...the process from poking unusual commands at Apache or another web daemon to how that allows control of the box?
When I ran web servers I ran the daemons as unprivileged accounts that had no shell, and in a couple of instances there was chroot sandboxing to further help to mitigate penetration even if someone managed to exploit a vulnerability in the web daemon.
How is this working? Are people not folliowing good practices?
First off, let's clear the air - the apache or whatever HTTPd is being used is still running unpriviledged.
Second, what hackers are doing is exploiting CGI - because CGI data is often passed as environment variables, people are setting their User-Agent and Referer headers to exploit this: "() {:; }; command" being common (with command being ping a certain address).
What happens is the CGI gateway takes those, then sets environment variables like "REFERER=() {:; }; ping..." and "USER_AGENT=...", then calls system() to run the appropriate CGI script.
system() calls fork() and starts/bin/sh -c "command" and therein is the problem. Because/bin/sh almost always is/bin/bash on Linux, that means bash starts up, and it starts looking at the environment variables to set up the environment. It runs across REFERER and USER_AGENT, and sees that it's how bash passes exported shell functions to subshells, so it creates those functions. Unfortunately, the bug means that when those functions are defined, bash continues parsing - it sees the semicolon and the parses it as a regular command while it's still parsing environment variables.
This lets bash execute anything as the afflicted user.
So what can you do? Everything httpd can do - which may include accessing databases, or loading in other scripts and then getting those to run to get at databases, or dumping the server files.
You may not be able to write/etc/passwd, but you can certainly try to dump the user database for the web application.
It's a pretty deep bug because it's a design bug - POSIX doesn't specify how exported functions are passed from shell to subshell, so bash uses environment variables in a special format. One patch to fix it makes it so all functions must be declared as _BASH_FUNC_name= which helps limit exposure. There are going to be many other patches because fixing this is hard.
The military people I have had trouble with in the past were ones who had really internalized hierarchy and protocol then have trouble when others do not fall into line with their expected behavior and deference.
The only real problem with military people are those who still have a "command" mentality - who believe they are the be-all-end-all person. Especially when they get to be management and insist on everyone following their way dammit (or drop 20 - and yes, there have been a few that forced their civilian subordinates to do just that).
A well trained veteran in IT - they're worth a great deal. Even a cog who's a hard worker and can do gruntwork, invaluable. It's the "commanders" that can be problematic when they assume that because everything in the military worked, they need to enforce it in the company - discipline, calisthenics, etc.
Those are the people you need to watch out for because they can easily drive everyone else away. Hopefully they get caught early because of the culture clash.
the governments socialize the losses of GTAT onto all of the companies that GTAT owes money to. Had GTAT and Apple succeeded, all of the profits would have been private, mostly recognized in Cork.
Actually, that can't happen because the GTA plant Apple paid for (and bought the equipment for) is in Arizona (I think). So any profits GTA makes has to be reported in US dollars and both Apple and GTA have to pay US taxes on it.
To exploit it in Cork requires Apple to then sell the panels at cost to Apple's subsidiary in the EU first, who then sells it at regular prices to Foxconn and others making the phones. So Cork reports that profit. But if the phone returns back to the US (by and large Apple's largest market) then Apple's Cork needs to charge Apple (Cupertino) the regular retail price for it to capture the money in the EU.
Of course, Apple Cupertino needs working cash, so they probably get it at a good discount so US sales generate cash or their US operations (but also taxed in the US).
Apple's Cork taxbreak only works for sales outside North America. Inside North America sales are fully taxed with all taxes paid to Uncle Sam as required.
Buy an iPhone in California, and California and the feds get paid. Buy an iPhone in China and that money goes to Cork.
Google knows the math, and is trying to save the inumerate from an expensive failure (;-))
More like getting a product so tainted by the public that it's impossible to release it. I mean, Google Glass has its uses, but not only is general society not able to sort out its potential privacy issues (face it - we're still dealing with trying to fit cameras into our society properly, and those have been around for a couple of centuries now), but it takes just a few incidents before the public will conclude they're a bad idea and shun them.
There are a few technologies like this where the public has shunned their use - nuclear, for example.
Microsoft didn't want to allow the Xbox One to accept Xbox 360 controllers, so they chose to scrap XInput support from the Xbox One controllers. That PC users can't use the controllers is just an unfortunate side-effect.
They didn't have to go that far, actually.
Xbox accessories have an authentication chip that's verified during USB connect so that's all the Xbone had to do - just check to see if it's an Xbone accessory and be done with it. Likewise the 360 can do the same.
OTOH, the controllers are supposed to be standard HID devices, it's just that you need a mapping between the axis controls (because USB HIDs are keyboards, mice and joysticks, while something with a half-dozen axes and a dozen buttons needs to have input mappings done, as well as mapping the output (the vibrators (main and impulse triggers) and LEDs), aka the Xinput mapping.
The PS4 is worse, though. Over USB it authenticates every 30 seconds (Xbone, like the 360 only do it at connect). While first-party controllers generally are best, there are some third party ones that lose out. (Like my Delta Six gun controller).
Worth remembering that both the "halves" of the current HP are just the remainder of the original company after its previous split/spin-off of Agilent anyway. Agilent was arguably closer to HP's original business (i.e. test equipment and the like) than what remained of "HP" (nominally the former parent) after that.
Agilent doesn't exist anymore.
They call themselves something really stupid nowadays - Keysignt Technologies. Which sounds more like a marketing company than one making test equipment.
Of course, any company old enough will have a pile of equipment that's marked with both "HP" and "Agilent" on it because each time the name changed, they just rebadged the silkscreen.
Anyhow, when they split, the reason was the HP name was familiar to the public so they kept that for their PC division, while engineers familiar with HP would easily adapt to the new name of Agilent. (Except they may have forgotten what a terrible name Keysignt is...).
If you can't let your customers send you money, then there's not much point in being in business. Also, whoever was responsible for setting up their payment system won't be laying claim to that fact in their advertising and testimonial material.
The problem was that RedBox was being used to validate credit card numbers after hackers stole a pile of them. Somehow it was a really efficient way to check your millions of credit cards to see which ones were valid. RedBox caught on and disabled it, which had the effect of even legitimate customers weren't able to purchase or renew, either.
