So it's a stack smash in the USB code? And Sony have already suspended distribution? I'm guessing that there'll be a patch for this within days, if there isn't already one...
No, some of them really do sell these meds, though they're often cut with something, way too strong or way too weak. The reason this spam is so prevalent is that a bunch of stupid consumers have learned that you can actually buy from these stores and you do receive pills. There was an interesting investigation into this by some paper a while ago, where they ordered some viagra from one of these stores then got it lab tested. It came wrapped in a copy of a Bombay newspaper and was dramatically stronger than the prescription stuff, but it was indeed generic viagra.
The kids these days, if they enjoy online games, are almost certainly upgraded past the Summer 2009 kernel release which seals the hole used. Notice how the first step is "check if your xbox is exploitable". If you can find an Xbox that was put into a dusty cupboard around that time, AND are willing to do all the electronics work then you can play the pirated game. In practice that's not many people.
It might not even be about character assassination. Apparently in the wake of this news Afton Bladet will not be publishing Assanges first article tomorrow as had been planned. What does this mean for his protection under Swedish journalism laws? It could be far more clever than just about making him look bad.
Probably the latter. If men were able to destroy women without being seriously punished by making up false claims for some crime, they'd probably do it in equal numbers. However no such crime exists. Rape is weird in that people who falsely accuse others are often let off with extremely light sentences or no sentences at all.
Men accused of rape should always be presumed innocent anyway (beyond that people are supposed to always be presumed innocent until guilty). The rate of false accusations is absolutely staggering - it has been studied several times and although the figures vary, they tend to be anywhere between 25% and 75%. Compare to that a more typical false reporting rate for other crimes of a few percent at most. Wiki has some info. Probably the best study done was still the Kanin study, in which only the woman admitting the charge was false could result in a verdict of false reporting. That found a rate of 41%. And this is just against random guys, let alone famous people.
That's a pretty big assumption. Firstly the dongle thing is clearly intended for piracy, it comes complete with "backup functionality", a GUI for that etc. I don't see any mention of booting Linux anywhere. Secondly whatever strategy Sony used, it clearly worked - PS3 is more than half way through its probably lifetime and has never been usefully hacked before. Time will tell if they can figure out how it was done and renew the protection - or not.
We'll just have to agree to disagree. For what it's worth, Google has bought quite a few companies and then not continued with the products (eg, dodgeball).
I think that's over simplifying things a bit. I used to work on Earth and think it's actually a very nice example of two innovative companies coming together to achieve more than either could alone. Earth is certainly not just Keyhole rebranded, though it may look like that.
When Keyhole was acquired by Google, it was bottlenecked by several things. One was cash, to pay for imagery and serving costs. Another was technology. The Earth model back then was crude - high resolution imagery was unusual and most of the world was extremely low res - enough to see the difference between cities and rural areas, but not enough to really discern individual buildings.
The Keyhole guys were basically a team of graphics specialists and their key innovations were in the realm of streaming and rendering subsets of large pieces of imagery on the client side. The solid 60fps swooping animation over the entire world was their killer party trick. On the other hand, the backend was fairly standard. Once the cash problem was solved, they faced a second problem - they couldn't process or serve the huge piles of imagery suddenly becoming available. So a team from Google (who were, uh, "organically hired") set about rewriting the serving and processing systems from scratch, with the goal of scaling up to the new world. They used a lot of now famous technology like GFS, BigTable and MapReduce to do so, and the result was the ability to release it free to the world - along with sudden and enormous leaps in image quality. The final product was what we know today as Google Earth.
I think it's easy to over-state the influence of startups. For instance whilst Docs may have started with some acquisitions, the resulting codebase has been completely rewritten several times. The newest version was done by a totally different team, as far as I know. Big companies often buy smaller companies for the people, not because writing a frontend to contentEditable is such a tricky piece of innovation. People who create successful startups have proven they have qualities that all companies want, so if cash is available, buying these companies can be a good way to expand the team.
Likewise, whilst Android was originally a startup, nearly all the work was done after the company was bought. The original Android did not (for instance) use Dalvik, although Dalvik is fundamental to what Android is today. That was done by other people recruited by Google to work on the project.
Well gee TheRaven, the idea of "make email better" has been around a long time. I wrote a real-time interactive discussion forum system much like Wave back in 2002 (based on XUL and Jabber). And DJB was describing a "sender stores" email system back in 2000. So if you only thought of it in 2005 you were behind the times!
