If I offer you a virus and you happily run it because you think it will give you more security, I think that's a reasonable test to see whether or not you're likely already infected with a virus (because even if you weren't, you are now).
If you download and run an executable that *any* website offers you on the Internet, to provide you with "more security", then you're an idiot. Oh, and if you think otherwise you're an idiot too.
It just shows that I trust that reputable site. You trust a site.. on the internet. You are an idiot.
1. Linux security has been going down since about 2001 (who doesn't have a personal kernel exploit they haven't told Linus?) 2. I hardly think libFLAC counts as an "essential Linux library".
God, is this like the retard thread on Slashdot now?
The code has been fixed. Yes, there really were security bugs in the libFLAC library. Shocking isn't it? Software had bugs in it! People found those bugs! People fixed those bugs!
Having said that, I agree. The "many eyes shallow bugs" argument is absurd. It's like going to a country where the national motto is: "Flurbistan: Who cares about the murder rate, we have a 100% conviction rate!" As if patching bugs quickly is somehow a consolation for people who have been compromised by them. Better idea: Don't release buggy shit in the first place. Yeah man.. and, by your analogy, stop making murders!!
This isn't possible.. for an arbitrary input - but we're not dealing with arbitrary inputs - we're dealing with inputs that are, in many ways, very similar - music.
This is an example of the term "failure of imagination."
Someone malicious can craft a.flac file which can execute arbitrary code when it is run on an affected player.
That someone can give that.flac file to someone else who doesn't know it is maliciously crafted and when they play the file, they have given arbitrary code execution privileges to the malicious crafty person.
I thought everyone got that from the description, but there will always be some ignorant fool who can't help but speak up and, here's the great part, there will always be someone who is even more stupid who mods them up.
The way the Australian government regulates Telstra, forcing them to open the copper/fibre to competitors, is an example of the kind of regulation needed in the US, yes.
I want 3 samples of DNA [ blood, saliva, hair ] and retina images of both your eyes. Been reading Stephen Baxter have we? Don't worry, it's coming. Along with the 3 hour phone call to the airline to justify why you need to fly.
Whereas I'm just one of these crazy people who think they shouldn't have to show ID to travel.. even internationally.. let alone give fingerprints and have my picture taken.
Wow. This is just totally incompetent. I know you're students and all and have no real world experience, but this is just frightening. Stay away from the hardware please, you'll get someone killed one day.
hehe, the recordings are for use against you. If the recording records a police officer beating you or insulting your heritage such that you consider beating on him, that tape will just disappear. If the police ask you where you were at the time of the murder and you tell them a perfect alibi that tape will disappear and when you get to court they will say "if he had an alibi, why didn't he tell us during interrogation?" and imply that you got someone to lie for you.
what part of this is hard to understand?
Taking the control of the keyboard away from the OS *is* the super special security that they are asking you to install.. you said yes.
If I offer you a virus and you happily run it because you think it will give you more security, I think that's a reasonable test to see whether or not you're likely already infected with a virus (because even if you weren't, you are now).
The point is that if someone is willing to run malware once then they're most likely already infected and part of a botnet.
Fuck Slashdot. Is there an algorithm for choosing the most stupid people to moderate or what?
1. Linux security has been going down since about 2001 (who doesn't have a personal kernel exploit they haven't told Linus?)
2. I hardly think libFLAC counts as an "essential Linux library".
God, is this like the retard thread on Slashdot now?
The code has been fixed. Yes, there really were security bugs in the libFLAC library. Shocking isn't it? Software had bugs in it! People found those bugs! People fixed those bugs!
no-one said it did.
Someone getting the ability to run arbitrary code on your machine is a security issue..
Idiot.
1. local exploits
2. see my page on jumping su and sudo.
it's a bunch of bugs in the libFLAC that is used in a heck of a lot of apps.
Its an example of a particular implementation becoming the standard. They might as well not even have a file format specification.
Come on you retards with mod points, here's a guy making a completely non-sense statement on Slashdot. Mod him up! Geez, what's taking you so long?
Hmm.. maybe "ComputerPhreak" really is the stupidest person here.
This isn't possible.. for an arbitrary input - but we're not dealing with arbitrary inputs - we're dealing with inputs that are, in many ways, very similar - music.
This is an example of the term "failure of imagination."
.flac file which can execute arbitrary code when it is run on an affected player.
.flac file to someone else who doesn't know it is maliciously crafted and when they play the file, they have given arbitrary code execution privileges to the malicious crafty person.
Someone malicious can craft a
That someone can give that
I thought everyone got that from the description, but there will always be some ignorant fool who can't help but speak up and, here's the great part, there will always be someone who is even more stupid who mods them up.
That's the magic of Slashdot.
HAW HAW HAW.
You are aware that the vast majority of normal people who use the Internet actually enjoy the advertisements right?
They click on the monkey.
The way the Australian government regulates Telstra, forcing them to open the copper/fibre to competitors, is an example of the kind of regulation needed in the US, yes.
hehe, people in many parts of the US have no options. They've allowed their market to be dominated by a few players who are in cahoots.
Whereas I'm just one of these crazy people who think they shouldn't have to show ID to travel.. even internationally.. let alone give fingerprints and have my picture taken.
Never forget that your government owns you.
Such works are banned here. Another example would be "Swordfish".
Reason: we're not drooling idiots.
much like Al Capone provided to Chicago in the 20s.
Wow. This is just totally incompetent. I know you're students and all and have no real world experience, but this is just frightening. Stay away from the hardware please, you'll get someone killed one day.
hehe, the recordings are for use against you. If the recording records a police officer beating you or insulting your heritage such that you consider beating on him, that tape will just disappear. If the police ask you where you were at the time of the murder and you tell them a perfect alibi that tape will disappear and when you get to court they will say "if he had an alibi, why didn't he tell us during interrogation?" and imply that you got someone to lie for you.