Which begs the question: is it immoral to pirate a game when you can no longer buy it legally? (because the publisher went bankrupt)
And, is it legal? (who's going to come after you for doing it?)
Not only that, but the two 9V batteries are going to discharge through one another, because of the internal resistance in the batteries. Current can flow through a battery (which is why you can connect them in series), and therefore at least one of them is going to go flat, even when it's not in use.
The two AA's are pretty pointless, as the iPod was rated 8 - 30V, suggesting they just used a 78l05 or similar power stabiliser (min. input voltage = output + 3V). 3.5" HDD usually only need 5V, any extra voltage is just going to get you some extra dissipated heat, and no extra playing time, because the power stabiliser has to dissipate anything above 8V.
For fsck sake, find yourself an EE 101 book or something.
I thought i had it figured it out: it's not exploitable.
The only way to get past the cbSkip > 1024 check, is to make sure it's negative. But in that case, Read will attempt to read at least 2^31 bytes (because the parameter is an unsigned integer), and either return 0, because it reached the end of the file before being able to read that many bytes (d'oh), or cause an access violation because it overran the buffer so far that it actually overran the stack and tried to write outside the process' memory.
But when Read returns 0 before overrunning the stack completely (shouldn't be hard, just don't make the file too big), it can try to clean up, but it'll have to return sometime, and the stack is already corrupted. So in the end, i do think it's exploitable.
Well, yes, ofcourse you could say that the fix is upgrading to IE 6.0. Too bad you can't install IE 6.0 on NT 4.0, no matter what service pack you have.
So you say the fix would be to upgrade to XP? That's far from free, and most machines running NT 4.0 now are to old to run XP. Besides, why upgrade when the OS you have does everything you need it to do?
Your analogy with open-source apps isn't right either. The 2.0 linux kernel, for example, is many years old now, but it's still being maintained and patched when needed.
How on earth could this little gem make it past QA? You'll have to admit it's pretty easy to spot when you're looking for vulnerabilities.
This guy did not provide an exploit. The file he attached would just crash IE, not execute code. He only showed how to overwrite EIP.
To actually execute code, one would have to get the code in memory (not very hard, just recalculate the offset variable and stuff the code in the pixel map of the bitmap), but you'd also have to figure out where in the memory this code would be placed, in order to jump to the right place. Even though this is possible, and not very hard (anyone with some knowledge of assembly programming could probably do it. I'm fairly sure I could do it, given a day or so), it's nearly impossible for your average 15-year old script kiddie to do so.
However, I do agree that he should have notified Microsoft and given them, say 5 days to come up with a patch. I mean, come on, the patch is like 15 keystrokes...
Ofcourse, it is yet another news article with SCO's name in it, but it also seems like IBM and Intel think they need a crapload of money to defend people, which in turn suggests that there is something to SCO's claims.
SCO really wants to go to court, but ofcourse they know they don't stand a chance. This amount of money on both sides could make for a spectacular trial. At the same time, some people, who hadn't figured it out yet, might realise that there is no way on earth SCO is actually going to win.
Besided that, i wonder if IBM and Intel did return-on-investment calculations on this. Maybe they figure the kudos will be worth more than 10M.
ehm, it would actually drain quite quickly.
A regular car battery supplies about 14.4 volts when it's full (even though it's called a 12 volt battery), and can supply about 40 Ah, when drained slowly (less when drained quickly). 150 / 14.4 ~= 10 Amps, so it would last only 4 hours, and that's only for the CPU.
I'm kinda surprised nobody (that i'm aware of, anyway) has started a little project to counter RFID. I don't think it would be very difficult.
I don't know how many of you know how RFID works, so i'll try to explain (yes, IAAEE, I Am An Electrical Engineer).
Basicly a RFID scanner works by transmitting a certain frequency (125Khz is very common). The tag has a L/C (coil-capacitor) ciruit tuned to this frequency. It uses energy from the circuit to power a tiny circuit (that's how it can work without a battery), which will then send it's stored code. It sends the information back to the scanner by effectively shorting out it's receiver circuit. Doing so drains more energy from the transmitter circuit on the scanner, which can be measured and so the code that the tag send can be decoded.
Now a couple of ideas on how to block it:
- block the scanner by transmitting the same frequency at a highly varying output level. This makes it effectively impossible to measure the tag shorting out it's receiver circuit, because of the heavy fluctuation in the field strength.
- use a microcontroller to send random codes. If enough people do this, the database will get stuffed with false information and will eventually be useless.
- fry the tags in your stuff, EMP-style. I think it would be possible to break the little circuit by placing the tag inside the transmitter coil of a powerfull (but very simple) oscillator running at 125kHz.
How about we just flood the spammer with fake orders? Sometimes, you have to fill out a webform or reply to an email (no, i've never done it, just sometimes i actually read the email). Maybe we could build a distributed system to flood the spammers order system with lots and lots of fake orders, making it impossible for him (or her! that's disturbing) to cash in on the real orders, thereby removing the possibility to make a profit.
Ofcourse, the cases where you'd have to call a particular number would be a bit more difficult, but i'm sure someone can come up with something.
