A lot of things don't scale well. For example, if you have a bearing wtih a very small tolerance to roll around in, if you shrink the entire thing down to say, 50% its size, the bearing will sieze because the gap is not large enough to allow the grease molicules to move around anymore. You can't shrink the grease molicules so they don't fit right anymore.
Electrical insulators are a certain thickness to protect against arcing of a certain voltage. If you cut the thickness of an insulator in half and don't cut the voltage in half, the insulator will likely be compromised by the voltage and you'll get a short or an arc.
Certain effects, such as viscosity and magnetism, don't change linearly with change in distance. When two magnets get twice as close as they used to be, the attractive/repulsive forces are now four times as great. Since you've probably also just cut your structure thicknesses in half, they are now much weaker, and the magnets being stronger produces an exponentally rising imbalance. In the end the magnets will deform your construction.
When mechanical devices get very small, they also encounter new hazards you take for granted. A grain of sand in a gas tank isn't a big deal, until the gas tank has shrunk to 1cc. Minor vibration or mechanical shock becomes more dangerous in some respects, and becomes nonexistent in others. Parts that are designed to float with eachother will stick since they are not receiving the benefitial effects of vibrations normally present.
Combustion and other important chemical and physical reactions work very differently at larger and smaller scales.
Other factors also cause problems at small scales. Capilary effect, static attraction, surface tension, it's a whole new world when you get really small, especially when any liquids are involved. I think that's why we have physics, astrophysics, and quantum physics... the rules change when you radically alter size.
So there are actually a lot of things to consider when trying to shrink something. It's not just a matter of making all the parts smaller.
The legal system is full of loopholes, extensions, exceptions, and other silly rules that are designed to cover up for inadequecies in other laws. This helps to give everyone a fair chance by providing an abundance of opportunities to get justice, but as a result, the cockroaches that are running from the light have plenty of dark corners to hide for awhile. It usually delays the inevetable, but in some cases if they stall for time long enough it can work out in their favor. Though it also can mean the farther you lift the hammer in the air, the harder it hits when at last it lands. I'm looking forward to SCO getting "nailed". It will be entertaining to watch their entire world suddenly collapse in on itself under the weight of justice, as the last of their shoddy bracing gives way at once.
Even if you go to WAV or CD Audio, if you ever want to rip it back into some compressed format, you're going to lose quality.
Converting to CD audio ("AIFF") format is not going to lose anything. it's the conversion process back to MP3 (recompressing) that is going to cause quality loss. And if you are thinking future, do you really think we will be bothering to compress anything in the future? (do you really need to compress your 60mb AIFFs to 9mb MP3s to fit them on that 6TB mini CD?)
Makes you wonder, just how many of these "incidents" occur without any knowledge of the public. It would not surprise me to find out that my personal information is leaked or lost by one of the (hundreds? thousands?) of people collecting it on a "once every 24 months" basis. The only time you really see these things publicised is when someone gets caught trying to cover it up or when someone does some whistle blowing. (are there any laws in place that require disclosure when personal collected information is lost or stolen?) I would not be impressed to find that 75% of private information loss is unreported. "So, Henderson, you lost the backup tape? You'd better either find it or forget you ever had it!"
I've got a Garmin GPS III+, an older model with a 4 shade greyscale display. It's only got basic map information in it, usually only including the major streets in a town and not always including all the minor highways and county roads. It's still very handy for getting from A to B. Sometimes I go to a combination of mapqest and teraserver to locate where I'm going via satelite imagery, then get long/lat coordinates and dump them into the garmin.
More than once I've taken a trip guided almost entirely by the GPS. Once it resulted in a very long detour as I missed an exit and decided to let the GPS guide me through the middle of an unfamiliar city. Lots of turns, but it did take me straight to my destination, although through about 15 miles of 25mph streets. (probably shortest distance, but definitely not quickest route!)
They're also handy for telling you how long till you'll get to where you're headed. They're probably a driving hazard though - I know I am somewhat distracted when I am fumbling with the buttons to zoom in or out or something like that while driving. Lots of other things are much more distracting while driving, this is just one of the many ways you can increase your risks while driving. (picking up something that fell onto the passenger floorboard while driving is probably the most distracting thing you can do... my ipod likes to leap off my dashboard to the tune of potholes)
When I try that, with Mail for 10.3.9, I double click the attachment in the received message and mail says:
The attachment "Heise.jpg" is an application. Since applications can contain viruses or be harmful to your computer, be sure this attachment is from a trustworthy sender before saving or opening it.
Glad to see that this is indeed still secure.
What I have NOT tested yet is crafting a html/mime based email with embedded graphics, to see if somehow smuggling in such a "jpg" into the graphics might cause it to execute somehow if the option in mail to render html emails is enabled. THAT would be a scarry exploit, and would likely lead to the first major OS X email virus.
Custodial Staff (or "sanitation engineers" or just plain "janitors") amaze me at how much trust is placed in them for such a low wage. It's virtually universal for the custodians to have the master keys to the building and (almost) every room in the building, and they have this unrestricted, unsupervised access for several hours at a time, six times a week, at night. I can't dream up a better scenario for data theft. I'm surprised this isn't a bigger problem in corproate america.