No, wait. Innovation doesn't mean creating something totally left field that nobody in the history of mankind has ever thought of before. That's impossible. Ideas are so cheap compared to implementations, there'll always be somebody who can truthfully say "I thought of it first".
"Innovation", if we're going to have another argument about definitions, I'd say is about taking ideas that are out there, and combining them or extending them in interesting new ways. To say Wave isn't innovative seems absurd. Even though I'd done something similar nearly 10 years ago, when I saw the Wave demo I knew it was something unique. The precise blend of document editing and email worked in ways we hadn't seen before. It introduced the world to the operational transform. It featured a statistical spelling checker. It showed how conversations could weave between the public, semi public and private seamlessly. And so on.
Now I'll happily admit I'm biased. I work for Google (not on Wave), but if you want to compare innovation across big companies I think it stacks up pretty well compared to Apple. A key test for "is a company innovative?" is whether it's willing to develop ideas that might obsolete its existing products. Wave definitely fit that category, even though in the end it didn't take over the world. The Android/ChromeOS duality is another - they take very different approaches and I think it's an open question which will be more significant in the long run, although Android is clearly ahead right now.
With Apple, one can argue about whether this is true also of the iPad/Mac line of products - it's hard to say that the iPad is really trying to replace the Mac given the form factor.
Another test is how much basic R&D does a company do. Apple does some of this in the hardware space, but their contributions to state of the art in software is pretty limited, eye candy aside. Whereas Google is developing advanced speech recognition, machine translation, visual search, capability based security systems for various platforms, new ways to compile dynamic languages, video codec research and so on.
Both Android and ChromeOS are based on UNIX but neither expose POSIX as an API, so researching ways to change for the better seems like a good use of time.
Ask the developers? I have done this with other apps a few times and often the answer is as lame as "oops, we forgot to take it out after experimentation". The culture of minimizing permissions hasn't really taken hold yet, but with enough nagging it can. Android usually offers ways of achieving what you want without a permission, eg, the weather channel can initiate a call by triggering the dialer with a number pre-populated. The the user can make the call with a single tap. After the call ends the user is returned to the app.
People, especially PC games pirates, want to play the games that are hot right now. They don't sit down and say, well gee, pirating Call of Duty is kind of hard so I guess I'll download Bubble Pop instead. They sit down and say, well gee, pirating Call of Dity is kind of hard so I guess I'll buy it.
The assumption that every CEO of (nearly) every games company is an idiot is amazing. They use DRM because they have accumulated lots of evidence that it's worth the cost. Yes, games are usually cracked eventually. But so what? If the additional sales from the time in which it wasn't cracked are more than the cost of DRM you'll do it, it's a no brainer. And they often are, even for fairly weak or crappy protections.
UbiSoft style copy protection is probably going to be more common in future. If well done it would be very difficult to completely strip, eg, a good design should force the cracker to play the game in every possible way, visit every possible part of every level, obtain every achievement etc. A lot of work for a single game. And whilst the cracker is busy doing this, regular gamers are running out of patience and running to buy a copy. Now UbiSofts implementation didn't appear to be all that great to me, judging from the source code of the server emulation that was posted. But it still kept their last game without (fully working) cracks for many weeks. As the bulk of sales are in the first weeks, that's a big success for them!
The reason OS X doesn't have any malware is not technical, it's economic. Back in the days of Classic viruses were mostly written for kicks by people who were essentially hobbyist programmers. These days viruses are mostly developed for profit by people in developing countries, in particular ex Soviet states.
This shows us a few reasons for what is observed. The first is that malware writers target the OS they use themselves because that's what they're familiar with. Apples laptop lines are selling like gangbusters in the west, but Apples overall market share as measured by large internet sites remains small because they have virtually no presence in any markets where cost is the most critical factor - ie, outside west Europe and the North America. Malware writers don't target Macs because they don't have them, they don't have them because generally they can't justify the extra costs.
The second is that Apples market share is significantly skewed towards laptops. Do Apple even sell Mac Pros any more? I never heard of anyone actually buying one. You don't really want to build a botnet made of laptops because they frequently switch on and off, change IP addresses and if your bot is doing anything CPU intensive the user will notice.
The third reason is that the malware ecosystem is entirely Windows based. It's very common now for botnets to make some of their money by reselling installation services. You can see such a site at installsmarket.net - again, even if you're some kind of freak malware author who uses a Mac, your customers will be providing you with Windows EXEs, so you have a big incentive to stick with it.
