Treason against the United States, shall consist only in levying war against them, or in adhering to their enemies, giving them aid and comfort. No person shall be convicted of treason unless on the testimony of two witnesses to the same overt act, or on confession in open court.
The Congress shall have power to declare the punishment of treason, but no attainder of treason shall work corruption of blood, or forfeiture except during the life of the person attainted.
This also constitutes something approaching kitten-napping, and by an even narrower margin.
NAME
su - run a shell with substitute user and group IDs
SYNOPSIS
su [OPTION[... [-] [USER [ARG] ]...
DESCRIPTION
Change the effective user id and group id to that of USER.
If you run su as root, you can change your effective user id to anything you want it to be. This ability is fundamental to the existence of users other than root, and it is what is used by the login process (owned by root) to start a shell owned by your user id whenever you log in.
Are not the password encrypted such that he cannot see what it is? Are there not security measures in place that if you change a password it cannot get reset back?
No. Once again, if you use the front-end tools available to users then there are limits. If you're an administrator then a password is just a bunch of characters stored in a text file. Security measures may make it more difficult to gain access to that file, but once you have the ability to read and write to anywhere on the disk or in memory, there's no stopping anything.
Agreed that if logging was not on or not installed someone failed big time in setting up the systems.
Hey, logging all that stuff creates a huge amount of data. Where is a small organization like the NSA going to store all of that, let alone be able to find the important parts in all that mess?
Besides, isn't Pentium already trademarked by Intel?
I think that the Greeks may be able to claim prior art on that, since they have been using the prefix "penta-" for about 3400 years longer than Intel has.
The Dominican Republic is on an island southeast of Florida. Three out of four Major League Baseball players come from there.
Iran is right between Iraq and Afghanistan. That's in the Middle East, which is nowhere near Chicago, but is really the part of western Asia which connects Europe, Africa and Asia together.
Thailand is a country in south-east Asia just a bit west of Vietnam. It is a popular destination for chess players and expatriot Americans who don't miss their flights out of Moscow.
If you want to learn more about traffic deaths in any of those countries, try pointing to them on this map. It's like a fun game, a lot like finding where states are on a map of the USA only for whole countries.
If you're still having trouble finding them, here's a tip: They're all coloured darker than the other countries around them.
Maybe it would help to read what you link? Maybe a little?
I did read it and many others like it, but there's a lot more to the story than can be gleaned by a cursory scan of just that one article. There's more in that paragraph that you didn't quote, and it's significant:
According to an apology letter Enfour wrote to customers, the anti-piracy module worked like this: "Upon waking, a dialog box showed 'Run in Safe Mode,' then the app disabled itself and performed an auto soft close. A notification appeared locally on the device and if the user had authorized the app to access their Twitter account, a tweet of the notification was sent out under their account with a hash tag #softwarepiracyconfession. This tweet only happened if the user tapped a send confirmation button."
I sat down to grade papers for an English class, and loaded up the dictionary app I’ve been using for ages to check a word. I got asked for access to my Twitter account, declined, and was thrown out of the app. Again and again. OK, I thought, apparently some update means the app now requires access – nothing new, apps need location access to access photos, and I don’t plan on sharing any words on Twitter anyways, so why not. I checked my word, went back to grading.
A few minutes later, I get a Twitter notification email about someone replying to my tweet.
So here we have a $50 app which, as purchased, did not require any kind of social media access. After buying and downloading it an update changed that behaviour and effectively disabled the entire application until the user gave in and pushed the "Yes, you may access that" button. Enfour's self-serving "if the user had authorized the app" statement just happened to leave out that the user had the choice of either authorizing it or never using it again.
