AES is a symmetric algoritim, where are they storing the symmetric key? Sorta like putting a huge deadbolt on your front door but leaving the key under the mat. The workaround for this is to use an asymmetric algorithm to encrypt the key itself, but this requires public/private keypairs and the sender and receiver which would require public key servers etc. This quickly gets messy. My thought is that using AES is simply to make it buzzword compliant.
Re:Some OSX Books in pdf format here
on
Mac OS X Hints
·
· Score: 1
Ethereal? that's funny, that's the exact app I used to see if the setup was _really_ working. And sure enough, ethereal popped up captured some traffic, not any problems. I'm amazed by the stability of things in OSX. In linux I would get the occasional app the would crap out on me. I have yet to have an app crash on me and I've tried just about everything I could get my hands on. I'm truly impressed.
Not only that, I was able to install JBuilder on OSX thanks to this link. So far I am extremely pleased(except for that damn mouse, had to get a real mouse).
P.S. I just bought a new Power Mac(1.25GHX x 2) and I love it! Install an X windows server and you can run just about any existing X app. Really impressive.
What seems be happening here is a confusion by many people. The problem is with Javascript. The problem here is that he is loading some javascript that _should_ only be allowed to run within the same context from which it started. The issue is that he is setting a javascript function to be called after a certain delay, and after loading a new page. After you're redirected this page runs the javascript function. Since this function is run under a different context(the bug), you can load things in the wrong context, thus outside of the javascripts sandbox. This function could load an applet or whatever you want. But the problem is with javascript. One of the examples shows it loading a java applet, but it's loading a java applet through the wrong context of the javascript function. It's not because of java.
I read the article and nowhere is there a spec of java code. It references previous vulnerabilities that had java code. But his vulnerabilites has zero java code. It's pure javascript.
If you look at the exploit, he is setting a function to be called after a page is loaded on another page. This function is a JAVASCRIPT function which is then run in the context of the newly loaded page.
He is comparing a javascript function running outside of the javascript sandbox to a java type sandbox. Like I said, I RTFA, and I UTFA (understand).
His anouncement is unfortunate in its proclamation that the problem is with Java. In reality the problem is with Javascript. While the names may be similar, java and javascript are unrelated. This is a Javascript problem, not a Java problem.
The articles your boss is reading...
on
Latest SCO News
·
· Score: 5, Insightful
This is great stuff for tech geeks, but publications that your boss is reading such as this article over as business week are what your boss(you know, the guy who pays your salary) are reading. I would say this whole debacle is having quite the intended effect.
Business Week has interviewed the CEO of SCO Darl McBride here. McBride gives some tips as to where IBM may have used their code. Specifically:
"
In the last 18 months, we found that IBM had donated some very high-end enterprise-computing technologies into open-source. Some of it looked like it was our intellectual property and subject to our licensing agreements with IBM. Their actions were in direct violation of our agreements with them that they would not share this information, let alone donate it into open-source. We have examples of code being lifted verbatim.
And IBM took the same team that had been working on a Unix code project with us and moved them over to work on Linux code. If you look at the code we believe has been copied in, it's not just a line or two, it's an entire section -- and in some cases, an entire program.
"
most bands play concerts as well, which have ticket prices much higher than the price of a movie. Just another example, I can see 5 or 6 movies(even more if you go to a mantinee), for the price it costs to go to just one concert.
What amazes me is that you can buy an average DVD for $20. With this, you get an entire movie that required much more money to produce. You also get other things like extra materials, or deleted scenes, music videos, interviews, alternate audio commentary, etc, etc. The average CD will cost you somewhere around $14. With this you get 10 to 14 songs, 80% of which suck, and nothing else. Now how in the world can the MPAA produce a DVD with so much material, and something that is so much more costly to produce(meaning the filming budget) for barely more than what you would pay for a CD with a dozen songs. This makes no sense to me.
Can anyone who is competent in Windows 2000/XP administration/setup honestly remember the last time they got a core dump? If I get one it's usually because of a shoddy (beta) video driver.
you can't use competent and windows 2000/XP admininstrator in the same sentence.
Blue Sky Of Death. Those aren't clouds, they're core dumps and stack traces. I can see Fatal Exception right there next to the cloud that looks like Bill Gates giving you the middle finger.
