There's nothing really surprising in this article. Bluetooth is designed for (and marketed as) a solution for short-range communication between "simple" devices, while 802.11 is a wireless Local Area Network standard for computers.
Sure, you could have a conflict between the two technologies, especially where the definition of "computer" gets a little vague. But ultimately, they're different sorts of technologies, designed for different uses.
I don't think anybody is seriously going to pursue a home networking solution based on Bluetooth, for instance...
For evidence I offer up the United States Navy. For almost 50 years they have operated over two hundred nuclear reactors (submarines, aircraft carriers, cruisers and shore installations) without a single accident that released or had the potential to release radioactive materials into the enviroment.
Too bad nobody's going to read this comment, since it's an old topic. But anyway...
1. The Navy installed the only nuclear power reactor on Antarctica. Nicknamed "Nukey Poo", it was operational between 1962 and 1972, during which time there was a fire and several other "incidents". When the reactor was decommissioned, it was removed, along with several tons of contaminated soil and rock.
2. The USS Thresher, a nuclear fast-attack submarine, sank in 1963. The Thresher's reactor is still on the bottom of the ocean. Surveys conducted in the area showed small amounts of Cobalt-60 in the water.
As for this technology, however, it's not like this is anything new. Didn't DoubleClick.net have something like this going that would track what sorts of banners you would click on as well as what sites you visit such that they can tailor their ads to your preferences to attempt to get you to click on them?
The new thing is that they claim to be able to tell who's currently using the computer. Rather than associating a profile with a particular computer using invisible gif's and tracking cookies, they can potentially determine just who's using the computer.
That's a lot more useful to advertisers.
I do wonder how they're going to get access to all that information unless the browser program itself provides it, though. Maybe with a plug-in that nominally performs some other function while secretly monitoring the keyboard & mouse? Of course, it's a lot easier in the interactive TV application - presumably, they just get the box manufacturer to release a "software update"...
As I mentioned in the first place, those aren't really "security updates", they're lists of security problems that happen to be fixed in previous general system software updates. It remains to be sen whether Apple will ever release a "security only" update, and how they'd distribute it if they did.
I guess I'm just somewhat disappointed. It looks like they couldn't decide whether they wanted to write the information for people who know something about security, or for the stereotypical clueless Mac user. So, you end up with information that's not detailed enough to be of any real use to anybody.
For example, they tell you:
Apple configures its products for security by turning off certain services by default. These include: Remote Login, File Sharing, and FTP. Activating any of these services can degrade the network security of your system.
But no mention of where those settings are contolled, and no mention of what the security issues with each is - i.e. SSH is significantly more secure than FTP or Telnet.
I still don't think they're serious about security. We'll see, I guess.
That doesn't particularly surprise me, but I would be surprised if the two packages worked together, unless they came from the same company. Of course, that's just "leverage" for the school to standardize on products from one company, right?
I just don't understand it. I got moderated down as "offtopic". Since when did humor have to be "on topic"? Some folks got no sense of humor, I guess...
Wow, so much helpful information... No list of known issues, no actual helpful suggestions for imporoving security over the default install, just a link to the update page (which only lists the 10.0.x updates), and statements like this:
There is a variety of third-party software designed to increase the security of your system, such as firewall software. You should research the available offerings to determine whether they can help in your environment.
No kidding? How about a link, you twits? Or at least mention that most any MacOS X Software you need can be found through Softrak, at http://softrak.stepwise.com/Softrak?
Oh, and they have a mailing list that you can subscribe to. It'll be interesting to see whether they even bother to send out any notices.
I think there's some badly thought-out aspects to this program. It's not a bad idea in principle to make it easier for parents to check up on their kid's attendance record and grades. After all, they could have just called up the school and asked, this just saves some time. For that matter, don't most schools still call parents when kids are absent?
But look at all the extra baggage that comes along with it:
Teachers enter information like grades, homework assignments and attendance into a Web site, where parents with a password can see it. Parents can find out what foods have been charged to their child's lunch money account and whether their children have been given detention.