You could argue that the weakest link here was the human user, who ultimately gave the app access, but the problem of apps requiring seemingly unneeded permissions is nothing new. From the same article:
"I gave the app permission to access my Twitter account because being asked for weird permissions is nothing new, especially when 2/3 of your devices run Android. Android apps need internet access for license checks and displaying ads, they need camera access to use the LED, launchers need access to contacts because they include a feature to add direct call shortcuts to the home screen, and so on. This is a $50 app that I’ve owned and used for two years. I had absolutely no reason to expect that it had malicious intents. If I stopped allowing apps access to features like that because I didn’t immediately see the reason, I wouldn’t have many apps left. A free wallpaper app that was released two days ago on Google Play and has 500 negative reviews? Sure, it’s bad. A two-year-old $50 app that has gone through the Apple approval process dozens of times over those years? You wouldn’t think so."
You don't need technical wizardry and secret back doors when the front door is so difficult to use that most users just prop it open with a stick. The problem with the Enfour dictionary apps wasn't one that could be solved by requiring apps to have specific permissions. The problem was that the permissions system was broken and being used in a completely unexpected way by an otherwise trusted application. An otherwise
I can only assume that you hadn't heard of L0pht Heavy Industries before. That shouldn't surprise me as much as it does, since they're older than the App Store and probably had shut down before some of this site's readers were even born, but if you have any interest in computer security and the way that things got to be the way they are then you may want to do a little reading on the subject.
"A decade and a half ago, an early hacking group known as L0pht Heavy Industries, of which I was a member, posted a quote from Microsoft — "That vulnerability is entirely theoretical." — to prove the point. The saying came about due to an email exchange in which the L0pht was reporting to Microsoft one of the first buffer overflows discovered in their software. (I later found out that Microsoft, internally, called such bugs a "L0pht-type" vulnerability.) They couldn’t imagine how someone could write an attack tool to take advantage of a stack overflow. No attack tool, to Microsoft, meant exploitation was entirely theoretical."
Not surprisingly an attack tool was quickly released, the theoretical was recognized as being practical, and the problem was eventually fixed. The lesson in not dismissing things as impossible just because you don't understand them is still one which needs to be learned.
Every single one of those, requires permission from the user to do - posting tweets an app cannot do directly, it brings up a sheet. Same thing for email/SMS. Taking photos requires an OK from the user to access the camera. You cannot "attack other apps" because of the sandbox.
Good point. I guess that this never happened because of the tight limits put on app capabilities.
Extraordinary claims, like a complete breaking of the sandbox, require more proof than they have presented. I would bet they are saying they THEORETICALLY could break out of the sandbox but have absolutely no actual working exploits that go outside of existing user permissions and the sandbox...
Nonsense. My web site has perfect security. OK, it has zero reachability, but hey, you have to pay a price.;-)
Ahh, the "Switched off and unplugged locked in a titanium lined safe, buried in a concrete bunker, and is surrounded by nerve gas and very highly paid armed guards" security model. A wise choice.
Slashdot Mirror
this constitutes something approaching treason.
United States Constitution, Article III, Section 3
Treason against the United States, shall consist only in levying war against them, or in adhering to their enemies, giving them aid and comfort. No person shall be convicted of treason unless on the testimony of two witnesses to the same overt act, or on confession in open court.
The Congress shall have power to declare the punishment of treason, but no attainder of treason shall work corruption of blood, or forfeiture except during the life of the person attainted.
This also constitutes something approaching kitten-napping, and by an even narrower margin.
# man su
SU(1) User Commands SU(1)
NAME
su - run a shell with substitute user and group IDs
SYNOPSIS ... [-] [USER [ARG] ]...
su [OPTION[
DESCRIPTION
Change the effective user id and group id to that of USER.
If you run su as root, you can change your effective user id to anything you want it to be. This ability is fundamental to the existence of users other than root, and it is what is used by the login process (owned by root) to start a shell owned by your user id whenever you log in.
Are not the password encrypted such that he cannot see what it is? Are there not security measures in place that if you change a password it cannot get reset back?
