You really don't want students to have WiFi capaibilities in an examination environment. Remember, there are two kinds of WiFi network: infrastructure, and peer-to-peer.
The (government) customer is imposing a style guide that specifies asterisks, something which was perfectly easy to do back in the days of WordPerfect, and WordPerfect was the standard word processing software at the time the style guide was written. Welcome to Inertiaworld.
Having worked with redlining myself (not for an attorney, but for a publications department that needed it), I can confirm that. To this day, it's much easier to mark the margins of a highlighted paragraph with asterisks and the like in WordPerfect (just a format attributed) than Word (text box).
There are other things in WordPerfect that are helpful to attorneys, too. It's a shame that every version of WordPerfect since 8.0 has s*&^ed.
Precisely. How often have we seen reports of compromises on GNU source code servers on Slashdot? (And I'll bet Microsoft is targeted by 30 times as many black hats; we just never get the incident reports.)
An automatic patch system is the subsystem most vulnerable to serious exploits because it runs with the highest privileges on the target machine and only requires that the exploiter compromise a second machine. Exploit the patch server, you're The Man Who Owned the World.
A vulnerability in Linksys WiFi routers was reported. I assume that Linksys was warned ahead of time. How did they fix the vulnerability? By changing the password on the backdoor to something that was found quite easily within days of the "fix." If this is the kind of behavior we see in an environment in which vulnerabilities ARE widely and publicly reported, what makes you think we'll see responsible behavior in an environment in which they AREN'T widely and publicly reported?
This would be a good point if the publish and patch system were finding most or almost all vulnerabilities that exist in software. But we are effectively finding and publishing information about only a very small fraction of existing vulnerabilities. The publishing of that small fraction really doesn't protect you from Dmitri at all. And it lowers the skillset required of script kiddies to wreak havoc.
If we're finding only a very small fraction of existing vulnerabilities, why aren't there 10 times as many day 0-n exploits (exploits of previously undiscovered vulnerabilities)?
Either
1. the exploiters aren't savvy enough to find vulnerabilities on their own,
2. the exploiters who are savvy enough to find vulnerabilities on their own are so damned good we have no hope of even knowing we've been owned until we find the vulnerability ourselves,
3. the exploiters tend to find exploits at about the same time the white hats do for epistemological reasons to difficult to go into here (basically, trends filter across communities, and one idea leads inevitably to others, so that as long as the white hats and the exploiters have access to the same data, they will tend to follow the same lines of research), or
4. we really are finding a larger fraction of the vulnerabilities than this thread is arguing.
The only excuse for NOT trying to find exploits as a white hat is if you're certain the real reason there aren't very many day 0-n exploits is reason #1.
And what happens if it IS true, but there is one, JUST ONE, black hat with the skills necessary to find and exploit previously unknown vulnerabilites in Windows or in a widely-used non-Windows server, and the motives to use it, while security experts are sitting on their duffs? We'd be looking at a pretty solid disaster, no? Because the security experts won't be used to looking for exploits, and so will have a harder time reverse-engineering it, and it may be in code we don't know enough about because no one has picked through it looking for vulnerabilities, etc.
So, no, I don't buy the argument that finding and publishing vulnerabilities is a bad idea.
No, they don't want to focus on the "fun" aspects. Just as you don't want trigger-happy psychotics in your army, you also don't want folks who think that the Army is just a pinic. A simulation like that would weed out the picnickers; watching someone play a sim like that would help weed out the psychotics.
Except in the Silmarillion, the creation was likened to an extremely complex symphony, whereas this is just white noise.
That's just the difference between theory and observation. Tolkien believed in intelligent design, and so imagined a symphony. On the other hand, we've actually gone and done it - decoded the remnants of the big bang into white noise - so we know the truth.
Yeah, and if you put a Porsche engine in a Chevy Nova and trick it up with street racing parts, repaint it, and put Michelin tires on it, you'll have a Lamborghini.