How about a 4gb USB flash drive? Flash drives are becoming more popular than iPods, and are a heck of a lot easier to palm out of sight. They also look a lot less dangerous to most uneducated users, plugged into a USB keyboard rather than an ipod with its firewire/usb cable snaking over to the computer. As far as "sensitive data" goes, it's rarely related to its size. Anything capable of holding even a megabyte of data could easily be considered a major risk for sensitive information loss.
The iPod is just one of the many ways for data to walk out the door. PDAs are just as bad, and are probably the most commonly accepted data storage device let in the building short of cell phones.
All the technology does is make theft easier. It's just like the argument of guns.. it isn't the object that's dangerous, the object is only the enabler. It's the person using the object that makes it dangerous. ("guns don't kill people, people kill peope" -- "ipods don't steal company secrets, people steal company secrets")
In other words, if you are paranoid about your employees taking an iPod into work, why on earth did you hire them for a sensitive position? Them bringing that iPod in is, for the most part, completely beyond your control. (and the iPod is just one of many dozens of vectors to worry about) Whether or not you hire them (and let them, with or without their iPod, in the door) is totally within your control. Pick your battles wisely.
Lets see, this'll get me modded +5 Troll (truthful)
Why don't they make an OS that is immune from getting viruses just by clicking on a hot link or opening an attachment?
Because software companies (most notably MS) prefer to sacrifice security to provide increased "ease of use". Or, "it's not a bug, it's a feature". Features sell. Bugs... well they do affect sales, but not to anywhere the same magnitude as new features. Company P.R. can spin the new features as wonderful and huge, and play down or totally ignore the problems.
So if a new feature introduces a security risk, and it's not currently en vogue to exploit that particular feature, they include it. Then next year after that feature has gotten hundreds of thousands of their customer's boxes owned, they sell you another feature of a "more secure" xyz. See, they sell it to you broken, then they sell you the fix for it. And they call this "a good business model". The phishers make money, the software vendors make money, and you my friend, are the one that pays them, both.
There ought to be a law that makes it illegal for a company to make a "feature" in computer software that automatically executes a program that was not "reasonably verified" to be executing with the knowledge and consent of the owner. In a nutshell, if someone sends you something through a public medium, and it contains instructions that can tell your computer to do something without your permission, it should never be allowed to execute.
Even if CDs do become damaged, replacements are readily available at affordable prices.
Tried that. Doesn't work. My T2 DVD was poorly manufactured and when I snapped it onto the hub holder in my computer's optical drive tray, it cracked the DVD's hub in three directions, all the way into the media. They refused to replace it, told me to go buy another one. A friend of mine has a huge CD collection, and a number of them got scratched up when he dumped his motorcycle. He was unable to get a single one replaced, ended up having to buy replacements.
Getting replacement CDs and DVDs is about as futile as trying to get replacement software CDs before the age of registration codes. I lost a floppy once and had to mail in my user's manual before they'd send me a copy of the disk. In my first mailing to them I sent a polaroid of the FOURTEEN other install disks of their software titles that I also owned. They didn't care, they wanted to have the manual in their hands before they'd replace the disk.
A few people have suggested that it "might" ask for an admin password.
If the operator is an admin, he is a member of the admin group. This means he always has additional access to files and folders. It does nothing to allow privileged access to processes. This means his script can do things like add global fonts, create global startup items, etc. All that he needs to install "hooks" to catch the next user or execute on the next reboot, all without having to enter a password.
If you want privileges, like to change the startup disk, you need to elevate privs with something like sudo. That is what prompts for a password. Fortunately in the OS X security model, the system doesn't give you the option to bypass this requirement or to fish the password out of the system, so at least for these things, OS X is quite secure. The only exception to this is if you are logged in as root, you already have privileges and do not need to use sudo to access secured processes and structures. Some developers don't even bother checking for this possibility, as I have ran installers while logged in as root and have been prompted for my password anyway. I would throw out a guess that fewer than 1 in 400 mac users have ever logged in as root, and fewer than 1 in 3000 log in regularly as root.
FYI those are called "badges". In addition to the link arrow, icon views in finder can also display red (-) "no access" badges on them. Open another user's home folder and you'll see what I mean. Drop folders have a downward arrow on them, as the Drop Box in another user's home folder will show.
So this technique is already in use, just not for this purpose.
It would be a nice touch for OS X to allow you to enable an "application badge" on any icon that was executable, scriptable, or otherwise would cause any contained code to execute when double clicked. Maybe a black letter "A" inside a green circle would work nicely. This would work just like the current badges, where the badge is not part of the icon, but rather is added by the OS as it is being rendered, so that the app could not prevent it from displaying. This would also require apple to maintain some control over the badge api's so that malware could not hook into the badge system and patch it to either not work or not work correctly. (like to make the badge the same as the covered part of the app's icon, for infected files) I say this because apple tends to make everything they can be scriptable or patchable unless they have reason otherwise.
