How about requiring physical interaction? This would resolve the security issues without harming our right to modify our own hardware.
At first, I thought about some kind of "while rebooting, press and hold Scroll Lock to allow the install", but the keyboard is driven by low-level I/O firmware, so that's out.
Then I thought that a physical button would be good, but the scammers could fool Grandma into pushing it "to protect your PC!"
How about a jumper that, while open, does a one-time skip of the UEFI enforcement, and prompts you to sign the new UEFI yourself?
This solution fits the problem -- without unduly interfering with our ownership rights. It's a pain for a newbie to crack the case, but maybe that would be educational, too.
Columns that adjust based on screen width? Other than < IE9, they're already here. It's called responsive enhancement.
It's not built into CSS (which you are pining for), but it's quite elegant - switching CSS based on media queries. Change the width one of the sample pages in different browsers and watch how the layout changes and images change size. Pretty slick.
So tell me, when you're "simply looking for more resources to exploit" where do you start? Looking at those around you who have the resources you need or building a spaceship capable of intergalactic travel and also locating out of the universe a planet that might have the same resources you need?
Aliens wouldn't have to gear up for the express purpose of pillaging the galaxy.
They could have developed their space-facing and resource-detecting technologies during a period of relative prosperity. But when their circumstances took a turn for the worse, that same tech could be used for non-peaceful purposes -- an instant Li'l Intergalactic Raider kit.
And what makes Earth so automatically special about our resources?
Two words: dilithium crystals.
An alien civilization might be able to synthesize "tea, Earl Grey, hot" -- but still need to mine/grow/breed trickier-to-synthesize stuff. And that stuff might be abundant on Earth, but rare in other parts of the universe. We might have no clue that our planet is chock full of Unobtainium.
Man's "unripe gold" could be a G'Gugvuntt's platinum.
Interestingly, our advanced ONTAP GX architecture is built on top of a full UNIX release. We took Data ONTAP, including WAFL and RAID, combined it with the new code from our Spinnaker acquisition, and hosted the combined result on FreeBSD in a combination of user processes and kernel modules. For security and simplicity we have disabled and hidden many parts of FreeBSD.
The older codebase was originally derived from the original BSD Net/2 release:
The first version of Data ONTAP borrowed lots of code from Berkeley Net/2 (one of the earliest open-source releases of UNIX), including the TCP/IP stack, system boot code, and device drivers. Since then, we've borrowed liberally from other open-source UNIX releases. We wrote the command line interface from scratch, but we designed it to look like UNIX, since our first market was UNIX system administrators. Clearly, ONTAP is related to UNIX.
The full post is worth reading - he talks about the relationship between ONTAP and UNIX in some detail.
The data may be duplicated elsewhere, but some of the statistics are fun. Considering that they're probably Slashdotted right now, the list of latest entries in the database rocks.
Latest 25 products
* SPAM - Hickory Smoke flavor
* Dr. Pepper
* Python Pocket Reference, 3rd Edition
* Kleenex Brand Facial Tissue
* Windows XP Home Edition Upgrade
* The Duke Spirit - Cuts across the land
* Kingston SD Memory Card - 1Gig
* Mates of State - Bring it Back
* Starship Troopers (DVD)
* Ibuprofen Caplets 200mg
* Seattle Metropolitan Magazine
* Diablo: #1 Legacy of Blood
* 108Mb Wireless CardBus Adapter TL-WN610G
* Chock full o' Nuts Coffee
* Wente Vineyards Merlot Arroyo Seco Monterey 2003
* Wings of Fury
* Dr. Pepper
* Lay's Kettle Cooked Original Extra Crunchy Potato Chips
* Crazy Jack Organic Sun-Dried Raisins
* Elektra DVD
* Epoxy/Aluminum Putty Stick
* Canon Zoon Lens EF-S 17-85 mm f/4-5.6 IS USM
* Expo Fine Point Dry Erase Markers - 4 Color Set
* MySQL Pocket Reference
* Dig into Rocks: Minerals and Crystals
...there's no chance he would shill for them like that.
Notice that he put it in quotes. He's as much as telling us that they're not his words.
Considering that he wanted them to make good on what most people agree was D-Link's substantial, protracted blunder, putting up a statement like this seems perfectly reasonable to me.
Some time after November 2004, the Wayback archive for the main page ends... but Ross registered
live555.com quite a bit earlier (August 2004).
(Negotiation time?) Could this mean that Microsoft has been cooking this for a year or more? If so, I would have expected more from the debut.
As an afterthought... it's really too bad that transactions of this type aren't disclosed. We could all make better domain-name choices if we had the vaguest ballpark idea of what the "going rate" was. And I have a feeling that it's usually not the small guy who benefits from the non-disclosure.
If the 3000 machines in my botnet get connectivity from generic-isp.example.net, and I set the sending email address of my spam payload to be "user@generic-isp.example.net", it sounds like FairUCE may let the spam fly unmolested.
Because you're forced to use Apples overpriced hardware.
I can't speak to the hardware issue, but you also have to pay Apple for major OS updates. In fairness, they do offer small, incremental updates for free, but I've gotten pretty used to having nigh-perpetual features and OS improvements for free.
