I think Beryllium Sphere(tm) maybe was being sarcastic?
Anyway, the article itself contained absolutely nothing new imho. Worse, it seems to suggest craptastic security measures such as checking referer or user-agent strings, and using POST rather than GET because its harder to fake! I mean, yeah, but none of these things will actually make the application safer in any real sense -- only very very slightly moderately harder to attack. ish.
And what was this about:
"If I would be able to insert Javascript in the web-application I am currently looking at in my other browser window, I would be able to easily delete any post the site allows me to delete. Now that doesn't seem all that destructive as it only affects that user? Wrong, any user visiting will have its own posts deleted. Ouch."
How is this relevant to sites using AJAX? I mean, *any* website that allows someone to inject script is vulnerable.
Oh and this classic:
"The question is -- can we perform an action while somebody is logged in somewhere else. It is basically XSS/CSS (Cross Site Scripting) but then again, it isn't."
Seriously.... this article was written by a twelve year old. If this is the best "darknet.org.uk" can do, then really, we do not need to worry too much about being hacked any time soon (webmaster of the ring-tone website accepted... but then, they probably don't freqeunt slashdot!!:D)
Appologies for the rant!! But sometimes there are some rubbish articles posted to/. and they deserve to be flamed!;)
Are you just smoking funny cigarettes today or does this come from somewhere? I doubt any software vendor knows what its 2009 roadmap looks like, so I'll bet on the former.
The 2009 came from TFA... but it makes absolutely no sense in the context of the threads to which I appear to have replied! So, I'm inclined to agree with you and bet on the former also!!!:D
(seriously -- I'm not sure what I was trying to say. I think I must've been reading one thread and replying to another, or something)
Possible.... but not very likely. More likely is simply that if the product needs ongoing support (e.g. bug fixes) and thus would mean the UK is dependant on the US, unless of course the UK has a copy of the source-code.
The "switching off" thing is (I think) really just not providing support, since an unsupported aircraft would be rather risky to use in combat; the enemy could potentially be aware of the bugs that exist and could potentially exploit them.
I might be wrong, but I think "amliebsch" was illuding to the fact that entities with lots of money can, er, make sure things go their way! (nudge-nudge wink-wink)
What specifically do you object to?
I believe its the case that there's a cost issue with gaining access to source code (and presumably the 500 hours of support), which means that things aren't level.
Don't get me wrong here, I don't expect MS to provide free support to anyone. I'm simply pointing out that if you have to pay for it, then it isn't free! And if the intention of the EU action is to make the field level, then this won't help. Thus, we can ignore this and concentrate on the documentation...
Their "expert" took 48 hours to evaluate the 12,000 pages of documentation. Part of that evaluation included attempting to duplicate some portion of the specification.
Yes, that's right. They tried to write some massively complicated piece of code from scratch with no background or knowledge of the problem in 48 hours, failed, and then claimed the documentation was insufficient as a result.
I've not seen the documentation myself so I can't comment. So either it was good documentation, bad documentation, or something in the middle. If it was bad documenation, would it take longer to establish this? Maybe not. Maybe it would be obvious it was bad.
At least Microsoft's screwing is transparent. The comission's screwing happens behind closed doors.
Yeah, maybe. But at the end of the day, who's judging this? Its not like the parties get to throw their evidence on the table and ask the public to take a vote! On the otherhand, I don't see any reason the evidence shouldn't be public.
500 free hours of tech support
To who? Who does that help?
and even the source code in question
Yeah, but not without strings! So it doesn't exactly level the playing field.
despite providing 1200 (or 12000, I forget which) pages of documentation
I believe that the problem is that the documentation is in some way lacking! That being the case (and I agree, it is subjective), then the EU would be correct in declaring is insufficient, since thats the whole point!
I think it's quite clear that no matter what Microsoft does, the EU commission will declare it insufficient because they want that cash.
Yeah, whatever. And... uh... its quite clear to me that, er, Microsoft wants to screw around in order to maintain their monopoly. Uh! ;)
If they're good, they'll use a decent encryption system, but the problem is that they either have to have these skills themselves or they need to buy them in, the latter increasing their operational "risk", and both increasing their operational "cost".
In theory, criminals/terrorists would never get caught since they'd always use decent encryption systems. The fact that they don't always encrypt highlights the crim/orists plight!!
here is how it happened... The system needed to be updated, but the WSUS wouldn't update until the computer account was in the Admin container..... put the computer in the admin container... hmmm, now the computer is its own administrator! I just read that while studying for my MCSE Cert;-) scary
Sooooo, what you're saying is, the computers end up taking over the world, seizing control of all our automated systems and in turn starting the third world war, AND, you're out of a job 'cos "the system" no longer needs an MCSE?!
Add in the fact that you can get a decent compression ration across this data (and your typical 6-8MP DSLRS certainly do) without any loss of data... maybe 15mb... or less.
How do they get this compression? (and don't say "by using jpegs"!)
It's because those who CAN'T handle juggling of memory pointers find solace in the language. When I was graduating, there were a lot of people standing alongside me that probably shouldn't have been. They had cheated their way through school, plagarizing projects and scamming answers to exams. They couldn't write a word in C or assembly, but they could force out a few lines of.NET because it's easy.
I'll agree that the use of.NET does not imply stupidity. It abstracts some of the gorier details of programming so that smart people don't have to worry about it when they use.NET for smart applications. However, it also allows stupid people to not have to worry about the gorier details of programming.
Basically, it empowers all people, both capable and non-capable.
Which from an employers POV is a good thing as it drives down the cost of hiring. (albeit that entirely conflicts with the CNN article)
One specific time I had to upgrade my BIOS was on a Packard Bell iGo 4450 laptop (aka NEC Vesa something or other) because when using a Netgear WG511T PCMCIA wireless card, it would just lock up after a minute or three of use. Updating the BIOS to a newer version fixed this.
