A lot of it is no more the fault of the design department that it would be if it turned out there was some major flaw in an intel chip used in the system.
If you source a component that doesn't meet the most basic of operational specs (eg "doesn't scratch discs under normal use"), its a design flaw.
If I design a car with a phonograph, you can't blame the car or the phonograph when it skips and scratches the vinyl all to hell.
People in the real world are using VMs as a substitute for more traditional physical security boundaries. If an exploit like this can allow you to VM hop (even if difficult), targeted attacks against PCI compliant institutions are not unlikely.
In just about every other business, the retail store ends up making 50% of their sale price which can go to operational expenses, etc. For book sales, it is only 40%.
40% retail markup is still very healthy. Compare this to grocery or electronics stores where the margin is more along the lines of 10-20%.
Best Buy wants you to buy a $50 Ethernet cable for a reason -- cables are one of their few high-margin items.
As a resident of the evergreen state, I'm stoked to see another one our intelligent, liberal, tech-friendly public servants appointed to a federal position:
(from the WP article in parent)
Locke would be the third resident of the Evergreen State named to the Obama administration, following deputy HUD secretary-nominee Ron Sims and Seattle City Police Chief Gil Kerlikowske who reportedly has been tapped to serve as "drug czar."
Locke is thoughtful, and having him in charge of the US's interest in IANA sounds like a good idea.
Kerlikowske has the potential to take some interesting decisions regarding marijuana prosecution as well.
Since Adobe seems to (incorrectly) think JavaScript inside PDFs is a great idea [...]
PDF files supporting Javascript isn't the problem. In this exploit, Javascript is used to get executable code in the stack, but isn't the crux of the problem. A buffer overflow in Adobe's image processing code is.
In what world does it make sense that an untrusted website can execute javascript, but an untrusted PDF can't? Javascript can actually be useful for PDFs: think forms where the contents of one field are added to the contents of another, and placed somewhere else in the document.
You think executable code in a document format is new? Take a look at postscript... (but sit down first)
Amen! Technical writers are key. My university required writing proficiency as part of the general requirements, so I ended up taking a technical writing class. It was weird at first (rhetoric? huh?), but ended up being a great experience. I feel like I already have a leg up on everyone else I work with.
My boss barely even notices when I flatten our LAN infrastructure ("you played with the switches, k"), but when I quickly crank out a lucid incident report the compliments flow. It might as well be magic.
Technical writers are also good at writing many other things in a business environment. For example, website content. We can't even get Standard capitalization around Here.
Many pthalates are antiandrogenic. It's not an impossible task to come up with a replacement that doesn't have this effect in vivo.
Care to provide names of chemicals, and/or sources? It's hard to believe you otherwise, especially when you use weasel phrases like "can be more harmful."
Pthalates are not exactly well-studied either, at least not for human effects. This isn't a case where perfect is the enemy of good, and we're throwing out a decent substance entirely... Personally, I'd much rather give my children toys that don't contain PVC at all. It's not a big deal to avoid this issue.
Sooo the court is saying that putting Mercury (used as a preservative), a known toxin, into vaccines, didn't cause autism?
Mercury isn't used as a preservative. Thiomersal, a mercury containing compound, sometimes is. This isn't a moot point, compare ethylmercury with dimethylmercury if you don't believe me.
Human metabolism is a strange and beautiful thing.
Just recently a bill was passed to stop a chemical from being put into children's toys, however there is no evidence that it is actually harmful in that amount. And is being replaced with new chemicals that could be just as bad, if not worse.
You're probably talking about pthalates, a common plasticizer. Their ban was enacted just two days ago. (Feb 10th)
You can't exactly buy a few dozen infants well-controlled LD50 testing, let alone long-term developmental monitoring. Welcome to science.
Hurray for progress! I feel a much stronger bond to infants than I do to a plastic formulation, so this seems like progress to me. That being said, you can rip my BPA containing Nalgene out of my cold dead fingers.
When you think of cells in a network, don't picture the towers in the middle of a cell because they're not. Rather, picture triangles with the cell towers on the corners, transmitting inwards. (Three antenna arrays per tower, one per cell.) This is a simplification, but it illustrates the general principle. Next time you see a tower, take a look at the top, and you'll probably see the antennas spaced at 120 degree angles. This is why.
In this configuration, if you want to add capacity, you throw a tower in the middle of an existing cell, drop power, and make a bunch of of smaller cells.
From the phone to the tower, that is correct. However, once your carrier receives the text, it is routed entirely differently.
From what I heard, the reason texts were delayed for so long has nothing to do with the control channel being full, but rather the total text volume being switched between carriers.
i.e., the text isn't stuck on your mobile phone, it's stuck in a message queue in a datacenter somewhere.