Am I the only one who gets that feeling in their stomach every time slashdot is down or is slow to respond. I mean, besides that fact that it's delaying my fix, but that there could be a lot of sudden traffic that could be indicative of another major event? Every time I click to load or reload slashdot and it is delayed, I get a little worried. Am I the only one who does this?
There are full open source options for J2EE (in fact, I have been toying the idea of making a weblogging program similar to slashcode or scoop with J2EE, under the GPL, of course).
I have been toying with the idea of writing slashcode as a J2EE app. I written a number of J2EE apps for my company in the past year or two. I am very experienced with the EJB and backend layers, but not so experienced with the jsp layer. If you're really interested in doing this let me know. I would like to help. I think it would be really interesting to see if a J2EE open source app could run in a large volume environment such as slashdot. I can give you a lot of tips on performance and/or shortcommings of the J2EE environment.
I have found this book very good. I am a Java programmer and I wanted to understand parsing from the bottom up, before using something like ANTLR. This books gives a great foundation with code to explain it all.
"ICANN has exceeded its authority, does not operate in an open fashion, and is dangerously unaccountable to Internet users, businesses and other key interest groups."
So the government can take this over so they can exceeded their authority, not operate in an open fashion, be dangerously unaccountable to Internet users, businesses and other key interest groups. This sounds like the government is just jealous that another entity has similar incompetence.
For Sale
Fully licensed copies of Linux. Guaranteed uptime. The next generation of operating systems. Normally priced at $4k, yours today for the low low price of $2k per copy. Hurry and order now, supplies are limited. Order within the next 10 minutes and get a free mousepad with your order. CALL NOW!
Slashdot Mirror
AES is a symmetric algoritim, where are they storing the symmetric key? Sorta like putting a huge deadbolt on your front door but leaving the key under the mat. The workaround for this is to use an asymmetric algorithm to encrypt the key itself, but this requires public/private keypairs and the sender and receiver which would require public key servers etc. This quickly gets messy. My thought is that using AES is simply to make it buzzword compliant.
Ethereal? that's funny, that's the exact app I used to see if the setup was _really_ working. And sure enough, ethereal popped up captured some traffic, not any problems. I'm amazed by the stability of things in OSX. In linux I would get the occasional app the would crap out on me. I have yet to have an app crash on me and I've tried just about everything I could get my hands on. I'm truly impressed.
Not only that, I was able to install JBuilder on OSX thanks to this link. So far I am extremely pleased(except for that damn mouse, had to get a real mouse).
and for anyone looking for any shareware apps just go here to download. It doesn't get much easier....
as if finding OSX software is really difficult...
Some OSX Books in pdf format here.
P.S. I just bought a new Power Mac(1.25GHX x 2) and I love it! Install an X windows server and you can run just about any existing X app. Really impressive.
I've been a Redhat Advanced Server User for a long time, going on 6 months. I haven't had a single prob
Unable to handle kernel NULL pointer dereference at virtual address 00000040
printing eip: c01b1a66
*pde = 00000000
Oops: 0000
CPU: 0
EIP: 0010:[]
EFLAGS: 00010046
eax: 00000000 ebx: c02d7adc ecx: cff39a78
edx: 0000b807 esi: c02d7adc edi: 00000286
ebp: c02d7a98 esp: c027df40
ds: 0018 es: 0018 ss: 0018
Process swapper (pid: 0, stackpage=c027d000)
Stack: c02d7adc cff39a60 c01ae6b0 c02d7adc
What seems be happening here is a confusion by many people. The problem is with Javascript. The problem here is that he is loading some javascript that _should_ only be allowed to run within the same context from which it started. The issue is that he is setting a javascript function to be called after a certain delay, and after loading a new page. After you're redirected this page runs the javascript function. Since this function is run under a different context(the bug), you can load things in the wrong context, thus outside of the javascripts sandbox. This function could load an applet or whatever you want. But the problem is with javascript. One of the examples shows it loading a java applet, but it's loading a java applet through the wrong context of the javascript function. It's not because of java.
I read the article and nowhere is there a spec of java code. It references previous vulnerabilities that had java code. But his vulnerabilites has zero java code. It's pure javascript.
