Also, Slashdot, I set this account to use the "classic" interface, why are you making me click buttons to see comments now?! I just want to see the page, not have to keep clicking "show more". This comment entry box is terrible too, the "Reply" button is too close to the box itself.
Seems like I'm not the only one. First I had to figure out how to show the full text for all the page, and now I have to browse the comments in a frame 80% of my browser because I'm stuck with a sidebar (that wont scroll, btw).
This seriously sucks, I want my classic UI back!!!
Also, wtf is the checkbox with no text!?
Not free, but available. For most of the world, the market doesn't show paid applications at all.
The regions with higher piracy, are those not served by the paid portion of the Android market.
Googles fault really.
If they had cared, they would have created a global market accesible to the whole word (infrastructure is there, they just dont want to). 90% of the world isn't able to buy paid apps from the store, only free.
Hes mad at the right person. EAs authentication scheme locked him out. Its EAs fault if someone else could "keygen" his serial. As a paying customer, he shouldn't be affected by the pirates.
As usual, only paying customers are affected by DRM and copy protection. The pirates just crack the thing and forget about it.
Maybe you mean "PC with Firefox installed thats infected by a {virus|trojan|keylogger|spyware}" ?
Still, installing Firefox doesn't prevent you from catching something for running infected software or prevents someone from installing some crap that puts toolbars or BonziBuddy into your PC....
They don't have to use any standard protocol or client. They can probably ad an icon somewhere that says "Install IE" and get whatever is needed from the network with no further user interaction. I dont think they are expecting naive users to open a client, connect somewhere and getting a file using a FTP client or something to that effect.
<quote>It is not true to say that you need ALTER SESSION privilege granted to actually issue ALTER SESSION commands. Yes, that sounds counter-intuitive but it is true that you can issue SOME alter session commands if you can connect to a database regardless of what privs you have.
In this case setting NLS_DATE_FORMAT can be done by ANYONE regardless of whether they have ALTER SESSION granted. </quote>
Still, you need to be already able to inject in order to issue a modified "ALTER SESSION".
<quote>1. in most web apps you wont have access to the database, just the webserver...the database should be firewalled off. </quote> Sure, but you need to connect to the database to use it from the web app. SQLnet port for Oracle must be enabled, and I think its less than bulletproof. It has had several vulnerabilities in the past.
<quote> 2. it is RARE for PL/SQL developers to use resort to using dynamic SQL (execute immediate/DBMS_SQL) to run SQL, so this flaw, whilst interesting, is HIGHLY unlikely to be a problem...its certainly no where near as dangerous as developers not validating inputs where a application tier (java/php etc) does sql commands (esp if its not using bind variables) against a database [which by definition are dynamic sql calls]. </quote>
Perhaps at your place, but some people will always try to ease work by creating procs that handle some logic and they end up using dynamic SQL...for some things, there´s no other way (try multiple conditional where clauses). Tricky stuff to avoid vulnerabilities.
<quote> 3. the code also relies on another major error in the coding..type conversion. the date is implicitly converted to a string due to concatenation(||) i.e oracle rewrote that internally as to_char(v_date) and, as there was no supplied format it uses NLS_DATE_FORMAT. </quote> Implicit conversion sucks. For anything other than anonymous blocks you might run interactively, all conversions must be explicit. For dates, you have to do it neutrally (there are ways to do it that are I18n independent). If you don´t, you must be sure the other part is covered (NLS DATE FORMAT explicitly set).
Correct me if I'm wrong, but even if someone has Alter session privileges, in order to execute "alter session", someone must be able to execute arbitrary stuff. In that case, trying to inject makes no sense, just plain insert/delete/whatever without using those date/number fields would do.
Im not going to send some server every URL Im visiting, no fucking way. I don't care their privacy policy (that can change at any time). Im specially not sending them to MS, or Google so they can cross reference it with my search results and mails.
Its OK if they need some particular type of certificate support, but Im not giving up my privacy because some retards click on any URL. In any case, Im not using Paypal either, but I hope nobody follows suit on this.
Dude, its broadband via power lines, they are not counting the people that visits the mosque, They run some kind of server there that "powers" the rest of the people living around it or something.
Slashdot Mirror
Ingress makes you move around, I lost quite a bit of weight since I started playing ( http://www.ingress.com/ )
The publisher of the info is a known troll, hasn't ever released anything, and has already been trounced by people that know this stuff. False alarm.
They are going to get rooted anyway,and also, Motorola is known for looooooooooong release cycles for patches so it will stay that way.
Also, Slashdot, I set this account to use the "classic" interface, why are you making me click buttons to see comments now?! I just want to see the page, not have to keep clicking "show more". This comment entry box is terrible too, the "Reply" button is too close to the box itself.
Seems like I'm not the only one. First I had to figure out how to show the full text for all the page, and now I have to browse the comments in a frame 80% of my browser because I'm stuck with a sidebar (that wont scroll, btw). This seriously sucks, I want my classic UI back!!! Also, wtf is the checkbox with no text!?