Okay, let's take a look at this:
Attendance: check.
Grades: check
Homework assignments: Do they really expect teachers to spend the time to type in whether each individual student turned in any given assignment? Don't they have anything better to do?
What foods have been charged to their child's lunch money account: I guess I don't need to go into how totally ineffective this is likely to be, or the inherent problems with using a charge (likely debit) account for lunch purchases.
Think about this: Who's going to make sure that the database really stays accurate? Okay, it'll mostly just be annoying if some kid tries to buy a pizza lunch and the system incorrectly comes up with a "PIZZA DENIED" error message. I worry more about the grades and attendance figures. Elsewhere in the article, they mention that the information is updated "continually". For attendance, that presumably means every day. If somebody keys in an absence for the wrong student, it's much more likely to get through the system than in the old "call the parent up" system. Similarly, for grades: I think that people will naturally make more mistakes if they're constantly updating each student's grades. It's not unknown for a few grades to get reported incorrectly on quarterly report cards, but I expect that weekly updates are going to have many more accuracy issues.
And then there's the security angle:
Skyward uses the same security measures that online retailers like Amazon.com use for credit card purchases over the Internet. The system also resists tampering because teachers continually revise the site.
Translation:
1. They use SSL encrypted traffic to the servers (which doesn't matter much since it's pretty unlikely that anyone is packet-sniffing the connection between the parents and the school). On the other hand, they don't say anything about security of the system itself. I will bet you anything that the physical security of the servers is a lot better at Amazon.com than at some random school.
2. The system is easy to compromise, but that doesn't matter, since teachers will be updating it on a regular basis. Okay, sounds great until J. Random Script Kiddie finds out how to run a script that automatically updates those attendance records during last-period computer class...
What I really don't like is the distance this puts between the student, their parents, and the schools. Seems counter to the stated goals, but think about this: instead of telling your kid to eat a healthier lunch, you punch a button and take the choice away from them. Instead of asking to see you children's homework (or heaven forbid, actually going over it with them), check the website.
Jsut what the world needs - a tool to make it easier for both overly-controlling and lazy parents to drive their kids nuts.
parents
It's pretty sad that everybody seems to be concentrating on how this monument will "inevitably" end up covered in graffiti and swear words.
To a certain extent I believe them. On the other hand, maybe it won't be so bad, at least at first. When some kid finds out that he can write "my teacher is a weenie" and nobody will punish him for it, he'll have learned what "free speech" is all about.
And some mornings, there will be 4-letter words written accross the wall in 6 foot tall letters. And maybe somebody will stop by on their way to work and erase them and write a poem up in their place.
All in all, it'll be a fascinating experiment. And even if it "fails", due to vandalism, it still will have encouraged people to think about freedom of speech in everyday terms, which has to be a good thing overall.
The best use of transparent walls would be for developers who are debugging 3D code of their own. It could also have some use in 3D scene modellers.
Um, no. If you're a developer, you can already include a switch to turn off texturing (and you probably will, at least during development)
Generally, nobody who needs a wireframe display mode in their program will depend on a feature of a particular driver. The Asus drivers were designed to make it easier for people to cheat in first-person shooters, period
Not that that's such a terrible thing, but trying to claim it's useful for something else after the fact is just rationalization (see: Radar Detector).
One of the great things about Linux is its ability to run on many different architectures.
Yeah, in theory. In practice, Linux runs on x86 very well, Alpha not so well, PPC support is so-so, and anything else is pretty-much non-existant.
When someone says a product (especially commercial products) is available "for Linux", they usually mean for x86 Linux. Sometimes they mean "for Redhat, though it ought to work with any x86 Linux".
Not that there's anything wrong with that. It's market forces at work. People who're trying to make money off Linux need to put their effort where the payoff is.
I do wonder why the non-commercial part of the Linux "community" isn't more active in supporting other architectures, though.
For that matter, what's so hard about supporting Sparc, anyway? I don't know about the newer models, but the computers that used to work should still work, right? Or are the people maintaining the Kernel and user applications totally clueless about maintaining compatibility?