If you look at the exploit, he is setting a function to be called after a page is loaded on another page. This function is a JAVASCRIPT function which is then run in the context of the newly loaded page.
He is comparing a javascript function running outside of the javascript sandbox to a java type sandbox. Like I said, I RTFA, and I UTFA (understand).
His anouncement is unfortunate in its proclamation that the problem is with Java. In reality the problem is with Javascript. While the names may be similar, java and javascript are unrelated. This is a Javascript problem, not a Java problem.
This is great stuff for tech geeks, but publications that your boss is reading such as this article over as business week are what your boss(you know, the guy who pays your salary) are reading. I would say this whole debacle is having quite the intended effect.
Business Week has interviewed the CEO of SCO Darl McBride here. McBride gives some tips as to where IBM may have used their code. Specifically:
" In the last 18 months, we found that IBM had donated some very high-end enterprise-computing technologies into open-source. Some of it looked like it was our intellectual property and subject to our licensing agreements with IBM. Their actions were in direct violation of our agreements with them that they would not share this information, let alone donate it into open-source. We have examples of code being lifted verbatim.
And IBM took the same team that had been working on a Unix code project with us and moved them over to work on Linux code. If you look at the code we believe has been copied in, it's not just a line or two, it's an entire section -- and in some cases, an entire program. "
available here....
most bands play concerts as well, which have ticket prices much higher than the price of a movie. Just another example, I can see 5 or 6 movies(even more if you go to a mantinee), for the price it costs to go to just one concert.
What amazes me is that you can buy an average DVD for $20. With this, you get an entire movie that required much more money to produce. You also get other things like extra materials, or deleted scenes, music videos, interviews, alternate audio commentary, etc, etc. The average CD will cost you somewhere around $14. With this you get 10 to 14 songs, 80% of which suck, and nothing else. Now how in the world can the MPAA produce a DVD with so much material, and something that is so much more costly to produce(meaning the filming budget) for barely more than what you would pay for a CD with a dozen songs. This makes no sense to me.
OK, Mr. Ellison. You've made your point.
What's next, LudicrousThreads?
obligatory spaceballs reference
you can't use competent and windows 2000/XP admininstrator in the same sentence.
Just did.
Blue Sky Of Death. Those aren't clouds, they're core dumps and stack traces. I can see Fatal Exception right there next to the cloud that looks like Bill Gates giving you the middle finger.
Am I the only one who gets that feeling in their stomach every time slashdot is down or is slow to respond. I mean, besides that fact that it's delaying my fix, but that there could be a lot of sudden traffic that could be indicative of another major event? Every time I click to load or reload slashdot and it is delayed, I get a little worried. Am I the only one who does this?
phew! I misread that as insure. I thought maybe I missed something....
There are full open source options for J2EE (in fact, I have been toying the idea of making a weblogging program similar to slashcode or scoop with J2EE, under the GPL, of course).
I have been toying with the idea of writing slashcode as a J2EE app. I written a number of J2EE apps for my company in the past year or two. I am very experienced with the EJB and backend layers, but not so experienced with the jsp layer. If you're really interested in doing this let me know. I would like to help. I think it would be really interesting to see if a J2EE open source app could run in a large volume environment such as slashdot. I can give you a lot of tips on performance and/or shortcommings of the J2EE environment.
I have found this book very good. I am a Java programmer and I wanted to understand parsing from the bottom up, before using something like ANTLR. This books gives a great foundation with code to explain it all.
"ICANN has exceeded its authority, does not operate in an open fashion, and is dangerously unaccountable to Internet users, businesses and other key interest groups."
So the government can take this over so they can exceeded their authority, not operate in an open fashion, be dangerously unaccountable to Internet users, businesses and other key interest groups. This sounds like the government is just jealous that another entity has similar incompetence.
Scott McNealy showed up to the meeting in a penguin outfit.
For Sale
Fully licensed copies of Linux. Guaranteed uptime. The next generation of operating systems. Normally priced at $4k, yours today for the low low price of $2k per copy. Hurry and order now, supplies are limited. Order within the next 10 minutes and get a free mousepad with your order.
CALL NOW!