Personally, I like nothing better than to get code which demonstrates and exploit, and see if the architecture I have put in place is designed well enough to stop attackers, or at least properly minimize the risk to my servers.
But the exploit could be combined with others so that it would breach your defences. So knowing that you're immune to the published exploit may give you a false sense of security.
I see publication of exploits as useful only when the vendor makes the 'purely theoretical' claim and refuses to patch a bug. Even then, the exploit should be sent to the vendor first.
SourceSafe and SubVersion create branches as separate paths within the repository, whereas CVS creates branches in revision histories under the same path.
Security fixes are back-ported to the old versions, where necessary. 'stable' can be kept secure by adding security.debian.org to apt's sources and doing a regular apt-get update; apt-get upgrade.
The 07 is followed by nine more digits. That gives us 1,000,000,000 (1 billion, in US terms) possible mobile numbers.
The next digit of a mobile phone number (after 07) must be 7, 8, or 9, allowing for 'only' 300 million numbers. If the next digit is 6 then it's a pager number (does anyone still use those in the UK?) and if it's 0-5 it's a forwarding number.
Any pointing device is called a mouse these days, whether or not it's much like a mouse, as the average luser doesn't know what "pointing device" means.
On a phone it's useful to be able to move through menus, text fields, and hypertext pages (WML or similar) quickly and fluidly. A roller only covers one axis; a small joystick covers both but can't be miniaturised that far; something like this could be ideal.
You obviously didn't understand the message you replied to. Fixing a bug in an open-source program usually makes it pretty clear what the bug is, and helps black-hats to exploit it. If they issue the fix now, there will be a race between black-hats attempting to exploit the bug and sysadmins attempting to install the fix. Giving a workaround avoids that race (at least for sysadmins that are paying attention).
16-bit compatibility on Windows NT/2000/XP is provided by the WOW (Windows On Windows) system and not by the basic operating system. It's comparable to WINE on Linux.
Your typical office email package (Outlook & Exchange) now just about manages to speak RFC 822 or RFC 2822, though with a funny accent and a lot of grammatical errors.
You don't seem to understand how X works. The X font server may be on a completely different machine, and may well be shared between many users. It can be crashed by a request for a very large font, possibly causing serious disruption for all those users.
If the building needs heating anyway then the heat isn't really waste.
No, but the energy used by the light bulbs and dissipated as heat is probably more than the energy that would be consumed by your central heating unit for the same amount of heat, since the heating unit is designed to produce heat and the bulb isn't.
It is impossible to create or destroy energy - 'wasted' energy always ends up as heat. So if you need the heat then it really doesn't matter that your electrical devices are inefficient - they're perfectly efficient at producing heat! If and when you don't need the heat, or the devices are producing heat in the wrong places, then I agree that you would be better off making them more efficient. Of course we should consider the energy cost of manufacturing new hardware, too.
I haven't had a chance to check this again myself, but I've definitely seen a demonstration of the problem in IE 5.5 (referred to on BugTraq or NTBugTraq). Perhaps it's fixed in IE 6.0?
There was some discussion a few years ago as to how to treat the fact that just displaying your own information from your own hard drive to your own display involved physically copying the information from the hard disk to RAM in your computer, and then other places. It's a minor point with innocuous ramifications, but it came up, and I'm sure it's been nailed down in yards of careful legalese and bound in law calf somewhere.
This is not a minor point. The need to copy software in the normal process of using it (typically from installation media to hard disk and then to memory) is the foundation of the legal argument that using software requires a licence from the copyright holder and that consequently the copyright holder can use licence terms to restrict the use of retail software.
Oracle's earlier advertising for Oracle 9i said: 'Unbreakable. Can't break it. Can't break in.' In that case they were clearly advertising both stability and security. I think they're implicitly making the same claim for 'Unbreakable Linux'.
BREW is a way to run native code on ARM-based phones. BREW applications have a huge amount of control over what the phone does. Therefore, access to this environment is strictly controlled - a BREW-supporting handset will not run an application unless it's signed by the operator. I believe BREW is primarily aimed at network operators, who currently have no way to add features and applications across all handsets on their network. Independent developers can make a pitch to the operators, but they cannot deliver any BREW apps without official blessing.
But Internet Explorer doesn't check that the domain named by a certificate is the domain name that it used to contact the host. So anyone with a certificate from one of the 'trusted' CAs can use it for a hijacked domain name, and IE users won't know any better.
If PuTTY itself was signed with MS SignCode, that might help a bit, as IE will show you the name on the certificate, but I dare say it would be possible for the wrong people to get a certificate with the same name as that on the certificate used for the real PuTTY - which is what happened to Microsoft last year.
Those just deliver mail, either to other programs or into simple mailboxes; they don't provide any facilities for reading or searching the mail afterwards. It's easy enough to integrate either of these with Cyrus, though, which will do that.