A fourth reason is that a lot of malware infections happen through installation of pirated software. This affects Macs less because (a) there is less software available to pirate in particular games, (b) it's not unheard of for machines to come infected out the box in some poorer countries because the OS itself is pirated and (c) again the demographics of Mac users are skewed more towards people with money.
These reasons are primarily economic. For as long as the western consumer market continues to split apart OS-wise from the developing and business worlds, I don't anticipate this changing. Windows isn't going anywhere and the most attractive targets will remain on it for a long time.
Gah. Please, just follow the instructions you are given in future. I will be amazed if the setup guide for your internet connection did not request you to change your password.
The problem with having an open password is that any piece of malware or in some cases even web pages can reflash your router. It can then intercept and rewrite your internet connection as it sees fit. As there's no A/V software for routers, you are then shit out of luck, assuming you can even find the problem in the first place.
This is not a theoretical attack. It has been observed in the wild.
Read the paper by Nick Seriot to see what iPhone apps can do without users being aware of it. And given that iPhone apps can be obfuscated to avoid automatic analysis by Apple, the real question is, how many apps are on the app store that steal your data without anyone knowing about it? Bear in mind that this report is here because Android apps tell you what they can do when you install them. All this company did was grep the market for apps that seemed to request more permissions than they should for their category.
In fact Android is a trademark, there are requirements for its use, like for example having standardized hardware buttons and minimum performance specs. The iPhone meanwhile does not have a standard screen resolution (retina display, hello!), nor are capabilities or performance consistent across the different devices. In fact the same version of the OS may offer wildly differing capabilities depending on what hardware it's on.
The differences between Android and iOS are blown out of proportion by the media. There's really not a whole lot in it. Especially in regards to user interface. Quick, pick a random iPhone app and tell me if it has settings and if so, whether they're in the app itself or a part of the Settings app?
Slashdot Mirror
So it's a stack smash in the USB code? And Sony have already suspended distribution? I'm guessing that there'll be a patch for this within days, if there isn't already one ...
No, some of them really do sell these meds, though they're often cut with something, way too strong or way too weak. The reason this spam is so prevalent is that a bunch of stupid consumers have learned that you can actually buy from these stores and you do receive pills. There was an interesting investigation into this by some paper a while ago, where they ordered some viagra from one of these stores then got it lab tested. It came wrapped in a copy of a Bombay newspaper and was dramatically stronger than the prescription stuff, but it was indeed generic viagra.
The kids these days, if they enjoy online games, are almost certainly upgraded past the Summer 2009 kernel release which seals the hole used. Notice how the first step is "check if your xbox is exploitable". If you can find an Xbox that was put into a dusty cupboard around that time, AND are willing to do all the electronics work then you can play the pirated game. In practice that's not many people.
Ah yes, being a witch :) I'd forgotten about that one .... good example.
It might not even be about character assassination. Apparently in the wake of this news Afton Bladet will not be publishing Assanges first article tomorrow as had been planned. What does this mean for his protection under Swedish journalism laws? It could be far more clever than just about making him look bad.
Probably the latter. If men were able to destroy women without being seriously punished by making up false claims for some crime, they'd probably do it in equal numbers. However no such crime exists. Rape is weird in that people who falsely accuse others are often let off with extremely light sentences or no sentences at all.
Men accused of rape should always be presumed innocent anyway (beyond that people are supposed to always be presumed innocent until guilty). The rate of false accusations is absolutely staggering - it has been studied several times and although the figures vary, they tend to be anywhere between 25% and 75%. Compare to that a more typical false reporting rate for other crimes of a few percent at most. Wiki has some info. Probably the best study done was still the Kanin study, in which only the woman admitting the charge was false could result in a verdict of false reporting. That found a rate of 41%. And this is just against random guys, let alone famous people.
By "doesn't work on every revision" you mean it doesn't work on any device that updated past Summer 2009 right?
You realize the xbox 360 has a thriving indie game scene, right? Without any firmware hacks?
That's a pretty big assumption. Firstly the dongle thing is clearly intended for piracy, it comes complete with "backup functionality", a GUI for that etc. I don't see any mention of booting Linux anywhere. Secondly whatever strategy Sony used, it clearly worked - PS3 is more than half way through its probably lifetime and has never been usefully hacked before. Time will tell if they can figure out how it was done and renew the protection - or not.