No. Once again, if you use the front-end tools available to users then there are limits. If you're an administrator then a password is just a bunch of characters stored in a text file. Security measures may make it more difficult to gain access to that file, but once you have the ability to read and write to anywhere on the disk or in memory, there's no stopping anything.
Agreed that if logging was not on or not installed someone failed big time in setting up the systems.
Hey, logging all that stuff creates a huge amount of data. Where is a small organization like the NSA going to store all of that, let alone be able to find the important parts in all that mess?
...if you want to disagree ...you have to show evidence
I don 't know who the fuck you think you are, but NONE OF US need your permission to disagree in any way we see fit.
Go fuck yourself, you arrogant narcissistic prick.
Excuse me, sir. Can I please see your disagreeing permit?
Where would the coins in the new account come from?
Because Kevin Horton's NANDputer was built by hand out of a pile of 74HC00 (quad 2-input NAND gate) ICs on a breadboard. There isn't enough room in any single 7400 to insert a backdoor.
Are you sure? Did he ever leave the room while he was building it?
Indeed. Ununpentium is wrong for the same reasons that polyamory is
Besides, isn't Pentium already trademarked by Intel?
I think that the Greeks may be able to claim prior art on that, since they have been using the prefix "penta-" for about 3400 years longer than Intel has.
But how is that better than having someone call you on the phone and yell at you?
And just like the other Robert Morris' great joke, you just know that everyone will get it, have a good laugh, and then carry on with their lives.
And the best part is that those people will always be able to plant fake emails and frame someone else for their own misdeeds. Isn't life grand?
I believe Millikan was found guilty of manipulating oil.
He was charged with dividing the Faraday constant by Avagadro's number, but settled out of court for 160 zeptocoulombs.
At least 13,000.
Perhaps this instructional video may help answer that question.
So are most drivers.
Where are they?
Let me guess, "No child left behind", right?
The Dominican Republic is on an island southeast of Florida. Three out of four Major League Baseball players come from there.
Iran is right between Iraq and Afghanistan. That's in the Middle East, which is nowhere near Chicago, but is really the part of western Asia which connects Europe, Africa and Asia together.
Thailand is a country in south-east Asia just a bit west of Vietnam. It is a popular destination for chess players and expatriot Americans who don't miss their flights out of Moscow.
If you want to learn more about traffic deaths in any of those countries, try pointing to them on this map. It's like a fun game, a lot like finding where states are on a map of the USA only for whole countries.
If you're still having trouble finding them, here's a tip: They're all coloured darker than the other countries around them.
You mean a homeland other than Brooklyn?
Welcome to the English language dumbfuck.
We just refer to it as "the English language". Calling it the "English language dumbfuck" is just redundant.
In German it would be "infringementrightcopy", plus about a dozen extra syllables on the end to show that you really mean it.
Really? I've known people who could use butterflies.
Maybe it would help to read what you link? Maybe a little?
I did read it and many others like it, but there's a lot more to the story than can be gleaned by a cursory scan of just that one article. There's more in that paragraph that you didn't quote, and it's significant:
According to an apology letter Enfour wrote to customers, the anti-piracy module worked like this: "Upon waking, a dialog box showed 'Run in Safe Mode,' then the app disabled itself and performed an auto soft close. A notification appeared locally on the device and if the user had authorized the app to access their Twitter account, a tweet of the notification was sent out under their account with a hash tag #softwarepiracyconfession. This tweet only happened if the user tapped a send confirmation button."
You're not quoting the article directly, you're quoting the weasely 'apology' letter put out by EnFour itself, after their colossal screw-up had already become public knowledge. It's all about damage control. People who used the app describe it differently:
I sat down to grade papers for an English class, and loaded up the dictionary app I’ve been using for ages to check a word. I got asked for access to my Twitter account, declined, and was thrown out of the app. Again and again. OK, I thought, apparently some update means the app now requires access – nothing new, apps need location access to access photos, and I don’t plan on sharing any words on Twitter anyways, so why not. I checked my word, went back to grading.
