no no, it's a 'tax shelter' if you donate 12 million of your 'income' to this 'tax shelter program' they reduce the amount of tax you owe by 6 million.
you don't really make a whole lot of money doing it that way, but consider this, if you're $5,000 into the next tax bracket, and you donate $10,000 to drop you down to the next lower tax bracket, and dropping yourself down to the next lower tax bracket saves you from paying $20,000 in taxes total, you would do it in a heart beat.
and the worst of it is as long as the company who owns the rights to the movie is in Germany, and as long as they produce actual films, the tax loophole HAS NOT CHANGED. consider too, that since the holding company is German, they have to pay German taxes on profits. Obviously Uwe Boll doesn't make profits, but his holding company may very well make profit on the books, and have to pay German taxes. since they pay X for rights, and lease the rights for y. if y is greater than x then they pay taxes, but if both companies are owned by boll, then x would equal y... unless that jeopardized his loophole as far as the government is concerned... and it might.
so far they haven't closed the loophole if the production of the film is done in America. If they do, boll will bolt from making movies in America and will make them in Germany the way the law intended.
And because tax laws always lag behind a growing economy, this means there are a lot of people who if they donate X dollars they get Y dollars more back from the government, where Y is greater than X. So potentially he could be raising hundreds of millions of dollars just for saving a few million Germans a few grand every year. Ironically what the government did change about the loophole, is that they made it a crime to fraudulently claim you donated money to a company that never produced films. so now Boll has even more money to spend, because he's the real deal, and the fraudsters can't compete unless they start making bad money losing films too.
"It is not known if this will have any effect on Boll's funding as the new laws only seek to punish investors who are abusing the law for tax purposes; Boll's activities appear to be well within the legitimate usage of the tax shelter."
See even though he's producing films in America, they only tried to close the loophole for companies that didn't really produce movies. So the German tax law, would essentially mean that Uwe Boll as one of the few legitimate tax shelters for producing films, would be seeing a dramatic increase in funding from Germany.. not a shrinking.
crazy mad, because his company actually produces movies, and pays big money to the owners of the video game movie rights. it doesn't matter to the German government that people can give millions to Boll, and he makes movies that no one wants to see, but he's not a fraudulent company, his company actually makes movies with the money, they suck, they hemorrhage money like a sieve... but because he really truly does make movies with the money, he's still legit as far as Germany is concerned.
I thought someone had said that the German tax loophole was closed, so why would he be ramping up production?
and bloodrayne has done 3 movies with him now, i can understand tricking people once, but going for a bad directory your gamer community hates, for a third time?
seriously, with all the internet hate against him, how does the guy wind up making money for the content owners while loosing money at the box office if his past tax loophole strategy went out the window? has he switched countries with a different tax loophole?
ah of course, the easiest way is to set su to user su or some such have it chattr and of course belonging and executable only by user su.
Re:Designate Windows OS as Terrorist Tool
on
New Botnet Dwarfs Storm
·
· Score: 2, Interesting
btw, you can actually make a nice secure user 'chattr' who is not root and have a fairly secure password length for when the Mr remote admin needs to use chattr to install updates, etc. just make sure Mr Idiot is safely logged out when doing the updates.
thought if this after i posted, although technically Mr idiot can "sudo su chattr" if he's a sudoer unless, you require all user chattr logins to shhd. not sure off hand how to do that on Linux, more used to how to do that on BSD systems.
you know, it does with me too, but only when I've been playing too long. or when i get ranked too high in a ladder based game...
but then conversely playing the same game for many thousands of hours, introduced me to the fun OF playing Games To make your team loose!
I mean it's an activity that people always say 'they'll ban you for this' but to be honest I've never heard of anyone getting banned, except this one guy who had used 'alt +q +q' 20,000 times on the same account... he was called 'world peace' he wasn't the worst player, but he wasn't a pro either. i think he did the alt+qq abuse to avoid getting stressed out playing the game, but they still banned the guy.
ALL MMORPGS are pathetically boring, a redundant repetition of the same actions over and over again in area after area after area!
I personally have broken 7 keyboards and 2 game CDs and i almost broke my whole desktop when i kicked it once, playing You guessed it A BLIZZARD GAME.
Specifically Warcraft III: The Frozen Throne. Ladder is enough to drive anyone batty after you pass level 30. I specifically know of countless people who intentionally prevent their systems from getting past level 20, by account cycling/ backstabbing etc. accoutn cycling is less likely to get you banned, but it takes a long time to drop 10 levels through decay... but if you have 5 accounts 1 random, 1 human, 1 orc, 1 undead, and one night elf, you probably can reduce the amount of real BSing you have to do to avoid surpassing level 20.. i mean there are a lot of tricks you can do to BS while not seeming to as well, there is a way to click follow your units so they never attack, you can say 'brb toilet' at the worst time possible... and of course you can play on another computer while you do nothing on the first one...
it's really hard to say 'doing nothing' is backstabbing especially if you queue up building guys etc. or if you waste money, or you insist on teching when the team said rush... or if you rush, when your team was like 'no we'll loose rush' by your self with inferior units of course.
i mean massing ghouls for 20 minutes and getting them killed all the time is pretty stupid, but even if they send in replays, was that really intentional back stabbing? does blizzard even care? it used to be stressful past level 10 but they 'fixed' the ladder so not if you're good up to level 28 or so is not terribly stressful, but no-matter what they do the top 20 levels are full of professional gamers and their imitators.
