Oh, I think I get it. If you had part of a PGP key in memory, then, later, that memory was used for the ethernet "frame buffer", then it might be leaked over the network.
It's still not a huge problem, since this attack can already be carried out locally (since malloc() doesn't clear memory), but I guess it does make things worse.
I'd hardly call it "devastating", though. Since most secure applications clear their memory before freeing it (I would hope).
Why is this "devastating"? People can sniff ethernet networks anyway? People don't rely solely on a switch for your network security, right?? (Who am I kidding? Of course someone does. Sigh.)
Who cares? Human clones have been around for centuries -- they're called identical twins. I have yet to hear a reasonable argument for why human cloning should be banned.
There's nothing preventing someone from filing off the serial number, which applies both to registering ones firearm or the owner keeping track of the serial number.
In Canada, that's illegal, so a gun with a filed-off serial number can be seized anyway. Furthermore, a filed-off serial number can usually be recovered, since it's stamped into the metal when it's manufactured.
I think your alternative would solve the stolen-firearm problem. There are other benefits of gun registration (e.g. requiring persons to pass gun safety courses and stuff like that), but it seems feasible.
People should, but people don't. Given that people don't keep track of the serial numbers unless they have to, how to you propose that people keep track of serial numbers?
I'm not talking about gun control here so much as mandatory gun registration (like what now exists in Canada). One thing about gun registration that people usually don't think of is that a lot of times, "responsible gun owners" aren't -- they don't record their serial numbers, so there is no record of which guns are stolen. Consequently, when criminals (i.e. real, violent criminals, not pimply-faced WareZ D00ds) are arrested, and their (stolen) guns are found, the police can't seize he stolen guns because they can't actually *prove* the guns are stolen.
Mandatory gun registration makes it easy to prove that the guns are stolen (and get them back to their rightful owners, too!)
You had to learn on DOS? Ouch! You have my sympathy. I got to do most of my learning on an A500, which was more powerful than anything else until around 1995, which made using DOS simply painful.
Re:Setting the record straight
on
Ghost for Unix
·
· Score: 2
Are you offended by the concept of people profiting from your work? You will be well-protected if you employ the GPL.
That's a myth. The GPL doesn't stop people from profiting from your work. Read about it.
Re:g4u source code mirror
on
Ghost for Unix
·
· Score: 2
Just mount your filesystems as read-only, then run dd. Of course, if your pipe gets interrupted for some reason, you're screwed, but otherwise, it should work fine.
That's the one. I wish I could remember what it did to the machine - it was very subtle -- I suppose this is why people should document things. Oh well.
and those in their teens or early twenties who think they know it all and who really cut their teeth on redhat or mandrake and switched because of religious indoctrination.
Think I know it all? Some days. But *I* started on Slackware, went to Red Hat (5.2), got fed up with Red Hat, and switched to Debian, liked Debian, and stayed with Debian. I will probably keep using Debian until I switch to HURD (which will still be Debian).
I use Debian because I find I can be most productive with it. Gentoo is nice, but I don't want to waste time building everything. Everything else I've used simply lowered my productivity.
There's one driver you shouldn't load. I can't remember what it's called, but it fits the wildcard "[0-9][0-9][0-9][0-9].o". It will load whether or not you have the card, and then it will cause subtle instability.
A password will not magically protect you from all evildoers and is even a rather weak form of authentication when they could be using e.g. some sort of downloadable client with a private key signature scheme.
Or client SSL certificates, which are already standard.
Why is the DF (Don't Fragment) flag being set? Yes, blocking all ICMP is a broken practice, but the 'MTU error' won't happen unless that DF flag is set.
All it takes is a few different copies of the program, and a person can find out where the differences are and anonymize the program. "Phoning home" can be removed.
Browsers can only see what is sent to them over the socket. What you do on the server is your business -- the browser simply *cannot* tell, unless you've misconfigured something.
As for PDFs, you can't simply stream them as-is. You have to "optimize" them first. Have a look at pdfopt.ps (part of Ghostscript).
And it looks to me like it's pretty easy to get the specs. The current specs (not AdvancedTCA) cost $95.00. Hell, I can afford that. If you don't think $95.00 is reasonable/negligible, you don't need the spec because you're not manufacturing computer hardware.
In conclusion, it looks very much like an open standard.
Slashdot Mirror
It's still not a huge problem, since this attack can already be carried out locally (since malloc() doesn't clear memory), but I guess it does make things worse.
I'd hardly call it "devastating", though. Since most secure applications clear their memory before freeing it (I would hope).
Why is this "devastating"? People can sniff ethernet networks anyway? People don't rely solely on a switch for your network security, right?? (Who am I kidding? Of course someone does. Sigh.)
Cloning humans is not illegal in Canada. Unfortunately, it probably will be soon. Personally, I think banning the technology is way too premature.
Who cares? Human clones have been around for centuries -- they're called identical twins. I have yet to hear a reasonable argument for why human cloning should be banned.
You still have to trust someone to implement the double-key system.
In Canada, that's illegal, so a gun with a filed-off serial number can be seized anyway. Furthermore, a filed-off serial number can usually be recovered, since it's stamped into the metal when it's manufactured.
I think your alternative would solve the stolen-firearm problem. There are other benefits of gun registration (e.g. requiring persons to pass gun safety courses and stuff like that), but it seems feasible.
People should, but people don't. Given that people don't keep track of the serial numbers unless they have to, how to you propose that people keep track of serial numbers?
Mandatory gun registration makes it easy to prove that the guns are stolen (and get them back to their rightful owners, too!)
Plasma is not the same as white blood cells. Plasma is what your white blood cells float in.
You had to learn on DOS? Ouch! You have my sympathy. I got to do most of my learning on an A500, which was more powerful than anything else until around 1995, which made using DOS simply painful.
That's a myth. The GPL doesn't stop people from profiting from your work. Read about it.
Just mount your filesystems as read-only, then run dd. Of course, if your pipe gets interrupted for some reason, you're screwed, but otherwise, it should work fine.
That's the one. I wish I could remember what it did to the machine - it was very subtle -- I suppose this is why people should document things. Oh well.
Think I know it all? Some days. But *I* started on Slackware, went to Red Hat (5.2), got fed up with Red Hat, and switched to Debian, liked Debian, and stayed with Debian. I will probably keep using Debian until I switch to HURD (which will still be Debian).
I use Debian because I find I can be most productive with it. Gentoo is nice, but I don't want to waste time building everything. Everything else I've used simply lowered my productivity.
Even better man apt_preferences.
At least it did for me.
Well, perhaps you might, but I just suggested that as the actual script filename. Everything in cgi-bin is executed anyway.
It's pretty easy: ...
Or client SSL certificates, which are already standard.
Why is the DF (Don't Fragment) flag being set? Yes, blocking all ICMP is a broken practice, but the 'MTU error' won't happen unless that DF flag is set.
All it takes is a few different copies of the program, and a person can find out where the differences are and anonymize the program. "Phoning home" can be removed.
As for PDFs, you can't simply stream them as-is. You have to "optimize" them first. Have a look at pdfopt.ps (part of Ghostscript).
And it looks to me like it's pretty easy to get the specs. The current specs (not AdvancedTCA) cost $95.00. Hell, I can afford that. If you don't think $95.00 is reasonable/negligible, you don't need the spec because you're not manufacturing computer hardware.
In conclusion, it looks very much like an open standard.
The spec hasn't even been released yet.
s/you moron\. learn to speak\./s\/irregardless\/regardless\/g/