And to call this a virus is sensationalism at best. Commonly accepted requirements for viruses include:
1 unassisted introduction into a host, through networking or automatic "play when inserted" media rules, bugs
in networking code, or back doors 2 automatic execution of the contained script, code, or commands upon introduction to the host system, either
by design or bug, executing in a security mode sufficient to perform (3) and (4) 3 the ability to harvest or generate a list of additional hosts or contact points vulnerable to (1) 4 propogation of a viable copy of itself to host systems found in (3)
This "malware" is not capable of 2 because it requires manual execution by the host's operator. Admittedly, the security education level of the average macintosh owner is lacking enough that we could say that a dialog that pops up and asks for your admin password has achieved automatic execution with privileges, because so many users are like pavlov's dog, see password promt, type in password. But this mallware doesn't even automatically execute on the host system, it merely baits the user into double clicking it.
After reading the technical analysis, it also appears to fail at 4 due to the pointer bug that was identified.
Even if the pointer bug was fixed, it would still not qualify as a virus. It is at best a trojan. This is not too much more sophisticated than a "virus" that is a one-line applescript, "sudo rm -rF ~/*". Big whoop, we saw this one what, six months ago?
in the 90's I was in college and had access to mainframe terminals all over campus. (VMS Vax) The internet was just getting off the ground. Mozilla was the only web browser and only on the macs, and Lynx was still more popular. The only online games were called "muds". (Multi User Dungens) These were text based multiuser games, a bit like Zork if you can remember that game.
I got involved in a popular mud of the day, and soon found I was spending hours a day playing the game. I'd made quite a few friends in the game and was well known among the major players. Muds penalized you for logging out because any inventory or money you had on your character when you logged out, you lost. This included equipment. (armor, weapons, etc) You'd spend the next hour when you logged back in getting decent equipment to continue your gaming. So it was to your advantage to play for the longest possible continuous sessions. There were people that appeared to spend their entire day, most every day, playing the mud, because you could login at almost any time of day and find certain people always there in game.
I didn't have the greatest motivation at the time to go to certain classes, and found myself skipping some class to play the muds when I didn't feel like going to class. One day I arrived in the lab at 8am and left the lab at 4pm, having skipped all my classes that day. Then it just hit me like a lightning strike.... this was not good for me. So I signed back on, said my good-byes, and logged out. I have not played a mud since that day. (I guess you could say I quit cold turkey?)
Many things have changed since then, but many things are still the same. The muti user online games can be very addictive and provide a tempting escape from reality for a few hours a day. Those that lack the willpower to self-regulate their activities will probably find themselves in the same situation I put myself in so many years ago.
Re:The retail boxes are technically upgrades
on
OSx86 Cracked Again
·
· Score: 1
The retail OS X packages will install onto any macintosh that has supported hardware. (firewire ports, adequate memory, and adequate HD space are the usual requirements) There are machines that shipped with OS 9 that you can install 10.3 and 10.4 onto. And OS X has an "erase and install" option with no verification whatsoever as to what OS is/was on the hard drive, so it can hardly be considerd an update. Updates require a prior version of the software to be bought if not installed.
However, I have heard on several occasions that there is a clause in the OS X licensing agreement that states you can only install the software on a Macintosh. I haven't confirmed this myself, but with software licensing in the state it's in now, I wouldn't be entirely surprised if the license required you to write Steve into your will. 99% of software licenses also include the clause that forbids reverse engineering or modification of the product. Hacking it to run on a non mac would require breaking both of those rules as well. It wouldn't be piracy, but it would be violating the terms of the license, probably for several reasons.
Agreed. It's not illlegal to be a monopoly, but it is illegal for you to "abuse monopoly powers" I believe is how they put it. Is Apple a monopoly in the music market? Most certainly. (I'd consider any company with 80%+ of a market that could otherwise support several companies to be a monopoly) Do they abuse their monopoly power? No. If they wanted to abuse their monopoly power, they could say for example, that iPods will only work on macintoshes". This forces the consumer to buy a macintosh if they want to use a popular music player. Since apple has a monopoly on the popular music players, coercing the customer to buy macintoshes would be abuse of monopoly power. You don't see apple doing anything like that. And I think for that example at least they are benefiting, not suffering. There are a lot of people that don't own and don't want to own a mac, that own an ipod or two. If apple were to start placing silly limits like that, not only would they be guilty of abuse of monopoly powers, but they'd also probably lose money right off the bat. So playing by the rules would seem to benefit apple.
The current scheme is a little more complex, and the planned methods are a LOT more complex.
A pool of device keys were rolled up randomly to start with. I don't know how many. Probably a few thousand.
For each DVD, a random key is rolled up. (it's possible for them to roll up a new key for each production run) This master key is used to encrypt the content. The master key is then separately encrypted many times, once with each device key, and the result stored on the disk in a key dictionary. Note that each disk has a different master key.
Each device manufacturer that wants to make a DVD player has to sign a contract with the MPAA/RIAA or whoever it was that runs this madness. They agree that in exchange for one of the device keys, they agree to protect and keep the key secret.