Rules prevented teams from using 'the same exploit' to take multiple machines. if that rule had not been there, the team that took the vista laptop, would have spent the 'couple hours programming' and taken both the vista and ubuntu machines.
but they couldn't do that so you really have no idea if there isn't a "Linux Adobe" remote vulnerability right now, I know details of the adobe exploit aren't out there very far and wide, but adobe themselves knew of it, so it's quite possible that a Linux version of the exploit exists.
and as i recall, the winner of the 'vista' machine was quoted as saying "this is a couple hours away from being a Linux or OSX exploit" that was a vulnerability in adobe software, that adobe knew about before pwn-to-own http://gizmodo.com/376585/adobe-knew-of-vista-pwn-2-own-hack-all-along
Now, Ubuntu doesn't come with adobe by default, but people Will Install the Adobe crap to see the dancing bunnies, as per the dancing bunnies problem. so don't say it's purely a diversionary tactic When HACKERS HAD THE SOFTWARE AT PWN TO OWN to hack apple, and thought it would take a couple hours to port the adobe vulnerability that took the Vista machine to Linux.
yes yes someone already pointed out the 'dancing bunnies' problem.. in that once users see that link for the dancing bunnies they're going to do whatever it takes to see the dancing bunnies, security be damned. Education is worthless, because 'i want to SEE dancing bunnies! All my friends see the dancing bunnies and i already have 20 email links to the dancing bunnies!'
so the dancing bunnies are seen, and the system is compromised. The one thing that works is having the system essentially roll back to a secure state every time the system reboots. without virtualization this is virtually impossible unless you have a sophisticated setup where people either run all their applications from a central server, which can do the rollback automatically, or else, you have a sophisticated boot set up that uses 1 os to restore, then boots the newly restored OS from disc, etc etc...
very hard to make those protected files that restore the OS invisible to the compromise and user, while still running every boot. not to mention this makes booting terribly slow.
Still onces the user has had their fill of the dancing bunnies with a sophisticated system the admin can force reboot them, when the dancing bunnies program tries to compromise other computers on the network.
the problem then are the retards who load the dancing bunnies EVERY DAY, and never get sick of them. i think, perhaps the only solution is to make sure you tube has the dancing bunnies, and tell people 'you must get your dancing bunnies from you tube, here is the link straight from it'
that might work, except youtube horribly horribly breaks firefox on Linux. so now we need a secure way to give the people their dancing bunnies, on Linux without breaking firefox.
Conversely i have found two critical applications which refuse to run as non administrator, one of them is for copying DVDs, the other, is an open source DVD/cd burning utility, however I'm considering dropping it because that program doesn't like the grade of media i was able to afford for copying movies. writing and reading at 0.5x speed is NOT acceptable.
the media was supposed to be grade 2 media, my former grade 1 media sold out and started shipping grade 4 garbage at random, and i wasn't going to pay 3x as much for the few brands of grade 1 media that haven't copped out to being stupid. although i could switch suppliers, i had credit with this particular vendor, so i bought this grade 2 media and bought grade 1 locally when it was on sale for doing data...
or in the case of TFA it runs a 'botnet.' which is nothing more fancy than 'launcing an irc client, with auto connect, and auto name allocation.'
IRC bots can do a number of useful things, like phishing IM networks, spamming IM networks with bad urls, allowing a hacker to run 'profiles' on dating sites to 'lure the gullible' into 'phony' releationshsips where they help their 'lover' (nothing more than an e-mail/irc bot, maybe when they're in deep enough a real human manages the conversations, in whole or in part) with 'business ventures' etc, many ways to use them as say a drop point for credit card fraud, where they ship the stuff overseas on their own dollar... or even the direct check scams, etc. if 'you're in love' with a bad, phony person... well...
Just to be totally honest here, while i was on irc, i wrote bot/script/menu system that enabled me to message people faster, converse with more people, at once, without people wondering who else is was chatting with, etc, I think at my peak i could hold a conversation with 7 people in channels or private messages, while cybering with as many as 2 people.
all with script/triggers/menus to automate some of the easier to automate parts of conversations..
the main pain in the butt was rewriting it every time mirc broke part of my script. i never bothered to port it to xchat, because by then my irc glory days were over, but it's easy to use a customized irc interface to seem like you're talking to someone, when if fact you just clicked their name right click style picked a menu, and typed in a word or phrase while the rest was done by a script.
not really, remember the big thing is browser exploits.
the browser stores configuration files in ~ those files can easily point to launching something in ~ even if you don't have ~/usr ~/bin things set up.
however, if you can't modify the system, it's very easy to do a "ls -a ~" and then scan for stuff in 'hidden' folders (eg: ls -a./.mozilla/firefox)
the point is it's harder to do 'stealth' stuff in linux, without root you really can't be stealth. this means virus/rootkit etc scanners have an easier time, than they could ever have in windows.