Uh, like what? And please don't say Video Toaster.
Actually, I'm gonna have to say Video Toaster.
The last time I saw an Amiga in production usage was 2002, it was running Video Toaster for live production CG -- broadcast graphics, titles, etc.
I scratched my head, but I was told that it was one of the only cost-effective products out there for low-budget productions. The few hardware CGs I used at the time I found to be extremely confining, and I ended up liking Video Toaster more.
I take it you've never resubnetted a network before. I've done a/19 and a/18, and it's no fun.
You really think that those who have a/8 conserved space from the beginning? I doubt most even have their devices confined to a/9, let alone easy-to-reclaim blocks which fall on CIDR boundaries.
I'd give the beginners using Ubuntu a break. They're overwhelming sometimes, but the community growing is a good thing. I'm sure someone I've introduced to Linux has needed online help (badly!), but another friend I introduced to Linux really dug in and we're now both better developers because of it. You just don't know.
I've worked with graphite before in a lab (we used it as a substrate for STM.
Using scotch tape to pull up layers of graphite must be a common technique: we used it too. There are many kinds of graphite. Using crystalline graphite (found in nature), you could use the tape to pull up a nice thin layer.
Being around improvised solutions using common materials was one of my favorite things about lab work.
There are a few differences between ATMs and voting machines. First of all, ATMs are used daily, and if there was a bug in an ATM, it would be caught very quickly.
If there's a bug in an ATM, it's caught quickly because there is a second set of accounting in place, not because ATMs are coded to some ridiculous higher standard.
For example, I've worked at a financial institution before. Some regular network maintenance interrupted the connection between our ATM network and our core host. A customer was using an ATM at the time, and made a deposit. Their receipt showed the deposit, but the funds never appeared in their account. Seems like a basic design problem -- the transaction mechanism between the ATM, the network, and the host (which clears the funds) is clearly not atomic.
Were this a voting machine and a mistake like this happened, who would really know? In the case of a bank and an ATM, the money and ledger balances are all accounted for, and mistakes are easily found because something won't balance.
Slashdot Mirror
If you source a component that doesn't meet the most basic of operational specs (eg "doesn't scratch discs under normal use"), its a design flaw.
If I design a car with a phonograph, you can't blame the car or the phonograph when it skips and scratches the vinyl all to hell.
If this is true with this exploit (as I assume it is), this is a big deal.
VMWare is currently of the opinion that it is an OK practice to collapse security zones (eg DMZ/App/DB servers) onto the same physical host.
Even their documents on PCI compliance with virtualization doesn't say this is a bad idea.
People in the real world are using VMs as a substitute for more traditional physical security boundaries. If an exploit like this can allow you to VM hop (even if difficult), targeted attacks against PCI compliant institutions are not unlikely.
Anyone really want another Hearland?
Indeed. Its ISO 8601 to be specific.
It's nice to find out that a personal quirk of mine is also an ISO standard.
*Sigh* This isn't true. Some versions of the exploit used Javascript for the heap spray, but Javascript isn't required at all to exploit this issue.
40% retail markup is still very healthy. Compare this to grocery or electronics stores where the margin is more along the lines of 10-20%.
Best Buy wants you to buy a $50 Ethernet cable for a reason -- cables are one of their few high-margin items.
As a resident of the evergreen state, I'm stoked to see another one our intelligent, liberal, tech-friendly public servants appointed to a federal position:
(from the WP article in parent)
Locke is thoughtful, and having him in charge of the US's interest in IANA sounds like a good idea.
Kerlikowske has the potential to take some interesting decisions regarding marijuana prosecution as well.
Yup! "Welcome to rogers" is cute, unless you're standing on the Semiahmoo spit across from White Rock.
Pretty silly problem.
PDF files supporting Javascript isn't the problem. In this exploit, Javascript is used to get executable code in the stack, but isn't the crux of the problem. A buffer overflow in Adobe's image processing code is.
In what world does it make sense that an untrusted website can execute javascript, but an untrusted PDF can't? Javascript can actually be useful for PDFs: think forms where the contents of one field are added to the contents of another, and placed somewhere else in the document.
You think executable code in a document format is new? Take a look at postscript ... (but sit down first)
Just because daddy's rich, doesn't mean you get a pony.
Hulu has been putting up a good fight to get the content they want. They are indeed trying to teach the studios.
How many business units does your mom's basement have? ;)
Amen! Technical writers are key. My university required writing proficiency as part of the general requirements, so I ended up taking a technical writing class. It was weird at first (rhetoric? huh?), but ended up being a great experience. I feel like I already have a leg up on everyone else I work with.
My boss barely even notices when I flatten our LAN infrastructure ("you played with the switches, k"), but when I quickly crank out a lucid incident report the compliments flow. It might as well be magic.