(And it hits most big companies - a few years ago it was Apple being hit with same - hackers used iTunes to validate the numbers which triggered a bunch of alerts).
Now since I am older I see things differently. You can think Intel for the crappy intel 8086 instruction sets and lack of things like VM support, multitasking, and protected memory, which forced MS to make crappy operating systems and compatible with that crappy system mixed with techno luddities who were forced to switch to computers and didn't know better created the mess of the past.
Actually, the Intel processors weren't the problem, it was that everything used DOS.
The 386 was just fine and dandy and Windows itself made use of a lot of its features including virtualized x86 mode. In fact, Windows in Enhanced mode did a bunch of icky stuff - it sucked DOS' brains dry to figure out what files were open and all that, passed that information into the Windows kernel, which then hosted DOS in a v86 instance. (all DOS apps you launch from Windows are hosted in similar circumstances as well).
Of course, the problem was it was a nasty combination of code - the enhanced kernel was 32-bit to get all these features, but most of the programs it ran were 16-bit Windows programs (and Windows wouldn't get a 32-bit runtime until later - Windows NT which spawned the Win32 API, a subset of which was ported to Windows 3.x as Win32s).
And Windows did have protected mode. It's just that a lot of the crap Windows had to do in order to work meant it didn't work too well.
Hell, think of it this way - Linux ran on a 386, the same one required for Windows enhanced mode. Yet Linux got all the memory protection and preemptive multitasking going while Windows was still cooperatively multitasked.
And yet people keep saying that Apple "stole" the GUI from Xerox. Steve Jobs saw the value of the GUI and the mouse, the guys at Xerox had no clue about the potential of both.
Apple "paid" Zerox for the GUI, though. They gave them a bunch of Apple stock as payment. Now, the Xerox guys just decided to dump them, but that's more their loss than anything.
Of course, it was only until they actually tried to do things did they realize the Alto GUI's was pretty much useless (it didn't have overlapping windows!). So Apple paid Xerox for the idea, even though Wozniak in the end ended up doing the whole GUI.
If something as stupid as the name of the operating system can trip up some applications, what about the rest of the code?
Instead of giving programmers dozens of ways of checking and doing things, they should be forced into doing it one way. Easier to prevent mistakes, check for errors, etc.
There ARE APIs to check the Windows versions.
It matters naught if developers don't use them.
Most developers ARE stupid, and they take shortcuts "to get it to work" that shouldn't be done because they didn't take the 5 minutes to actually figure it out.
Things like assuming: * Windows is always in "C:\Windows". (It can be put in another directory, say \WINNT, or a different drive). * Programs are installed in "C:\Program Files" (well, on 64-bit Windows, 32 bit apps are under \Program Files (x86), that directory can be localized on non-English versions of Windows, it can be on another drive) * You can open a window to the full screen dimensions (breaks multi-monitors, especially if the geometry isn't rectangular) * Screen coordinates will never go negative * The root window is called "Program Manager" (check it out - Windows explorer creates a Program Manager window because there are still apps that assume that) * If a library function isn't documented, just use its ordinal value (guess what - they change! And now many DLLs have hardcoded ordinal values because devs did tis to get an API that's not public)
etc. etc. etc.
Now, most of these aren't in applications you can buy (because a developer that does these things rapidly finds out they have to do it properly or it breaks and have unhappy paying customers). No, most applications would be the bespoke ones that companies use internally - because things are very controlled, bad coding habits and mechanisms get ingrained and you don't find out about the problem until years later when you upgrade.
And half of Windows consists of shims and adjustments to keep behaviors the same for these badly written apps. (And it's not limited to Windows, either, Linux is just as bad in the enterprise. Like calling os.system() in scripts to list files in a directory rather than native APIs, or "rewriting" shell scripts into Python that do nothing but call os.system() or other way of executing a command in a shell).
We do away with standardize testing. "No child left behind" has become "Every child left behind", because those that are great at particular skills are punished in our education system for being ahead of others.
Standardized testing is older then NCLB. SATs, ACTs, etc., are all exams students take because there's no way to normalize school marks otherwise. I mean, if you're a university, you can't rely on grades alone to figure out if the student is good (or what they claim as extracurricular activities) Grade inflation happens and even in the same school one class might have a teacher that always scores higher than another. (Or, as everyone knows, which classes to take to guarantee an easy A).
So they've been using standardized tests to produce a normalized academic mark to which other qualities are weighed.
Heck, I even remember doing the whole Iowa Test of Basic Skills way back in the 90s too in middle/high school.
Of course, I advocate MORE standardized tests (with grades that matter) - I see 3% per grade level as an appropriate weighting. So elementary schools it barely counts, but middle school and high school it starts to be worth a lot which reflect that in real life, no matter what you do, there's often a major test you have to pass. Be it in university with final exam weightings of 50% or more (the ones that weigh less typically have a "must pass final to pass course" rule). Or trade schools where you have to take the exam to get your certificate.
I also advocate publishing the grades as a list of numbers, both by class and school so parents can compare their child's result against the rest of class, and their class versus other classes at the school and in the area to see if their child is falling behind, or the class is falling behind, or the entire school. And to raise heck when it happens. (Socioeconomic reasons fall apart if two schools at the same level do vastly differently)
Naturally, teachers unions hate the idea of accountability, so they oppose standardized testing at any level. Every kid's a flower and special in their own way. Heck, here some schools have been forced by teachers to do away with marks or letter grades, just a simple sentence on a report card. (Nevermind "no-fail" policies that don't let you assign a mark of 0 for something not handed in...).
R.I.P., Saturday morning cartoons. I guess it's all real news for the kids of today...
No, cartoons are still around. We call them "animated" these days because they're not just limited to hand drawn and animated art, but also include CGI and other types.
And I thought the Saturday morning cartoons (something I remember doing in the 80s) were dead when the likes of Cartoon Network and other networks that showed cartoons all day 24/7 cropped up. There was no reason otherwise to wake up early on Saturdays to catch cartoons when you can turn on the TV and catch it at any time.
Oh well, what kids will do is just sleep in - no reason to wake up early on Saturday morning.