Two of the manufacturers did not follow the terms of the contract, and stored their device keys in their players' firmware in easily retrievable format. Once these keys had been discovered, any disk that had been pressed up to that time contained the master key for that disk encrypted using that device key, so all disks up to that date had their security defeated.
Due to the nature of the encryption, once you know the master key, it is possible and practical to reverse engineer the remaining device keys. As a result of this, all device keys are now known to a number of people. If this had not happened, the MPAA/RIAA would have just deleted the compromised device keys from the dictionary for future releases. But since all device keys to date are now known, the only thing they could do is make a new device key dictionary, which would render all DVD players made to date unable to play new DVDs.
Among other improvements, the new system, it's designed in such a way that the compromise of one device key does not reveal all the other device keys. Also, I know little about the remaining technology, but one of them allows a "kill list" to be placed on a disk. They have added a way to obtain a "serial number" of sorts from the DVD player based on a ripped movie. They then would place that DVD player in the kill list for their new DVDs, and when placed in the targetted player, would deactivate it. Hard to say if this is rumor or true, it'd be a trick but certainly not out the realm of possibility. This way, if a sing;e player was compromised, they could deactivate it eventually. I doubt this would be very effective, but they are apparently going to try it anyway.
Wasn't the original purpose of this tax to help pay for the public broadcast stations? If my computer oor DVD player doesn't require the resource that is the TV station, what basis do they have to expect me to pay for a service I am not using?
Or do they just want to maintain their revenue stream?
Sorry I didn't waste my time gathering stats for you, you'll need to go find them yourself. I'm merely relaying personal experience, like you just did. (I didn't see any "stats" from you to support your experience?) Not having a windows XP machine here I am fully aware of all the things that can't run without active-x. You probably use quite a few of them without even knowing it.
Try disabling javascript for a week and see how your web browsing goes. Same efffect, though admittedly on a larger scale. It appears that every little startup that's trying to publish a web-based internal company tool is using active-x. It's hard to find one that isn't using active-x. It's not a bad idea in concept - you get to push your program to the host machine with no installation (short of active-x anyway) and have a wide degree of fredom and tools at your disposal. Updates are centralized. Unfortunately this means you have a high degree of control over the client computer, and are highly dependent on it having active-x (proprietary) installed on the client. You can also easily waste a day browsing all the active-x security problems. (patched and unpatched) The spyware authors must just looove active-x being installed on so many machines.
The idea of web based applications is actually very handy, and offers access to the program from a variety of locations, which is good.
Unfortunately, a huge majority of these applications are going active-x or other proprietary format, and are limiting users' access on a more fundamental level - they expand the coverage range but limit you by your access point. Our ticket system has just gone to an active-x system. Now I cannot access it from my laptop anymore. So instead of making things more flexible for me and being able to access the system from any of the 200 machines in the building that I used to be able to use, I now can access it from less than two dozen machines, only one of which I have convenient access to.
So who's really at fault here? The students? The hospital for not securing their computers and network? Or the adware companies for providing the incentive?"
YES
Though not all to the same degree as I'm sure you would agree. The student is of course the one that chose to break the law, and is most directly responsible for his actions. He was influenced by the adware company that offered incentive to break the law, "conspiracy to commit felony" or some such law. It's not as severe of a punishment as the felony (usually) but it's still illegal and clearly wrong.
"blame the victim" is a more controversial issue. I believe that "gross neglegence to protect one's own best interests" should in itself place a small amount of the blame on the victim. The world is not perfect, everyone is not honest, and you cannot possibly convince me that anyone in the world believes everyone around them is a saint. By not taking basic precautions when exposed to the general public, you dramatically increase your risk of becoming a victim, and that is your fault.
If I leave my car parked for a week downtown with the doors unlocked and the keys in the ignition, I'd be quite surprised to find it there a week later when I returned for it. Am I the one that stole the car? Of course not. But did my actions (or lack of actions) knowingly contribute to the theft? Of course. Were they easily preventable? Of course. That's why many insurance companies will not insure against theft if you leave your car unlocked and keys in the ignition, they recognize that you invited unnecessary and excessive risk.
I believe that the ones who so strongly resist blaming the victim are those that either have been victims in the past or that are afraid of becoming a victim, and believe that they have no responsibility to take care of themselves, and that the world should protect them. They are living in a fantasy world.
Looked at another way, criminals prefer easy targets, and this is a known factor. By taking less precaution for your safety and security than the average person, you attract the criminals to you and increase your odds of becoming a victim. Choosing to do that has got to be considered an error in judgement.
OK so they will have a beta of the new chip in 2007. That means they will be able to produce several hundred a month by 2008. Production quantity in 2009. They won't catch your laptop on fire if you wait to buy until 2011.
Apple is looking toward the future. Right now, IBM is not the right destination for them to walk toward.
By all accounts, Apple has already been left a bit in the dust waiting probably a year longer than they should have to go to AMD.
A lot of things don't scale well. For example, if you have a bearing wtih a very small tolerance to roll around in, if you shrink the entire thing down to say, 50% its size, the bearing will sieze because the gap is not large enough to allow the grease molicules to move around anymore. You can't shrink the grease molicules so they don't fit right anymore.
