They reported this to the Windows developers, who disassembled SimCity, stepped through it in a debugger, found the bug, and added special code that checked if SimCity was running, and if it did, ran the memory allocator in a special mode in which you could still use memory after freeing it.
That bit of the article really got me. How many memory allocators do they need to debug or secure? How many exploits might be found by pretending to be SimCity or other applications and getting branched off to languid backwaters of code that don't get much ttention anymore?
Why are people thinking that MS "developed" an AV product when they acquired GeCAD AV recently. It just looks like Symantec and Nortons weren't up for sale at the time. Too bad for them...
It is entirely understandable that the mainstream media did not give this issue much attention.
I mean, an Aussie won Miss Universe that week! Who's going to devote column centimetres to a bunch of guys in a stuffy room? And if they'd given the negotiations a reality-TV format, maybe more people would have watched.
I saw a weekly news summary in today's paper, coverage of the Olympic Torch relay out-did nearly all other news items combined.
All I would need to do is type my credit card details into Photoshop and I could print as many (valid) Euro notes as I had funds available. Merchants could accept them with confidence since it's impossible to print notes without Adobe's permission.
You could even insert your own overlays and create your own denominations as long as they didn't screw up the watermark, "Why sure the 23 Euro note has a picture of Goatse on it..."
A friend had his iPAQ lifted from a fancy backpack whilst riding on a crowded bus. Mostly because all those external pockets are so easy to open up without being noticed (compared to rummaging through all the other junk in the typical back pack).
Because he had marked the iPAQ with his name and other distinguishing features, and because he took the time to visit a few pawn shops, he was able to get his iPAQ back and the guy who stole it even got busted for it.
It insists on running as root and is vague about changes it makes to a bunch of stuff, and runs a horribly large Java installer that forked like crazy on my Debian test box (probaly because I didn't let it run as root). All I wanted was a couple of libraries, and didn't want to let it fsck^w modify my system. In the end I used Postgres instead because I didn't have time to pick apart their installer to get the bits I wanted.
I'm not going to swap from Debian to Red Hat for one part being developed for one application. OTOH, if I was rebuilding our main database, I'd probably try those pre-built and certified Red Hat servers.:o)
OK, you could tell the end users to find their own tools and just cope.
However, I work in a large organisation, and with a 98% spam ratio, the mail infrastructre would need to be much larger (and more expensive!) than it actually neeeds to be. Let alone the (*&&^$@# junk traffic and bounces caused by auto-responses to forged addresses. Plus we have a significant number of staff who are clueless who would be excluded from communicating effectively because they do not have the time or skills to learn how to train a spam filter. in such a situation, no-one could no-longer *rely* on email to contact/inform our staff, reducing its value as a tool.
Our email infrastructure already groans under the load each time another Outlook virus arrives.
The hay-stack of spam is probably just as disruptive as false scanner positives.
Once upon a time, a friend of mine took ridiculous amounts of caffeine over a weekend. It is NOT fun, he started having heart palpitations. Don't fuck with you body for the fun of it.
I love drinking too much coffe, the dehydration issue is especially important in office building that are air-conditioned and dry you out even more. I keep a 1 litre water bottle on my desk and aim to drink it through the day (refilling at the water cooler), I prefer cool, but not chilled water. Having experimented, I find drinking water through the day finds me feeling more buzzed and alert at the end of the day (whether or not I drink coffee).
I picture a dozen or so kids blissfully strolling home from school when a dirty white van pulls up. Two guys with masks on pop out of the back of the van, point guns at the kids, demand that all backpacks be removed and placed on the ground, load a dozen backpacks into the van and drive straight to their favorite...
...Police station!
Am I the only one to think of one of RMS's rants? Picture this:
Mrs Johnson? Sgt Blake from school copyright police here, we have your son in custody, we busted him letting Billy read his alphabet reader. I cannot impress upon you the seriousness of this offence, we have a zero-tolerance policy regarding DRM violations. We consider book loans to be a gateway crime to more serious IP theft...
After hearing from someone who helped build an *electronic* voting system, I do not support *online* voting. There are a few, really difficult to solve problems with online voting, the biggest of these is the secrecy of the ballot. How do you stop others (friends, spouse etc.) from checking on somone to "make sure they vote right"? As long as you cannot guarantee the physical security of the polling place (somoene's lounge room), you cannot guarantee the secrecy of the ballot. In the Russian elections, all sorts of city services (such as restaurant permits) were available if you "paid" in postal votes for Vladimir Putin, we'd be exposing ourselves to similar temptation for corruption.