You know what's harder than lining up the pixels perfectly on adjacent panels? Getting the brightness, contrast, color, and gamma matched. It's not as noticable when screens are separated on your desk, but put them side by side and all those little hot and cold spots are going to create a very noticable demarcation line at the seam.
Yeah, it's actually quite an annoyance - we got multimonitors at work, and it drove me up the wall that one was bluer than another. So you'd have two Explorer windows open, and one was tinged a different color. Especially annoying when you have windows spanning the gap (either due to coding flaws or when moving a window to the other monitor) and it takes the tinge.
Took me an hour to get two seemingly-identical Dell monitors to be well, matched enough to not drive me up the wall. And we're talking about a 1" split with the bezel.
On the contrary. They were there well before the bandwagon. Dial-a-Song went online in 1985, and you could "download" DRM-free songs from it directly to your cassette systems with only minimal equipment in a "minimally lossy" format.
As long as you consider going from CD or tape down to a 4kHz wide medium as "minimally lossy". AT&T intentionally picked 4kHz as the bandwidth for telephones as it's the least that makes speech recognizable. While a large amount of power in human speech is concentrated below 4kHz, there's still a bit of energy at the higher frequencies that help speech clarity and understanding.
Charging for 'net access in a $50/night room I can understand - even if it is $10 or so. A $500/night room though should come with free wireless.... strangely in my travels, many cheap places (ie the $50-80/ngiht places I pay for) give free wireless, free coffee, sometimes some sort of free breakfast service, etc and the expensive fancy hotels (that my filthy rich relatives use and pay for, which is why I ended up in one in Boston) not only don't have these as free, but the prices they charge are outrageous ($24 for 2 eggs over medium, hashbrowns, bacon, toast vs. the same meal at Dennys, Waffle House, Perkins, any local diner, etc. for under $10).
That's because the ultracheap hotels are in serious competition - the Super 8s, Best Westerns, Choice Hotels (Comfort Inn, Sleep Inn, etc), are all competing for family dollars, so they toss in WiFi as an added perk to get you in.
The more expensive hotels generally cater to business people who just expense the entire thing away anyways, so they charge it to make a few more bucks.
Likewise, breakfasts at the cheap places are competition for family (limited) dollars. while more expensive ones? Per Diem or expense.
Apple seems to have a good track record of working well with its most bitter competitors. Apple and Microsoft, Apple and IBM, Apple and Samsung, Apple and Google... Apple seems to compete against individual products not against the companies on the whole.
Or more correctly, big companies form very complex relationships with other companies.
Apple. Google. Samsung. Microsoft. They all have relationships with each other, very complex ones. One is a customer of another. Or vice-versa. One competes against another. One supports another. And so on.
Take Apple and Google. You'd think they're competing in the smartphone arena? Yes and no. Yes, Google produces Android which competes with iOS. But Google also pays Apple a significant chunk of money to make sure it's the default on iOS. (And probably partially to ensure "competition" - I mean, why does Apple bother with iAds given you're better off using AdMob for advertising? Google must be supporting iAds in some form given how Google's AdMob purchase was allowed purely because of iAds (which happened to only have been launched a few months before)).
Or Apple and Samsung. If Apple cut off all component buys from Samsung, it'll have ripple effects through the entire industry. Samsung has fabs built just to handle Apple's demand for flash memory and CPUs - which if they go idle means billions of dollars. (Remember, TSMC? Apple's basically monopolizing their new fabs).
Samsung's purchase of Nuance just adds more complexity to the Apple-Samsung relationship. And no doubt both will figure out a way to sail through it.
So why the big focus on data caps? Probably because they know that data usage is only going to go up, so what used to be excessive data usage becomes the new normal. And then your risk of exceeding the data cap becomes even greater, and the framework is in place to catch you doing so in order to extract the requisite fees.
One thing I've never heard is the data caps being raised as a function of the average use across the entire customer base so that overages continue to represent spikes of excessive use rather than just evolving with the increase in streaming everything. As more people stream, the idea of what constitutes excessive use should increase.
Of course not. Data is the next profit center for carriers.
When cellular telephony was new, voice calls were the profit centers where you pay $1/minute to talk. Then competition set in and prices plummeted to basically unlimited free calling nationwide - what was once long distance is now local and unlimited.
This continued and carriers realized that texting was becoming huge, so they went and made big bucks off texting plans. Then competition came along and unlimited texting and calling became the standard.
Then Apple decided they had to release a phone, and it had to become popular. So much so that carriers were realizing they could make a lot of money off it and gone were unlimited data plans limited to few people who bothered to limited expensive caps. And making money hand over fist.
So besides roaming, data is a profit center and no, they're not going to offer unlimited until competition forces them to.
The PowerPC line, They were doing good until the Gigahertz range was common in Intel, Power PC was still in MHZ. Intel started to make much faster chips and PowerPC couldn't get caught up.
I think they could have saved this without breaking their necks for GHz. That said, they did pull off quite a feat when they had all three of the current-generation home gaming consoles
PowerPC is a rather sad history, and it was good as an embedded processor. Of course, a fruity company demanded more and more and eventually Motorola couldn't keep up with the G4 (Motorola was doing plenty of work for the military selling them PowerPCs for their embedded uses and decided Apple was an annoyance). So Apple went to IBM with the G5 (which lacked some stuff like the bi-endianess, which resulted in PC emulators breaking), but IBM couldn't make them fast enough either, so demand for the top end Macs kept outstripping supply.
IBM also had a whole line of embedded PowerPCs - the 40x series (including the 403LP, for low power. Because it was frequency agile so you could drop the frequency of the core so quick, what they did was drop it when you hit the idle loop. When you left the idle loop, it went back to full speed). In the end, when Apple moved away from PowerPC, the G5 lived on by stripping out parts like out-of-order execution to become the CPUs of the PS3 and Xbox360. Even then yields weren't too great - the reason the Xbox360 has 3 PowerPC cores is because there's 4, but yields were such that 3 of 4 could be made to work cost-effectively.
Then the rise of ARM happened which pretty much doomed PowerPC (available from both Motorola and IBM, now Motorola and AMCC).
