Doesn't change the fact that they didn't have the first patch (as claimed).
Furthermore this is an extremely widely publicised zero-day exploit. Everyone got "told" at the same damn time - unless you somehow believe that the black hats quietly told MS first before they put their exploits out (yeah right).
This time (for whatever reason) the open source world took longer to get things fixed. The consequence was likely minimal because the attacks won't have been designed for a Wine / Linux environment - but that in itself should be a wakeup call. Open source was less vulnerable to this attack simply because it is less popular, and not because of any speed of response advantage in the development process.
Official, tested, binary patch for Windows released on 5th Jan. Unofficial & leaked-official patches were out even before that.
WINE was patched in CVS on the 6th.
Checking in a change to source is a long way off a tested patch release, as demonstrated by Crossover Office releasing the fix on the 10th.
My belief is that Open Source is usually patched quicker - but not this time. One suspects that at least some of the "many eyes" normally on the code were too busy laughing and pointing at MS to check if they too had been caught with trousers down.
Thing about this news is that it allegedly shows that performance when just-woken-up is _worse_ than when sleep deprived.
Which means that the doc who hasn't slept for 24 hours may actually be a better bet than the one who just got woken up to see you. Also means that the practice of being "on call" from asleep is a really bad idea (and that you shouldn't let them grab a couple of hours extra sleep on a slow shift).
That is why this is interesting (sleep deprivation generally affecting performance is nothing new).
PSP has no colour management (it can actually silently screw up anything non sRGB)
PSP can't do >8bit per channel
For serious work those are frequently show stoppers. Those are just the first two limits I ran into.
"Is PhotoShop a magnitude better ?"
This is like saying "is [high end DSLR] a magnitude better than [cheap compact]" - the answer is that it all depends what you are trying to do. If you only care about megapixels, buy the compact and get similar res for a fraction of the price. If you don't _need_ the features of the DSLR, why pay for them - but if you do, then don't buy something that is lacking.
PSP is cheap, easy to learn and great for simpler image editing. If you don't need more, then don't waste your money on PhotoShop - it won't be a magnitude better for you.
On the other hand, if you need to go beyond its limits, you don't waste your time with PSP.
I have temporarily removed PSP from machines before now when doing image work - because it was too tempting to use it to make a quick edit on an image, forgetting that it will screw up the colours (when the images are 300M+, you don't make lots of copies to go back to either).
Not sure where you get your figures but I think a 777 freighter is acutally well over 20,000cu ft cargo volume, and is a long way off the biggest cargo aircraft.
The A300-600ST is close to 50,000cu ft, the AN-225 is, I think, a bit smaller on volume, but can take a lot more weight.
So, 90,000 doesn't sound too far fetched. In fact it doesn't sound like that big a revolution at all - especially as it will be a lot slower. Only way it may score is if it turns out to be a _lot_ cheaper.
How about driving a car with headlights flashing a recognizable pattern down the area highways...wouldn't this be definitive proof if it seen as a flashing Marfa light?
Maybe the cops wouldn't like that on a moving vehicle, but if you parked and did it, and talked to your observers at the same time to coordinate...
Or maybe you could just save yourself the trouble by RTFA.
Why bother to go to all the hassle of rigging gps devices when you can just steal a car. Change vehicles a couple of times in a busy car park [one in a nice steel framed building might be good if you suspect gps...] and the cops are way off the scent.
No criminal with any sense blows up a bank and drives off in their own car - even now (gps or not).
Just because your network was set up insecurely doesn't mean that X is insecure.
So how should it have been done securely ? (multi-user unix workstations used from various XTerminals, late 80s). I still say you couldn't do it secure back then.
So Windows, in theory, is 'more secure' there, only if by 'more secure' you mean 'less able to have connectivity'.
X was designed to have the connectivity, windows wasn't. The issue is whether or not each system was designed to do what they were designed to do securely or not (neither was).
If your plane has a flawed wing design, you can't claim it is a safer design than a train on the basis that it doesn't crash if you stay on the ground (like the train does). The plane is designed to fly, if it can't do so safely it is an unsafe design.
This icon runs as a normal user, and it communicates with the virus scanner by means of message passing with the superuser background process.
