Also the ones where he appointed people to positions without Congressional approval, because without people in the positions the government agency could not operate and Republicans didn't like those agencies and was withholding nominations to effectively cripple them.
But really, the ones that go "too far" are simply the orders that Obama has signed. The fact that he signed them makes them automatically disastrous power grabs by an out of control executive bent on total domination. They need a return to the careful and thoughtful exercise of executive power we saw under George W.
Only if the master process quit after forking twice. This is not typical, since most of the time people will leave the master process around to clean up after the children to avoid zombies. It's such a strange case I think you would be hard pressed to find a real world application that behaved in a way that made it vulnerable to this exploit. I'm glad the OpenBSD guys got a patch for this, but even if they didn't I woudln't be losing much sleep over it.
That's not exactly the case, but it's close. The issue is that the SSL library has no way of knowing if the process forks other than checking the PID. If the SSL library detects a PID change, it has to reseed the RNG to avoid getting the same random values in both the parent and the child. Due to the way Unix PIDs work, you have a guarantee that the Parent and the Child will have different pids (fork() fails otherwise). However, if a grandparent forks a parent and then exits, and the parent then forks a child, there is nothing in Unix that outright prevents the child from getting the pid of the now deceased grandparent and foiling this detection so the SSL library doesn't know that a fork happened.
So it's a potential problem, but not one that likely exists in any production code. You could write test code that exploits it fairly easily by forkbombing the machine until the pid wraps before spawning the child, but in real production code it is unlikely to be an issue. Plus it was fixed.
To exploit this, you needed a program that was written like so:
1. Grandparent initializes SSL state, sends some data, then exits.
2. Parent forks a child
3. Child happens to get the same pid as the grandparent, and then uses the SSL connection.
It's a program structure that doesn't make a whole lot of sense in the real world. Maybe it has happened somewhere.
The big issue is that the original discoverer found an easily filled molehill and somehow it got reported as a world destroying volcano across the the various tech sites. A minor flaw in the first public release of the test version of a library with no production users is not "catastrophic".
Manuel Noriega can't even have some nobody VP at Activision eliminated anymore. Back in the 80s he could have had trained assassins at their doorstep within a week.
I think the real message here is that Tesla's stellar safety record is due at least in part to its exclusivity and high price tag. The kind of people who can afford it are generally safer drivers. It's not a used Dodge Charger that some 16 year old asshole with a shiny new drivers license and Dad's credit card can buy off of the lot for a few thousand bucks.
Thanks to laptops being stuck at 1366x768 for many years past the point where that was acceptable most web designers have to assume that people are going to be hitting their site at that shitty resolution and make sure it works.
As I understand it, if they get classified as a cable company Aero will be legally allowed to put their own ads into the stream, overwriting the ads the original broadcaster put in there or maybe removing them entirely if they still want to be an entirely subscription driven service. They could really seriously piss off some OTA broadcasters with this approach.
The/. writeup sounds like audiophile wank to me. I would be surprised if this Soundblaster could justify its price in a proper double blind study on real world data (music, games, movies, etc...) vs. the built in audio on your mobo.
Originally it was supposed to be a cash cow for Verisign, but they screwed up and didn't assign a "trustworthiness level" to each CA so there's no reason to spend the big bucks on a Verisign cert over Joe Blow's Free Cert Shop now. Browsers treat both the same.
x509 is as strong as the weakest signing authority, and there are many many signing authorities now.
It's a shame that browsers have such freakouts over self signed certs, because there is really little difference between them and officially signed certs. IMHO SSH did a better job of this by simply having you inspect the certs the first time you log on to a site and storing the result, only freaking out if the cert changes. It eliminates the complex chain of trust that in the end comes down to just trusting people you don't know anyway and hoping that none of the thousands of people involved are corruptible or incompetent.
Uh, the factory reset doesn't wipe the storage on the phone. These phones that were bought off of eBay were probably factory wiped (people aren't quite as dumb as advertised), but the issue is that Factory Wipe doesn't do what people think it does.
This would seem to be Airbus's long game. They already prefer the pilots just set the autopilot and handle the radio. It's not hard to imagine them attempting to build a fully automated airliner. Getting the FAA on board will be a different matter however.