As for electronic voting, I firmly believe that open electronic systems can be just as secure as paper systems. The benefits are that electronic votes are easier to count and less prone to qualitative interpretation (is the chad hanging or not?), but yeah, the primary benefit is cost. We don't need electronic voting, but it is more convenenient.
Also, this is a motor registry. My guess is they want basic office automation and the ability to run their own software (you know, stonking huge database of cars, drivers, billing and such). AFAIK, it's not the sort of thing you buy at WalMart. With MacOS X, my guess is that they'll write so they can port to BSD/Linux/Solaris/whatever if needed. The Mac provides a nice, predictable hardware platform.
...Is that you cannot make sure your users are careful.
You pretty much have to assume that black-hats are going to be able to runs escalation exploits and work accordingly. That or severely limit how users are allowed to interact with the machine (if they only need to access email or upload files, WTF should they be able to run anything else?).
It most likely boils down to reasonable expectations. It is generally accepted that people do not record conversations, however, you can diary the conversation and that *is* admissible as evidence (here in.au). However, it is *very* reasonable for digital communications to be stored in one form or another, anyonee participating in IM or IRC should reasonably expect for their words to be stored.
Also,
This gets interesting for a friend of mine who logs all messaging (email, IRC, IM) because of the field he works in. Such a precedent (no logging) would greatly complicate his life. People like stock-brokers (who may be accused of passing on insider knowledge) would be in the same boat.
My fave minimalist system is Over The Edge. It's got just enough dice in it to introduce the "shit happens" factor while still keeping the diceless feel. I also love the character design. I think a bit of chance is good for games, otherwise your character is not taking risks, but acting to the whim of the GM. For example, how does a GM decide that this is the time that a character screws up a slightly risky task they have done many times before?
For systemless convention games, I go with whatever feels right. Mostly I just use narrative, other times I'll toss a coin (random factors) or play paper-scissor-stone with them (challenges).
Some of us want to play the role of a master of fighting prowess. who puts evil abominations to the sword. Some of us are into kicking down doors and divying up the loot.
d20 is pitching itself as the.Net of roleplaying (so I suppose Gurps is Java?). I hear what you are saying, but I still think there are better systems for even that. I love Pendragon Pass (a mix of Runequest and Pendragon), it gives a good feel for hack-n-slash without bogging down in trivial detail. I want to smack someone in the face with a mace and not spend half an hour working out critical rolls. On the same token, I am interested in Flames or War because IMHO most wargames are written for trivia obsessed trainspotters. Remember that D & D was originally written by wargamers, and (I believe) that heritage still shows. Producing a game that's light on number-crunching doesn't mean you always end up with a game focussing on cathartic art-wanking.
One guy I worked with had to (on his first day) go down to the basement to find a desk. Already in the Pentium era, he was given a virus riddled 386. He submitted all work in long-hand for 2 weeks until management relented and gave him a reasonable PC.
Combine that with IM spam and it gets really ugly:
BiGrrl17: Hey s3xi! 1user: Wow, hi!
BiGrrl17: Are you dating anyone? 1user: Nah, are you really a chick?
BiGrrl17: Yes, I'm a girl. So would you like to meet up with me? 1user: Wow, sure...:o) ....
** TIME PASSES ** ....
BiGrrl17: It'll be a long night, have you thought about buying some *** Viagra ***? 1user: Viagra? Are you a bot????
BiGrrl17: Yeah, and I'll spam the log of this IRC to your loved ones if you don't cough up and buy some.;-p ...
I predict that by 2006 AIM, ICQ and IRC will be entirely comprised of smut bots trying to sell each other pr0nography.
Xix.
When to use distcc and ccache
on
Optimizing distcc
·
· Score: 2, Informative
I went to a talk about these two tools, and getting the most out of them depends (to an extent) on knowing the nature of your compile. For example, if you are working only only a small part of a project comprised of many objects, you will probably benefit from ccache more than from distcc (in that only those objects affected by your code changes are rebuilt).
On the same tack, the performance of distcc will (to an extent) depend on the nature of the compilation task used in the test (I am not familiar with kdelibs).
Last I heard, the Xaphian Language Institute was up in tentacles because MS weren't planning to offer a localization of Windows that supports the parallel recursive spiral text layout (which is equivalent of our left-to-right screen layout, but developed from clay orbs that are read by feel using seven tentacles).
That's because you are tracking the "stale" release, if you want this year's apps, you need to track the "flakey" release and if you want really cool stuff, you need to track the "oh_crap" release.