Re:Why stack smashing works on (almost) every CPU
on
Cracking OSX
·
· Score: 2
I think you've been misinformed (or possibly, your experience with C++ is very different than mine).
It is nearly as likely that you'll have buffer overflow vulnerabilities in code that uses STL strings as it is in code that uses C strings. That just might have something to do with one being implemented in terms of the other...
It takes nearly as much discipline to avoid those problems in C++ code as it does in regular C. For starters, you have to make sure that you use the subset of C++ that doesn't include any of the features of C that lead to buffer overruns.
As opposed to a language that has a better String type (i.e. TCL, Perl, BASIC, Python, Java, etc), where it's not even possible to overwrite the stack in the same way.
Why stack smashing works on (almost) every CPU
on
Cracking OSX
·
· Score: 1
I think that it's a shame that AIM didn't learn from earlier mistakes by allowing the stack return register to be manipulated like that. Are you aware of any good reasons why they would let that be done?
Well, either you have to store the return address in memory at least some of the time, or you have to severely restrict the number of nested function calls allowed by the architecture.
You could argue that the RA should be saved in an area that's not writeable by a normal user process, but then function calls become nearly as slow as system calls, which is a performance loss most users wouldn't tolerate.
There are a few processor families that use two separate stacks: an argument stack and a return address stack. Those would be much more resistant to overwriting the return address with data. As far as I know, that architecture is mostly used in processors dedicated to the Forth language, which has explicit support for that sort of architecture.
The "real" solution is to write your code such that it's not vulnerable to buffer overflows in the first place. It's not hard to do, really. Of course, using a language that has a useable String type (hint: NOT C or C++) helps a lot.
As long as you learn to type/use the mouse correctly, you shouldn't need them.
What a load of crap. The recent epidemic of wrist injuries isn't the fault of the people sitting at the keyboards.
I mean, really. Some 90% of all the computer keyboards out there tilt in the wrong direction! That's unequivocably the manufacturer's fault.
Employers have to share a lot of the blame, too. Why don't they buy ergonomic keyboards for everybody, instead of just for those that complain, when it's already too late? Is $200 too much to pay to ensure an employee's good health?
Yes, it makes a difference how you use the things - sit up straight, take regular breaks, stretch your muscles from time to time. But don't overlook the importance of having the right equipment.
If you ever do get CTS or some other RSI, you'll gladly pay whatever someone asks for a device like that. Of course, if people were a little more aware of ergonomics, maybe we could prevent the injuries in the first place.
Folks, if you spend any significant amount of your workday typing, you owe iut to yourself to investigate your options.
Read the article, but this is about whether AOL can enforce certain parts of its click and accept license in a specific case. In particular, their ability to require that cases be tried in Massachusetts.
Here's what AOL did wrong with their agreement:
1. The plaintiffs claim that AOL's software damaged their browsing environment before they even had a chance to read the agreement, much less agree to it.
2. In order to actually read the agreement, you have to select "read the agreement" TWICE in two different screens where the default was "I Agree".
3. Even if you did all that, and then clicked "I don't agree", the software didn't undo the changes it had made to your system.
So, AOL wants to be able to enforce their agreement on people who haven't read it, and on people that chose not to accept it...
> Didn't doom use this same architecture
> (arguably not in 3d, but that's just an obvious
> extension). Or the plethora of doom clones?
Actually, no. If I recall correctly, DOOM used a (more or less) strictly peer-to-peer model, where each node was responsible for keeping track of everything.
> Computers are already the slow link in the
> chain if you're using gigabit ethernet. If my
> math is correct, with Gig-E the NIC can receive
> data faster than a 100Mhz bus can throw it at
> the processor. Crazy.
Only if your bus is pretty narrow. A Gigabit Ethernet connection has a maximum throughput of approximately 120 Megabytes a second. So, unless your computer has a 100 MHz, 10 bit bus, you've still got some leeway.
Gigabit Ethernet would just about saturate a 33 MHz, 32-bit PCI bus, though.
One of the big points made was that you could do all the required manipulation while the asteroid was hidden by the sun, making it look like an accident.
