TypeScript has been announced, so Angular 2 won't be written in AtScript, but TypeScript itself.
You're mistaken. The proper point to look at searching for white reference is in lower left part of the image - there's a part of some other, clearly black and white dress visible, and it has obvious orange - not blue - tint.
Also, it's not hard to find other pictures of the same dress. There's also somewhere a confirmation of the taker of that photo saying that this dress is obviously blue and black.
https://gs1.wac.edgecastcdn.ne...http://s3-ec.buzzfed.com/stati...
This was a problem before, and is probably due to SMS messaging standards (total guess, I've never investigated).
With SMS, you have no way to find out if the message has been sent to anyone else than you as well. If some messaging app lets you send message to multiple recipients, it actually just sends as many single, separate messages with the same content as there are recipients specified.
So what's so "tomorrow" about change from Lucida to Helvetica, which impedes legibility, requires more screen space, and makes the GUI appear fuzzy? Is that the definition of "tomorrow" now?
Looks like you have absolutely no experience in designing mobile devices. Arguments like "as cheap as RAM is" are bullshit. If you're not so big that you can design your own chips or at least be taken into consideration by manufacturers, you simply have to live with whatever is available on the market in quantities you need (and most of the options used by big gamers aren't even available on free market). For smaller projects (and I can imagine for a project like that with "as cheap as possible" constraint it's true as well), you're often limited to just a few SoC options, which in turn limit you further on available RAM packages (which aren't standardized in any way).
I'm working on Neo900 project and I know that finding 1GB PoP for DM3730 which wouldn't handicap our ability to connect NAND memory as well was a nightmare - and 1GB is actually hard limit on OMAP3 which was utilized only by a few devices out there. BTW, OMAP3's Cortex-A8 was actually meant for higher-end devices than A5 used in this phone.
There're also OpenBSC and OsmocomBB. However, even with all these projects there's still a pretty steep barrier to enter, which would disappear if open basebands in mobile phones would somehow become common.
Actually, knowing the state of security in cellular networks - especially old 2G and availability of "downgrade to 2G" techniques for newer ones - despite of being strong FLOSS and OH supporter I'm kinda glad that any tech-curious kid next door can't easily play with baseband in his mobile phone.
Sadly, there's also kind of people that won't care that it's illegal and with enough motivation will get all needed hardware, so we're not really protected either way.
But how's that on-topic? What "rooting a phone" has in common with "disabling LTE cap"? (whatever you mean by that) There is no "secret cap switch" that allows one to get ultra-speed while downgrading the connection to everyone else in neighborhood. The connection is managed by the modem with its own, closed and cryptographically signed firmware, which uses (or at least tries to use) 3GPP standards. It's completely unrelated to any "jailbreaking" or "rooting" that was discussed here.
Actually, when mangling with modem, "saturating LTE" is something you'd worry about as a last thing. There are much better things to do when you for instance force downgrade to 2G on your neighbors - then you can apply all sorts of man-in-the-middle, eavesdropping, spoofing, DoS attacks and much more. Cellular networks are built with an assumption that only certified hardware can transmit on them - and a lot of modems and BTSes blindly trust that this is really the case (after all, when you start to transmit with modified modem, like TI Calypso with OsmocomBB, you're breaking the laws, cause modifying its firmware made its certification void).
However, as I said, that has nothing to do with the concept of "jailbreaking" or "rooting". Maybe you know somehow the physical layer of GSM, but for sure don't really know how it's all implemented in modern smartphones.
It's a myth and I've already seen a lot of people from US debunking it. And even if it would be somewhat true, there are people in US who use their Openmoko Neo Freerunners and Goldelico GTA04s, or who preordered their Neo900, which were never (and never will be) locked to anything other than operating frequency.
Buying a phone in the US without simlock is far from being impossible. It's just a bit harder - well, for some people the difference may be negligible, but then no regulation will help them...
I wonder why the comments are filled with discussion about SIM locks and operators unlocking or not the devices after the end of contract. SIM-lock issue is no biggie, you can always simply buy the phone without telco as middleman.
What's more important there is that without this DMCA exception, you can't legally "jailbreak" your phone, install your own operating system or some "custom ROMs". Without this exception, jailbreaking an iPhone to install Cydia is illegal; breaking into bootloader of some non-unlockable by default Android phone is illegal as well.
Without this exception, in America you're not free to choose the software to run on your own hardware if only the producer doesn't want you to. Duh, even worse - it's actually illegal to try to. *This* is the clue of this issue, not any silly simlocks.