But isn't xen a more mature FOSS solution than virtualbox? not to mention xen is true FOSS and not some half proprietary software that business have to pay for, vs a feature stripped 'gpled version...'
FWIW the file could just as easily come from a 'free porn' site. I've seen idiots install dialers that place calls to fsking Nigeria, and then place an insane $100 surcharge (above cost of making the call) to their phone bill, every time they try to go to the free porn site... luckily the person whom computer had this, had cable internet, but he had called me in to complain because 'his computer wouldn't load this website' sigh it wouldn't load because the dialer wouldn't connect without a phone line.
Re:Designate Windows OS as Terrorist Tool
on
New Botnet Dwarfs Storm
·
· Score: 4, Informative
"Seriously, though - can an OS be secure, if it's users don't make rational choices?"
You can make system files immutable in Linux with chattr, an immutable file may not be overwritten by root unless chattr is first run, to remove the immutable flag.
furthermore, you can during install, use chattr to set files immutable, and then set user:owner of chattr to user chattr and set permissions to only allow user chattr to read or execute chattr as well as making chattr immutable so root can't replace it.
So yes, you can idiot proof a Linux system. Even if they still have sudo permissions so they can install new programs.
the basic point of this would be to have some type of chrontab based scanner, a remote administrator (eg: the guy who set it up for mr. i love porn and am stupid) and basically is mr idiot isntalls bad software mr remote admin can remove it, and make fake files in his owner/user group so that mr idiot can't install it again (although without access to chattr it might be hard to prevent mr idiot to find out how to use sudo to delete those files when he asks on a message board how to get around this 'error' when he tries to install software etc..)
although it's SO much easier to just not give Mr idiot sudo permissions and allow mr remote administrator approve any software Mr idiot wants on his system. the point was can linux be idiot proofed, and yes it can, in many functional ways.
Well the thing is I figured out the reason why DTV Broadcasts get more bandwidth than wireless A/G etc.. It's simple. They ARE Broadcasts. one way, instant double the bandwidth. so, yeah if you're doing BROADCASTING then yes, you get double the bandwidth of 2-way communications.
so it's not shocking at all that a 1 way broadcast would get double the bandwidth of a 2-way communication system. So now, I'm fairly sure that the 62mhz of wireless spectrum has around 300 megabits capacity, and how much the set for download vs upload will determine what the max download/second and max upload/second is.
4g phones will require 10 mhz of spectrum to use the standard both at&t and verizon are planning on using, and verizon can do double what AT&t can do in the c block. eg: they can have double the customers at the same bandwidth per tower.
OTOH verizon isn't going 4g til 2010 AT&T is planning on going 4g as soon as they can.
I'm going to assume that they set more frequency to download and less to upload, since the typical web user needs more DL than upload, since the 4g phone standard references 10 MHz then i would assume they will get about 48.3 megabits/second for both download and upload channels.
again this is per tower, per city, but that's still about equal to an OC-1 although i think OC lines do equally up/down bandwidth... anyways, the new 4-g phones should be plenty fast enough especially in rural applications, which is where high speed internet is right now primarily satellite anyways.
I think you forgot to read TFA in it it was claiming that 91% of computers contain 'at least one spyware program' and that the 'average number of spyware found on 1 million scanned computers was 7'
insecure software (MS windows) is more popular, than say even apple's solution, which may not be any more secure by default, but At least it is based on the unix security model, allowing the filesystem to be completely locked down, while still being useful to the end users...
I realize hardened systems are much harder to compromise. But not even a hardened system is 100% secure. How can anyone be 100% sure that there are no backdoors without reading every line of code for trojans/backdoors? (i know openbsd has an audit team) and even then how do you know there are no bugs that allow for directory traversal, or root escalation, of buffer overflows?
and how do you know that none of those flaws are possible to be exploited over the network? furthermore, is your password secure enough to stop hackers? is that rather long secure password you use, so hard for you to remember that you have to write it down? What if, because your system is so secure, the kid across the street from you decides to hack you, by using a good telescope to watch you look at your piece of paper, or record you as you type to get your login and password...
sure, you could be in a room where all the windows are darkened, but how do you know they didn't jimmy the sliding door, and install a spy cam so they could get your login/pass?
well, sure you could have home security so that they'd have to do it in 20 seconds or less, making it much less likely they would do it...
but what if the neighbor kid is friendly with you? and one time while he's there when you go to the toilet, they install a physical key logger on your system?
Sure you can check for a physical key logger every time you use your pc, but what if one time he notices your make and model of keyboard, and he decided to buy one exactly like it, and install an 'internal' key logger, and while you're in the john he swaps keyboards?