It seamlessly allows local and remotely-running programs to work together on a display
Okay, I'll accept that it allows you to do that (that's pretty much the whole point of X, really). But I wouldn't exactly call it "seamless". Between configuring.mumble files, and having to launch applications with just the right set of arguments, you can make it work, but it's not exactly transparent. A little GUI work would go a long way here.
It is flexible enough to allow programs to fully determine how it is to behave on lots of things -- X does not force you into a specific widget set or window decoration method, window placement behaviour, or anything else
Sorry, this is just about the most annoying thing about X for most end-users, and there is always somebody who jumps up trying to defend it. I don't want every program to use a different widget set. I do want my programs to be able to support basic cut-and-paste. I want good support for scalable fonts.
It is flexible enough to have extensions to help with some things. Lately we have seen extensions to add Anti-Aliased fonts and to aid in 3D display and moving picture display.
Having a general extension mechanism is a good thing. Needing to use it to provide basic functionality isn't such a good thing.
100,000,000.00 Mexico Pesos =
10,449,320.79 United States Dollars
Not exactly small change, considering the cost of living there. You could probably keep 10,000 people fed and clothed pretty nicely @ $1000 each per year.
Are Microsoft's licensing terms different in Mexico? Given that they've already paid for Microsoft software, how are they planning to *save* money by throwing all that out and converting to Linux?
Okay, maybe they're planning on expanding computer use a lot in the near future or something. Anybody know what the story is?
These are the people who developed the process. Sounds like it's supposed to work much like Macrovision on VHS does.
They insert an error into the signal which is undetectable during normal playback, but that mightily confuses anybody trying to read the bits with a CD-ROM drive.
I don't know enough about the EFM encoding process to know how this is supposed to work, but it sounds reasonable. Seems like a few changes to the ECC on the audio data would probably do it.
On the other hand, it can't be all that difficult to work around, either...
Slashdot Mirror
Read the article. The definition of "efficiency" leaves something to be desired, IMHO.
Sure, you could have a conflict between the two technologies, especially where the definition of "computer" gets a little vague. But ultimately, they're different sorts of technologies, designed for different uses.
I don't think anybody is seriously going to pursue a home networking solution based on Bluetooth, for instance...
1. The Navy installed the only nuclear power reactor on Antarctica. Nicknamed "Nukey Poo", it was operational between 1962 and 1972, during which time there was a fire and several other "incidents". When the reactor was decommissioned, it was removed, along with several tons of contaminated soil and rock.
2. The USS Thresher, a nuclear fast-attack submarine, sank in 1963. The Thresher's reactor is still on the bottom of the ocean. Surveys conducted in the area showed small amounts of Cobalt-60 in the water.
3. See also: http://lutins.org/nukes.html#subs
for further examples...
That's a lot more useful to advertisers.
I do wonder how they're going to get access to all that information unless the browser program itself provides it, though. Maybe with a plug-in that nominally performs some other function while secretly monitoring the keyboard & mouse? Of course, it's a lot easier in the interactive TV application - presumably, they just get the box manufacturer to release a "software update"...
As I mentioned in the first place, those aren't really "security updates", they're lists of security problems that happen to be fixed in previous general system software updates. It remains to be sen whether Apple will ever release a "security only" update, and how they'd distribute it if they did.
I still don't think they're serious about security. We'll see, I guess.
That doesn't particularly surprise me, but I would be surprised if the two packages worked together, unless they came from the same company. Of course, that's just "leverage" for the school to standardize on products from one company, right?
I just don't understand it. I got moderated down as "offtopic". Since when did humor have to be "on topic"? Some folks got no sense of humor, I guess...
But look at all the extra baggage that comes along with it:
Okay, let's take a look at this:Attendance: check.
Grades: check
Homework assignments: Do they really expect teachers to spend the time to type in whether each individual student turned in any given assignment? Don't they have anything better to do?
What foods have been charged to their child's lunch money account: I guess I don't need to go into how totally ineffective this is likely to be, or the inherent problems with using a charge (likely debit) account for lunch purchases.
