Your nerdy protests to the contrary, ogg is an audio format. There is no vorbis.
In this world, we use file extensions to determine data type. Apple even does it now.
You think we use MIME types? Bullshit! We pretend to use MIME types. A web server looks at the file extension, maps it to a MIME type, and sends the file. Most web browsers ignore the MIME type if they have a file extension. This is good, because the web server just pulled the MIME type out of its ass. Who can best decide, a server with an old MIME database or a client with all the latest players installed? It's not as if the MIME type was supplied when the file was first created on the filesystem. No, the file was created with an extension. All MIME types do is cause inconsistency.
Ogg has a small bit of inertia as an audio format, which is good. The "best" you can do fighting that is to sow confusion in the market. What, are you trying to kill ogg? Every silly claim that "ogg is not a codec" is fuel for the competition, which you should note has a massive head start.
That's a popular belief. It's rooted in the desire to believe that all people are created equal. Sounds nice, huh?
Life isn't fair, at least not in that way. Offensive stuff can be correct.
Twin studies, in which twins are separated at birth and raised separately, show that intelligence is strongly genetic. Many other mental attributes are too. Even the strength of religeous belief is, once the subject gets well into adulthood.
Socialist welfare will not be provided forever. It can not be sustained when the vast majority of the population needs it. It is pure fantasy to think that humans are immune to evolution, or that this won't have dramatic effects on society.
We've pretty much run out of Flynn effect. IQ is predicted to drop a point or so each year based simply on who is having the kids. (IQ is not recentered, and thus not fixed at a mean of 100)
It won't keep up forever. It can't, because society can not be sustained with stupidity. Industry will eventually collapse. We're so interconnected these days that it will be a bit of a chain reaction.
In the coming disaster, survival will mean having all the old-style survival traits.
Look at the evolutionary pressure today. The big thing to overcome is birth control. It's unlikely that we will overcome birth control via body changes. Behavioral changes can do it though. The immediate effect is that stupid people are selected for. Long term though, it'll be people who just WANT lots of kids.
I don't want any of my kids to marry somebody with the defect.
That's not the only defect of interest. Full genetic testing would be a good thing, at least for people who have fewer defects than average. The below-average people just shouldn't breed. If they get stuck breeding with each other, at least the die-off rate will increase.
To oppose this is to say that either:
a. you don't believe in evolution
b. you're OK with humans evolving to be stupid creatures that depend on modern medicine for survival, with the collapse of our population if modern medicine should happen to become unavailable from all the stupidity
It's normal to keep these secret: max speed, max range, max altitude, etc.
It's possible that most pilots don't know. They may be prohibited from exceeding the unclassified limits. The plane might even normally be restricted by software.
I knew but forgot. I don't think the Mac would be useful as prior art, because patents are insane.
This guy "invented" the use of TWO extra shift keys, for a total of FOUR. That's more innovative than the Mac, which only had ONE extra shift key for a total of THREE.
Maybe the answer is to 1-up the bastard. You know, have FIVE shift keys. (or is five right out?)
Meet the guy, get to know him, see if he says anything...
You could even take him out to dinner. You could get him steak, nice red wine, sushi, sake, giant shrimp, some lovely white champagne, cigars with cognac, etc. Have a real friendly chat with him. Get him talking about things. See if he has any pals at Microsoft.
First of all, it's a design patent. It's not a utility patent. Design patents are used for stuff like the flowers on the handles of your silverware. (why that isn't done with copyright I don't know) Design patent rules are different from utility patent rules.
It's about using two extra shift keys for the non-ASCII characters. On his keyboard, he calls them "Shift2" and "Ng". This is a nice way to do languages that use the latin alphabet with a few abnormal extra characters.
It's not like the mode switch key used for Arabic. There, you press the key once to switch modes. (more like a caps lock)
It's not like the dead keys often used for European accents. There, you press an accent key followed by a letter key. The accent key does nothing until you press the letter.