Not to worry, PowerPC is really a stripped down POWER processor, and modern PowerPC code can run on POWER architecture systems unmodified - it's machine language compatible.
Potentially as one of the faults is "Display stops working". Whether that means it goes blank, or stops updating (i.e., frozen) is unclear.
Now, it's one reason why there is redundancy - if one display crashes, the PFD (primary flight display, i.e., flight instruments) can be reverted to the other screen (normally showing navigational information). If THAT doesn't work the PFD can be shown on the central displays (usually showing engine and other information), again, two of each.
And the co-pilot has another pair of displays as well that get their information from a redundant system, so 6 displays in total, which can get their information from two different independent sources.
Oh yeah, there's also basic backup instruments too.
Is it a problem? Yes. Is it fatal? Well, you have to be pretty damn unlucky to get all displays to lock up and the backup instruments as well. So a small chance, especially if the crew is inexperienced.
I just drove from Edmonton to Ucluelet (near Tofino on Vancouver Island) and back. Road conditions were great. Hell, I'd even say they were perfect. BC has 120 km/hr speed limits on many stretches of highway now. There are good rest areas, some with picnic tables, proper bathrooms, and a concession truck - even in the middle of what seems like nowhere. I don't know where you got the idea that our highway system sucked but maybe you should come drive out west.
Well, you're also talking about BC which has a natural beauty to it that the views of many BCers differs from the "Rest of Canada". So those rest stops not only are convenient, but the generally are maintained because a surprisingly large number of people DO stop just to admire the scenery.
It's one reason why BC is full of tree huggers and all that who seem hell bent on preventing any more oil pipelines from being built. (Because an oil spill unfortunately forms a nasty blight). Hell, we even think a clear-cut is a godawful sight (it isn't, it's actually a nice way to rebuild the environment and in a couple of years it turns from ugly tree stumps and dirt into a meadow, a decade later you see trees forming and then in a couple of decades it's a young rising forest.).
Also why LNG is OK, because an LNG spill disappears in short order.
Finally, it should be noted those roads are good because it's generally treacherous come late fall and winter. So a rest stop means one can park and wait for daylight rather than try to creep along at night because it is scary. A pothole filled rough road? Might as well just close the road because it'll be too dangerous to drive.
That's great, but seriously, who doesn't jailbreak their iphone? The security of the walled garden is fairly theoretical since there is so much incentive to disable it.
It is a bit like saying that some website can't steal your personal info unless you click through that warning that shows up the first time you use Firefox on a webpage with a non-SSL form.
Generally the number of jailbroken iOS devices has hovered around 10%.
Not too many people do jailbreak because iOS is pretty much good enough, and each revision just adds less and less reason to do so. Sure there's always going to be folks who jailbreak to get it so they can customize every single thing like an Android phone, but for the most part, most user's reasons for jailbreaking disappear each new iOS revision.
(Remember, there are a LOT of iOS devices out there, so when a new jailbreak claims "1 million devices were jailbroken", that pales in comparison to numbers like 50+M iPhone5S's were sold or 10M iPhone6/6+ were sold. ).
About the only reason people consistently jailbreak is... pirated apps, and even those have a non-jailbreak workaround involving cracked apps and enterprise signing certificates (which generally last only a short time because Apple invalidates them quickly). Even then the iOS piracy scene is tiny compared to Android. If you want apps for free, Android's really where it's at. It's far easier to find an app cracked for Android than it is for iOS. Usually because on Android what they do is they buy it, then refund it.
So, the question begging to be asked is whether jailbreaking phones in China by the owner is a common occurrence or if the phones are sold "pre-jailbroken" by a larger agency and able to download and install these hacks at will?
Probably a mix of both, because the #1 reason to jailbreak these days seems to be... pirating software. I mean, the iOS 7.12 jailbreak was done by a bunch of Chinese people to promote... their Chinese app store. Which happens to conveniently be filled with pirated apps. (It was one of the things that led to the original iOS7 exploit to be questioned).
So effectively the users jailbreak to get "free apps" from the Chinese app store that also happens to install malware along with it.
I'm guessing the Chinese store must have a lot of pirated apps, because piracy on iOS is just at a lower level - at least on Android there are entire "daily packs" that contain new and freshly updated paid apps on your favorite torrent site (which can be RSS fed to your torrent client). iOS apps... not so much. Maybe a fraction and not as convenient to get.
know a lot of people want to blame guns for many problems but that is a rather cheap excuse and avoidance of the fact that the public needs improved living conditions so that there are less violent people who act out irrationally. Without much hope of a decent future we do have far too many people who act out. We also have prisons that make only token gestures at rehabilitation of inmates and a mental health system that is a national disgrace.
But that's just an excuse as well because other countries have the same problems with mental illness, homelessness, poverty, etc. But the availability of guns is far lower so the rates of homicide and other deaths due to guns is also far lower.
Canada has roughly 1/3rd the per-capita gun ownership rate (roughly 300M guns in the US (1 per person), 10M in Canada (1/3rd per person, or 1 in 3 own a gun)), but still the same (if not more) issues with homelessness and poverty (especially among Native Americans). It's considered a bad year when the death rate due to violence (including knives and the like) approaches double digits in a city of roughly a half-million people. (Deaths due to guns is lower).
So I wouldn't blame just the crazies for the whole problem. Presumably a violent culture where owning a gun is more for "protection" and less for utility (e.g., recreation, hunting, etc).
Though if you really want to be truthful, most homicides are committed by handguns more so than long guns like the AR. It's just that the AR probably "looks scarier" and may be a good weapon if you're going to do a mass killing, but those generally tend to be fairly rare events.
eBay and Paypal are mutually beneficial. Paypal is absolutely reliant on ebay for sheer volume. It's their foundation.
But I just don't think sellers liked being cornered into having to accept PP 99% of the time.
eBay is off it's core market, chasing more lucrative opportunities. Problem is, they don't own that other market (amazon, alibaba), never will, and are pissing off their base with every new change. It's the curse of needing constant growth in our economy.
Well, eBay and Paypal are fundamentally tied together.
eBay is a marketplace, but they don't do payments. Paypal does payments, and more importantly, Paypal lets random joe customer pay with a credit card to random jane seller WITHOUT a merchant account.