Think about this: Who's going to make sure that the database really stays accurate? Okay, it'll mostly just be annoying if some kid tries to buy a pizza lunch and the system incorrectly comes up with a "PIZZA DENIED" error message. I worry more about the grades and attendance figures. Elsewhere in the article, they mention that the information is updated "continually". For attendance, that presumably means every day. If somebody keys in an absence for the wrong student, it's much more likely to get through the system than in the old "call the parent up" system. Similarly, for grades: I think that people will naturally make more mistakes if they're constantly updating each student's grades. It's not unknown for a few grades to get reported incorrectly on quarterly report cards, but I expect that weekly updates are going to have many more accuracy issues.
And then there's the security angle:
Translation:1. They use SSL encrypted traffic to the servers (which doesn't matter much since it's pretty unlikely that anyone is packet-sniffing the connection between the parents and the school). On the other hand, they don't say anything about security of the system itself. I will bet you anything that the physical security of the servers is a lot better at Amazon.com than at some random school.
2. The system is easy to compromise, but that doesn't matter, since teachers will be updating it on a regular basis. Okay, sounds great until J. Random Script Kiddie finds out how to run a script that automatically updates those attendance records during last-period computer class...
What I really don't like is the distance this puts between the student, their parents, and the schools. Seems counter to the stated goals, but think about this: instead of telling your kid to eat a healthier lunch, you punch a button and take the choice away from them. Instead of asking to see you children's homework (or heaven forbid, actually going over it with them), check the website.
Jsut what the world needs - a tool to make it easier for both overly-controlling and lazy parents to drive their kids nuts. parents
To a certain extent I believe them. On the other hand, maybe it won't be so bad, at least at first. When some kid finds out that he can write "my teacher is a weenie" and nobody will punish him for it, he'll have learned what "free speech" is all about.
And some mornings, there will be 4-letter words written accross the wall in 6 foot tall letters. And maybe somebody will stop by on their way to work and erase them and write a poem up in their place.
All in all, it'll be a fascinating experiment. And even if it "fails", due to vandalism, it still will have encouraged people to think about freedom of speech in everyday terms, which has to be a good thing overall.
Generally, nobody who needs a wireframe display mode in their program will depend on a feature of a particular driver. The Asus drivers were designed to make it easier for people to cheat in first-person shooters, period
Not that that's such a terrible thing, but trying to claim it's useful for something else after the fact is just rationalization (see: Radar Detector).
When someone says a product (especially commercial products) is available "for Linux", they usually mean for x86 Linux. Sometimes they mean "for Redhat, though it ought to work with any x86 Linux".
Not that there's anything wrong with that. It's market forces at work. People who're trying to make money off Linux need to put their effort where the payoff is.
I do wonder why the non-commercial part of the Linux "community" isn't more active in supporting other architectures, though.
For that matter, what's so hard about supporting Sparc, anyway? I don't know about the newer models, but the computers that used to work should still work, right? Or are the people maintaining the Kernel and user applications totally clueless about maintaining compatibility?
It is nearly as likely that you'll have buffer overflow vulnerabilities in code that uses STL strings as it is in code that uses C strings. That just might have something to do with one being implemented in terms of the other...
It takes nearly as much discipline to avoid those problems in C++ code as it does in regular C. For starters, you have to make sure that you use the subset of C++ that doesn't include any of the features of C that lead to buffer overruns.
As opposed to a language that has a better String type (i.e. TCL, Perl, BASIC, Python, Java, etc), where it's not even possible to overwrite the stack in the same way.
You could argue that the RA should be saved in an area that's not writeable by a normal user process, but then function calls become nearly as slow as system calls, which is a performance loss most users wouldn't tolerate.
There are a few processor families that use two separate stacks: an argument stack and a return address stack. Those would be much more resistant to overwriting the return address with data. As far as I know, that architecture is mostly used in processors dedicated to the Forth language, which has explicit support for that sort of architecture.