It's not like the combining accent keys used in Microsoft Word. There, you press the accent key after the letter key. (so the software must display your "A" before knowing if it needs an accent)
It's not like the fancy stuff used for Chinese, etc.
He's claiming that two keyboard layouts are in violation. The first one is Nigerian, now used for all of western Africa. The second one is "US International", which is QWERTY plus stuff like the Euro and various odds and ends.
Of course, but the point is that they are files controlled by root or by setuid programs, and you just can't access them with your method, without being root or using setuid programs No, these files reside in your home directory. They start with a ".", so ls won't show them by default. Many file managers won't show them either. They have names like ~/.gnome/* and such.
There's no way for you to be root from an ordinary user, unless you exploit a program running as root, or are promoted root by a setuid one. The setuid is dead with your little trick, only the exploit remaining. You can inject the terminal all you want, as soon as you reach a setuid code, your trick fails immediately. You missed it. Think about where "su" gets keystrokes from. I give you a hacked xterm. It is not setuid. It transfers keystrokes from the X server to the su program. It listens in, recording your password.
Most have an hypothetical way of executing arbitrary code, but no exploit. It's not really that hard. One has to be totally comfy with assembly, including assembling the bytes by hand.
Nope. T-Mobile is taking quite a risk if they're at the edge of the law. Vodaphone might not want to make a big investment that just turns into a pile of legal trouble. Vodaphone is taking the low-risk route.
Sort of. It's not equivalent because Windows is unable to map one object on top of another. (with mmap, each page is treated separately so you can map something right into the middle of something else)
I posted it elsewhere, but forgot one thing. (can't rely on PageHeap, which is buggy)
First of all, the obligitory remark: shame on you for supporting that abusive monopolist.
1. Allocate pages with VirtualAlloc.
2. Protect pages with VirtualProtect. Use PAGE_NOACCESS, not the ever-so-tempting PAGE_GUARD which isn't persistant. Do not be tempted to use PageHeap, which sometimes (randomly? for small things?) does not do its job.
Now, you'll of course abstract this so that your code still works on MacOS and Linux, right? It'll work on 64-bit MacOS and Linux too, where a "long" is 64 bits, right? Of course you will, out of gratitude to a Linux user who helped you, and because you might need MacOS or Linux support when you reuse that code for some non-PC platform.
One should consider that sanity checks can themselves be security holes. At the very least, you have lots of extra code that can make regular old bugs more difficult to find.
I'd not suggest that ALL sanity checks need to go, but... cutting down the complexity of your code is certainly not a bad idea.
For example, if your sanity check code causes a double free, it may be exploitable on MacOS. (shame on Apple)
Your goal is to render/play/whatever the valid input, while not corrupting yourself on invalid input. Exact behavior on invalid input is unimportant.
You thus can simply force invalid input to be valid, essentially running it through a filter that mangles invalid input.
There are many ways. A few of them:
Bit masking is great for this. Suppose you deal with an value that should only range from 1 to 13. You could round that up to a power of two, so 16 choices with 3 being invalid. A bit mask of 0xf will force the data to be among those 16. (0 to 15) The 3 remaining invalid choices can be mapped onto valid choices. Valid data is unmangled, while invalid data is forced to become valid.
You can OR bits into things as well.
You can remap values, such as characters. Do a table lookup.
No it doesn't !!! At least as long as you don't launch any xterm from your gnome-terminal/konsole/eterm/whatever. This little trick would change whatever apps you use that is launched from your shell session, which is just unlikely. That's a very minor detail. First of all, I can just hit your desktop menu files instead. I can hit.xsessionrc or.xinitrc instead. Second of all, your desktop environment most likely USES THE SHELL to start things, and it is likely that at least some of the shell's files (not all) will still be used.