Ofcourse, they only brought this up because the RIAA is threatening people.
Many people have argued that the RIAA doesn't need to read your drive when you're sharing your data, but i think they do. See, they can claim you're sharing song X from artist Y, but how do they prove it was you?
Ofcourse it's easy to get your IP when they're downloading the song, and it's probably easy for them to find out who is currently using this IP, but they'd still have to prove it was you. IP's can easely be spoofed and all.
The easiest way to prove it was you is to show that the file is in your shared folder.
So while it won't make it harder for them to track you down, but it may be harder to get a conviction.
(No, I don't have any faith in any justice system, especially the American. But anyways...)
I don't think it really matters that the surgeon knows you signed up as an organ donor. If the surgeon knows that your organs would probably be viable for transplantation, and that you probably signed up to be an organ donor (assuming the majority of the population signed up), he or she might still think about that boy in Kansas City.
On the other hand, if the surgeon did know you signed up, I think (hope) he or she might work a little harder to save your life, knowing that you're not another selfish son-of-a-bitch, but instead chose to possibly save someone else's life if yours would come to an unfortunate premature end.
I do think an organ receiver who signed up before he or she needed an organ should be preferred, and I do think people who obviously are to blame for there need of an organ (like heavy smokers) should not receive an organ that might otherwise have saved someone else who tried to live a healthy life.
now exacly what is wrong with SFTP? Putty (windoze ssh client) comes with a secure FTP client, and OpenSSH comes with a SFTP server. It's a bit of a hassle to navigate (no command completion), and you have to copy the files to/from your local system, but still... this doesn't really add any new functionality.
The flashlight would seem practical indeed, but i doubt it would be very bright, considering there is no room for a decent mirror to focus the beam. Besided that, i think it would quickly drain those precious milliamps from the battery.
The sound meter seems pretty useless to me, but i guess, since a phone typicly has a microphone build in (d'oh), all it takes is a piece of software.
When the hardware receives an incoming call, the software automatically pulls up the caller's contact information and photo if the data are stored on the system.
This is going to be interesting. If i recall correctly, the dutch personal privacy laws don't allow the automatic retrieval of caller information. (although is it allowed when you manually copy the number from one program to another, don't ask me why) Again, microsoft is doing something illegal. I wonder if they would disable the feature on the computers sold in the Netherlands, or try to change the law...
It really is simple to build a robot that will retain it's balance, even without any electronics. You simply need big wheels and a heavy weight under the axle, so that the point of gravity is underneath the point of rotation (the axle). My guess is he did that, if only to assist in keeping the balance. The wheels seem pretty big, and it looks like to motors are right in between them. The last thing you want to do is make the robot top-heavy.
Slashdot Mirror
Which begs the question: is it immoral to pirate a game when you can no longer buy it legally? (because the publisher went bankrupt)
And, is it legal? (who's going to come after you for doing it?)
The two AA's are pretty pointless, as the iPod was rated 8 - 30V, suggesting they just used a 78l05 or similar power stabiliser (min. input voltage = output + 3V). 3.5" HDD usually only need 5V, any extra voltage is just going to get you some extra dissipated heat, and no extra playing time, because the power stabiliser has to dissipate anything above 8V.
For fsck sake, find yourself an EE 101 book or something.
The only way to get past the cbSkip > 1024 check, is to make sure it's negative. But in that case, Read will attempt to read at least 2^31 bytes (because the parameter is an unsigned integer), and either return 0, because it reached the end of the file before being able to read that many bytes (d'oh), or cause an access violation because it overran the buffer so far that it actually overran the stack and tried to write outside the process' memory.
But when Read returns 0 before overrunning the stack completely (shouldn't be hard, just don't make the file too big), it can try to clean up, but it'll have to return sometime, and the stack is already corrupted. So in the end, i do think it's exploitable.
So you say the fix would be to upgrade to XP? That's far from free, and most machines running NT 4.0 now are to old to run XP. Besides, why upgrade when the OS you have does everything you need it to do?
Your analogy with open-source apps isn't right either. The 2.0 linux kernel, for example, is many years old now, but it's still being maintained and patched when needed.
How on earth could this little gem make it past QA? You'll have to admit it's pretty easy to spot when you're looking for vulnerabilities.
To actually execute code, one would have to get the code in memory (not very hard, just recalculate the offset variable and stuff the code in the pixel map of the bitmap), but you'd also have to figure out where in the memory this code would be placed, in order to jump to the right place. Even though this is possible, and not very hard (anyone with some knowledge of assembly programming could probably do it. I'm fairly sure I could do it, given a day or so), it's nearly impossible for your average 15-year old script kiddie to do so.
However, I do agree that he should have notified Microsoft and given them, say 5 days to come up with a patch. I mean, come on, the patch is like 15 keystrokes...
Here in the Netherlands, you can always call the local police station by dailing 0900-8844, which spells 0900-TUIG.
Tuig means scum in dutch.
Ofcourse, it is yet another news article with SCO's name in it, but it also seems like IBM and Intel think they need a crapload of money to defend people, which in turn suggests that there is something to SCO's claims.