Sure you can have hidden security cams, angled so they don't see what you type, but are you really going to check every time jimmy invites himself over to your place?
the basic point is you can have the best security practices in the world, AND STILL GET compromised, because your 'openbsd' guys let a big remote vulnerability get through and they found out about it a month after black hats did.
Any windows machine that runs as administrator is a target for hackers. I should know, I got compromised, despite having what I thought was a secure firewall, and the compromise wasn't one of those easily noticeable ones, either they systems never seemed to slow down, the internet worked at full speed, and they only sent packets when the screen saver was running. Had it on my machines for at least a full year before a Different Hacker compromised my system, and basically in so many words told me I was easy to hack, because I was already compromised.
What everybody forgets to mention is that 'Information' is the nickname of a convicted felon, of course he wants to be free, he's in prison and he hates being locked up.
listen, if a cube can be solved in 25 moves, then All you have to do, is specify that all cubes "must be found in one of the 24th of 25 move states" and you can say 'i solved the Rubik's cube in one move'
so basically you could write a program that correctly shows where each cube piece needs to be to be one move away, find a friend to take it apart and reassemble the cube and 'solve' the Rubik's cube in one move.
you can do this several times, and if you never solved a Rubik's cube before you can start bragging "I always solve my Rubik's cube in one move." make a video showing you do this upload it to you tube, bet people $xx that you can't solve a Rubik's cube in one turn, show them the youtube link on your iphone and PROFIT.
they might feel scammed by the fact that your friend took it apart for you, but you can say "i never said what was done to the cube, just that i always solved it in one move"
Well, if they'd just switch to using a hardened Linux configuration possibly on more standard hardware, rather than some obscure RISC chip (even apple stopped using RISC)
well, they could download anti-virus software, straight from a repository. anti-spyware? switch to firefox http://nixory.sourceforge.net/
Linux comes with firewall support built-in but you can get GUI tools to make firewall management more usable. The question is since Linux (even a hardened system) should have an intrusion detection system, are they going to nail you if you use Linux and don't run an IDS?
It's not the amount of dust that matters it's the relative density of the mass, the height it reaches in orbit, and if it repels water vapor, or if it binds strongly to water vapor.
For instance if you designed a special weapon designed to create a permanent blanket against the sun, then you'd be targeting the mesosphere with rockets with highly diffused and very light particles that are very effective at reflecting the earth's sun. I have no clue what would be the best material to use, and there is little science on the mesosphere, but the stratosphere is still in the water cycle, so any sun blocking weapons that only went in the stratosphere would eventually fail. only a mesosphere approach could permanently block the sun for the rest of time.
"Paper, though energy intensive and wasteful to make,"
the vast majority of papermills run entirely on burning the bark which is completely unusable in the production of paper. chainsaws, or robotic tree cutter/branch strippers use a lot of fuel, but remember 120 years ago, we used hand (usually 2 man, for big trees) saws, or axes, and mules etc, trees can be harvested on entirely biofuel, but this costs more than even the robotic tree cutter/branch strippers...
paper from trees use a lot oh highly toxic chlorine to bleach the paper. in the old days acid was used, as acid was less toxic, but acid yellows and ruins paper, so they switched to bleach which has to be carefully reused until they eventually have to carefully dispose of it.
As far as wasteful, really there is nothing wasteful about managed forestry, Japan has used managed forestry for almost 300 years with great success. Japan even has some very rare animals that have been preserved because they caught on to environmentalism when they realized they'd have no forests left if they kept cutting the old ones down and building cities and farms... although now cars are killing some of these rare creatures, posing a risk to their continued survival...
the main problem with paper is you need to use chemicals to make it white. There are other plant fibers that can be made white with easier techniques, for instance kenaf. Hydrogen peroxide, an environmentally-safe bleaching agent that does not create dioxin, has been used with much success in the bleaching of kenaf.
Trees are a slightly expensive biofuel, but it is a proven one, they wouldn't sell pellet burner or wood stoves to this date if they weren't able to at least in tree country compete with propane and heating oil in markets where they just don't have pipelines to homes..
most of my files are wm, mpg, or avi files, how do you think i got 1 terrabyte of files?
and i will admit that in fact i have been sloppy and have backed up many programs (exe's zips, etc.) as well as program files folders, and sometimes just the whole hard drive, to save my time in sifting through files...
most of the sloppy saving of files I've stopped using any of the exe's or zip files (most stuff can be DLed fresh) but for instance there are tons of game save files and folders that use a hybrid of weird file extensions etc..
since I don't have a scanner that can detect this nasty rootkit I can't honestly know if the files are infected. for the time being I'm only playing the media files on a Linux system but many of the files don't play back (especially the wm* files)
Slashdot Mirror
no no, it's a 'tax shelter' if you donate 12 million of your 'income' to this 'tax shelter program' they reduce the amount of tax you owe by 6 million.