That's the key, because Amazon and Google and others are pretty much buyers are regular consumers, sellers are businesses (who may be single person owned and operated, but still has a business entity). Whereas sellers on eBay are made up of several groups, from standard companies to someone who found something in their attic one day. And the latter are NOT able to traditionally get a merchant account, which means they normally could only take limited forms of payment (cash, cheque, money order). Which over the Internet is... a stupid idea (who wants to go out and send a letter, wait a week, blah blah blah, when you can enter your credit card number and pay within minutes?).
Now, the eBay-Paypal split is probably to answer some of eBay's biggest customers (i.e., the people that run whole companies) to allow for alternate payment methods - including their own credit card payment system (or Amazon or Google), to be more flexible. Though you can probably guess eBay will mandate some form of credit card payment must be allowed, even if it means for most joe sellers, Paypal. (Again, because who wants to win an auction, then go out and get a money order by lining up at the post office, then mailing it out snail mail, and hope it gets there a couple of weeks later...).
Paypal has competition in all areas except person-to-person payments (well, they technically do have competition there too if you count bitcoins, but until someone makes it so I can buy bitcoins with my credit card and it magically all works like Paypal, it's a complex option).
eBay has network effects though - competition with eBay tends to be very niche or not at all. Because face it - eBay has customers, and sellers know that. And buyers know eBay sells practically everything. If you want me, as a seller to use something else, you better provide something good (usually in the form of lower fees). If you want me, as a buyer to use something else, you better provide something good for me (usually in the form of lower prices).
But there's a mismatch - buyers don't want to pay eBay prices off eBay, and sellers don't want to sell for much less than eBay because they'd just list on eBay instead. So sellers complain buyers "lowball" bids, while buyers complain that sellers ask so much it's just easier to stick with eBay.
Why would this be so hard? "Cheap hardware is more important to us than open hardware" would be sufficient.
More like "Hardware people will want to buy and license from us" versus "Hardware that's open, but no one wants".
3D graphics is a patent minefield, where even data formats are patented as part of the standard.
So an open device with open firmware will mean basically it doesn't work - graphics will be stutter and framerates low. Perhaps video decoding will work out fine. Or maybe not.
Anyhow, the big thing is, ARM goes by what its customers (ARM licensees) want. And the hardware guys want silicon that their customers want. That silicon includes a decent GPU because their OS (Android) makes good use of it. Those customers (the ones taking the silicon and turning them into Android phones) don't care if it's open or closed source - as long as they can stick it in a box and tick off "runs Android".
And none of them down the chain care if it's open or closed source - because they've already gotten licenses for the source code or "it works" and they don't touch it.
That's the real reason - no one cares about open-source drivers because they're not affected by it. The silicon vendor gets source from ARM through their NDA and licensing agreements, the OEM/ODM may or may not get source code (they most likely probably won't care if things work, if they don't, they raise a support question).
First off, let's clear the air - the apache or whatever HTTPd is being used is still running unpriviledged.
Second, what hackers are doing is exploiting CGI - because CGI data is often passed as environment variables, people are setting their User-Agent and Referer headers to exploit this: "() { :; }; command" being common (with command being ping a certain address).
What happens is the CGI gateway takes those, then sets environment variables like "REFERER=() { :; }; ping ..." and "USER_AGENT=...", then calls system() to run the appropriate CGI script.
system() calls fork() and starts /bin/sh -c "command" and therein is the problem. Because /bin/sh almost always is /bin/bash on Linux, that means bash starts up, and it starts looking at the environment variables to set up the environment. It runs across REFERER and USER_AGENT, and sees that it's how bash passes exported shell functions to subshells, so it creates those functions. Unfortunately, the bug means that when those functions are defined, bash continues parsing - it sees the semicolon and the parses it as a regular command while it's still parsing environment variables.
This lets bash execute anything as the afflicted user.
So what can you do? Everything httpd can do - which may include accessing databases, or loading in other scripts and then getting those to run to get at databases, or dumping the server files.
You may not be able to write /etc/passwd, but you can certainly try to dump the user database for the web application.
It's a pretty deep bug because it's a design bug - POSIX doesn't specify how exported functions are passed from shell to subshell, so bash uses environment variables in a special format. One patch to fix it makes it so all functions must be declared as _BASH_FUNC_name= which helps limit exposure. There are going to be many other patches because fixing this is hard.
The only real problem with military people are those who still have a "command" mentality - who believe they are the be-all-end-all person. Especially when they get to be management and insist on everyone following their way dammit (or drop 20 - and yes, there have been a few that forced their civilian subordinates to do just that).
A well trained veteran in IT - they're worth a great deal. Even a cog who's a hard worker and can do gruntwork, invaluable. It's the "commanders" that can be problematic when they assume that because everything in the military worked, they need to enforce it in the company - discipline, calisthenics, etc.
Those are the people you need to watch out for because they can easily drive everyone else away. Hopefully they get caught early because of the culture clash.
Actually, that can't happen because the GTA plant Apple paid for (and bought the equipment for) is in Arizona (I think). So any profits GTA makes has to be reported in US dollars and both Apple and GTA have to pay US taxes on it.
To exploit it in Cork requires Apple to then sell the panels at cost to Apple's subsidiary in the EU first, who then sells it at regular prices to Foxconn and others making the phones. So Cork reports that profit. But if the phone returns back to the US (by and large Apple's largest market) then Apple's Cork needs to charge Apple (Cupertino) the regular retail price for it to capture the money in the EU.
Of course, Apple Cupertino needs working cash, so they probably get it at a good discount so US sales generate cash or their US operations (but also taxed in the US).
Apple's Cork taxbreak only works for sales outside North America. Inside North America sales are fully taxed with all taxes paid to Uncle Sam as required.
Buy an iPhone in California, and California and the feds get paid. Buy an iPhone in China and that money goes to Cork.
More like getting a product so tainted by the public that it's impossible to release it. I mean, Google Glass has its uses, but not only is general society not able to sort out its potential privacy issues (face it - we're still dealing with trying to fit cameras into our society properly, and those have been around for a couple of centuries now), but it takes just a few incidents before the public will conclude they're a bad idea and shun them.