SCO really wants to go to court, but ofcourse they know they don't stand a chance. This amount of money on both sides could make for a spectacular trial.
At the same time, some people, who hadn't figured it out yet, might realise that there is no way on earth SCO is actually going to win.
Besided that, i wonder if IBM and Intel did return-on-investment calculations on this. Maybe they figure the kudos will be worth more than 10M.
ehm, it would actually drain quite quickly. A regular car battery supplies about 14.4 volts when it's full (even though it's called a 12 volt battery), and can supply about 40 Ah, when drained slowly (less when drained quickly). 150 / 14.4 ~= 10 Amps, so it would last only 4 hours, and that's only for the CPU.
The result is that VB.NET shall become a complex language too, to the point that most traditional VB programmers have to give up.
You say it like that's a bad thing.
Those that fail to learn from history are doomed to repeat it. Next semester!
I don't know how many of you know how RFID works, so i'll try to explain (yes, IAAEE, I Am An Electrical Engineer).
Basicly a RFID scanner works by transmitting a certain frequency (125Khz is very common). The tag has a L/C (coil-capacitor) ciruit tuned to this frequency. It uses energy from the circuit to power a tiny circuit (that's how it can work without a battery), which will then send it's stored code. It sends the information back to the scanner by effectively shorting out it's receiver circuit. Doing so drains more energy from the transmitter circuit on the scanner, which can be measured and so the code that the tag send can be decoded.
Now a couple of ideas on how to block it:
- block the scanner by transmitting the same frequency at a highly varying output level. This makes it effectively impossible to measure the tag shorting out it's receiver circuit, because of the heavy fluctuation in the field strength.
- use a microcontroller to send random codes. If enough people do this, the database will get stuffed with false information and will eventually be useless.
- fry the tags in your stuff, EMP-style. I think it would be possible to break the little circuit by placing the tag inside the transmitter coil of a powerfull (but very simple) oscillator running at 125kHz.
Maybe we could build a distributed system to flood the spammers order system with lots and lots of fake orders, making it impossible for him (or her! that's disturbing) to cash in on the real orders, thereby removing the possibility to make a profit.
Ofcourse, the cases where you'd have to call a particular number would be a bit more difficult, but i'm sure someone can come up with something.
Many people have argued that the RIAA doesn't need to read your drive when you're sharing your data, but i think they do. See, they can claim you're sharing song X from artist Y, but how do they prove it was you?
Ofcourse it's easy to get your IP when they're downloading the song, and it's probably easy for them to find out who is currently using this IP, but they'd still have to prove it was you. IP's can easely be spoofed and all.
The easiest way to prove it was you is to show that the file is in your shared folder.
So while it won't make it harder for them to track you down, but it may be harder to get a conviction.
(No, I don't have any faith in any justice system, especially the American. But anyways...)
On the other hand, if the surgeon did know you signed up, I think (hope) he or she might work a little harder to save your life, knowing that you're not another selfish son-of-a-bitch, but instead chose to possibly save someone else's life if yours would come to an unfortunate premature end.
I do think an organ receiver who signed up before he or she needed an organ should be preferred, and I do think people who obviously are to blame for there need of an organ (like heavy smokers) should not receive an organ that might otherwise have saved someone else who tried to live a healthy life.
we call them birdcoppers.
now exacly what is wrong with SFTP?
Putty (windoze ssh client) comes with a secure FTP client, and OpenSSH comes with a SFTP server.
It's a bit of a hassle to navigate (no command completion), and you have to copy the files to/from your local system, but still... this doesn't really add any new functionality.
* Nigerian scams reloaded
* Free viagra
* Penis or breast enlargements (1 per person)
The sound meter seems pretty useless to me, but i guess, since a phone typicly has a microphone build in (d'oh), all it takes is a piece of software.
i read that as "'Bruce Almight' topless 'Matrix' sequel."
That's just disturbing
This is going to be interesting. If i recall correctly, the dutch personal privacy laws don't allow the automatic retrieval of caller information. (although is it allowed when you manually copy the number from one program to another, don't ask me why) Again, microsoft is doing something illegal. I wonder if they would disable the feature on the computers sold in the Netherlands, or try to change the law...
I mean, hurds of people must have mistyped the input type tag at one point or another, how come we never heard of this before?
MS already has a 64 bit OS: NT 3.51
i have 2 DEC Alpha stations that where running it when i got them (needless to say, i got rid of NT very quickly).
How come MS can't do it anymore? i realise that 64 Alpha isn't quite the same as i64, but really, how hard can it be?
And you're quite sure that cat /dev/urandom >file won't produce any metallica songs?
It really is simple to build a robot that will retain it's balance, even without any electronics. You simply need big wheels and a heavy weight under the axle, so that the point of gravity is underneath the point of rotation (the axle). My guess is he did that, if only to assist in keeping the balance. The wheels seem pretty big, and it looks like to motors are right in between them. The last thing you want to do is make the robot top-heavy.
now has "hello, world!" tattooed onto his arm?