you don't really make a whole lot of money doing it that way, but consider this, if you're $5,000 into the next tax bracket, and you donate $10,000 to drop you down to the next lower tax bracket, and dropping yourself down to the next lower tax bracket saves you from paying $20,000 in taxes total, you would do it in a heart beat.
and the worst of it is as long as the company who owns the rights to the movie is in Germany, and as long as they produce actual films, the tax loophole HAS NOT CHANGED. consider too, that since the holding company is German, they have to pay German taxes on profits. Obviously Uwe Boll doesn't make profits, but his holding company may very well make profit on the books, and have to pay German taxes. since they pay X for rights, and lease the rights for y. if y is greater than x then they pay taxes, but if both companies are owned by boll, then x would equal y... unless that jeopardized his loophole as far as the government is concerned... and it might.
so far they haven't closed the loophole if the production of the film is done in America. If they do, boll will bolt from making movies in America and will make them in Germany the way the law intended.
And because tax laws always lag behind a growing economy, this means there are a lot of people who if they donate X dollars they get Y dollars more back from the government, where Y is greater than X. So potentially he could be raising hundreds of millions of dollars just for saving a few million Germans a few grand every year. Ironically what the government did change about the loophole, is that they made it a crime to fraudulently claim you donated money to a company that never produced films. so now Boll has even more money to spend, because he's the real deal, and the fraudsters can't compete unless they start making bad money losing films too.
Ahh wikipedia
"It is not known if this will have any effect on Boll's funding as the new laws only seek to punish investors who are abusing the law for tax purposes; Boll's activities appear to be well within the legitimate usage of the tax shelter."
See even though he's producing films in America, they only tried to close the loophole for companies that didn't really produce movies. So the German tax law, would essentially mean that Uwe Boll as one of the few legitimate tax shelters for producing films, would be seeing a dramatic increase in funding from Germany.. not a shrinking.
crazy mad, because his company actually produces movies, and pays big money to the owners of the video game movie rights. it doesn't matter to the German government that people can give millions to Boll, and he makes movies that no one wants to see, but he's not a fraudulent company, his company actually makes movies with the money, they suck, they hemorrhage money like a sieve... but because he really truly does make movies with the money, he's still legit as far as Germany is concerned.
I thought someone had said that the German tax loophole was closed, so why would he be ramping up production?
and bloodrayne has done 3 movies with him now, i can understand tricking people once, but going for a bad directory your gamer community hates, for a third time?
seriously, with all the internet hate against him, how does the guy wind up making money for the content owners while loosing money at the box office if his past tax loophole strategy went out the window? has he switched countries with a different tax loophole?
ah of course, the easiest way is to set su to user su or some such have it chattr and of course belonging and executable only by user su.
btw, you can actually make a nice secure user 'chattr' who is not root and have a fairly secure password length for when the Mr remote admin needs to use chattr to install updates, etc. just make sure Mr Idiot is safely logged out when doing the updates.
thought if this after i posted, although technically Mr idiot can "sudo su chattr" if he's a sudoer unless, you require all user chattr logins to shhd. not sure off hand how to do that on Linux, more used to how to do that on BSD systems.
you know, it does with me too, but only when I've been playing too long. or when i get ranked too high in a ladder based game...
but then conversely playing the same game for many thousands of hours, introduced me to the fun OF playing Games To make your team loose!
I mean it's an activity that people always say 'they'll ban you for this' but to be honest I've never heard of anyone getting banned, except this one guy who had used 'alt +q +q' 20,000 times on the same account... he was called 'world peace' he wasn't the worst player, but he wasn't a pro either. i think he did the alt+qq abuse to avoid getting stressed out playing the game, but they still banned the guy.
ALL MMORPGS are pathetically boring, a redundant repetition of the same actions over and over again in area after area after area!
I personally have broken 7 keyboards and 2 game CDs and i almost broke my whole desktop when i kicked it once, playing You guessed it A BLIZZARD GAME.
Specifically Warcraft III: The Frozen Throne. Ladder is enough to drive anyone batty after you pass level 30. I specifically know of countless people who intentionally prevent their systems from getting past level 20, by account cycling/ backstabbing etc. accoutn cycling is less likely to get you banned, but it takes a long time to drop 10 levels through decay... but if you have 5 accounts 1 random, 1 human, 1 orc, 1 undead, and one night elf, you probably can reduce the amount of real BSing you have to do to avoid surpassing level 20.. i mean there are a lot of tricks you can do to BS while not seeming to as well, there is a way to click follow your units so they never attack, you can say 'brb toilet' at the worst time possible... and of course you can play on another computer while you do nothing on the first one...
it's really hard to say 'doing nothing' is backstabbing especially if you queue up building guys etc. or if you waste money, or you insist on teching when the team said rush... or if you rush, when your team was like 'no we'll loose rush' by your self with inferior units of course.
i mean massing ghouls for 20 minutes and getting them killed all the time is pretty stupid, but even if they send in replays, was that really intentional back stabbing? does blizzard even care? it used to be stressful past level 10 but they 'fixed' the ladder so not if you're good up to level 28 or so is not terribly stressful, but no-matter what they do the top 20 levels are full of professional gamers and their imitators.