There are a few technologies like this where the public has shunned their use - nuclear, for example.
They didn't have to go that far, actually.
Xbox accessories have an authentication chip that's verified during USB connect so that's all the Xbone had to do - just check to see if it's an Xbone accessory and be done with it. Likewise the 360 can do the same.
OTOH, the controllers are supposed to be standard HID devices, it's just that you need a mapping between the axis controls (because USB HIDs are keyboards, mice and joysticks, while something with a half-dozen axes and a dozen buttons needs to have input mappings done, as well as mapping the output (the vibrators (main and impulse triggers) and LEDs), aka the Xinput mapping.
The PS4 is worse, though. Over USB it authenticates every 30 seconds (Xbone, like the 360 only do it at connect). While first-party controllers generally are best, there are some third party ones that lose out. (Like my Delta Six gun controller).
Agilent doesn't exist anymore.
They call themselves something really stupid nowadays - Keysignt Technologies. Which sounds more like a marketing company than one making test equipment.
Of course, any company old enough will have a pile of equipment that's marked with both "HP" and "Agilent" on it because each time the name changed, they just rebadged the silkscreen.
Anyhow, when they split, the reason was the HP name was familiar to the public so they kept that for their PC division, while engineers familiar with HP would easily adapt to the new name of Agilent. (Except they may have forgotten what a terrible name Keysignt is...).
The problem was that RedBox was being used to validate credit card numbers after hackers stole a pile of them. Somehow it was a really efficient way to check your millions of credit cards to see which ones were valid. RedBox caught on and disabled it, which had the effect of even legitimate customers weren't able to purchase or renew, either.
(And it hits most big companies - a few years ago it was Apple being hit with same - hackers used iTunes to validate the numbers which triggered a bunch of alerts).
Actually, the Intel processors weren't the problem, it was that everything used DOS.
The 386 was just fine and dandy and Windows itself made use of a lot of its features including virtualized x86 mode. In fact, Windows in Enhanced mode did a bunch of icky stuff - it sucked DOS' brains dry to figure out what files were open and all that, passed that information into the Windows kernel, which then hosted DOS in a v86 instance. (all DOS apps you launch from Windows are hosted in similar circumstances as well).
Of course, the problem was it was a nasty combination of code - the enhanced kernel was 32-bit to get all these features, but most of the programs it ran were 16-bit Windows programs (and Windows wouldn't get a 32-bit runtime until later - Windows NT which spawned the Win32 API, a subset of which was ported to Windows 3.x as Win32s).
And Windows did have protected mode. It's just that a lot of the crap Windows had to do in order to work meant it didn't work too well.
Hell, think of it this way - Linux ran on a 386, the same one required for Windows enhanced mode. Yet Linux got all the memory protection and preemptive multitasking going while Windows was still cooperatively multitasked.
Windows was the problem, not Intel.
Hell, OS/2 ran on the same hardware.
Apple "paid" Zerox for the GUI, though. They gave them a bunch of Apple stock as payment. Now, the Xerox guys just decided to dump them, but that's more their loss than anything.
Of course, it was only until they actually tried to do things did they realize the Alto GUI's was pretty much useless (it didn't have overlapping windows!). So Apple paid Xerox for the idea, even though Wozniak in the end ended up doing the whole GUI.
There ARE APIs to check the Windows versions.
It matters naught if developers don't use them.
Most developers ARE stupid, and they take shortcuts "to get it to work" that shouldn't be done because they didn't take the 5 minutes to actually figure it out.
Things like assuming:
* Windows is always in "C:\Windows". (It can be put in another directory, say \WINNT, or a different drive).
* Programs are installed in "C:\Program Files" (well, on 64-bit Windows, 32 bit apps are under \Program Files (x86), that directory can be localized on non-English versions of Windows, it can be on another drive)
* You can open a window to the full screen dimensions (breaks multi-monitors, especially if the geometry isn't rectangular)
* Screen coordinates will never go negative
* The root window is called "Program Manager" (check it out - Windows explorer creates a Program Manager window because there are still apps that assume that)
* If a library function isn't documented, just use its ordinal value (guess what - they change! And now many DLLs have hardcoded ordinal values because devs did tis to get an API that's not public)
etc. etc. etc.
Now, most of these aren't in applications you can buy (because a developer that does these things rapidly finds out they have to do it properly or it breaks and have unhappy paying customers). No, most applications would be the bespoke ones that companies use internally - because things are very controlled, bad coding habits and mechanisms get ingrained and you don't find out about the problem until years later when you upgrade.
And half of Windows consists of shims and adjustments to keep behaviors the same for these badly written apps. (And it's not limited to Windows, either, Linux is just as bad in the enterprise. Like calling os.system() in scripts to list files in a directory rather than native APIs, or "rewriting" shell scripts into Python that do nothing but call os.system() or other way of executing a command in a shell).
Standardized testing is older then NCLB. SATs, ACTs, etc., are all exams students take because there's no way to normalize school marks otherwise. I mean, if you're a university, you can't rely on grades alone to figure out if the student is good (or what they claim as extracurricular activities) Grade inflation happens and even in the same school one class might have a teacher that always scores higher than another. (Or, as everyone knows, which classes to take to guarantee an easy A).
So they've been using standardized tests to produce a normalized academic mark to which other qualities are weighed.
Heck, I even remember doing the whole Iowa Test of Basic Skills way back in the 90s too in middle/high school.
Of course, I advocate MORE standardized tests (with grades that matter) - I see 3% per grade level as an appropriate weighting. So elementary schools it barely counts, but middle school and high school it starts to be worth a lot which reflect that in real life, no matter what you do, there's often a major test you have to pass. Be it in university with final exam weightings of 50% or more (the ones that weigh less typically have a "must pass final to pass course" rule). Or trade schools where you have to take the exam to get your certificate.
I also advocate publishing the grades as a list of numbers, both by class and school so parents can compare their child's result against the rest of class, and their class versus other classes at the school and in the area to see if their child is falling behind, or the class is falling behind, or the entire school. And to raise heck when it happens. (Socioeconomic reasons fall apart if two schools at the same level do vastly differently)
Naturally, teachers unions hate the idea of accountability, so they oppose standardized testing at any level. Every kid's a flower and special in their own way. Heck, here some schools have been forced by teachers to do away with marks or letter grades, just a simple sentence on a report card. (Nevermind "no-fail" policies that don't let you assign a mark of 0 for something not handed in...).