A few minutes later, I get a Twitter notification email about someone replying to my tweet.
So here we have a $50 app which, as purchased, did not require any kind of social media access. After buying and downloading it an update changed that behaviour and effectively disabled the entire application until the user gave in and pushed the "Yes, you may access that" button. Enfour's self-serving "if the user had authorized the app" statement just happened to leave out that the user had the choice of either authorizing it or never using it again.
You could argue that the weakest link here was the human user, who ultimately gave the app access, but the problem of apps requiring seemingly unneeded permissions is nothing new. From the same article:
"I gave the app permission to access my Twitter account because being asked for weird permissions is nothing new, especially when 2/3 of your devices run Android. Android apps need internet access for license checks and displaying ads, they need camera access to use the LED, launchers need access to contacts because they include a feature to add direct call shortcuts to the home screen, and so on. This is a $50 app that I’ve owned and used for two years. I had absolutely no reason to expect that it had malicious intents. If I stopped allowing apps access to features like that because I didn’t immediately see the reason, I wouldn’t have many apps left. A free wallpaper app that was released two days ago on Google Play and has 500 negative reviews? Sure, it’s bad. A two-year-old $50 app that has gone through the Apple approval process dozens of times over those years? You wouldn’t think so."
You don't need technical wizardry and secret back doors when the front door is so difficult to use that most users just prop it open with a stick. The problem with the Enfour dictionary apps wasn't one that could be solved by requiring apps to have specific permissions. The problem was that the permissions system was broken and being used in a completely unexpected way by an otherwise trusted application. An otherwise
I can only assume that you hadn't heard of L0pht Heavy Industries before. That shouldn't surprise me as much as it does, since they're older than the App Store and probably had shut down before some of this site's readers were even born, but if you have any interest in computer security and the way that things got to be the way they are then you may want to do a little reading on the subject.
Their slogan, cited at the very top of the linked page, is "Making the theoretical practical since 1992" which is a direct response to the "purely theoretical" defense. Since you like topical links, here's a column written by former L0pht member Weld Pond in which he describes the origin of that phrase:
"A decade and a half ago, an early hacking group known as L0pht Heavy Industries, of which I was a member, posted a quote from Microsoft — "That vulnerability is entirely theoretical." — to prove the point. The saying came about due to an email exchange in which the L0pht was reporting to Microsoft one of the first buffer overflows discovered in their software. (I later found out that Microsoft, internally, called such bugs a "L0pht-type" vulnerability.) They couldn’t imagine how someone could write an attack tool to take advantage of a stack overflow. No attack tool, to Microsoft, meant exploitation was entirely theoretical."
Not surprisingly an attack tool was quickly released, the theoretical was recognized as being practical, and the problem was eventually fixed. The lesson in not dismissing things as impossible just because you don't understand them is still one which needs to be learned.
Every single one of those, requires permission from the user to do - posting tweets an app cannot do directly, it brings up a sheet. Same thing for email/SMS. Taking photos requires an OK from the user to access the camera. You cannot "attack other apps" because of the sandbox.
Good point. I guess that this never happened because of the tight limits put on app capabilities.
Extraordinary claims, like a complete breaking of the sandbox, require more proof than they have presented. I would bet they are saying they THEORETICALLY could break out of the sandbox but have absolutely no actual working exploits that go outside of existing user permissions and the sandbox...
Ah, the old "That vulnerability is completely theoretical" defense. It worked so well for Microsoft in 1992, and it's still working for Apple today.
...Because Obama really does write laws for the United Kingdom.
You do know that there are countries outside of the USA, right?
Nonsense. My web site has perfect security. OK, it has zero reachability, but hey, you have to pay a price. ;-)
Ahh, the "Switched off and unplugged locked in a titanium lined safe, buried in a concrete bunker, and is surrounded by nerve gas and very highly paid armed guards" security model. A wise choice.