We'll just have to agree to disagree. For what it's worth, Google has bought quite a few companies and then not continued with the products (eg, dodgeball).
I think that's over simplifying things a bit. I used to work on Earth and think it's actually a very nice example of two innovative companies coming together to achieve more than either could alone. Earth is certainly not just Keyhole rebranded, though it may look like that.
When Keyhole was acquired by Google, it was bottlenecked by several things. One was cash, to pay for imagery and serving costs. Another was technology. The Earth model back then was crude - high resolution imagery was unusual and most of the world was extremely low res - enough to see the difference between cities and rural areas, but not enough to really discern individual buildings.
The Keyhole guys were basically a team of graphics specialists and their key innovations were in the realm of streaming and rendering subsets of large pieces of imagery on the client side. The solid 60fps swooping animation over the entire world was their killer party trick. On the other hand, the backend was fairly standard. Once the cash problem was solved, they faced a second problem - they couldn't process or serve the huge piles of imagery suddenly becoming available. So a team from Google (who were, uh, "organically hired") set about rewriting the serving and processing systems from scratch, with the goal of scaling up to the new world. They used a lot of now famous technology like GFS, BigTable and MapReduce to do so, and the result was the ability to release it free to the world - along with sudden and enormous leaps in image quality. The final product was what we know today as Google Earth.
I think it's easy to over-state the influence of startups. For instance whilst Docs may have started with some acquisitions, the resulting codebase has been completely rewritten several times. The newest version was done by a totally different team, as far as I know. Big companies often buy smaller companies for the people, not because writing a frontend to contentEditable is such a tricky piece of innovation. People who create successful startups have proven they have qualities that all companies want, so if cash is available, buying these companies can be a good way to expand the team.
Likewise, whilst Android was originally a startup, nearly all the work was done after the company was bought. The original Android did not (for instance) use Dalvik, although Dalvik is fundamental to what Android is today. That was done by other people recruited by Google to work on the project.
Well gee TheRaven, the idea of "make email better" has been around a long time. I wrote a real-time interactive discussion forum system much like Wave back in 2002 (based on XUL and Jabber). And DJB was describing a "sender stores" email system back in 2000. So if you only thought of it in 2005 you were behind the times!
No, wait. Innovation doesn't mean creating something totally left field that nobody in the history of mankind has ever thought of before. That's impossible. Ideas are so cheap compared to implementations, there'll always be somebody who can truthfully say "I thought of it first".
"Innovation", if we're going to have another argument about definitions, I'd say is about taking ideas that are out there, and combining them or extending them in interesting new ways. To say Wave isn't innovative seems absurd. Even though I'd done something similar nearly 10 years ago, when I saw the Wave demo I knew it was something unique. The precise blend of document editing and email worked in ways we hadn't seen before. It introduced the world to the operational transform. It featured a statistical spelling checker. It showed how conversations could weave between the public, semi public and private seamlessly. And so on.
Now I'll happily admit I'm biased. I work for Google (not on Wave), but if you want to compare innovation across big companies I think it stacks up pretty well compared to Apple. A key test for "is a company innovative?" is whether it's willing to develop ideas that might obsolete its existing products. Wave definitely fit that category, even though in the end it didn't take over the world. The Android/ChromeOS duality is another - they take very different approaches and I think it's an open question which will be more significant in the long run, although Android is clearly ahead right now.
With Apple, one can argue about whether this is true also of the iPad/Mac line of products - it's hard to say that the iPad is really trying to replace the Mac given the form factor.
Another test is how much basic R&D does a company do. Apple does some of this in the hardware space, but their contributions to state of the art in software is pretty limited, eye candy aside. Whereas Google is developing advanced speech recognition, machine translation, visual search, capability based security systems for various platforms, new ways to compile dynamic languages, video codec research and so on.
Both Android and ChromeOS are based on UNIX but neither expose POSIX as an API, so researching ways to change for the better seems like a good use of time.
D (version 2). It has most of the flexibility of Python, but lacking 90% of the danger and general lack of clarity that typifies Python code.
Ask the developers? I have done this with other apps a few times and often the answer is as lame as "oops, we forgot to take it out after experimentation". The culture of minimizing permissions hasn't really taken hold yet, but with enough nagging it can. Android usually offers ways of achieving what you want without a permission, eg, the weather channel can initiate a call by triggering the dialer with a number pre-populated. The the user can make the call with a single tap. After the call ends the user is returned to the app.