The "real" solution is to write your code such that it's not vulnerable to buffer overflows in the first place. It's not hard to do, really. Of course, using a language that has a useable String type (hint: NOT C or C++) helps a lot.
I mean, really. Some 90% of all the computer keyboards out there tilt in the wrong direction! That's unequivocably the manufacturer's fault.
Employers have to share a lot of the blame, too. Why don't they buy ergonomic keyboards for everybody, instead of just for those that complain, when it's already too late? Is $200 too much to pay to ensure an employee's good health?
Yes, it makes a difference how you use the things - sit up straight, take regular breaks, stretch your muscles from time to time. But don't overlook the importance of having the right equipment.
If you ever do get CTS or some other RSI, you'll gladly pay whatever someone asks for a device like that. Of course, if people were a little more aware of ergonomics, maybe we could prevent the injuries in the first place.
Folks, if you spend any significant amount of your workday typing, you owe iut to yourself to investigate your options.
Read the article, but this is about whether AOL can enforce certain parts of its click and accept license in a specific case. In particular, their ability to require that cases be tried in Massachusetts.
Here's what AOL did wrong with their agreement:
1. The plaintiffs claim that AOL's software damaged their browsing environment before they even had a chance to read the agreement, much less agree to it.
2. In order to actually read the agreement, you have to select "read the agreement" TWICE in two different screens where the default was "I Agree".
3. Even if you did all that, and then clicked "I don't agree", the software didn't undo the changes it had made to your system.
So, AOL wants to be able to enforce their agreement on people who haven't read it, and on people that chose not to accept it...
> Didn't doom use this same architecture
> (arguably not in 3d, but that's just an obvious
> extension). Or the plethora of doom clones?
Actually, no. If I recall correctly, DOOM used a (more or less) strictly peer-to-peer model, where each node was responsible for keeping track of everything.
> Computers are already the slow link in the
> chain if you're using gigabit ethernet. If my
> math is correct, with Gig-E the NIC can receive
> data faster than a 100Mhz bus can throw it at
> the processor. Crazy.
Only if your bus is pretty narrow. A Gigabit Ethernet connection has a maximum throughput of approximately 120 Megabytes a second. So, unless your computer has a 100 MHz, 10 bit bus, you've still got some leeway.
Gigabit Ethernet would just about saturate a 33 MHz, 32-bit PCI bus, though.
One of the big points made was that you could do all the required manipulation while the asteroid was hidden by the sun, making it look like an accident.
Okay, I'll accept that it allows you to do that (that's pretty much the whole point of X, really). But I wouldn't exactly call it "seamless". Between configuring
It is flexible enough to allow programs to fully determine how it is to behave on lots of things -- X does not force you into a specific widget set or window decoration method, window placement behaviour, or anything else
Sorry, this is just about the most annoying thing about X for most end-users, and there is always somebody who jumps up trying to defend it. I don't want every program to use a different widget set. I do want my programs to be able to support basic cut-and-paste. I want good support for scalable fonts. It is flexible enough to have extensions to help with some things. Lately we have seen extensions to add Anti-Aliased fonts and to aid in 3D display and moving picture display.
Having a general extension mechanism is a good thing. Needing to use it to provide basic functionality isn't such a good thing.
100,000,000.00 Mexico Pesos =
10,449,320.79 United States Dollars
Not exactly small change, considering the cost of living there. You could probably keep 10,000 people fed and clothed pretty nicely @ $1000 each per year.
Are Microsoft's licensing terms different in Mexico? Given that they've already paid for Microsoft software, how are they planning to *save* money by throwing all that out and converting to Linux?
Okay, maybe they're planning on expanding computer use a lot in the near future or something. Anybody know what the story is?
These are the people who developed the process. Sounds like it's supposed to work much like Macrovision on VHS does.
They insert an error into the signal which is undetectable during normal playback, but that mightily confuses anybody trying to read the bits with a CD-ROM drive.
I don't know enough about the EFM encoding process to know how this is supposed to work, but it sounds reasonable. Seems like a few changes to the ECC on the audio data would probably do it.
On the other hand, it can't be all that difficult to work around, either...