And it either does that securely or it doesn't - secure and insecure mechanisms are available whether you are on Windows or Unix.
It is also (from history) clear that a badly written superuser background process reading messages from untrusted sources can give privs to attackers - whether you are on Windows or Unix.
A properly written _privileged_ _background_ process would never make GUI calls - regardless of GUI system, and nor would it keep those privs whilst reading messages from unknown/untrusted sources.
Unless perhaps it _was_ the GUI, and for some reason needed superuser privs to put pixels on the screen... and was written as one big monolithic thing with no priviledge separation... and needed to handle messages from unknown/untrusted sources... - but no one would do that in a secure design, would they ?
Nope, the memories may be slightly faded (after all, we are talking almost two decades) but confused they aren't. Just about every fun Unix security crack I recall from those days involved X. Kill another user's process ? Log their keypresses ? Snarf their password ? Popup porn on their screen ? etc. etc. - all the usual student fun. Every time the (easiest) route was X.
Yes, if you're running X over a network by itself, you are completely insecure. You are also completely fucking stupid. The way to run X is to have it listen on localhost and use ssh tunneling.
X was over decade old by the time ssh appeared. Of course we bloody ran it "over the network by itself" - that was the only choice, and it was what X was designed to do. Insecurely.
You claim both that X is "better designed, security-wise" and later that it is "completely insecure" unless you use it in conjunction with something that was only designed a decade later.
Sounds confused to me. To me, the fact that (even you admit) you need to bolt on a (more recent) tunnel to make X secure, is clear proof that X was NOT designed secure in the first place.
I really wish I knew if you intended it to be funny (probably went over the heads of most of the audience), or if you just don't have a clue about how X security actually _was_ (or rather wasn't) "designed".
[ for those that still don't get it - man xhost, and remember it was written for a multi-user environment (back then almost no one had their "own" unix box). "xauth" was of course a later security retrofit, and the fact that it uses something called "MIT-MAGIC-COOKIE" should give you a clue how securely it was designed, even before you figure out that it sends the shared secret over the network in clear ]
Right now, in Windows, [...] That is impossible in X.
so you can minimize another window. uh huh.
man xkill
much more fun.
That is the real security in X... same as nuclear deterrent - security by mutually assured destruction.
So yes, the linux admins had a hard job to do, but for the sake of being fair, the Windows admins didn't have a hard job, so that alone is biased.
It might be biased if you were comparing admin skills, or even the skills required for common admin operations, - but that isn't the point here.
The fact that the windows admins had an easier job of meeting the same business requirements is the conclusion, not the setup.
Change the business requirements for the test, and quite probably you'll get a different result - but for these particular requirements, windows was easier. MS would have us believe that this means that windows admins typically have an easier job [=lower admin costs], but the study doesn't show that. The author repeatedly points out that you should study your own situation and your own business requirements.
Where is this that has such stone-age on-demand heaters?
places without gas supply (see article summary)
Gas on-demand heaters have been able to cope with a pretty good range of flow rates for years.
as article summary also says. this is supposed to be an improved _electrical_ option for places that don't have gas.
Re:Closures don't make a member private
on
Ajax in Action
·
· Score: 1
Simple.
You can access any local variable in scope inside the constructor from the private method - arguably this should include "this" but it doesn't - so convention is to just assign the instance to a private variable (self).
Alternatively if you don't need to access "public" variables / methods from the "private" method, you don't need to do this, so just make datamember private in your example. Any "public" methods declared in the constructor can access any "private" members.
Private members are also perfectly possible using closures.
The fact that a lot of people don't understand how, doesn't mean the language has no way to do it.
Javascript is not C(++) or java. Unfortunately (perhaps) it looks similar enough that a lot of people never go beyond the bits that do look like C/Java.
Unfortunately once you add in other facts, Occam becomes a little tougher because you have to add far more assumptions:
1. the tests have been checked and re-checked (as part of litigation from the subject) and concluded that both sets of tests were accurate (and hence the clinic has no case to answer). You have to assume _all_ the tests/retests were faulty the same way, or a medical establishment conspiracy / cover-up.