It's enough to have a friend PC compromised, where you connected your iPhone once, a year ago, to recharge your battery and you don't even remember that now. When his computer is compromised, your phone becomes compromised as well and vulnerable to remote attacks.
That's a bit different story than what you described above.
You have a choice to buy iOS, Android, Windows or BlackBerry phones.
My Openmoko, SHR, Maemo, QtMoko and Debian based phones are a nice example. And they all work pretty well! It wasn't always the case, especially in their early days, but things have stabilized pretty well over time.
If you don't want any "crap", support projects like Neo900. You do have a choice.
Android and Windows Phone aren't the only alternatives out there. There are even devices and OSes that are supported entirely by FLOSS community, like OpenPhoenux. There is a choice, you just have to keep your eyes wide open.
True words. Sadly, people consider things that are trendy or have more raw power as more valuable, even if they don't really need that. When someone actually comes up with the device that you can control (instead of it controlling you), all he hears is "meh, too slow", "too expensive", "no capacitive screen? are you joking?"
You would expect people to be more sensible than that, especially in the post-Snowden era.
Slashdot Mirror
Hehehe. Hehe. https://wikileaks.org/sony/ema...
the <script> tag*
Mistakenly turned on the HTML formatting. Hopefully it's still readable without the new lines :P
Have you even checked how this attack looks like? The traffic is *NOT* coming from Chinese servers, but that's not the point. That's actually why it's so powerful. Baidu serves the malicious JavaScript in place of their analytics tracking script. Inside of China it's normal, but when it goes through the Great Firewall it gets changed to malicious script that turns any visitors of webpages with Baidu script (Google Analytics equivalent) attached to them into part of DDoS. The way that script worked initially was actually pretty hilarious. It attached new tag to the page with src attribute being github URL. This allowed github to replace content under those URLs to "alert('WARNING: malicious script detected');", which got executed in every browser that was turned into an attacker (and due to blocking nature of alert, limiting the impact). Of course there's more to that and the techniques used by attackers changed over past days - for instance, now TCP SYN floods started as well. But the fact is that there's definitely some big Chinese player behind it, even if it's actually not the most likely one - the government.
But the actual traffic is international and there's nothing odd in it. It's the actual source of the attack - the hijacked Baidu script that changed non-Chinese visitors of Chinese pages into botnet (well, not really, but very botnet-like) nodes instructed to attack GitHub - that without any doubt came from the Great Firewall of China. It might not be the government, but unless there's a massive man-in-the-middle attack covering the whole non-Chinese Internet, it's definitely something that comes from China.
Your info is out of date - a few days ago AtScript merge with TypeScript has been announced, so Angular 2 won't be written in AtScript, but TypeScript itself.
You're mistaken. The proper point to look at searching for white reference is in lower left part of the image - there's a part of some other, clearly black and white dress visible, and it has obvious orange - not blue - tint. Also, it's not hard to find other pictures of the same dress. There's also somewhere a confirmation of the taker of that photo saying that this dress is obviously blue and black. https://gs1.wac.edgecastcdn.ne... http://s3-ec.buzzfed.com/stati...
Uhm... you don't need to - apps, no matter if native or not, simply don't have the permissions to do whatever they'd like to?
Unless of course you "jailbreak" it and run as root, which is not always possible.
This was a problem before, and is probably due to SMS messaging standards (total guess, I've never investigated).
With SMS, you have no way to find out if the message has been sent to anyone else than you as well. If some messaging app lets you send message to multiple recipients, it actually just sends as many single, separate messages with the same content as there are recipients specified.
So what's so "tomorrow" about change from Lucida to Helvetica, which impedes legibility, requires more screen space, and makes the GUI appear fuzzy? Is that the definition of "tomorrow" now?
This resolution, even if systemd remains default in Debian, is meant to prevent exactly that.
Looks like you have absolutely no experience in designing mobile devices. Arguments like "as cheap as RAM is" are bullshit. If you're not so big that you can design your own chips or at least be taken into consideration by manufacturers, you simply have to live with whatever is available on the market in quantities you need (and most of the options used by big gamers aren't even available on free market). For smaller projects (and I can imagine for a project like that with "as cheap as possible" constraint it's true as well), you're often limited to just a few SoC options, which in turn limit you further on available RAM packages (which aren't standardized in any way).