They're not pictures of the outside of the case, but of the INSIDE of the case: so they are seen as clues to changes to the engineering. As for "how fast it ran," I suspect the megahertz myth is lurking behind that phrase.
The problem is that apparently the regulation requires that the software that blocks currency reproduction MUST BE CLOSED SOURCE. This would mean that Open Source implementation of this feature would be illegal: ipso facto, open source graphics editing software would be illegal. Now, reading the article, I'm not 100% sure that the closed source implementation the article talks about is the only acceptable implementation of the feature, but if the interpretation provided in this article IS correct, this would be rather a problem for the FOSS community.
On the other hand, an open source implementation wouldn't genuinely be any less secure than a block-box implementation. Why? Because open-source software with the features necessary to counterfeit currency already exists. So anyone with the software skills necessary to take an open source software package with an open source implementation of the counterfeiting-blocking code, remove that code, and recompile it without the code would already be capable of finding a copy of an earlier version of existing OSS graphics editing code and compiling that, without the counterfeiting-blocking code. So the "closed source" part of this requirement would make no sense.
It says that an invention that was *patented* or described in a *printed PUBLICATION* in this or a foreign country or in *public* use or *on sale* in this country... That's disclosure, not invention.
You make this posting as though noone else had ever replicated the iridium findings. They have. Are you saying that Alvarez's lab tech has spent the past few decades running around rubbing a wedding ring into all the samples taken?
Slashdot Mirror
Sure you can. See sibling post. No personal (as in owned by students) devices with WiFi allowed in the classroom during the exam.
You really don't want students to have WiFi capaibilities in an examination environment. Remember, there are two kinds of WiFi network: infrastructure, and peer-to-peer.
The (government) customer is imposing a style guide that specifies asterisks, something which was perfectly easy to do back in the days of WordPerfect, and WordPerfect was the standard word processing software at the time the style guide was written. Welcome to Inertiaworld.
You should do a search for "emacs wrap mode," it may be what you want.
Meteoroid : Asteroid :: Meteor : Oh, shit!
Sounds to me as though what you really want is a word processing mode for emacs. Something like a wrap mode.
Having worked with redlining myself (not for an attorney, but for a publications department that needed it), I can confirm that. To this day, it's much easier to mark the margins of a highlighted paragraph with asterisks and the like in WordPerfect (just a format attributed) than Word (text box).
There are other things in WordPerfect that are helpful to attorneys, too. It's a shame that every version of WordPerfect since 8.0 has s*&^ed.
khtml. You knew what I was talking about. The point is - they could have bought the code from OmniWeb instead. They didn't. They used OSS.
I'd rather see him wandering dazed around the back woods of Maine. In hunting season. Without the orange vest.
Even in the EU, there's a lot more differences in the laws from country to country than from state to state.
My understanding is that they've checked a lot of their work back into the public trunks on CVS of several different projects, such as Konqueror.
Precisely. How often have we seen reports of compromises on GNU source code servers on Slashdot? (And I'll bet Microsoft is targeted by 30 times as many black hats; we just never get the incident reports.)
An automatic patch system is the subsystem most vulnerable to serious exploits because it runs with the highest privileges on the target machine and only requires that the exploiter compromise a second machine. Exploit the patch server, you're The Man Who Owned the World.
A vulnerability in Linksys WiFi routers was reported. I assume that Linksys was warned ahead of time. How did they fix the vulnerability? By changing the password on the backdoor to something that was found quite easily within days of the "fix." If this is the kind of behavior we see in an environment in which vulnerabilities ARE widely and publicly reported, what makes you think we'll see responsible behavior in an environment in which they AREN'T widely and publicly reported?
This would be a good point if the publish and patch system were finding most or almost all vulnerabilities that exist in software. But we are effectively finding and publishing information about only a very small fraction of existing vulnerabilities. The publishing of that small fraction really doesn't protect you from Dmitri at all. And it lowers the skillset required of script kiddies to wreak havoc.