2. since the first positive, the subject claims to have been having unprotected sex with his positive partner. So now you also have to assume that he is either really lucky, or he is lying also (part of the above conspiracy?)
Personally I think the simplest theory is that this guy's immune system can kick out the virus.
It is perfectly clear. He declined the offer of retests from the same place that did his first tests.
How do you extend that to mean that he is unwilling to help?
Maybe he is willing to help, but doesn't want to go back to the same set of doctors/labs who messed up (possibly) in the first place ?
He is/has also apparently tried to claim compensation for the test issue. Clearly there is potential for conflict of interest if he goes back to the same clinic - quite possibly he has been advised not to by his lawyer. I'm slightly suprised that (for the same reason) the same doctors would want to be further involved with the case if there was a compensation claim pending.
The fact that it hooks the system and cloaks itself etc. is "bad", but the real problem is that it does it _badly_:
* it allows unloading in a way that can cause BSOD (multi-thread naive) * it implements a crappy indiscriminate cloaking mechanism which other malware can misuse * it can't be cleanly uninstalled (breaking the system) - because it is badly implemented * it uses a chunk of your CPU time continuously - because it is badly implemented
and probably some more I've forgotten.
These are _all_ _engineering_ failures.
I would agree that there are arguably legal/marketing/ethical failures too - but the fact is that there _are_ _serious_ technical flaws in this DRM and that is what makes it dangerous malware rather than just really annoying DRM.
Regular people would have trouble defending things like rape fantasy and pedophilia, but the ACLU has no such qualms.
Regular people further up this thread are claiming the US has the moral high ground because it defends Nazis where France bans them. Tough choice - you want to be raped or gassed ?
Intelligent people (thankfully there do seem to be some still left in the USA) understand the difference between defending an expression and defending the right of someone else to express it.
Defending rights means defending them for those you despise as well as those you agree with. Sooner or later your rights will be under attack and people will disagree with you, but will anyone defend you ?
I support the right of both Nazis and child abusers to do and write what they want on computers / websites / other media. Because I am like them ? Because I like them ? No. Because maybe I'll need the ACLU in the future when People for Ethical Treatment of Aliens (or something) are coming after me for countless hours of my youth spent brutally killing fantasy computer-simulated aliens.
You seem to be missing some qualifiers (or I missed a sarcasm tag):
The currect (US led) system has 0 political control of domains. The US government doesn't tell ICANN to remove a root DNS entry if they have a problem.
Qualifier: Provided they agree with them. [google: bush blocks domain]
The find the server and seize it according to the law.
Qualifier: Provided they agree with them.
Otherwise, they say it is according to the law. They also say you are not allowed to know which law or why, and whilst you may challenge that in the relevant court, you are not allowed to know which the relevant court is. [ rackspace, indymedia ]
If it is overseas, they work with the local government.
Qualifier: Provided they agree with them.
Otherwise they just apply US law abroad regardless of local law. [ eg. DMCA - if not subject to US law, you can't object to a takedown ].
US law states "If you are not for us, you are a terrorist, and we all agree terrorists have no rights".
Now prove me wrong without breaching national security [ Gilmore vs. Ashcroft ]
Note that I'm not saying anywhere else is any better - but holding up the USA as better than everywhere just doesn't stack up these days.
So it's clearly a really hard to find secret MS black project that you couldn't possibly expect anyone who's read an IT news site in the past couple of months to have heard of...
The point of this article is that latest finds are bones of other individuals with similar characteristics.
So it isn't "a person", it is maybe several people _all_ suffering from microencephaly, all died / buried in the same place, without any normal homo sapiens remains.
Could be a primitive society with a history of the disease and a special burial place exclusively for those afflicted - but we're having to stretch the theory rather a lot to explain this...
Slashdot Mirror
Perhaps because they were told about it later?
Doesn't change the fact that they didn't have the first patch (as claimed).
Furthermore this is an extremely widely publicised zero-day exploit. Everyone got "told" at the same damn time - unless you somehow believe that the black hats quietly told MS first before they put their exploits out (yeah right).