Slashdot Mirror
But the exploit could be combined with others so that it would breach your defences. So knowing that you're immune to the published exploit may give you a false sense of security.
I see publication of exploits as useful only when the vendor makes the 'purely theoretical' claim and refuses to patch a bug. Even then, the exploit should be sent to the vendor first.
Use the options -dPR. If you always want this behaviour, put the options in your .cvsrc.
SourceSafe and SubVersion create branches as separate paths within the repository, whereas CVS creates branches in revision histories under the same path.
Security fixes are back-ported to the old versions, where necessary. 'stable' can be kept secure by adding security.debian.org to apt's sources and doing a regular apt-get update; apt-get upgrade.
The next digit of a mobile phone number (after 07) must be 7, 8, or 9, allowing for 'only' 300 million numbers. If the next digit is 6 then it's a pager number (does anyone still use those in the UK?) and if it's 0-5 it's a forwarding number.
Well, aside from the default "real name" and quit messages.
CPU usage should go up to 100% for as long as it needs to. Do you think your CPU needs breaks? Is it not cooled properly?
There's only one mm**3 there, not nine of them as you would need to end up with dimensions of mm**27.
Since that site's over-quota, try Google's cached copy instead.
Where did you pull those extra dimensions from? This is a perfectly correct (though unusual) way of writing the dimensions 15mm * 10mm * 8mm.
Any pointing device is called a mouse these days, whether or not it's much like a mouse, as the average luser doesn't know what "pointing device" means.
On a phone it's useful to be able to move through menus, text fields, and hypertext pages (WML or similar) quickly and fluidly. A roller only covers one axis; a small joystick covers both but can't be miniaturised that far; something like this could be ideal.
Actually the exercise price on the latest options (7.5 million of them) is $18.30, which is not so far away.
You obviously didn't understand the message you replied to. Fixing a bug in an open-source program usually makes it pretty clear what the bug is, and helps black-hats to exploit it. If they issue the fix now, there will be a race between black-hats attempting to exploit the bug and sysadmins attempting to install the fix. Giving a workaround avoids that race (at least for sysadmins that are paying attention).
16-bit compatibility on Windows NT/2000/XP is provided by the WOW (Windows On Windows) system and not by the basic operating system. It's comparable to WINE on Linux.
Red Book. And no, they don't conform to the standard.
Your typical office email package (Outlook & Exchange) now just about manages to speak RFC 822 or RFC 2822, though with a funny accent and a lot of grammatical errors.
You don't seem to understand how X works. The X font server may be on a completely different machine, and may well be shared between many users. It can be crashed by a request for a very large font, possibly causing serious disruption for all those users.
It is impossible to create or destroy energy - 'wasted' energy always ends up as heat. So if you need the heat then it really doesn't matter that your electrical devices are inefficient - they're perfectly efficient at producing heat! If and when you don't need the heat, or the devices are producing heat in the wrong places, then I agree that you would be better off making them more efficient. Of course we should consider the energy cost of manufacturing new hardware, too.
I haven't had a chance to check this again myself, but I've definitely seen a demonstration of the problem in IE 5.5 (referred to on BugTraq or NTBugTraq). Perhaps it's fixed in IE 6.0?
This is not a minor point. The need to copy software in the normal process of using it (typically from installation media to hard disk and then to memory) is the foundation of the legal argument that using software requires a licence from the copyright holder and that consequently the copyright holder can use licence terms to restrict the use of retail software.
Oracle's earlier advertising for Oracle 9i said: 'Unbreakable. Can't break it. Can't break in.' In that case they were clearly advertising both stability and security. I think they're implicitly making the same claim for 'Unbreakable Linux'.
BREW is a way to run native code on ARM-based phones. BREW applications have a huge amount of control over what the phone does. Therefore, access to this environment is strictly controlled - a BREW-supporting handset will not run an application unless it's signed by the operator. I believe BREW is primarily aimed at network operators, who currently have no way to add features and applications across all handsets on their network. Independent developers can make a pitch to the operators, but they cannot deliver any BREW apps without official blessing.
But Internet Explorer doesn't check that the domain named by a certificate is the domain name that it used to contact the host. So anyone with a certificate from one of the 'trusted' CAs can use it for a hijacked domain name, and IE users won't know any better.
If PuTTY itself was signed with MS SignCode, that might help a bit, as IE will show you the name on the certificate, but I dare say it would be possible for the wrong people to get a certificate with the same name as that on the certificate used for the real PuTTY - which is what happened to Microsoft last year.
Those just deliver mail, either to other programs or into simple mailboxes; they don't provide any facilities for reading or searching the mail afterwards. It's easy enough to integrate either of these with Cyrus, though, which will do that.
I remember ICQ messages being limited to 128 characters originally. Has that changed?