Here in.au, it is well worth hassling your local member (house of reps and senate). When you write to your local member, be sure to ask questions so thaat a reply letter needs to be written and sent. Letter writing is well worth while as it is used by members as a barometer of their electorate, I know this through several people who have worked in rep's offices.
Xix.
Incremental upgrades and enforcement
on
Gates on Spam
·
· Score: 1
It's not that bad.
Initially you convince as many domains as possible to adopt sender authentication on the proviso that authenticated email gets fast-tracked and more resources.
Provided there's enough incentive, domains eventually migrate and use of the old method would evntually be an anachronism. Remember Gopher?
If you got a significant number of ISPs to play (which I hope they would considering the headaches caused by spam), you could at least begin to block huge blocks of dial-up and ADSL source IPs, denying spammers resources.
Slashdot Mirror
Explains the limitations quite nicely.
Xix.
That bit of the article really got me. How many memory allocators do they need to debug or secure? How many exploits might be found by pretending to be SimCity or other applications and getting branched off to languid backwaters of code that don't get much ttention anymore?
Xix.
Xix.
I mean, an Aussie won Miss Universe that week! Who's going to devote column centimetres to a bunch of guys in a stuffy room? And if they'd given the negotiations a reality-TV format, maybe more people would have watched.
I saw a weekly news summary in today's paper, coverage of the Olympic Torch relay out-did nearly all other news items combined.
Xix.
Actually, secure colour printers would be great.
All I would need to do is type my credit card details into Photoshop and I could print as many (valid) Euro notes as I had funds available. Merchants could accept them with confidence since it's impossible to print notes without Adobe's permission.
You could even insert your own overlays and create your own denominations as long as they didn't screw up the watermark, "Why sure the 23 Euro note has a picture of Goatse on it..."
Xix.
When there's no firm plans, does it really matter what they say?
xix.
A friend had his iPAQ lifted from a fancy backpack whilst riding on a crowded bus. Mostly because all those external pockets are so easy to open up without being noticed (compared to rummaging through all the other junk in the typical back pack).
Because he had marked the iPAQ with his name and other distinguishing features, and because he took the time to visit a few pawn shops, he was able to get his iPAQ back and the guy who stole it even got busted for it.
Xix.
It insists on running as root and is vague about changes it makes to a bunch of stuff, and runs a horribly large Java installer that forked like crazy on my Debian test box (probaly because I didn't let it run as root). All I wanted was a couple of libraries, and didn't want to let it fsck^w modify my system. In the end I used Postgres instead because I didn't have time to pick apart their installer to get the bits I wanted.
:o)
I'm not going to swap from Debian to Red Hat for one part being developed for one application. OTOH, if I was rebuilding our main database, I'd probably try those pre-built and certified Red Hat servers.
Xix.
OK, you could tell the end users to find their own tools and just cope.
However, I work in a large organisation, and with a 98% spam ratio, the mail infrastructre would need to be much larger (and more expensive!) than it actually neeeds to be. Let alone the (*&&^$@# junk traffic and bounces caused by auto-responses to forged addresses. Plus we have a significant number of staff who are clueless who would be excluded from communicating effectively because they do not have the time or skills to learn how to train a spam filter. in such a situation, no-one could no-longer *rely* on email to contact/inform our staff, reducing its value as a tool.
Our email infrastructure already groans under the load each time another Outlook virus arrives.
The hay-stack of spam is probably just as disruptive as false scanner positives.
Xix.
Once upon a time, a friend of mine took ridiculous amounts of caffeine over a weekend. It is NOT fun, he started having heart palpitations. Don't fuck with you body for the fun of it.
I love drinking too much coffe, the dehydration issue is especially important in office building that are air-conditioned and dry you out even more. I keep a 1 litre water bottle on my desk and aim to drink it through the day (refilling at the water cooler), I prefer cool, but not chilled water. Having experimented, I find drinking water through the day finds me feeling more buzzed and alert at the end of the day (whether or not I drink coffee).
Xix.
So can we like point this at parts of Utah?
Xix.
Am I the only one to think of one of RMS's rants? Picture this:
After hearing from someone who helped build an *electronic* voting system, I do not support *online* voting. There are a few, really difficult to solve problems with online voting, the biggest of these is the secrecy of the ballot. How do you stop others (friends, spouse etc.) from checking on somone to "make sure they vote right"? As long as you cannot guarantee the physical security of the polling place (somoene's lounge room), you cannot guarantee the secrecy of the ballot. In the Russian elections, all sorts of city services (such as restaurant permits) were available if you "paid" in postal votes for Vladimir Putin, we'd be exposing ourselves to similar temptation for corruption.