Electrical insulators are a certain thickness to protect against arcing of a certain voltage. If you cut the thickness of an insulator in half and don't cut the voltage in half, the insulator will likely be compromised by the voltage and you'll get a short or an arc.
Certain effects, such as viscosity and magnetism, don't change linearly with change in distance. When two magnets get twice as close as they used to be, the attractive/repulsive forces are now four times as great. Since you've probably also just cut your structure thicknesses in half, they are now much weaker, and the magnets being stronger produces an exponentally rising imbalance. In the end the magnets will deform your construction.
When mechanical devices get very small, they also encounter new hazards you take for granted. A grain of sand in a gas tank isn't a big deal, until the gas tank has shrunk to 1cc. Minor vibration or mechanical shock becomes more dangerous in some respects, and becomes nonexistent in others. Parts that are designed to float with eachother will stick since they are not receiving the benefitial effects of vibrations normally present.
Combustion and other important chemical and physical reactions work very differently at larger and smaller scales.
Other factors also cause problems at small scales. Capilary effect, static attraction, surface tension, it's a whole new world when you get really small, especially when any liquids are involved. I think that's why we have physics, astrophysics, and quantum physics... the rules change when you radically alter size.
So there are actually a lot of things to consider when trying to shrink something. It's not just a matter of making all the parts smaller.
The legal system is full of loopholes, extensions, exceptions, and other silly rules that are designed to cover up for inadequecies in other laws. This helps to give everyone a fair chance by providing an abundance of opportunities to get justice, but as a result, the cockroaches that are running from the light have plenty of dark corners to hide for awhile. It usually delays the inevetable, but in some cases if they stall for time long enough it can work out in their favor. Though it also can mean the farther you lift the hammer in the air, the harder it hits when at last it lands. I'm looking forward to SCO getting "nailed". It will be entertaining to watch their entire world suddenly collapse in on itself under the weight of justice, as the last of their shoddy bracing gives way at once.
Even if you go to WAV or CD Audio, if you ever want to rip it back into some compressed format, you're going to lose quality.
Converting to CD audio ("AIFF") format is not going to lose anything. it's the conversion process back to MP3 (recompressing) that is going to cause quality loss. And if you are thinking future, do you really think we will be bothering to compress anything in the future? (do you really need to compress your 60mb AIFFs to 9mb MP3s to fit them on that 6TB mini CD?)
Makes you wonder, just how many of these "incidents" occur without any knowledge of the public. It would not surprise me to find out that my personal information is leaked or lost by one of the (hundreds? thousands?) of people collecting it on a "once every 24 months" basis. The only time you really see these things publicised is when someone gets caught trying to cover it up or when someone does some whistle blowing. (are there any laws in place that require disclosure when personal collected information is lost or stolen?) I would not be impressed to find that 75% of private information loss is unreported. "So, Henderson, you lost the backup tape? You'd better either find it or forget you ever had it!"
I've got a Garmin GPS III+, an older model with a 4 shade greyscale display. It's only got basic map information in it, usually only including the major streets in a town and not always including all the minor highways and county roads. It's still very handy for getting from A to B. Sometimes I go to a combination of mapqest and teraserver to locate where I'm going via satelite imagery, then get long/lat coordinates and dump them into the garmin.
More than once I've taken a trip guided almost entirely by the GPS. Once it resulted in a very long detour as I missed an exit and decided to let the GPS guide me through the middle of an unfamiliar city. Lots of turns, but it did take me straight to my destination, although through about 15 miles of 25mph streets. (probably shortest distance, but definitely not quickest route!)
They're also handy for telling you how long till you'll get to where you're headed. They're probably a driving hazard though - I know I am somewhat distracted when I am fumbling with the buttons to zoom in or out or something like that while driving. Lots of other things are much more distracting while driving, this is just one of the many ways you can increase your risks while driving. (picking up something that fell onto the passenger floorboard while driving is probably the most distracting thing you can do... my ipod likes to leap off my dashboard to the tune of potholes)
When I try that, with Mail for 10.3.9, I double click the attachment in the received message and mail says:
The attachment "Heise.jpg" is an application. Since applications can contain viruses or be harmful to your computer, be sure this attachment is from a trustworthy sender before saving or opening it.
Glad to see that this is indeed still secure.
What I have NOT tested yet is crafting a html/mime based email with embedded graphics, to see if somehow smuggling in such a "jpg" into the graphics might cause it to execute somehow if the option in mail to render html emails is enabled. THAT would be a scarry exploit, and would likely lead to the first major OS X email virus.
Custodial Staff (or "sanitation engineers" or just plain "janitors") amaze me at how much trust is placed in them for such a low wage. It's virtually universal for the custodians to have the master keys to the building and (almost) every room in the building, and they have this unrestricted, unsupervised access for several hours at a time, six times a week, at night. I can't dream up a better scenario for data theft. I'm surprised this isn't a bigger problem in corproate america.