To get some perspective on this, there aren't a lot of crypt() collisions. Tom Perrine and Devin Kowatch of The San Diego Supercomputer Center found only one crypt() collision that they categorized as "real": $C4U1N3R collided with SEEKETH. There were also 24 that were a result of characters in some passwords having the high bit set -- crypt() strips off the high bits.
Their Teracrack project (pdf; html) used a different approach: leverage their huge amount of high-speed network connections and storage space.
Slashdot Mirror
The Qualys tester only runs against port 443.
What about the ports used by SMTP transport (using STARTTLS)?
How about requiring physical interaction? This would resolve the security issues without harming our right to modify our own hardware.
At first, I thought about some kind of "while rebooting, press and hold Scroll Lock to allow the install", but the keyboard is driven by low-level I/O firmware, so that's out.
Then I thought that a physical button would be good, but the scammers could fool Grandma into pushing it "to protect your PC!"
How about a jumper that, while open, does a one-time skip of the UEFI enforcement, and prompts you to sign the new UEFI yourself?
This solution fits the problem -- without unduly interfering with our ownership rights. It's a pain for a newbie to crack the case, but maybe that would be educational, too.
Columns that adjust based on screen width? Other than < IE9, they're already here. It's called responsive enhancement.
It's not built into CSS (which you are pining for), but it's quite elegant - switching CSS based on media queries. Change the width one of the sample pages in different browsers and watch how the layout changes and images change size. Pretty slick.
Short URL for spreading the word: http://xrl.us/respenh
Aliens wouldn't have to gear up for the express purpose of pillaging the galaxy.
They could have developed their space-facing and resource-detecting technologies during a period of relative prosperity. But when their circumstances took a turn for the worse, that same tech could be used for non-peaceful purposes -- an instant Li'l Intergalactic Raider kit.
Two words: dilithium crystals.
An alien civilization might be able to synthesize "tea, Earl Grey, hot" -- but still need to mine/grow/breed trickier-to-synthesize stuff. And that stuff might be abundant on Earth, but rare in other parts of the universe. We might have no clue that our planet is chock full of Unobtainium.
Man's "unripe gold" could be a G'Gugvuntt's platinum.
The older codebase was originally derived from the original BSD Net/2 release:
The full post is worth reading - he talks about the relationship between ONTAP and UNIX in some detail.
The data may be duplicated elsewhere, but some of the statistics are fun. Considering that they're probably Slashdotted right now, the list of latest entries in the database rocks.
Latest 25 products
* SPAM - Hickory Smoke flavor
* Dr. Pepper
* Python Pocket Reference, 3rd Edition
* Kleenex Brand Facial Tissue
* Windows XP Home Edition Upgrade
* The Duke Spirit - Cuts across the land
* Kingston SD Memory Card - 1Gig
* Mates of State - Bring it Back
* Starship Troopers (DVD)
* Ibuprofen Caplets 200mg
* Seattle Metropolitan Magazine
* Diablo: #1 Legacy of Blood
* 108Mb Wireless CardBus Adapter TL-WN610G
* Chock full o' Nuts Coffee
* Wente Vineyards Merlot Arroyo Seco Monterey 2003
* Wings of Fury
* Dr. Pepper
* Lay's Kettle Cooked Original Extra Crunchy Potato Chips
* Crazy Jack Organic Sun-Dried Raisins
* Elektra DVD
* Epoxy/Aluminum Putty Stick
* Canon Zoon Lens EF-S 17-85 mm f/4-5.6 IS USM
* Expo Fine Point Dry Erase Markers - 4 Color Set
* MySQL Pocket Reference
* Dig into Rocks: Minerals and Crystals
With a great domain like that, I was curious about its history.
According to the Wayback machine, the domain live.com was owned from 1998 to November 2004 by one Ross Finlayson. The archived pages say that the company (Live Networks) has in business since 1995.
Some time after November 2004, the Wayback archive for the main page ends ... but Ross registered
live555.com quite a bit earlier (August 2004).
(Negotiation time?) Could this mean that Microsoft has been cooking this for a year or more? If so, I would have expected more from the debut.
As an afterthought ... it's really too bad that transactions of this type aren't disclosed. We could all make better domain-name choices if we had the vaguest ballpark idea of what the "going rate" was. And I have a feeling that it's usually not the small guy who benefits from the non-disclosure.
If the 3000 machines in my botnet get connectivity from generic-isp.example.net,
and I set the sending email address of my spam payload to be
"user@generic-isp.example.net", it sounds like FairUCE may let the spam
fly unmolested.
Because you're forced to use Apples overpriced hardware.
I can't speak to the hardware issue, but you also have to pay Apple for major OS updates. In fairness, they do offer small, incremental updates for free, but I've gotten pretty used to having nigh-perpetual features and OS improvements for free.
-royceTo get some perspective on this, there aren't a lot of crypt() collisions. Tom Perrine and Devin Kowatch of The San Diego Supercomputer Center found only one crypt() collision that they categorized as "real": $C4U1N3R collided with SEEKETH. There were also 24 that were a result of characters in some passwords having the high bit set -- crypt() strips off the high bits.
Their Teracrack project (pdf; html) used a different approach: leverage their huge amount of high-speed network connections and storage space.
Royce