Not free, but available. For most of the world, the market doesn't show paid applications at all. The regions with higher piracy, are those not served by the paid portion of the Android market. Googles fault really.
If they had cared, they would have created a global market accesible to the whole word (infrastructure is there, they just dont want to). 90% of the world isn't able to buy paid apps from the store, only free.
There's a readme file on the release with a bit more of information.
Only what the original releaser stated.
A general android exploit working on every phone has been found already: http://c-skills.blogspot.com/2010/07/android-trickery.html It comes with source :)
Hes mad at the right person. EAs authentication scheme locked him out. Its EAs fault if someone else could "keygen" his serial. As a paying customer, he shouldn't be affected by the pirates. As usual, only paying customers are affected by DRM and copy protection. The pirates just crack the thing and forget about it.
Define "Infected Firefox installations"
Maybe you mean "PC with Firefox installed thats infected by a {virus|trojan|keylogger|spyware}" ?
Still, installing Firefox doesn't prevent you from catching something for running infected software or prevents someone from installing some crap that puts toolbars or BonziBuddy into your PC....
I think this is one of the first Android phones from a big brand name manufacturer, the rest comes from HTC for what Ive seen.
They already did
http://www.pcworld.com/article/166723/hands_on_with_samsungs_android_handset.html
Not sure when it will be available, but I think it was Real Soon Now.
They don't have to use any standard protocol or client. They can probably ad an icon somewhere that says "Install IE" and get whatever is needed from the network with no further user interaction. I dont think they are expecting naive users to open a client, connect somewhere and getting a file using a FTP client or something to that effect.
Also, input validation can be done progressively! The Japanese write it that way...I think its also ISO compliant (ISO 8601)
Only if you get off on credits
Did Vuze ever confirmed that P2P connections created resets? or its just the reset count from the plugin?
<quote>It is not true to say that you need ALTER SESSION privilege granted to actually issue ALTER SESSION commands. Yes, that sounds counter-intuitive but it is true that you can issue SOME alter session commands if you can connect to a database regardless of what privs you have.
In this case setting NLS_DATE_FORMAT can be done by ANYONE regardless of whether they have ALTER SESSION granted.
</quote>
Still, you need to be already able to inject in order to issue a modified "ALTER SESSION".
<quote>1. in most web apps you wont have access to the database, just the webserver...the database should be firewalled off. </quote>
Sure, but you need to connect to the database to use it from the web app. SQLnet port for Oracle must be enabled, and I think its less than bulletproof. It has had several vulnerabilities in the past.
<quote>
2. it is RARE for PL/SQL developers to use resort to using dynamic SQL (execute immediate/DBMS_SQL) to run SQL, so this flaw, whilst interesting, is HIGHLY unlikely to be a problem...its certainly no where near as dangerous as developers not validating inputs where a application tier (java/php etc) does sql commands (esp if its not using bind variables) against a database [which by definition are dynamic sql calls].
</quote>
Perhaps at your place, but some people will always try to ease work by creating procs that handle some logic and they end up using dynamic SQL...for some things, there´s no other way (try multiple conditional where clauses). Tricky stuff to avoid vulnerabilities.
<quote>
3. the code also relies on another major error in the coding..type conversion. the date is implicitly converted to a string due to concatenation(||) i.e oracle rewrote that internally as to_char(v_date) and, as there was no supplied format it uses NLS_DATE_FORMAT.
</quote>
Implicit conversion sucks. For anything other than anonymous blocks you might run interactively, all conversions must be explicit. For dates, you have to do it neutrally (there are ways to do it that are I18n independent). If you don´t, you must be sure the other part is covered (NLS DATE FORMAT explicitly set).
Correct me if I'm wrong, but even if someone has Alter session privileges, in order to execute "alter session", someone must be able to execute arbitrary stuff. In that case, trying to inject makes no sense, just plain insert/delete/whatever without using those date/number fields would do.
Im not going to send some server every URL Im visiting, no fucking way. I don't care their privacy policy (that can change at any time). Im specially not sending them to MS, or Google so they can cross reference it with my search results and mails. Its OK if they need some particular type of certificate support, but Im not giving up my privacy because some retards click on any URL. In any case, Im not using Paypal either, but I hope nobody follows suit on this.
Dude, its broadband via power lines, they are not counting the people that visits the mosque, They run some kind of server there that "powers" the rest of the people living around it or something.
I was thinking about that...they are going to need some humongous peering points to get that kind of traffic into the rest of the world.
I guess they won't be able to run their business in the EU.
Thats a pretty big market, I bet the shareholders won't be happy.
Yeah, sure. They should slap them in the wrist like the US did instead.
Actually, its not. They ensured that their initiative is not compatible with the GPL, which is at the moment the most used open source license.