If we're finding only a very small fraction of existing vulnerabilities, why aren't there 10 times as many day 0-n exploits (exploits of previously undiscovered vulnerabilities)?
Either
1. the exploiters aren't savvy enough to find vulnerabilities on their own,
2. the exploiters who are savvy enough to find vulnerabilities on their own are so damned good we have no hope of even knowing we've been owned until we find the vulnerability ourselves,
3. the exploiters tend to find exploits at about the same time the white hats do for epistemological reasons to difficult to go into here (basically, trends filter across communities, and one idea leads inevitably to others, so that as long as the white hats and the exploiters have access to the same data, they will tend to follow the same lines of research), or
4. we really are finding a larger fraction of the vulnerabilities than this thread is arguing.
The only excuse for NOT trying to find exploits as a white hat is if you're certain the real reason there aren't very many day 0-n exploits is reason #1.
And what happens if it IS true, but there is one, JUST ONE, black hat with the skills necessary to find and exploit previously unknown vulnerabilites in Windows or in a widely-used non-Windows server, and the motives to use it, while security experts are sitting on their duffs? We'd be looking at a pretty solid disaster, no? Because the security experts won't be used to looking for exploits, and so will have a harder time reverse-engineering it, and it may be in code we don't know enough about because no one has picked through it looking for vulnerabilities, etc.
So, no, I don't buy the argument that finding and publishing vulnerabilities is a bad idea.
No, they don't want to focus on the "fun" aspects. Just as you don't want trigger-happy psychotics in your army, you also don't want folks who think that the Army is just a pinic. A simulation like that would weed out the picnickers; watching someone play a sim like that would help weed out the psychotics.
Except in the Silmarillion, the creation was likened to an extremely complex symphony, whereas this is just white noise.
That's just the difference between theory and observation. Tolkien believed in intelligent design, and so imagined a symphony. On the other hand, we've actually gone and done it - decoded the remnants of the big bang into white noise - so we know the truth.
The Universe was created by Dom Delillo.
Yeah, and if you put a Porsche engine in a Chevy Nova and trick it up with street racing parts, repaint it, and put Michelin tires on it, you'll have a Lamborghini.
Not if you have another base station . . . It's primarily intended as a repeater, not a standalone AP (though it can be used as one).
They're not pictures of the outside of the case, but of the INSIDE of the case: so they are seen as clues to changes to the engineering. As for "how fast it ran," I suspect the megahertz myth is lurking behind that phrase.
The problem is that apparently the regulation requires that the software that blocks currency reproduction MUST BE CLOSED SOURCE. This would mean that Open Source implementation of this feature would be illegal: ipso facto, open source graphics editing software would be illegal. Now, reading the article, I'm not 100% sure that the closed source implementation the article talks about is the only acceptable implementation of the feature, but if the interpretation provided in this article IS correct, this would be rather a problem for the FOSS community.
On the other hand, an open source implementation wouldn't genuinely be any less secure than a block-box implementation. Why? Because open-source software with the features necessary to counterfeit currency already exists. So anyone with the software skills necessary to take an open source software package with an open source implementation of the counterfeiting-blocking code, remove that code, and recompile it without the code would already be capable of finding a copy of an earlier version of existing OSS graphics editing code and compiling that, without the counterfeiting-blocking code. So the "closed source" part of this requirement would make no sense.
Just give them enough permissions to open mozilla and vncviewer and mount and burn a cd. It's a vacation house - what else would they need?
It says that an invention that was *patented* or described in a *printed PUBLICATION* in this or a foreign country or in *public* use or *on sale* in this country ... That's disclosure, not invention.
I've got a job. But many of my friends don't. And they do know their field.
I was working at a convenience store a few years ago, and got held up at gun point while developing on my powerbook
Damn, is the job market really that bad?
In a word, Yes.
You make this posting as though noone else had ever replicated the iridium findings. They have. Are you saying that Alvarez's lab tech has spent the past few decades running around rubbing a wedding ring into all the samples taken?