As for electronic voting, I firmly believe that open electronic systems can be just as secure as paper systems. The benefits are that electronic votes are easier to count and less prone to qualitative interpretation (is the chad hanging or not?), but yeah, the primary benefit is cost. We don't need electronic voting, but it is more convenenient.
Xix.
Also, this is a motor registry. My guess is they want basic office automation and the ability to run their own software (you know, stonking huge database of cars, drivers, billing and such). AFAIK, it's not the sort of thing you buy at WalMart. With MacOS X, my guess is that they'll write so they can port to BSD/Linux/Solaris/whatever if needed. The Mac provides a nice, predictable hardware platform.
Xix.
...Is that you cannot make sure your users are careful.
You pretty much have to assume that black-hats are going to be able to runs escalation exploits and work accordingly. That or severely limit how users are allowed to interact with the machine (if they only need to access email or upload files, WTF should they be able to run anything else?).
But yeah, good passwords limit the opportunities.
Xix.
It most likely boils down to reasonable expectations. It is generally accepted that people do not record conversations, however, you can diary the conversation and that *is* admissible as evidence (here in .au). However, it is *very* reasonable for digital communications to be stored in one form or another, anyonee participating in IM or IRC should reasonably expect for their words to be stored.
Also,
This gets interesting for a friend of mine who logs all messaging (email, IRC, IM) because of the field he works in. Such a precedent (no logging) would greatly complicate his life. People like stock-brokers (who may be accused of passing on insider knowledge) would be in the same boat.
Xix.
My fave minimalist system is Over The Edge. It's got just enough dice in it to introduce the "shit happens" factor while still keeping the diceless feel. I also love the character design. I think a bit of chance is good for games, otherwise your character is not taking risks, but acting to the whim of the GM. For example, how does a GM decide that this is the time that a character screws up a slightly risky task they have done many times before?
For systemless convention games, I go with whatever feels right. Mostly I just use narrative, other times I'll toss a coin (random factors) or play paper-scissor-stone with them (challenges).
Xix.
Xix.
One guy I worked with had to (on his first day) go down to the basement to find a desk. Already in the Pentium era, he was given a virus riddled 386. He submitted all work in long-hand for 2 weeks until management relented and gave him a reasonable PC.
Xix.
BiGrrl17: Hey s3xi! :o)
....
.... ;-p
...
1user: Wow, hi!
BiGrrl17: Are you dating anyone?
1user: Nah, are you really a chick?
BiGrrl17: Yes, I'm a girl. So would you like to meet up with me?
1user: Wow, sure...
** TIME PASSES **
BiGrrl17: It'll be a long night, have you thought about buying some *** Viagra ***?
1user: Viagra? Are you a bot????
BiGrrl17: Yeah, and I'll spam the log of this IRC to your loved ones if you don't cough up and buy some.
I predict that by 2006 AIM, ICQ and IRC will be entirely comprised of smut bots trying to sell each other pr0nography.
Xix.
I went to a talk about these two tools, and getting the most out of them depends (to an extent) on knowing the nature of your compile. For example, if you are working only only a small part of a project comprised of many objects, you will probably benefit from ccache more than from distcc (in that only those objects affected by your code changes are rebuilt).
On the same tack, the performance of distcc will (to an extent) depend on the nature of the compilation task used in the test (I am not familiar with kdelibs).
Last I heard, the Xaphian Language Institute was up in tentacles because MS weren't planning to offer a localization of Windows that supports the parallel recursive spiral text layout (which is equivalent of our left-to-right screen layout, but developed from clay orbs that are read by feel using seven tentacles).
Xix.
That's because you are tracking the "stale" release, if you want this year's apps, you need to track the "flakey" release and if you want really cool stuff, you need to track the "oh_crap" release.
Xix.
Here in .au, it is well worth hassling your local member (house of reps and senate). When you write to your local member, be sure to ask questions so thaat a reply letter needs to be written and sent. Letter writing is well worth while as it is used by members as a barometer of their electorate, I know this through several people who have worked in rep's offices.
Xix.
It's not that bad.
Initially you convince as many domains as possible to adopt sender authentication on the proviso that authenticated email gets fast-tracked and more resources.
Provided there's enough incentive, domains eventually migrate and use of the old method would evntually be an anachronism. Remember Gopher?
If you got a significant number of ISPs to play (which I hope they would considering the headaches caused by spam), you could at least begin to block huge blocks of dial-up and ADSL source IPs, denying spammers resources.
Xix.