Rules prevented teams from using 'the same exploit' to take multiple machines. if that rule had not been there, the team that took the vista laptop, would have spent the 'couple hours programming' and taken both the vista and ubuntu machines.
but they couldn't do that so you really have no idea if there isn't a "Linux Adobe" remote vulnerability right now, I know details of the adobe exploit aren't out there very far and wide, but adobe themselves knew of it, so it's quite possible that a Linux version of the exploit exists.
The mac software isn't 'non-existent' http://www.engadget.com/2008/03/27/pwn-2-own-over-macbook-air-gets-seized-in-2-minutes-flat/
and as i recall, the winner of the 'vista' machine was quoted as saying "this is a couple hours away from being a Linux or OSX exploit" that was a vulnerability in adobe software, that adobe knew about before pwn-to-own http://gizmodo.com/376585/adobe-knew-of-vista-pwn-2-own-hack-all-along
Now, Ubuntu doesn't come with adobe by default, but people Will Install the Adobe crap to see the dancing bunnies, as per the dancing bunnies problem. so don't say it's purely a diversionary tactic When HACKERS HAD THE SOFTWARE AT PWN TO OWN to hack apple, and thought it would take a couple hours to port the adobe vulnerability that took the Vista machine to Linux.
yes yes someone already pointed out the 'dancing bunnies' problem.. in that once users see that link for the dancing bunnies they're going to do whatever it takes to see the dancing bunnies, security be damned. Education is worthless, because 'i want to SEE dancing bunnies! All my friends see the dancing bunnies and i already have 20 email links to the dancing bunnies!'
so the dancing bunnies are seen, and the system is compromised. The one thing that works is having the system essentially roll back to a secure state every time the system reboots. without virtualization this is virtually impossible unless you have a sophisticated setup where people either run all their applications from a central server, which can do the rollback automatically, or else, you have a sophisticated boot set up that uses 1 os to restore, then boots the newly restored OS from disc, etc etc...
very hard to make those protected files that restore the OS invisible to the compromise and user, while still running every boot. not to mention this makes booting terribly slow.
Still onces the user has had their fill of the dancing bunnies with a sophisticated system the admin can force reboot them, when the dancing bunnies program tries to compromise other computers on the network.
the problem then are the retards who load the dancing bunnies EVERY DAY, and never get sick of them. i think, perhaps the only solution is to make sure you tube has the dancing bunnies, and tell people 'you must get your dancing bunnies from you tube, here is the link straight from it'
that might work, except youtube horribly horribly breaks firefox on Linux. so now we need a secure way to give the people their dancing bunnies, on Linux without breaking firefox.
Conversely i have found two critical applications which refuse to run as non administrator, one of them is for copying DVDs, the other, is an open source DVD/cd burning utility, however I'm considering dropping it because that program doesn't like the grade of media i was able to afford for copying movies. writing and reading at 0.5x speed is NOT acceptable.
the media was supposed to be grade 2 media, my former grade 1 media sold out and started shipping grade 4 garbage at random, and i wasn't going to pay 3x as much for the few brands of grade 1 media that haven't copped out to being stupid. although i could switch suppliers, i had credit with this particular vendor, so i bought this grade 2 media and bought grade 1 locally when it was on sale for doing data...
In ubuntu 7.10: Click place then click "home folder" .profile file right click ".profile" click 'properties' in .profile properties, click 'permissions' tab click below 'owner' 'access' select 'read-only' below 'group' set access none below others set access none.
in File Browser click "view" click "show hidden files" scroll down to
It wouldn't let me switch owner to root, but it would let me take away group/other privileges as well as set read only.
or in the case of TFA it runs a 'botnet.' which is nothing more fancy than 'launcing an irc client, with auto connect, and auto name allocation.'
IRC bots can do a number of useful things, like phishing IM networks, spamming IM networks with bad urls, allowing a hacker to run 'profiles' on dating sites to 'lure the gullible' into 'phony' releationshsips where they help their 'lover' (nothing more than an e-mail/irc bot, maybe when they're in deep enough a real human manages the conversations, in whole or in part) with 'business ventures' etc, many ways to use them as say a drop point for credit card fraud, where they ship the stuff overseas on their own dollar... or even the direct check scams, etc. if 'you're in love' with a bad, phony person... well...
Just to be totally honest here, while i was on irc, i wrote bot/script/menu system that enabled me to message people faster, converse with more people, at once, without people wondering who else is was chatting with, etc, I think at my peak i could hold a conversation with 7 people in channels or private messages, while cybering with as many as 2 people.
all with script/triggers/menus to automate some of the easier to automate parts of conversations..
the main pain in the butt was rewriting it every time mirc broke part of my script. i never bothered to port it to xchat, because by then my irc glory days were over, but it's easy to use a customized irc interface to seem like you're talking to someone, when if fact you just clicked their name right click style picked a menu, and typed in a word or phrase while the rest was done by a script.
not really, remember the big thing is browser exploits.