I'm working on Neo900 project and I know that finding 1GB PoP for DM3730 which wouldn't handicap our ability to connect NAND memory as well was a nightmare - and 1GB is actually hard limit on OMAP3 which was utilized only by a few devices out there. BTW, OMAP3's Cortex-A8 was actually meant for higher-end devices than A5 used in this phone.
I think any OS that could run somewhat bearable on Openmoko Neo Freerunner would be a great fit for such cheap phones.
I see some potential in some of its applications, but actually most of the time "LAN of Things" would be just enough.
There're also OpenBSC and OsmocomBB. However, even with all these projects there's still a pretty steep barrier to enter, which would disappear if open basebands in mobile phones would somehow become common.
Actually, knowing the state of security in cellular networks - especially old 2G and availability of "downgrade to 2G" techniques for newer ones - despite of being strong FLOSS and OH supporter I'm kinda glad that any tech-curious kid next door can't easily play with baseband in his mobile phone.
Sadly, there's also kind of people that won't care that it's illegal and with enough motivation will get all needed hardware, so we're not really protected either way.
But how's that on-topic? What "rooting a phone" has in common with "disabling LTE cap"? (whatever you mean by that)
There is no "secret cap switch" that allows one to get ultra-speed while downgrading the connection to everyone else in neighborhood. The connection is managed by the modem with its own, closed and cryptographically signed firmware, which uses (or at least tries to use) 3GPP standards. It's completely unrelated to any "jailbreaking" or "rooting" that was discussed here.
Actually, when mangling with modem, "saturating LTE" is something you'd worry about as a last thing. There are much better things to do when you for instance force downgrade to 2G on your neighbors - then you can apply all sorts of man-in-the-middle, eavesdropping, spoofing, DoS attacks and much more. Cellular networks are built with an assumption that only certified hardware can transmit on them - and a lot of modems and BTSes blindly trust that this is really the case (after all, when you start to transmit with modified modem, like TI Calypso with OsmocomBB, you're breaking the laws, cause modifying its firmware made its certification void).
However, as I said, that has nothing to do with the concept of "jailbreaking" or "rooting". Maybe you know somehow the physical layer of GSM, but for sure don't really know how it's all implemented in modern smartphones.
It's a myth and I've already seen a lot of people from US debunking it. And even if it would be somewhat true, there are people in US who use their Openmoko Neo Freerunners and Goldelico GTA04s, or who preordered their Neo900, which were never (and never will be) locked to anything other than operating frequency.
Buying a phone in the US without simlock is far from being impossible. It's just a bit harder - well, for some people the difference may be negligible, but then no regulation will help them...
You obviously have no idea how mobile internet connection works, don't you?
I wonder why the comments are filled with discussion about SIM locks and operators unlocking or not the devices after the end of contract. SIM-lock issue is no biggie, you can always simply buy the phone without telco as middleman.
What's more important there is that without this DMCA exception, you can't legally "jailbreak" your phone, install your own operating system or some "custom ROMs". Without this exception, jailbreaking an iPhone to install Cydia is illegal; breaking into bootloader of some non-unlockable by default Android phone is illegal as well.
Without this exception, in America you're not free to choose the software to run on your own hardware if only the producer doesn't want you to. Duh, even worse - it's actually illegal to try to. *This* is the clue of this issue, not any silly simlocks.
There's a reason why Neo900 is Neo900 and not Neo9.
It's enough to have a friend PC compromised, where you connected your iPhone once, a year ago, to recharge your battery and you don't even remember that now. When his computer is compromised, your phone becomes compromised as well and vulnerable to remote attacks.
That's a bit different story than what you described above.
to not buy*, of course.
You have a choice to buy iOS, Android, Windows or BlackBerry phones.
My Openmoko, SHR, Maemo, QtMoko and Debian based phones are a nice example. And they all work pretty well! It wasn't always the case, especially in their early days, but things have stabilized pretty well over time.
If you don't want any "crap", support projects like Neo900. You do have a choice.
Android and Windows Phone aren't the only alternatives out there. There are even devices and OSes that are supported entirely by FLOSS community, like OpenPhoenux. There is a choice, you just have to keep your eyes wide open.
True words. Sadly, people consider things that are trendy or have more raw power as more valuable, even if they don't really need that. When someone actually comes up with the device that you can control (instead of it controlling you), all he hears is "meh, too slow", "too expensive", "no capacitive screen? are you joking?"
You would expect people to be more sensible than that, especially in the post-Snowden era.