Android actually does display a window that says "This app wants to do something that may cost money".
People, especially PC games pirates, want to play the games that are hot right now. They don't sit down and say, well gee, pirating Call of Duty is kind of hard so I guess I'll download Bubble Pop instead. They sit down and say, well gee, pirating Call of Dity is kind of hard so I guess I'll buy it.
The assumption that every CEO of (nearly) every games company is an idiot is amazing. They use DRM because they have accumulated lots of evidence that it's worth the cost. Yes, games are usually cracked eventually. But so what? If the additional sales from the time in which it wasn't cracked are more than the cost of DRM you'll do it, it's a no brainer. And they often are, even for fairly weak or crappy protections.
UbiSoft style copy protection is probably going to be more common in future. If well done it would be very difficult to completely strip, eg, a good design should force the cracker to play the game in every possible way, visit every possible part of every level, obtain every achievement etc. A lot of work for a single game. And whilst the cracker is busy doing this, regular gamers are running out of patience and running to buy a copy. Now UbiSofts implementation didn't appear to be all that great to me, judging from the source code of the server emulation that was posted. But it still kept their last game without (fully working) cracks for many weeks. As the bulk of sales are in the first weeks, that's a big success for them!
The reason OS X doesn't have any malware is not technical, it's economic. Back in the days of Classic viruses were mostly written for kicks by people who were essentially hobbyist programmers. These days viruses are mostly developed for profit by people in developing countries, in particular ex Soviet states.
This shows us a few reasons for what is observed. The first is that malware writers target the OS they use themselves because that's what they're familiar with. Apples laptop lines are selling like gangbusters in the west, but Apples overall market share as measured by large internet sites remains small because they have virtually no presence in any markets where cost is the most critical factor - ie, outside west Europe and the North America. Malware writers don't target Macs because they don't have them, they don't have them because generally they can't justify the extra costs.
The second is that Apples market share is significantly skewed towards laptops. Do Apple even sell Mac Pros any more? I never heard of anyone actually buying one. You don't really want to build a botnet made of laptops because they frequently switch on and off, change IP addresses and if your bot is doing anything CPU intensive the user will notice.
The third reason is that the malware ecosystem is entirely Windows based. It's very common now for botnets to make some of their money by reselling installation services. You can see such a site at installsmarket.net - again, even if you're some kind of freak malware author who uses a Mac, your customers will be providing you with Windows EXEs, so you have a big incentive to stick with it.
A fourth reason is that a lot of malware infections happen through installation of pirated software. This affects Macs less because (a) there is less software available to pirate in particular games, (b) it's not unheard of for machines to come infected out the box in some poorer countries because the OS itself is pirated and (c) again the demographics of Mac users are skewed more towards people with money.
These reasons are primarily economic. For as long as the western consumer market continues to split apart OS-wise from the developing and business worlds, I don't anticipate this changing. Windows isn't going anywhere and the most attractive targets will remain on it for a long time.
Gah. Please, just follow the instructions you are given in future. I will be amazed if the setup guide for your internet connection did not request you to change your password.
The problem with having an open password is that any piece of malware or in some cases even web pages can reflash your router. It can then intercept and rewrite your internet connection as it sees fit. As there's no A/V software for routers, you are then shit out of luck, assuming you can even find the problem in the first place.
This is not a theoretical attack. It has been observed in the wild.
Read the paper by Nick Seriot to see what iPhone apps can do without users being aware of it. And given that iPhone apps can be obfuscated to avoid automatic analysis by Apple, the real question is, how many apps are on the app store that steal your data without anyone knowing about it? Bear in mind that this report is here because Android apps tell you what they can do when you install them. All this company did was grep the market for apps that seemed to request more permissions than they should for their category.
You're not forced to request access to everything. I've written an Android app and that warning never appeared for it.
In fact Android is a trademark, there are requirements for its use, like for example having standardized hardware buttons and minimum performance specs. The iPhone meanwhile does not have a standard screen resolution (retina display, hello!), nor are capabilities or performance consistent across the different devices. In fact the same version of the OS may offer wildly differing capabilities depending on what hardware it's on.
The differences between Android and iOS are blown out of proportion by the media. There's really not a whole lot in it. Especially in regards to user interface. Quick, pick a random iPhone app and tell me if it has settings and if so, whether they're in the app itself or a part of the Settings app?
Are you sure you didn't get that backwards? Finnish is legendary for how hard it is for foreigners to learn.