No, cartoons are still around. We call them "animated" these days because they're not just limited to hand drawn and animated art, but also include CGI and other types.
And I thought the Saturday morning cartoons (something I remember doing in the 80s) were dead when the likes of Cartoon Network and other networks that showed cartoons all day 24/7 cropped up. There was no reason otherwise to wake up early on Saturdays to catch cartoons when you can turn on the TV and catch it at any time.
Oh well, what kids will do is just sleep in - no reason to wake up early on Saturday morning.
Yeah, it's actually quite an annoyance - we got multimonitors at work, and it drove me up the wall that one was bluer than another. So you'd have two Explorer windows open, and one was tinged a different color. Especially annoying when you have windows spanning the gap (either due to coding flaws or when moving a window to the other monitor) and it takes the tinge.
Took me an hour to get two seemingly-identical Dell monitors to be well, matched enough to not drive me up the wall. And we're talking about a 1" split with the bezel.
As long as you consider going from CD or tape down to a 4kHz wide medium as "minimally lossy". AT&T intentionally picked 4kHz as the bandwidth for telephones as it's the least that makes speech recognizable. While a large amount of power in human speech is concentrated below 4kHz, there's still a bit of energy at the higher frequencies that help speech clarity and understanding.
That's because the ultracheap hotels are in serious competition - the Super 8s, Best Westerns, Choice Hotels (Comfort Inn, Sleep Inn, etc), are all competing for family dollars, so they toss in WiFi as an added perk to get you in.
The more expensive hotels generally cater to business people who just expense the entire thing away anyways, so they charge it to make a few more bucks.
Likewise, breakfasts at the cheap places are competition for family (limited) dollars. while more expensive ones? Per Diem or expense.
Or more correctly, big companies form very complex relationships with other companies.
Apple. Google. Samsung. Microsoft. They all have relationships with each other, very complex ones. One is a customer of another. Or vice-versa. One competes against another. One supports another. And so on.
Take Apple and Google. You'd think they're competing in the smartphone arena? Yes and no. Yes, Google produces Android which competes with iOS. But Google also pays Apple a significant chunk of money to make sure it's the default on iOS. (And probably partially to ensure "competition" - I mean, why does Apple bother with iAds given you're better off using AdMob for advertising? Google must be supporting iAds in some form given how Google's AdMob purchase was allowed purely because of iAds (which happened to only have been launched a few months before)).
Or Apple and Samsung. If Apple cut off all component buys from Samsung, it'll have ripple effects through the entire industry. Samsung has fabs built just to handle Apple's demand for flash memory and CPUs - which if they go idle means billions of dollars. (Remember, TSMC? Apple's basically monopolizing their new fabs).
Samsung's purchase of Nuance just adds more complexity to the Apple-Samsung relationship. And no doubt both will figure out a way to sail through it.
Of course not. Data is the next profit center for carriers.
When cellular telephony was new, voice calls were the profit centers where you pay $1/minute to talk. Then competition set in and prices plummeted to basically unlimited free calling nationwide - what was once long distance is now local and unlimited.
This continued and carriers realized that texting was becoming huge, so they went and made big bucks off texting plans. Then competition came along and unlimited texting and calling became the standard.
Then Apple decided they had to release a phone, and it had to become popular. So much so that carriers were realizing they could make a lot of money off it and gone were unlimited data plans limited to few people who bothered to limited expensive caps. And making money hand over fist.
So besides roaming, data is a profit center and no, they're not going to offer unlimited until competition forces them to.
PowerPC is a rather sad history, and it was good as an embedded processor. Of course, a fruity company demanded more and more and eventually Motorola couldn't keep up with the G4 (Motorola was doing plenty of work for the military selling them PowerPCs for their embedded uses and decided Apple was an annoyance). So Apple went to IBM with the G5 (which lacked some stuff like the bi-endianess, which resulted in PC emulators breaking), but IBM couldn't make them fast enough either, so demand for the top end Macs kept outstripping supply.
IBM also had a whole line of embedded PowerPCs - the 40x series (including the 403LP, for low power. Because it was frequency agile so you could drop the frequency of the core so quick, what they did was drop it when you hit the idle loop. When you left the idle loop, it went back to full speed). In the end, when Apple moved away from PowerPC, the G5 lived on by stripping out parts like out-of-order execution to become the CPUs of the PS3 and Xbox360. Even then yields weren't too great - the reason the Xbox360 has 3 PowerPC cores is because there's 4, but yields were such that 3 of 4 could be made to work cost-effectively.
Then the rise of ARM happened which pretty much doomed PowerPC (available from both Motorola and IBM, now Motorola and AMCC).
Not to worry, PowerPC is really a stripped down POWER processor, and modern PowerPC code can run on POWER architecture systems unmodified - it's machine language compatible.
Potentially as one of the faults is "Display stops working". Whether that means it goes blank, or stops updating (i.e., frozen) is unclear.
Now, it's one reason why there is redundancy - if one display crashes, the PFD (primary flight display, i.e., flight instruments) can be reverted to the other screen (normally showing navigational information). If THAT doesn't work the PFD can be shown on the central displays (usually showing engine and other information), again, two of each.
And the co-pilot has another pair of displays as well that get their information from a redundant system, so 6 displays in total, which can get their information from two different independent sources.
Oh yeah, there's also basic backup instruments too.
Is it a problem? Yes. Is it fatal? Well, you have to be pretty damn unlucky to get all displays to lock up and the backup instruments as well. So a small chance, especially if the crew is inexperienced.
Well, you're also talking about BC which has a natural beauty to it that the views of many BCers differs from the "Rest of Canada". So those rest stops not only are convenient, but the generally are maintained because a surprisingly large number of people DO stop just to admire the scenery.