This time (for whatever reason) the open source world took longer to get things fixed. The consequence was likely minimal because the attacks won't have been designed for a Wine / Linux environment - but that in itself should be a wakeup call. Open source was less vulnerable to this attack simply because it is less popular, and not because of any speed of response advantage in the development process.
You have some wierd definition of "before".
Official, tested, binary patch for Windows released on 5th Jan. Unofficial & leaked-official patches were out even before that.
WINE was patched in CVS on the 6th.
Checking in a change to source is a long way off a tested patch release, as demonstrated by Crossover Office releasing the fix on the 10th.
My belief is that Open Source is usually patched quicker - but not this time. One suspects that at least some of the "many eyes" normally on the code were too busy laughing and pointing at MS to check if they too had been caught with trousers down.
Thing about this news is that it allegedly shows that performance when just-woken-up is _worse_ than when sleep deprived.
Which means that the doc who hasn't slept for 24 hours may actually be a better bet than the one who just got woken up to see you. Also means that the practice of being "on call" from asleep is a really bad idea (and that you shouldn't let them grab a couple of hours extra sleep on a slow shift).
That is why this is interesting (sleep deprivation generally affecting performance is nothing new).
At least as of last time I looked:
PSP has no colour management (it can actually silently screw up anything non sRGB)
PSP can't do >8bit per channel
For serious work those are frequently show stoppers. Those are just the first two limits I ran into.
"Is PhotoShop a magnitude better ?"
This is like saying "is [high end DSLR] a magnitude better than [cheap compact]" - the answer is that it all depends what you are trying to do. If you only care about megapixels, buy the compact and get similar res for a fraction of the price. If you don't _need_ the features of the DSLR, why pay for them - but if you do, then don't buy something that is lacking.
PSP is cheap, easy to learn and great for simpler image editing. If you don't need more, then don't waste your money on PhotoShop - it won't be a magnitude better for you.
On the other hand, if you need to go beyond its limits, you don't waste your time with PSP.
I have temporarily removed PSP from machines before now when doing image work - because it was too tempting to use it to make a quick edit on an image, forgetting that it will screw up the colours (when the images are 300M+, you don't make lots of copies to go back to either).
Not sure where you get your figures but I think a 777 freighter is acutally well over 20,000cu ft cargo volume, and is a long way off the biggest cargo aircraft.
The A300-600ST is close to 50,000cu ft, the AN-225 is, I think, a bit smaller on volume, but can take a lot more weight.
So, 90,000 doesn't sound too far fetched. In fact it doesn't sound like that big a revolution at all - especially as it will be a lot slower. Only way it may score is if it turns out to be a _lot_ cheaper.
How about driving a car with headlights flashing a recognizable pattern down the area highways...wouldn't this be definitive proof if it seen as a flashing Marfa light?
Maybe the cops wouldn't like that on a moving vehicle, but if you parked and did it, and talked to your observers at the same time to coordinate...
Or maybe you could just save yourself the trouble by RTFA.
Why bother to go to all the hassle of rigging gps devices when you can just steal a car. Change vehicles a couple of times in a busy car park [one in a nice steel framed building might be good if you suspect gps...] and the cops are way off the scent.
No criminal with any sense blows up a bank and drives off in their own car - even now (gps or not).
Just because your network was set up insecurely doesn't mean that X is insecure.
So how should it have been done securely ? (multi-user unix workstations used from various XTerminals, late 80s). I still say you couldn't do it secure back then.
So Windows, in theory, is 'more secure' there, only if by 'more secure' you mean 'less able to have connectivity'.
X was designed to have the connectivity, windows wasn't. The issue is whether or not each system was designed to do what they were designed to do securely or not (neither was).
If your plane has a flawed wing design, you can't claim it is a safer design than a train on the basis that it doesn't crash if you stay on the ground (like the train does). The plane is designed to fly, if it can't do so safely it is an unsafe design.
This icon runs as a normal user, and it communicates with the virus scanner by means of message passing with the superuser background process.
And it either does that securely or it doesn't - secure and insecure mechanisms are available whether you are on Windows or Unix.
It is also (from history) clear that a badly written superuser background process reading messages from untrusted sources can give privs to attackers - whether you are on Windows or Unix.