How about a 4gb USB flash drive? Flash drives are becoming more popular than iPods, and are a heck of a lot easier to palm out of sight. They also look a lot less dangerous to most uneducated users, plugged into a USB keyboard rather than an ipod with its firewire/usb cable snaking over to the computer. As far as "sensitive data" goes, it's rarely related to its size. Anything capable of holding even a megabyte of data could easily be considered a major risk for sensitive information loss.
The iPod is just one of the many ways for data to walk out the door. PDAs are just as bad, and are probably the most commonly accepted data storage device let in the building short of cell phones.
All the technology does is make theft easier. It's just like the argument of guns.. it isn't the object that's dangerous, the object is only the enabler. It's the person using the object that makes it dangerous. ("guns don't kill people, people kill peope" -- "ipods don't steal company secrets, people steal company secrets")
In other words, if you are paranoid about your employees taking an iPod into work, why on earth did you hire them for a sensitive position? Them bringing that iPod in is, for the most part, completely beyond your control. (and the iPod is just one of many dozens of vectors to worry about) Whether or not you hire them (and let them, with or without their iPod, in the door) is totally within your control. Pick your battles wisely.
Lets see, this'll get me modded +5 Troll (truthful)
Why don't they make an OS that is immune from getting viruses just by clicking on a hot link or opening an attachment?
Because software companies (most notably MS) prefer to sacrifice security to provide increased "ease of use". Or, "it's not a bug, it's a feature". Features sell. Bugs... well they do affect sales, but not to anywhere the same magnitude as new features. Company P.R. can spin the new features as wonderful and huge, and play down or totally ignore the problems.
So if a new feature introduces a security risk, and it's not currently en vogue to exploit that particular feature, they include it. Then next year after that feature has gotten hundreds of thousands of their customer's boxes owned, they sell you another feature of a "more secure" xyz. See, they sell it to you broken, then they sell you the fix for it. And they call this "a good business model". The phishers make money, the software vendors make money, and you my friend, are the one that pays them, both.
There ought to be a law that makes it illegal for a company to make a "feature" in computer software that automatically executes a program that was not "reasonably verified" to be executing with the knowledge and consent of the owner. In a nutshell, if someone sends you something through a public medium, and it contains instructions that can tell your computer to do something without your permission, it should never be allowed to execute.
Even if CDs do become damaged, replacements are readily available at affordable prices.
Tried that. Doesn't work. My T2 DVD was poorly manufactured and when I snapped it onto the hub holder in my computer's optical drive tray, it cracked the DVD's hub in three directions, all the way into the media. They refused to replace it, told me to go buy another one. A friend of mine has a huge CD collection, and a number of them got scratched up when he dumped his motorcycle. He was unable to get a single one replaced, ended up having to buy replacements.
Getting replacement CDs and DVDs is about as futile as trying to get replacement software CDs before the age of registration codes. I lost a floppy once and had to mail in my user's manual before they'd send me a copy of the disk. In my first mailing to them I sent a polaroid of the FOURTEEN other install disks of their software titles that I also owned. They didn't care, they wanted to have the manual in their hands before they'd replace the disk.
A few people have suggested that it "might" ask for an admin password.
If the operator is an admin, he is a member of the admin group. This means he always has additional access to files and folders. It does nothing to allow privileged access to processes. This means his script can do things like add global fonts, create global startup items, etc. All that he needs to install "hooks" to catch the next user or execute on the next reboot, all without having to enter a password.
If you want privileges, like to change the startup disk, you need to elevate privs with something like sudo. That is what prompts for a password. Fortunately in the OS X security model, the system doesn't give you the option to bypass this requirement or to fish the password out of the system, so at least for these things, OS X is quite secure. The only exception to this is if you are logged in as root, you already have privileges and do not need to use sudo to access secured processes and structures. Some developers don't even bother checking for this possibility, as I have ran installers while logged in as root and have been prompted for my password anyway. I would throw out a guess that fewer than 1 in 400 mac users have ever logged in as root, and fewer than 1 in 3000 log in regularly as root.
FYI those are called "badges". In addition to the link arrow, icon views in finder can also display red (-) "no access" badges on them. Open another user's home folder and you'll see what I mean. Drop folders have a downward arrow on them, as the Drop Box in another user's home folder will show.
So this technique is already in use, just not for this purpose.
It would be a nice touch for OS X to allow you to enable an "application badge" on any icon that was executable, scriptable, or otherwise would cause any contained code to execute when double clicked. Maybe a black letter "A" inside a green circle would work nicely. This would work just like the current badges, where the badge is not part of the icon, but rather is added by the OS as it is being rendered, so that the app could not prevent it from displaying. This would also require apple to maintain some control over the badge api's so that malware could not hook into the badge system and patch it to either not work or not work correctly. (like to make the badge the same as the covered part of the app's icon, for infected files) I say this because apple tends to make everything they can be scriptable or patchable unless they have reason otherwise.