A lot of people look at the AF447 disaster as a case study in not disconnecting the pilots from the aircraft quite so much because when they're suddenly thrust back into control unexpectedly, they end up with a ramp up time before they're fully aware of the state of the aircraft and know what they need to do. If this takes too long the aircraft will crash. I think Airbus took home the opposite message: In the event of sensor failure the autopilot needs to switch to a failsafe flight mode (throttle up 10%, pitch up the nose a couple of degrees, warn the pilots) instead of disengaging. Once they have the autopilot able to handle all airline emergency situations (at least you had better hope they get all of them) and work out any ATC issues then there's little need for human pilots.
Any non-military ideology didn't last terribly long inside NASA. The Space Shuttle only makes sense in the context of crazy cold war missions that the Air Force thought up where it would lauch on a polar oribt, make one pass over the USSR, and then land again on the assumption that any satellite that came around for a second pass would get shot down. Of course this mission profile requires a vehicle that's horrendously complex and expensive to operate which is why the Shuttle was never terribly good at its primay job of peaceful satellite launches and the occasional in-orbit repair. Well, that and every launch had to be man rated, even if the astronauts weren't terribly necessary for the mission.
Siri is not a good example of AI work. Once you've used the service a bit it becomes painfully clear how incapable it is of handling any requests that are off script. The only AIish part is the natural language recognition, and even that is wired to a fixed list of known phrase structures. You can't even define your own. The worst part is the service used to be better at offbeat requests, but then Apple dumped the Wolfram Alpha integration.
In some ways Perl 5 is getting the best of both worlds. 10 year old modules still work just fine pretty much every time, but really good features in Perl 6 get backported by people who are tired of waiting.
Slashdot Mirror
The EULA for an ISP never guarantees service on residential links. All speeds are listed as "up to".
That's not what Verizon's own chart says. They seem to claim that the CO->Remote links aren't close to saturation at all.
Yep, if there is ever a political system that results in peace and harmony between all people, it is anarchy.
Also the ones where he appointed people to positions without Congressional approval, because without people in the positions the government agency could not operate and Republicans didn't like those agencies and was withholding nominations to effectively cripple them.
But really, the ones that go "too far" are simply the orders that Obama has signed. The fact that he signed them makes them automatically disastrous power grabs by an out of control executive bent on total domination. They need a return to the careful and thoughtful exercise of executive power we saw under George W.
Only if the master process quit after forking twice. This is not typical, since most of the time people will leave the master process around to clean up after the children to avoid zombies. It's such a strange case I think you would be hard pressed to find a real world application that behaved in a way that made it vulnerable to this exploit. I'm glad the OpenBSD guys got a patch for this, but even if they didn't I woudln't be losing much sleep over it.
That's not exactly the case, but it's close. The issue is that the SSL library has no way of knowing if the process forks other than checking the PID. If the SSL library detects a PID change, it has to reseed the RNG to avoid getting the same random values in both the parent and the child. Due to the way Unix PIDs work, you have a guarantee that the Parent and the Child will have different pids (fork() fails otherwise). However, if a grandparent forks a parent and then exits, and the parent then forks a child, there is nothing in Unix that outright prevents the child from getting the pid of the now deceased grandparent and foiling this detection so the SSL library doesn't know that a fork happened.
So it's a potential problem, but not one that likely exists in any production code. You could write test code that exploits it fairly easily by forkbombing the machine until the pid wraps before spawning the child, but in real production code it is unlikely to be an issue. Plus it was fixed.
To exploit this, you needed a program that was written like so:
1. Grandparent initializes SSL state, sends some data, then exits.
2. Parent forks a child
3. Child happens to get the same pid as the grandparent, and then uses the SSL connection.
It's a program structure that doesn't make a whole lot of sense in the real world. Maybe it has happened somewhere.
The big issue is that the original discoverer found an easily filled molehill and somehow it got reported as a world destroying volcano across the the various tech sites. A minor flaw in the first public release of the test version of a library with no production users is not "catastrophic".
Manuel Noriega can't even have some nobody VP at Activision eliminated anymore. Back in the 80s he could have had trained assassins at their doorstep within a week.