A properly written _privileged_ _background_ process would never make GUI calls - regardless of GUI system, and nor would it keep those privs whilst reading messages from unknown/untrusted sources.
Unless perhaps it _was_ the GUI, and for some reason needed superuser privs to put pixels on the screen... and was written as one big monolithic thing with no priviledge separation... and needed to handle messages from unknown/untrusted sources... - but no one would do that in a secure design, would they ?
You seemed confused.
Nope, the memories may be slightly faded (after all, we are talking almost two decades) but confused they aren't. Just about every fun Unix security crack I recall from those days involved X. Kill another user's process ? Log their keypresses ? Snarf their password ? Popup porn on their screen ? etc. etc. - all the usual student fun. Every time the (easiest) route was X.
Yes, if you're running X over a network by itself, you are completely insecure. You are also completely fucking stupid. The way to run X is to have it listen on localhost and use ssh tunneling.
X was over decade old by the time ssh appeared. Of course we bloody ran it "over the network by itself" - that was the only choice, and it was what X was designed to do. Insecurely.
You claim both that X is "better designed, security-wise" and later that it is "completely insecure" unless you use it in conjunction with something that was only designed a decade later.
Sounds confused to me. To me, the fact that (even you admit) you need to bolt on a (more recent) tunnel to make X secure, is clear proof that X was NOT designed secure in the first place.
And X is rather better designed, security-wise
ROFL.
best laugh I've had this week.
I really wish I knew if you intended it to be funny (probably went over the heads of most of the audience), or if you just don't have a clue about how X security actually _was_ (or rather wasn't) "designed".
[ for those that still don't get it - man xhost, and remember it was written for a multi-user environment (back then almost no one had their "own" unix box). "xauth" was of course a later security retrofit, and the fact that it uses something called "MIT-MAGIC-COOKIE" should give you a clue how securely it was designed, even before you figure out that it sends the shared secret over the network in clear ]
Right now, in Windows, [...] That is impossible in X.
so you can minimize another window. uh huh.
man xkill
much more fun.
That is the real security in X... same as nuclear deterrent - security by mutually assured destruction.
So yes, the linux admins had a hard job to do, but for the sake of being fair, the Windows admins didn't have a hard job, so that alone is biased.
It might be biased if you were comparing admin skills, or even the skills required for common admin operations, - but that isn't the point here.
The fact that the windows admins had an easier job of meeting the same business requirements is the conclusion, not the setup.
Change the business requirements for the test, and quite probably you'll get a different result - but for these particular requirements, windows was easier. MS would have us believe that this means that windows admins typically have an easier job [=lower admin costs], but the study doesn't show that. The author repeatedly points out that you should study your own situation and your own business requirements.
Where is this that has such stone-age on-demand heaters?
places without gas supply (see article summary)
Gas on-demand heaters have been able to cope with a pretty good range of flow rates for years.
as article summary also says. this is supposed to be an improved _electrical_ option for places that don't have gas.
You can access any local variable in scope inside the constructor from the private method - arguably this should include "this" but it doesn't - so convention is to just assign the instance to a private variable (self).Alternatively if you don't need to access "public" variables / methods from the "private" method, you don't need to do this, so just make datamember private in your example. Any "public" methods declared in the constructor can access any "private" members.
Private members are also perfectly possible using closures.
The fact that a lot of people don't understand how, doesn't mean the language has no way to do it.
Javascript is not C(++) or java. Unfortunately (perhaps) it looks similar enough that a lot of people never go beyond the bits that do look like C/Java.
Not an urban legend - drinking large amounts of water can indeed be fatal.
Hyponatremia is probably the effect you were thinking of - but excess water can cause other serious problems also.
Links here and here
In that case the old inefficient systems would still be running, using power, hence no environmental gain.
The only way to get the claimed environmental gain would be if the old systems were never used again - which then does raise the landfill etc. issues
Unfortunately once you add in other facts, Occam becomes a little tougher because you have to add far more assumptions:
1. the tests have been checked and re-checked (as part of litigation from the subject) and concluded that both sets of tests were accurate (and hence the clinic has no case to answer). You have to assume _all_ the tests/retests were faulty the same way, or a medical establishment conspiracy / cover-up.