./.mozilla/firefox)
the browser stores configuration files in ~ those files can easily point to launching something in ~ even if you don't have ~/usr ~/bin things set up.
however, if you can't modify the system, it's very easy to do a "ls -a ~" and then scan for stuff in 'hidden' folders (eg: ls -a
the point is it's harder to do 'stealth' stuff in linux, without root you really can't be stealth. this means virus/rootkit etc scanners have an easier time, than they could ever have in windows.
But isn't xen a more mature FOSS solution than virtualbox? not to mention xen is true FOSS and not some half proprietary software that business have to pay for, vs a feature stripped 'gpled version...'
FWIW the file could just as easily come from a 'free porn' site. I've seen idiots install dialers that place calls to fsking Nigeria, and then place an insane $100 surcharge (above cost of making the call) to their phone bill, every time they try to go to the free porn site... luckily the person whom computer had this, had cable internet, but he had called me in to complain because 'his computer wouldn't load this website' sigh it wouldn't load because the dialer wouldn't connect without a phone line.
"Seriously, though - can an OS be secure, if it's users don't make rational choices?"
You can make system files immutable in Linux with chattr, an immutable file may not be overwritten by root unless chattr is first run, to remove the immutable flag.
furthermore, you can during install, use chattr to set files immutable, and then set user:owner of chattr to user chattr and set permissions to only allow user chattr to read or execute chattr as well as making chattr immutable so root can't replace it.
So yes, you can idiot proof a Linux system. Even if they still have sudo permissions so they can install new programs.
the basic point of this would be to have some type of chrontab based scanner, a remote administrator (eg: the guy who set it up for mr. i love porn and am stupid) and basically is mr idiot isntalls bad software mr remote admin can remove it, and make fake files in his owner/user group so that mr idiot can't install it again (although without access to chattr it might be hard to prevent mr idiot to find out how to use sudo to delete those files when he asks on a message board how to get around this 'error' when he tries to install software etc..)
although it's SO much easier to just not give Mr idiot sudo permissions and allow mr remote administrator approve any software Mr idiot wants on his system. the point was can linux be idiot proofed, and yes it can, in many functional ways.
Well the thing is I figured out the reason why DTV Broadcasts get more bandwidth than wireless A/G etc.. It's simple. They ARE Broadcasts. one way, instant double the bandwidth. so, yeah if you're doing BROADCASTING then yes, you get double the bandwidth of 2-way communications.
so it's not shocking at all that a 1 way broadcast would get double the bandwidth of a 2-way communication system. So now, I'm fairly sure that the 62mhz of wireless spectrum has around 300 megabits capacity, and how much the set for download vs upload will determine what the max download/second and max upload/second is.
4g phones will require 10 mhz of spectrum to use the standard both at&t and verizon are planning on using, and verizon can do double what AT&t can do in the c block. eg: they can have double the customers at the same bandwidth per tower.
OTOH verizon isn't going 4g til 2010 AT&T is planning on going 4g as soon as they can.
I'm going to assume that they set more frequency to download and less to upload, since the typical web user needs more DL than upload, since the 4g phone standard references 10 MHz then i would assume they will get about 48.3 megabits/second for both download and upload channels.
again this is per tower, per city, but that's still about equal to an OC-1 although i think OC lines do equally up/down bandwidth... anyways, the new 4-g phones should be plenty fast enough especially in rural applications, which is where high speed internet is right now primarily satellite anyways.
ah well.
I think you forgot to read TFA in it it was claiming that 91% of computers contain 'at least one spyware program' and that the 'average number of spyware found on 1 million scanned computers was 7'
insecure software (MS windows) is more popular, than say even apple's solution, which may not be any more secure by default, but At least it is based on the unix security model, allowing the filesystem to be completely locked down, while still being useful to the end users...
I realize hardened systems are much harder to compromise. But not even a hardened system is 100% secure. How can anyone be 100% sure that there are no backdoors without reading every line of code for trojans/backdoors? (i know openbsd has an audit team) and even then how do you know there are no bugs that allow for directory traversal, or root escalation, of buffer overflows?
and how do you know that none of those flaws are possible to be exploited over the network? furthermore, is your password secure enough to stop hackers? is that rather long secure password you use, so hard for you to remember that you have to write it down? What if, because your system is so secure, the kid across the street from you decides to hack you, by using a good telescope to watch you look at your piece of paper, or record you as you type to get your login and password...
sure, you could be in a room where all the windows are darkened, but how do you know they didn't jimmy the sliding door, and install a spy cam so they could get your login/pass?
well, sure you could have home security so that they'd have to do it in 20 seconds or less, making it much less likely they would do it...
but what if the neighbor kid is friendly with you? and one time while he's there when you go to the toilet, they install a physical key logger on your system?