This was fixed like more than 4 years ago !! Your LD_PRELOAD, containing slashes, will just not work at all and be rejected for suid binaries like su or sudo. No, I don't mean injecting into su or sudo. I mean injecting into the terminal program. As part of the push for security, the setuid bit has been removed from many of these programs... eliminating the LD_PRELOAD protection. Oops.
In any case, with control of your menu system, I can substitute a look-alike program of my own design. That could be the terminal program. It could just be su or sudo. Heck, I could probably get away with making them mere shell functions.
Kernel is safe as long as you're not root, and setuid binaries are safe too. You have to have an exploit on one of them No shit. Suppose I do. I probably can't use it remotely... until I get into your regular user account.
The regular people of Europe may not want that cellfuck, but vodaphone wouldn't mind it. Vodaphone is wondering if the law might not cover as much as they thought it did. They're wondering what they can get away with.
We can ignore the problem then too. Eventually, morning and evening will be on different days. We might just gain or lose a whole day. Heck, we can ignore the problem forever. We'll be off by a year, then a decade...
The guard page sits right at the end of the buffer. Both read and write permission is blocked; the OS may implement this as an unmapped page. That stops an overflow from anything with a stride length smaller than the page size. Add more pages as desired; with 64 K of guard area you can stop a 16-bit stride.
For the rest, masking will constrain the result to be within the buffer.
Memory containing the GOT should never be returned for a fresh allocation; that would mean you had screwed the memory allocator before even looking at the untrusted data.:-)
First of all, the obligitory remark: shame on you for supporting that abusive monopolist.
Allocate pages with VirtualAlloc.
Protect pages with VirtualProtect. Use PAGE_NOACCESS, not the ever-so-tempting PAGE_GUARD which isn't persistant.
Now, you'll of course abstract this so that your code still works on MacOS and Linux, right? It'll work on 64-bit MacOS and Linux too, where a "long" is 64 bits, right? Of course you will, out of gratitude to a Linux user who helped you, and because you might need MacOS or Linux support when you reuse that code for some non-PC platform.
Slashdot Mirror
Your nerdy protests to the contrary, ogg is an audio format. There is no vorbis.
In this world, we use file extensions to determine data type. Apple even does it now.
You think we use MIME types? Bullshit! We pretend to use MIME types. A web server looks at the file extension, maps it to a MIME type, and sends the file. Most web browsers ignore the MIME type if they have a file extension. This is good, because the web server just pulled the MIME type out of its ass. Who can best decide, a server with an old MIME database or a client with all the latest players installed? It's not as if the MIME type was supplied when the file was first created on the filesystem. No, the file was created with an extension. All MIME types do is cause inconsistency.
Ogg has a small bit of inertia as an audio format, which is good. The "best" you can do fighting that is to sow confusion in the market. What, are you trying to kill ogg? Every silly claim that "ogg is not a codec" is fuel for the competition, which you should note has a massive head start.
Put a reader on each trash can. Put readers at the doorway. Put a reader on your equipment table.
To a limited depth, you can even scan the patient.
That's a popular belief. It's rooted in the desire to believe that all people are created equal. Sounds nice, huh?
Life isn't fair, at least not in that way. Offensive stuff can be correct.
Twin studies, in which twins are separated at birth and raised separately, show that intelligence is strongly genetic. Many other mental attributes are too. Even the strength of religeous belief is, once the subject gets well into adulthood.
Socialist welfare will not be provided forever. It can not be sustained when the vast majority of the population needs it. It is pure fantasy to think that humans are immune to evolution, or that this won't have dramatic effects on society.
I'm doing my part to fix things. How about you?
We've pretty much run out of Flynn effect. IQ is predicted to drop a point or so each year based simply on who is having the kids. (IQ is not recentered, and thus not fixed at a mean of 100)
It won't keep up forever. It can't, because society can not be sustained with stupidity. Industry will eventually collapse. We're so interconnected these days that it will be a bit of a chain reaction.
In the coming disaster, survival will mean having all the old-style survival traits.