2. since the first positive, the subject claims to have been having unprotected sex with his positive partner. So now you also have to assume that he is either really lucky, or he is lying also (part of the above conspiracy?)
Personally I think the simplest theory is that this guy's immune system can kick out the virus.
It is perfectly clear. He declined the offer of retests from the same place that did his first tests.
How do you extend that to mean that he is unwilling to help?
Maybe he is willing to help, but doesn't want to go back to the same set of doctors/labs who messed up (possibly) in the first place ?
He is/has also apparently tried to claim compensation for the test issue. Clearly there is potential for conflict of interest if he goes back to the same clinic - quite possibly he has been advised not to by his lawyer. I'm slightly suprised that (for the same reason) the same doctors would want to be further involved with the case if there was a compensation claim pending.
Wrong.
The fact that it hooks the system and cloaks itself etc. is "bad", but the real problem is that it does it _badly_:
* it allows unloading in a way that can cause BSOD (multi-thread naive)
* it implements a crappy indiscriminate cloaking mechanism which other malware can misuse
* it can't be cleanly uninstalled (breaking the system) - because it is badly implemented
* it uses a chunk of your CPU time continuously - because it is badly implemented
and probably some more I've forgotten.
These are _all_ _engineering_ failures.
I would agree that there are arguably legal/marketing/ethical failures too - but the fact is that there _are_ _serious_ technical flaws in this DRM and that is what makes it dangerous malware rather than just really annoying DRM.
Regular people would have trouble defending things like rape fantasy and pedophilia, but the ACLU has no such qualms.
Regular people further up this thread are claiming the US has the moral high ground because it defends Nazis where France bans them. Tough choice - you want to be raped or gassed ?
Intelligent people (thankfully there do seem to be some still left in the USA) understand the difference between defending an expression and defending the right of someone else to express it.
Defending rights means defending them for those you despise as well as those you agree with. Sooner or later your rights will be under attack and people will disagree with you, but will anyone defend you ?
I support the right of both Nazis and child abusers to do and write what they want on computers / websites / other media. Because I am like them ? Because I like them ? No. Because maybe I'll need the ACLU in the future when People for Ethical Treatment of Aliens (or something) are coming after me for countless hours of my youth spent brutally killing fantasy computer-simulated aliens.
You seem to be missing some qualifiers (or I missed a sarcasm tag):
The currect (US led) system has 0 political control of domains. The US government doesn't tell ICANN to remove a root DNS entry if they have a problem.
Qualifier: Provided they agree with them. [google: bush blocks domain]
The find the server and seize it according to the law.
Qualifier: Provided they agree with them.
Otherwise, they say it is according to the law. They also say you are not allowed to know which law or why, and whilst you may challenge that in the relevant court, you are not allowed to know which the relevant court is. [ rackspace, indymedia ]
If it is overseas, they work with the local government.
Qualifier: Provided they agree with them.
Otherwise they just apply US law abroad regardless of local law. [ eg. DMCA - if not subject to US law, you can't object to a takedown ].
US law states "If you are not for us, you are a terrorist, and we all agree terrorists have no rights".
Now prove me wrong without breaching national security [ Gilmore vs. Ashcroft ]
Note that I'm not saying anywhere else is any better - but holding up the USA as better than everywhere just doesn't stack up these days.
What is PDC?
It is the third link if you google pdc or the first link if you google pdc and microsoft.
So it's clearly a really hard to find secret MS black project that you couldn't possibly expect anyone who's read an IT news site in the past couple of months to have heard of...
Transperencey and tabbed browsing is just a part of the GUI and could be included in XP just like that.
Sorry, MS got there with the implementation before your idea. Google WinFX.
The point of this article is that latest finds are bones of other individuals with similar characteristics.
So it isn't "a person", it is maybe several people _all_ suffering from microencephaly, all died / buried in the same place, without any normal homo sapiens remains.
Could be a primitive society with a history of the disease and a special burial place exclusively for those afflicted - but we're having to stretch the theory rather a lot to explain this...
you don't need the real details for the movie - what kind of cash / computer / car / house is determined by the product placement contracts.