Technical writers are also good at writing many other things in a business environment. For example, website content. We can't even get Standard capitalization around Here.
Many pthalates are antiandrogenic. It's not an impossible task to come up with a replacement that doesn't have this effect in vivo.
Care to provide names of chemicals, and/or sources? It's hard to believe you otherwise, especially when you use weasel phrases like "can be more harmful."
Pthalates are not exactly well-studied either, at least not for human effects. This isn't a case where perfect is the enemy of good, and we're throwing out a decent substance entirely... Personally, I'd much rather give my children toys that don't contain PVC at all. It's not a big deal to avoid this issue.
Mercury isn't used as a preservative. Thiomersal, a mercury containing compound, sometimes is. This isn't a moot point, compare ethylmercury with dimethylmercury if you don't believe me.
Human metabolism is a strange and beautiful thing.
You're probably talking about pthalates, a common plasticizer. Their ban was enacted just two days ago. (Feb 10th)
There are compelling arguments for their ban from infant toys.
You can't exactly buy a few dozen infants well-controlled LD50 testing, let alone long-term developmental monitoring. Welcome to science.
Hurray for progress! I feel a much stronger bond to infants than I do to a plastic formulation, so this seems like progress to me. That being said, you can rip my BPA containing Nalgene out of my cold dead fingers.
Parent is entirely right.
When you think of cells in a network, don't picture the towers in the middle of a cell because they're not. Rather, picture triangles with the cell towers on the corners, transmitting inwards. (Three antenna arrays per tower, one per cell.) This is a simplification, but it illustrates the general principle. Next time you see a tower, take a look at the top, and you'll probably see the antennas spaced at 120 degree angles. This is why.
In this configuration, if you want to add capacity, you throw a tower in the middle of an existing cell, drop power, and make a bunch of of smaller cells.
From the phone to the tower, that is correct. However, once your carrier receives the text, it is routed entirely differently.
From what I heard, the reason texts were delayed for so long has nothing to do with the control channel being full, but rather the total text volume being switched between carriers.
i.e., the text isn't stuck on your mobile phone, it's stuck in a message queue in a datacenter somewhere.
Not really, especially for many newspapers. It's a matter of house style.
That's rad, thanks for the tip. I never thought of doing it that way.
Makes me wonder if browsers will use favicons in a more prominent way in the future. A SVG favicon could scale up into all sorts of UI elements.
Uh, like what? And please don't say Video Toaster.
Actually, I'm gonna have to say Video Toaster.
The last time I saw an Amiga in production usage was 2002, it was running Video Toaster for live production CG -- broadcast graphics, titles, etc.
I scratched my head, but I was told that it was one of the only cost-effective products out there for low-budget productions. The few hardware CGs I used at the time I found to be extremely confining, and I ended up liking Video Toaster more.
Forget Doctors, even designers and typographers care about inaccuracies in popular media.
Check out this article about anachronistic fonts in movies.
People are weird: we seem to care about just about everything.
I take it you've never resubnetted a network before. I've done a /19 and a /18, and it's no fun.
You really think that those who have a /8 conserved space from the beginning? I doubt most even have their devices confined to a /9, let alone easy-to-reclaim blocks which fall on CIDR boundaries.
To the contrary, the existance of submarine taps are very well established.
OpenBSD doesn't use ipchains -- it uses pf, which many people -- myself included -- like a lot. OpenBSD is secure and easy to get routing.
The end result is the same, but pf can be easily adapted to many tricks like this, automatically blocking SSH bruteforcing.
I'd give the beginners using Ubuntu a break. They're overwhelming sometimes, but the community growing is a good thing. I'm sure someone I've introduced to Linux has needed online help (badly!), but another friend I introduced to Linux really dug in and we're now both better developers because of it. You just don't know.
I've worked with graphite before in a lab (we used it as a substrate for STM.
Using scotch tape to pull up layers of graphite must be a common technique: we used it too. There are many kinds of graphite. Using crystalline graphite (found in nature), you could use the tape to pull up a nice thin layer.
Being around improvised solutions using common materials was one of my favorite things about lab work.
If there's a bug in an ATM, it's caught quickly because there is a second set of accounting in place, not because ATMs are coded to some ridiculous higher standard.
For example, I've worked at a financial institution before. Some regular network maintenance interrupted the connection between our ATM network and our core host. A customer was using an ATM at the time, and made a deposit. Their receipt showed the deposit, but the funds never appeared in their account. Seems like a basic design problem -- the transaction mechanism between the ATM, the network, and the host (which clears the funds) is clearly not atomic.
Were this a voting machine and a mistake like this happened, who would really know? In the case of a bank and an ATM, the money and ledger balances are all accounted for, and mistakes are easily found because something won't balance.