And to call this a virus is sensationalism at best. Commonly accepted requirements for viruses include:
1 unassisted introduction into a host, through networking or automatic "play when inserted" media rules, bugs
in networking code, or back doors
2 automatic execution of the contained script, code, or commands upon introduction to the host system, either
by design or bug, executing in a security mode sufficient to perform (3) and (4)
3 the ability to harvest or generate a list of additional hosts or contact points vulnerable to (1)
4 propogation of a viable copy of itself to host systems found in (3)
This "malware" is not capable of 2 because it requires manual execution by the host's operator. Admittedly, the security education level of the average macintosh owner is lacking enough that we could say that a dialog that pops up and asks for your admin password has achieved automatic execution with privileges, because so many users are like pavlov's dog, see password promt, type in password. But this mallware doesn't even automatically execute on the host system, it merely baits the user into double clicking it.
After reading the technical analysis, it also appears to fail at 4 due to the pointer bug that was identified.
Even if the pointer bug was fixed, it would still not qualify as a virus. It is at best a trojan. This is not too much more sophisticated than a "virus" that is a one-line applescript, "sudo rm -rF ~/*". Big whoop, we saw this one what, six months ago?
in the 90's I was in college and had access to mainframe terminals all over campus. (VMS Vax) The internet was just getting off the ground. Mozilla was the only web browser and only on the macs, and Lynx was still more popular. The only online games were called "muds". (Multi User Dungens) These were text based multiuser games, a bit like Zork if you can remember that game.
I got involved in a popular mud of the day, and soon found I was spending hours a day playing the game. I'd made quite a few friends in the game and was well known among the major players. Muds penalized you for logging out because any inventory or money you had on your character when you logged out, you lost. This included equipment. (armor, weapons, etc) You'd spend the next hour when you logged back in getting decent equipment to continue your gaming. So it was to your advantage to play for the longest possible continuous sessions. There were people that appeared to spend their entire day, most every day, playing the mud, because you could login at almost any time of day and find certain people always there in game.
I didn't have the greatest motivation at the time to go to certain classes, and found myself skipping some class to play the muds when I didn't feel like going to class. One day I arrived in the lab at 8am and left the lab at 4pm, having skipped all my classes that day. Then it just hit me like a lightning strike.... this was not good for me. So I signed back on, said my good-byes, and logged out. I have not played a mud since that day. (I guess you could say I quit cold turkey?)
Many things have changed since then, but many things are still the same. The muti user online games can be very addictive and provide a tempting escape from reality for a few hours a day. Those that lack the willpower to self-regulate their activities will probably find themselves in the same situation I put myself in so many years ago.
The retail OS X packages will install onto any macintosh that has supported hardware. (firewire ports, adequate memory, and adequate HD space are the usual requirements) There are machines that shipped with OS 9 that you can install 10.3 and 10.4 onto. And OS X has an "erase and install" option with no verification whatsoever as to what OS is/was on the hard drive, so it can hardly be considerd an update. Updates require a prior version of the software to be bought if not installed.
However, I have heard on several occasions that there is a clause in the OS X licensing agreement that states you can only install the software on a Macintosh. I haven't confirmed this myself, but with software licensing in the state it's in now, I wouldn't be entirely surprised if the license required you to write Steve into your will. 99% of software licenses also include the clause that forbids reverse engineering or modification of the product. Hacking it to run on a non mac would require breaking both of those rules as well. It wouldn't be piracy, but it would be violating the terms of the license, probably for several reasons.
Agreed. It's not illlegal to be a monopoly, but it is illegal for you to "abuse monopoly powers" I believe is how they put it. Is Apple a monopoly in the music market? Most certainly. (I'd consider any company with 80%+ of a market that could otherwise support several companies to be a monopoly) Do they abuse their monopoly power? No. If they wanted to abuse their monopoly power, they could say for example, that iPods will only work on macintoshes". This forces the consumer to buy a macintosh if they want to use a popular music player. Since apple has a monopoly on the popular music players, coercing the customer to buy macintoshes would be abuse of monopoly power. You don't see apple doing anything like that. And I think for that example at least they are benefiting, not suffering. There are a lot of people that don't own and don't want to own a mac, that own an ipod or two. If apple were to start placing silly limits like that, not only would they be guilty of abuse of monopoly powers, but they'd also probably lose money right off the bat. So playing by the rules would seem to benefit apple.
The current scheme is a little more complex, and the planned methods are a LOT more complex.
A pool of device keys were rolled up randomly to start with. I don't know how many. Probably a few thousand.
For each DVD, a random key is rolled up. (it's possible for them to roll up a new key for each production run) This master key is used to encrypt the content. The master key is then separately encrypted many times, once with each device key, and the result stored on the disk in a key dictionary. Note that each disk has a different master key.
Each device manufacturer that wants to make a DVD player has to sign a contract with the MPAA/RIAA or whoever it was that runs this madness. They agree that in exchange for one of the device keys, they agree to protect and keep the key secret.
Two of the manufacturers did not follow the terms of the contract, and stored their device keys in their players' firmware in easily retrievable format. Once these keys had been discovered, any disk that had been pressed up to that time contained the master key for that disk encrypted using that device key, so all disks up to that date had their security defeated.