Look at the evolutionary pressure today. The big thing to overcome is birth control. It's unlikely that we will overcome birth control via body changes. Behavioral changes can do it though. The immediate effect is that stupid people are selected for. Long term though, it'll be people who just WANT lots of kids.
We have no privacy here, even when we should. We must waive HIPPA rights to get insurance, etc.
Imagine targeted advertizing. The casino industry won't have to waste advertizing on people like me. They can just target the people most vulnerable.
I don't want any of my kids to marry somebody with the defect.
That's not the only defect of interest. Full genetic testing
would be a good thing, at least for people who have fewer
defects than average. The below-average people just shouldn't
breed. If they get stuck breeding with each other, at least
the die-off rate will increase.
To oppose this is to say that either:
a. you don't believe in evolution
b. you're OK with humans evolving to be stupid creatures
that depend on modern medicine for survival, with the
collapse of our population if modern medicine should
happen to become unavailable from all the stupidity
Well yeah, today...
This new development changes all that. Why provide a good product if people are locked in?
The masses will snap up "cheap" phones with evil contracts that can't be comprehended by non-lawyers.
Other phones become a niche product with rising costs. Eventually nobody offers them, because they are less profitable.
You're getting the US cellphone industry. Enjoy!
It's normal to keep these secret: max speed, max range, max altitude, etc.
It's possible that most pilots don't know. They may be prohibited from exceeding the unclassified limits. The plane might even normally be restricted by software.
I knew but forgot. I don't think the Mac would be useful as prior art, because patents are insane.
This guy "invented" the use of TWO extra shift keys, for a total of FOUR. That's more innovative than the Mac, which only had ONE extra shift key for a total of THREE.
Maybe the answer is to 1-up the bastard. You know, have FIVE shift keys. (or is five right out?)
Why be unfriendly?
Meet the guy, get to know him, see if he says anything...
You could even take him out to dinner. You could get him steak, nice red wine, sushi, sake, giant shrimp, some lovely white champagne, cigars with cognac, etc. Have a real friendly chat with him. Get him talking about things. See if he has any pals at Microsoft.
First of all, it's a design patent. It's not a utility patent. Design patents are used for stuff like the flowers on the handles of your silverware. (why that isn't done with copyright I don't know) Design patent rules are different from utility patent rules.
It's about using two extra shift keys for the non-ASCII characters. On his keyboard, he calls them "Shift2" and "Ng". This is a nice way to do languages that use the latin alphabet with a few abnormal extra characters.
It's not like the mode switch key used for Arabic. There, you press the key once to switch modes. (more like a caps lock)
It's not like the dead keys often used for European accents. There, you press an accent key followed by a letter key. The accent key does nothing until you press the letter.
It's not like the combining accent keys used in Microsoft Word. There, you press the accent key after the letter key. (so the software must display your "A" before knowing if it needs an accent)
It's not like the fancy stuff used for Chinese, etc.
He's claiming that two keyboard layouts are in violation. The first one is Nigerian, now used for all of western Africa. The second one is "US International", which is QWERTY plus stuff like the Euro and various odds and ends.
1 Timber Lane, Natick, MA, 01760, USA
phone 339-987-9249, fax 508-647-4702
Put that into Google maps and have a look.
It's a house on a 100 foot square lot.
Nope. T-Mobile is taking quite a risk if they're at the edge of the law. Vodaphone might not want to make a big investment that just turns into a pile of legal trouble. Vodaphone is taking the low-risk route.
No!
1. It is trivial to crack a CRC. That is not a crypto checksum.
2. Probably you get exploited before you get a chance to check. This depends on overflow severity, OS, etc.
There is a fix. You mask everything, not just when adding arbitrary untrusted offsets. This sucks.
Sort of. It's not equivalent because Windows is unable to map one object on top of another. (with mmap, each page is treated separately so you can map something right into the middle of something else)
I posted it elsewhere, but forgot one thing. (can't rely on PageHeap, which is buggy)
First of all, the obligitory remark: shame on you for supporting that abusive monopolist.