It's one reason why BC is full of tree huggers and all that who seem hell bent on preventing any more oil pipelines from being built. (Because an oil spill unfortunately forms a nasty blight). Hell, we even think a clear-cut is a godawful sight (it isn't, it's actually a nice way to rebuild the environment and in a couple of years it turns from ugly tree stumps and dirt into a meadow, a decade later you see trees forming and then in a couple of decades it's a young rising forest.).
Also why LNG is OK, because an LNG spill disappears in short order.
Finally, it should be noted those roads are good because it's generally treacherous come late fall and winter. So a rest stop means one can park and wait for daylight rather than try to creep along at night because it is scary. A pothole filled rough road? Might as well just close the road because it'll be too dangerous to drive.
Generally the number of jailbroken iOS devices has hovered around 10%.
Not too many people do jailbreak because iOS is pretty much good enough, and each revision just adds less and less reason to do so. Sure there's always going to be folks who jailbreak to get it so they can customize every single thing like an Android phone, but for the most part, most user's reasons for jailbreaking disappear each new iOS revision.
(Remember, there are a LOT of iOS devices out there, so when a new jailbreak claims "1 million devices were jailbroken", that pales in comparison to numbers like 50+M iPhone5S's were sold or 10M iPhone6/6+ were sold. ).
About the only reason people consistently jailbreak is... pirated apps, and even those have a non-jailbreak workaround involving cracked apps and enterprise signing certificates (which generally last only a short time because Apple invalidates them quickly). Even then the iOS piracy scene is tiny compared to Android. If you want apps for free, Android's really where it's at. It's far easier to find an app cracked for Android than it is for iOS. Usually because on Android what they do is they buy it, then refund it.
Probably a mix of both, because the #1 reason to jailbreak these days seems to be... pirating software. I mean, the iOS 7.12 jailbreak was done by a bunch of Chinese people to promote... their Chinese app store. Which happens to conveniently be filled with pirated apps. (It was one of the things that led to the original iOS7 exploit to be questioned).
So effectively the users jailbreak to get "free apps" from the Chinese app store that also happens to install malware along with it.
I'm guessing the Chinese store must have a lot of pirated apps, because piracy on iOS is just at a lower level - at least on Android there are entire "daily packs" that contain new and freshly updated paid apps on your favorite torrent site (which can be RSS fed to your torrent client). iOS apps ... not so much. Maybe a fraction and not as convenient to get.
But that's just an excuse as well because other countries have the same problems with mental illness, homelessness, poverty, etc. But the availability of guns is far lower so the rates of homicide and other deaths due to guns is also far lower.
Canada has roughly 1/3rd the per-capita gun ownership rate (roughly 300M guns in the US (1 per person), 10M in Canada (1/3rd per person, or 1 in 3 own a gun)), but still the same (if not more) issues with homelessness and poverty (especially among Native Americans). It's considered a bad year when the death rate due to violence (including knives and the like) approaches double digits in a city of roughly a half-million people. (Deaths due to guns is lower).
So I wouldn't blame just the crazies for the whole problem. Presumably a violent culture where owning a gun is more for "protection" and less for utility (e.g., recreation, hunting, etc).
Though if you really want to be truthful, most homicides are committed by handguns more so than long guns like the AR. It's just that the AR probably "looks scarier" and may be a good weapon if you're going to do a mass killing, but those generally tend to be fairly rare events.
Well, eBay and Paypal are fundamentally tied together.
eBay is a marketplace, but they don't do payments. Paypal does payments, and more importantly, Paypal lets random joe customer pay with a credit card to random jane seller WITHOUT a merchant account.
That's the key, because Amazon and Google and others are pretty much buyers are regular consumers, sellers are businesses (who may be single person owned and operated, but still has a business entity). Whereas sellers on eBay are made up of several groups, from standard companies to someone who found something in their attic one day. And the latter are NOT able to traditionally get a merchant account, which means they normally could only take limited forms of payment (cash, cheque, money order). Which over the Internet is... a stupid idea (who wants to go out and send a letter, wait a week, blah blah blah, when you can enter your credit card number and pay within minutes?).
Now, the eBay-Paypal split is probably to answer some of eBay's biggest customers (i.e., the people that run whole companies) to allow for alternate payment methods - including their own credit card payment system (or Amazon or Google), to be more flexible. Though you can probably guess eBay will mandate some form of credit card payment must be allowed, even if it means for most joe sellers, Paypal. (Again, because who wants to win an auction, then go out and get a money order by lining up at the post office, then mailing it out snail mail, and hope it gets there a couple of weeks later...).
Paypal has competition in all areas except person-to-person payments (well, they technically do have competition there too if you count bitcoins, but until someone makes it so I can buy bitcoins with my credit card and it magically all works like Paypal, it's a complex option).
eBay has network effects though - competition with eBay tends to be very niche or not at all. Because face it - eBay has customers, and sellers know that. And buyers know eBay sells practically everything. If you want me, as a seller to use something else, you better provide something good (usually in the form of lower fees). If you want me, as a buyer to use something else, you better provide something good for me (usually in the form of lower prices).
But there's a mismatch - buyers don't want to pay eBay prices off eBay, and sellers don't want to sell for much less than eBay because they'd just list on eBay instead. So sellers complain buyers "lowball" bids, while buyers complain that sellers ask so much it's just easier to stick with eBay.
More like "Hardware people will want to buy and license from us" versus "Hardware that's open, but no one wants".
3D graphics is a patent minefield, where even data formats are patented as part of the standard.
So an open device with open firmware will mean basically it doesn't work - graphics will be stutter and framerates low. Perhaps video decoding will work out fine. Or maybe not.
Anyhow, the big thing is, ARM goes by what its customers (ARM licensees) want. And the hardware guys want silicon that their customers want. That silicon includes a decent GPU because their OS (Android) makes good use of it. Those customers (the ones taking the silicon and turning them into Android phones) don't care if it's open or closed source - as long as they can stick it in a box and tick off "runs Android".
And none of them down the chain care if it's open or closed source - because they've already gotten licenses for the source code or "it works" and they don't touch it.
That's the real reason - no one cares about open-source drivers because they're not affected by it. The silicon vendor gets source from ARM through their NDA and licensing agreements, the OEM/ODM may or may not get source code (they most likely probably won't care if things work, if they don't, they raise a support question).