Due to the nature of the encryption, once you know the master key, it is possible and practical to reverse engineer the remaining device keys. As a result of this, all device keys are now known to a number of people. If this had not happened, the MPAA/RIAA would have just deleted the compromised device keys from the dictionary for future releases. But since all device keys to date are now known, the only thing they could do is make a new device key dictionary, which would render all DVD players made to date unable to play new DVDs.
Among other improvements, the new system, it's designed in such a way that the compromise of one device key does not reveal all the other device keys. Also, I know little about the remaining technology, but one of them allows a "kill list" to be placed on a disk. They have added a way to obtain a "serial number" of sorts from the DVD player based on a ripped movie. They then would place that DVD player in the kill list for their new DVDs, and when placed in the targetted player, would deactivate it. Hard to say if this is rumor or true, it'd be a trick but certainly not out the realm of possibility. This way, if a sing;e player was compromised, they could deactivate it eventually. I doubt this would be very effective, but they are apparently going to try it anyway.
Wasn't the original purpose of this tax to help pay for the public broadcast stations? If my computer oor DVD player doesn't require the resource that is the TV station, what basis do they have to expect me to pay for a service I am not using?
Or do they just want to maintain their revenue stream?
Sorry I didn't waste my time gathering stats for you, you'll need to go find them yourself. I'm merely relaying personal experience, like you just did. (I didn't see any "stats" from you to support your experience?) Not having a windows XP machine here I am fully aware of all the things that can't run without active-x. You probably use quite a few of them without even knowing it.
Try disabling javascript for a week and see how your web browsing goes. Same efffect, though admittedly on a larger scale. It appears that every little startup that's trying to publish a web-based internal company tool is using active-x. It's hard to find one that isn't using active-x. It's not a bad idea in concept - you get to push your program to the host machine with no installation (short of active-x anyway) and have a wide degree of fredom and tools at your disposal. Updates are centralized. Unfortunately this means you have a high degree of control over the client computer, and are highly dependent on it having active-x (proprietary) installed on the client. You can also easily waste a day browsing all the active-x security problems. (patched and unpatched) The spyware authors must just looove active-x being installed on so many machines.
Which one?
The other one of course!
I just heard a comedy bit today that sums up my post neatly in one short sentence.
"Life sucks, buy a helmet, ok?"
The idea of web based applications is actually very handy, and offers access to the program from a variety of locations, which is good.
Unfortunately, a huge majority of these applications are going active-x or other proprietary format, and are limiting users' access on a more fundamental level - they expand the coverage range but limit you by your access point. Our ticket system has just gone to an active-x system. Now I cannot access it from my laptop anymore. So instead of making things more flexible for me and being able to access the system from any of the 200 machines in the building that I used to be able to use, I now can access it from less than two dozen machines, only one of which I have convenient access to.
Wonderful, just wonderful.
So who's really at fault here? The students? The hospital for not securing their computers and network? Or the adware companies for providing the incentive?"
YES
Though not all to the same degree as I'm sure you would agree. The student is of course the one that chose to break the law, and is most directly responsible for his actions. He was influenced by the adware company that offered incentive to break the law, "conspiracy to commit felony" or some such law. It's not as severe of a punishment as the felony (usually) but it's still illegal and clearly wrong.
"blame the victim" is a more controversial issue. I believe that "gross neglegence to protect one's own best interests" should in itself place a small amount of the blame on the victim. The world is not perfect, everyone is not honest, and you cannot possibly convince me that anyone in the world believes everyone around them is a saint. By not taking basic precautions when exposed to the general public, you dramatically increase your risk of becoming a victim, and that is your fault.
If I leave my car parked for a week downtown with the doors unlocked and the keys in the ignition, I'd be quite surprised to find it there a week later when I returned for it. Am I the one that stole the car? Of course not. But did my actions (or lack of actions) knowingly contribute to the theft? Of course. Were they easily preventable? Of course. That's why many insurance companies will not insure against theft if you leave your car unlocked and keys in the ignition, they recognize that you invited unnecessary and excessive risk.
I believe that the ones who so strongly resist blaming the victim are those that either have been victims in the past or that are afraid of becoming a victim, and believe that they have no responsibility to take care of themselves, and that the world should protect them. They are living in a fantasy world.
Looked at another way, criminals prefer easy targets, and this is a known factor. By taking less precaution for your safety and security than the average person, you attract the criminals to you and increase your odds of becoming a victim. Choosing to do that has got to be considered an error in judgement.
2) Apple doesn't ever talk about battery life for a reaon...
I thought they said at the keynote that battery life was doubled for the macbooks ?
If I had mod pts you'd get a +1 insightful out of that.
I'm gonna try that myself...
OK so they will have a beta of the new chip in 2007. That means they will be able to produce several hundred a month by 2008. Production quantity in 2009. They won't catch your laptop on fire if you wait to buy until 2011.
Apple is looking toward the future. Right now, IBM is not the right destination for them to walk toward.
By all accounts, Apple has already been left a bit in the dust waiting probably a year longer than they should have to go to AMD.
should be portable to Windows without much difficulty."
...
insure that the resulting program is as crash-free as possible?
errrror.... eeeeeeeeeror... (computer explodes)