1. Allocate pages with VirtualAlloc.
2. Protect pages with VirtualProtect. Use PAGE_NOACCESS, not the ever-so-tempting PAGE_GUARD which isn't persistant. Do not be tempted to use PageHeap, which sometimes (randomly? for small things?) does not do its job.
Now, you'll of course abstract this so that your code still works on MacOS and Linux, right? It'll work on 64-bit MacOS and Linux too, where a "long" is 64 bits, right? Of course you will, out of gratitude to a Linux user who helped you, and because you might need MacOS or Linux support when you reuse that code for some non-PC platform.
One should consider that sanity checks can themselves be security holes. At the very least, you have lots of extra code that can make regular old bugs more difficult to find.
I'd not suggest that ALL sanity checks need to go, but... cutting down the complexity of your code is certainly not a bad idea.
For example, if your sanity check code causes a double free, it may be exploitable on MacOS. (shame on Apple)
As a general rule, the more code the more danger.
That would be great if PageHeap were fully functional.
(well no, because ALL allocations would suffer the overhead, but the killer is that PageHeap does not fully work as advertized)
The OS randomly decides to not bother. I know not why. It's one of the mysteries of Windows.
Your goal is NOT to validate the input.
Your goal is to render/play/whatever the valid input, while not corrupting yourself on invalid input. Exact behavior on invalid input is unimportant.
You thus can simply force invalid input to be valid, essentially running it through a filter that mangles invalid input.
There are many ways. A few of them:
Bit masking is great for this. Suppose you deal with an value that should only range from 1 to 13. You could round that up to a power of two, so 16 choices with 3 being invalid. A bit mask of 0xf will force the data to be among those 16. (0 to 15) The 3 remaining invalid choices can be mapped onto valid choices. Valid data is unmangled, while invalid data is forced to become valid.
You can OR bits into things as well.
You can remap values, such as characters. Do a table lookup.
This little trick would change whatever apps you use that is launched from your shell session, which is just unlikely. That's a very minor detail. First of all, I can just hit your desktop menu files instead. I can hit
In any case, with control of your menu system, I can substitute a look-alike program of my own design. That could be the terminal program. It could just be su or sudo. Heck, I could probably get away with making them mere shell functions. Kernel is safe as long as you're not root, and setuid binaries are safe too. You have to have an exploit on one of them No shit. Suppose I do. I probably can't use it remotely... until I get into your regular user account.
The regular people of Europe may not want that cellfuck, but vodaphone wouldn't mind it. Vodaphone is wondering if the law might not cover as much as they thought it did. They're wondering what they can get away with.
We call this "putting off the problem".
We can ignore the problem then too. Eventually, morning and evening will be on different days. We might just gain or lose a whole day. Heck, we can ignore the problem forever. We'll be off by a year, then a decade...
This is NOT some no-exec thing.
:-)
The guard page sits right at the end of the buffer. Both read and write permission is blocked; the OS may implement this as an unmapped page. That stops an overflow from anything with a stride length smaller than the page size. Add more pages as desired; with 64 K of guard area you can stop a 16-bit stride.
For the rest, masking will constrain the result to be within the buffer.
Memory containing the GOT should never be returned for a fresh allocation; that would mean you had screwed the memory allocator before even looking at the untrusted data.
First of all, the obligitory remark: shame on you for supporting that abusive monopolist.
Allocate pages with VirtualAlloc.
Protect pages with VirtualProtect. Use PAGE_NOACCESS, not the ever-so-tempting PAGE_GUARD which isn't persistant.
Now, you'll of course abstract this so that your code still works on MacOS and Linux, right? It'll work on 64-bit MacOS and Linux too, where a "long" is 64 bits, right? Of course you will, out of gratitude to a Linux user who helped you, and because you might need MacOS or Linux support when you reuse that code for some non-PC platform.