Oh yeah, Obama is a terrible abuser of executive orders if you believe chain emails and talk radio.
My point is that Tesla has a low douchebag factor.
Oh good, now we can get that vital VMS, DOS, and MacOS 7 support so they're not stuck on OpenSSL.
I think the real message here is that Tesla's stellar safety record is due at least in part to its exclusivity and high price tag. The kind of people who can afford it are generally safer drivers. It's not a used Dodge Charger that some 16 year old asshole with a shiny new drivers license and Dad's credit card can buy off of the lot for a few thousand bucks.
Hopefully not yet.
I understood it to be the entire reason they have to pay fees to rebroadcast the material: because they were denying ad revenue to the broadcasters.
Thanks to laptops being stuck at 1366x768 for many years past the point where that was acceptable most web designers have to assume that people are going to be hitting their site at that shitty resolution and make sure it works.
As I understand it, if they get classified as a cable company Aero will be legally allowed to put their own ads into the stream, overwriting the ads the original broadcaster put in there or maybe removing them entirely if they still want to be an entirely subscription driven service. They could really seriously piss off some OTA broadcasters with this approach.
Why not just turn off your speakers? Every mobo comes with built-in audio these days anyway, doesn't mean you have to plug anything in to it.
The /. writeup sounds like audiophile wank to me. I would be surprised if this Soundblaster could justify its price in a proper double blind study on real world data (music, games, movies, etc...) vs. the built in audio on your mobo.
Originally it was supposed to be a cash cow for Verisign, but they screwed up and didn't assign a "trustworthiness level" to each CA so there's no reason to spend the big bucks on a Verisign cert over Joe Blow's Free Cert Shop now. Browsers treat both the same.
x509 is as strong as the weakest signing authority, and there are many many signing authorities now.
It's a shame that browsers have such freakouts over self signed certs, because there is really little difference between them and officially signed certs. IMHO SSH did a better job of this by simply having you inspect the certs the first time you log on to a site and storing the result, only freaking out if the cert changes. It eliminates the complex chain of trust that in the end comes down to just trusting people you don't know anyway and hoping that none of the thousands of people involved are corruptible or incompetent.
Uh, the factory reset doesn't wipe the storage on the phone. These phones that were bought off of eBay were probably factory wiped (people aren't quite as dumb as advertised), but the issue is that Factory Wipe doesn't do what people think it does.
This would seem to be Airbus's long game. They already prefer the pilots just set the autopilot and handle the radio. It's not hard to imagine them attempting to build a fully automated airliner. Getting the FAA on board will be a different matter however.
A lot of people look at the AF447 disaster as a case study in not disconnecting the pilots from the aircraft quite so much because when they're suddenly thrust back into control unexpectedly, they end up with a ramp up time before they're fully aware of the state of the aircraft and know what they need to do. If this takes too long the aircraft will crash. I think Airbus took home the opposite message: In the event of sensor failure the autopilot needs to switch to a failsafe flight mode (throttle up 10%, pitch up the nose a couple of degrees, warn the pilots) instead of disengaging. Once they have the autopilot able to handle all airline emergency situations (at least you had better hope they get all of them) and work out any ATC issues then there's little need for human pilots.
Any non-military ideology didn't last terribly long inside NASA. The Space Shuttle only makes sense in the context of crazy cold war missions that the Air Force thought up where it would lauch on a polar oribt, make one pass over the USSR, and then land again on the assumption that any satellite that came around for a second pass would get shot down. Of course this mission profile requires a vehicle that's horrendously complex and expensive to operate which is why the Shuttle was never terribly good at its primay job of peaceful satellite launches and the occasional in-orbit repair. Well, that and every launch had to be man rated, even if the astronauts weren't terribly necessary for the mission.
Siri is not a good example of AI work. Once you've used the service a bit it becomes painfully clear how incapable it is of handling any requests that are off script. The only AIish part is the natural language recognition, and even that is wired to a fixed list of known phrase structures. You can't even define your own. The worst part is the service used to be better at offbeat requests, but then Apple dumped the Wolfram Alpha integration.
In some ways Perl 5 is getting the best of both worlds. 10 year old modules still work just fine pretty much every time, but really good features in Perl 6 get backported by people who are tired of waiting.