Perhaps it's not a medical device, but the implications of an error are certainly the same.
There's not a single reason for me to believe that the backscatter machines couldn't fry my eyeballs if an error occurred; I have not seen the software, and I'm aware of no peer-reviewed literature that shows the machines are safe or at the very least, have a method of preventing such errors.
Why would they be allowed to operate a medical device without a doctor present?
This is the same reason I refuse to go through the machines at the airport. I wouldn't use an xray machine without a doctor, and in fact I believe it's illegal to do so. So why would I let some minimum wage security guard xray me?
The patent was applied for in 1996? 15 years in internet time is like 5 decades in other fields.
Back then, you were likely running Windows 95 and had to launch Real Player 1.0 to listen to audio online. IE and Netscape were both products you had to pay for (IE came with MS Plus!)
Should a patent from that era really still be valid?
But HBGary is not a fraudulent security company. Claiming that just because they did several things wrong makes them "fraudulent" is absurd.
The uncovered e-mails suggest HBGary is quite good at finding and exploiting Windows bugs to provide various forms of security and/or spy services. Creepy, yes, but not fraudulent by any means.
Sure, but that's not the point -- the point is they made all these security features, then told you exactly how to work around them right there on MSDN.
Define "low level." The ActiveX control I created was signed, which automatically gives it certain powers. There is a point during the install process during which the DLL gets hooked into the installer service and you have write access to an alarmingly large portion of the registry. It's not a documented feature as far as I was ever able to tell.
The product I worked on was canceled, afaik, so I can't send you a link to it. But it's not like I invented all of this myself.
I think you're missing the point here -- ActiveX was built to do things that it should never have been allowed to do, and with minimal user interaction.
Microsoft encourages writing a "proper" ActiveX control, sure. But your boss will not. Why? Because that "proper" control means more warnings for the user, and more warnings are bad for business. What you're referring to as a "broken" ActiveX control is a "perfect" ActiveX control to the guys in suits.
Now consider the following: on Vista and Win7, all of the registry values described on these pages can be set from within the ActiveX installer itself! In other words, you can write an ActiveX component that installs, runs, and performs IPC with elevated processes. And the user will have no idea.
So if Microsoft keeps up their practice of adding holes while they plug others, then rest assured that you'll be able to continue your practice of installing viruses with minimal hassle.
ActiveX really is like Microsoft Virus Installer. For legacy reasons it requires elevated privileges to install, which is pretty much the opposite of a sandbox.
Leave it to Microsoft to screw up something to simple.
It's sad to say this, but it's often a business decision on the part of the professor. If they think they can get a grant based on your paper, they'll hook you up with finances from the school, the department, and/or their own funds. Otherwise, you're on your own.
The main reason to attend these things is to meet people. This can either help you get a job or help find professors to partner with in the next stage of your education.
If you have no interest in either, then the only reason to go is out of your own curiosity.
Slashdot Mirror
We'd leave comments, but it's midnight here. Or at least, that's what my computer clock is telling me all of a sudden.
Is that really the best you can do? Sad.
Perhaps it's not a medical device, but the implications of an error are certainly the same.
There's not a single reason for me to believe that the backscatter machines couldn't fry my eyeballs if an error occurred; I have not seen the software, and I'm aware of no peer-reviewed literature that shows the machines are safe or at the very least, have a method of preventing such errors.
Why would they be allowed to operate a medical device without a doctor present?
This is the same reason I refuse to go through the machines at the airport. I wouldn't use an xray machine without a doctor, and in fact I believe it's illegal to do so. So why would I let some minimum wage security guard xray me?
The patent was applied for in 1996? 15 years in internet time is like 5 decades in other fields.
Back then, you were likely running Windows 95 and had to launch Real Player 1.0 to listen to audio online. IE and Netscape were both products you had to pay for (IE came with MS Plus!)
Should a patent from that era really still be valid?
But HBGary is not a fraudulent security company. Claiming that just because they did several things wrong makes them "fraudulent" is absurd.
The uncovered e-mails suggest HBGary is quite good at finding and exploiting Windows bugs to provide various forms of security and/or spy services. Creepy, yes, but not fraudulent by any means.
You joke about that, but my girlfriend does her makeup with either her iPhone or PhotoBooth for OS X.
A great use of technology, to be certain.
...because I want to use it to shave.
Huh? Are you seriously advocating that law enforcement break into computer systems of suspicious companies?
I'm no lawyer, but I'm pretty sure that would get the police/FBI into heaps of trouble.
You're missing a key point: namely that the ActiveX control itself can change these settings.
Sure, but that's not the point -- the point is they made all these security features, then told you exactly how to work around them right there on MSDN.
Why did they bother?
Define "low level." The ActiveX control I created was signed, which automatically gives it certain powers. There is a point during the install process during which the DLL gets hooked into the installer service and you have write access to an alarmingly large portion of the registry. It's not a documented feature as far as I was ever able to tell.
The product I worked on was canceled, afaik, so I can't send you a link to it. But it's not like I invented all of this myself.
I think you're missing the point here -- ActiveX was built to do things that it should never have been allowed to do, and with minimal user interaction.
Microsoft encourages writing a "proper" ActiveX control, sure. But your boss will not. Why? Because that "proper" control means more warnings for the user, and more warnings are bad for business. What you're referring to as a "broken" ActiveX control is a "perfect" ActiveX control to the guys in suits.
Before anybody asks, all the the above post is speaking from firsthand experience. Unfortunately.
Google Native Client has a code verifier and requires the use of a custom version of the C library.
So while it might potentially have negative consequences, Google has learned from the mistakes of ActiveX.
Don't worry, every time Microsoft plugs one hole, they add another for legacy services.
For example, look at the workarounds for installing various types of ActiveX controls -- without prompting -- on this page.
http://msdn.microsoft.com/en-us/library/cc721964(v=ws.10).aspx
Or read this page about starting elevated executables from within ActiveX -- again, without prompting.
http://msdn.microsoft.com/en-us/library/bb250462(v=vs.85).aspx#wpm_elebp
Now consider the following: on Vista and Win7, all of the registry values described on these pages can be set from within the ActiveX installer itself! In other words, you can write an ActiveX component that installs, runs, and performs IPC with elevated processes. And the user will have no idea.
So if Microsoft keeps up their practice of adding holes while they plug others, then rest assured that you'll be able to continue your practice of installing viruses with minimal hassle.
ActiveX really is like Microsoft Virus Installer. For legacy reasons it requires elevated privileges to install, which is pretty much the opposite of a sandbox.
Leave it to Microsoft to screw up something to simple.
AT&T, Verizon, or Sprint?
Unlike those quality, American-made laptops.
Oh wait... those don't exist.
Ever heard of credit cards?
Neckbeard porn?
It's sad to say this, but it's often a business decision on the part of the professor. If they think they can get a grant based on your paper, they'll hook you up with finances from the school, the department, and/or their own funds. Otherwise, you're on your own.
The main reason to attend these things is to meet people. This can either help you get a job or help find professors to partner with in the next stage of your education.
If you have no interest in either, then the only reason to go is out of your own curiosity.
...that I work in the open source world.
Sure, my company can take whatever I create! But it's going to be L/GPL'd, which is fine by me.
20 years ago, FLOSS advocates were saying the exact same thing.
And yet, my computer's graphics chip STILL doesn't work. I'm sick of the excuses.