Sure you can check for a physical key logger every time you use your pc, but what if one time he notices your make and model of keyboard, and he decided to buy one exactly like it, and install an 'internal' key logger, and while you're in the john he swaps keyboards?
Sure you can have hidden security cams, angled so they don't see what you type, but are you really going to check every time jimmy invites himself over to your place?
the basic point is you can have the best security practices in the world, AND STILL GET compromised, because your 'openbsd' guys let a big remote vulnerability get through and they found out about it a month after black hats did.
Any windows machine that runs as administrator is a target for hackers. I should know, I got compromised, despite having what I thought was a secure firewall, and the compromise wasn't one of those easily noticeable ones, either they systems never seemed to slow down, the internet worked at full speed, and they only sent packets when the screen saver was running. Had it on my machines for at least a full year before a Different Hacker compromised my system, and basically in so many words told me I was easy to hack, because I was already compromised.
"Information wants to be free!"
What everybody forgets to mention is that 'Information' is the nickname of a convicted felon, of course he wants to be free, he's in prison and he hates being locked up.
listen, if a cube can be solved in 25 moves, then All you have to do, is specify that all cubes "must be found in one of the 24th of 25 move states" and you can say 'i solved the Rubik's cube in one move'
so basically you could write a program that correctly shows where each cube piece needs to be to be one move away, find a friend to take it apart and reassemble the cube and 'solve' the Rubik's cube in one move.
you can do this several times, and if you never solved a Rubik's cube before you can start bragging "I always solve my Rubik's cube in one move." make a video showing you do this upload it to you tube, bet people $xx that you can't solve a Rubik's cube in one turn, show them the youtube link on your iphone and PROFIT.
they might feel scammed by the fact that your friend took it apart for you, but you can say "i never said what was done to the cube, just that i always solved it in one move"
Well, if they'd just switch to using a hardened Linux configuration possibly on more standard hardware, rather than some obscure RISC chip (even apple stopped using RISC)
well, they could download anti-virus software, straight from a repository. anti-spyware? switch to firefox http://nixory.sourceforge.net/
Linux comes with firewall support built-in but you can get GUI tools to make firewall management more usable. The question is since Linux (even a hardened system) should have an intrusion detection system, are they going to nail you if you use Linux and don't run an IDS?
It's not the amount of dust that matters it's the relative density of the mass, the height it reaches in orbit, and if it repels water vapor, or if it binds strongly to water vapor.
For instance if you designed a special weapon designed to create a permanent blanket against the sun, then you'd be targeting the mesosphere with rockets with highly diffused and very light particles that are very effective at reflecting the earth's sun. I have no clue what would be the best material to use, and there is little science on the mesosphere, but the stratosphere is still in the water cycle, so any sun blocking weapons that only went in the stratosphere would eventually fail. only a mesosphere approach could permanently block the sun for the rest of time.
"Paper, though energy intensive and wasteful to make,"
the vast majority of papermills run entirely on burning the bark which is completely unusable in the production of paper. chainsaws, or robotic tree cutter/branch strippers use a lot of fuel, but remember 120 years ago, we used hand (usually 2 man, for big trees) saws, or axes, and mules etc, trees can be harvested on entirely biofuel, but this costs more than even the robotic tree cutter/branch strippers...
paper from trees use a lot oh highly toxic chlorine to bleach the paper. in the old days acid was used, as acid was less toxic, but acid yellows and ruins paper, so they switched to bleach which has to be carefully reused until they eventually have to carefully dispose of it.
As far as wasteful, really there is nothing wasteful about managed forestry, Japan has used managed forestry for almost 300 years with great success. Japan even has some very rare animals that have been preserved because they caught on to environmentalism when they realized they'd have no forests left if they kept cutting the old ones down and building cities and farms... although now cars are killing some of these rare creatures, posing a risk to their continued survival...
the main problem with paper is you need to use chemicals to make it white. There are other plant fibers that can be made white with easier techniques, for instance kenaf. Hydrogen peroxide, an environmentally-safe bleaching agent that does not create dioxin, has been used with much success in the bleaching of kenaf.
Trees are a slightly expensive biofuel, but it is a proven one, they wouldn't sell pellet burner or wood stoves to this date if they weren't able to at least in tree country compete with propane and heating oil in markets where they just don't have pipelines to homes..
most of my files are wm, mpg, or avi files, how do you think i got 1 terrabyte of files?
and i will admit that in fact i have been sloppy and have backed up many programs (exe's zips, etc.) as well as program files folders, and sometimes just the whole hard drive, to save my time in sifting through files...
most of the sloppy saving of files I've stopped using any of the exe's or zip files (most stuff can be DLed fresh) but for instance there are tons of game save files and folders that use a hybrid of weird file extensions etc..
since I don't have a scanner that can detect this nasty rootkit I can't honestly know if the files are infected. for the time being I'm only playing the media files on a Linux system but many of the files don't play back (especially the wm* files)