My point is that all this kit is totally consumer grade stuff... although I agree that likely the "average" user would need to get someone "professional" (in quotes, because I need to include PC World employees!) to do this, not least because the laptop in question has no floppy and only a DVD-ROM but the update requires read/write bootable media.
Two new ideas on the subject:
- What about those dual BIOS motherboards with backups to protect against bad flashes?
- What about that "virus protection" setting that some BIOS used to have?
Dual BIOS mobos -- well, I have an old Packard Bell desktop (466MHz Celeron) circa year 2000, that has a Gigabyte mobo. This motherboard does feature dual bios, but in Packard Bell confgiuration, anything that would increase cost has been removed..... so it features 1 BIOS and 1 solder point! I guess it all comes down to cost in the end, so maybe consumer kit is doomed!!
As for "virus protection" in the BIOS, isn't that just to prevent anything writting to the boot sector of the HD?
> US TV: "Power" button on the TV itself and the one on the remote
> do exactly the same thing: switch between "on" and "standby". The
> only way to get it off is to unplug the mains cord.
That would be illegal in the UK and EU. It wouldn't meet the safety requirements.
Not sure thats true; I don't believe I've ever had a UK VCR that didn't work that way, although you can see the logic... unless you don't need the clock/timer!
But at least with a HD, if you really really really need to get your data back, then it is possible to employ the services of a data recover company to get it back. With something solid-state, I think it is more likely you will never be able to recover that data.
Not that a data recovery company is a good, cost effective thing, but at least there is a plan-b in the event you need one!
Google have a trusted brand, and they do already sell server appliances. The business model is unlikely to be based on selling the boxes per se, but more likely on renting software and/or ad-sponsored applications. I think as long as they don't sell it as a computer but rather a web browser/email/a few bundled apps in a box machine, then it could work. If they stick to that, they don't need any removable media drive, just a HD and broadband net connection.
Uhm... The country-code TLDs were designed to be controlled by the recognized governments of the territories represented by those codes. There is absolutely nothing questionable that with a clear, catastrophic change of government in a region that ICANN would "redelegate" that domain to the proper identification of that new government.
So who is it that actually makes the decision? To quote from tfa:
At that meeting, consciously and for the first time, ICANN used a US government-provided reason to turn over Kazakhstan's internet ownership to a government owned and run association without requiring consent from the existing owners. The previous owners, KazNIC, had been created from the country's Internet community.
Exactly what catastrophic change of government in a region occured in Kazakhstan that required this change? (note -- this is a rhetorical question)
For all I know, it was 100%, completely legitimate to make the changes that were made. If any other entity such as the UN, the EU or whoever, had made the decision, it may have been the same. But the problem is that they didn't! Instead, a self appointed judge and jury, namely the US, made that decision for the rest of the world.
What you seem to be saying here is that the US is largely determining who that recognized government is which is a valid criticism and _certainly_ is applicable in the case of.af and.iq to the point that it is impossible to separate the issue.
I don't understand! (I'm aware that often when people say things like that, they're trying to imply that the original poster said something un-intelligable. Please note, I'm not trying to imply that.... I simply couldn't understand what point you were making!:) )
Just to clarify, as far as.af and.iq go, those two ccTLDs are the ones where the US is justified in have a hand in by virtue of recent events. Any debate about whether those events were justified is beyond the scope of this discusion.
Appolgies if you were making the same point!!:)
However, that does rather draw question to your claim that this isn't about attacking the US or ICANN.
I probably should've said "This isn't about attacking capitalism or even the US or ICANN per se". If ICANN was a French organisation and the French government had recently refused to relinquish absolute control, then they would be the focus of... erm... attack (for want of a better word!). My point in the "This isn't about attacking..." statement was to counter the "oh you lefties, you always attack ICANN/US/Bush/etc" sentiment of the parent.
For that matter, they should have a top-level category on/. for "Why ICANN SUXX0RZ." It would probably comprise 20% of the site.
Agreed --/. does seem to have got particularly polarised in the last year or so.:(
The point was that the US gave up control, and is still getting shit for it. And the rest of the world wonders why we don't give a shit that we're hated.. We'll be hated in certain circles no matter what we do, so why should we even bother trying to be liked?
Ooooooooh, now you're just being silly!:P
Anyway, if that were true and you really believed that you'd be hated whatever, then there would be no point in your replying in the first place!
Accepting that the US does get a load of shit thrown at it, much of it probably rather unfairly, if I were from the US[1], I'd console myself with the thought that this type of thing happens only when the other party in in some way jealous... otherwise, why would *everyone else* waste so much time giving the US so much stick? (don't answer that!)
[1] I don't usually think of myself as an entire nation!
Result of the US giving control over the.kz domain to the government of Kazakhstan : "The US unilaterally made decisions over internet governance! They want to tell the whole world what to do!"
Result if the US had denied control over the.kz domain to the government of Kazakhstan : "The US refuses to allow a sovereign country to control their own TLD! They want to tell the whole world what to do!"
You'll note that in both your examples, the decision making is done by the US.
Is that not the problem and the point of the article?
Oh, and before you mention it, the fact that if any other entity had made the decision, it may have been the same is not the point!
Slashdot Mirror
I think Beryllium Sphere(tm) maybe was being sarcastic?
:D)
/. and they deserve to be flamed! ;)
Anyway, the article itself contained absolutely nothing new imho. Worse, it seems to suggest craptastic security measures such as checking referer or user-agent strings, and using POST rather than GET because its harder to fake! I mean, yeah, but none of these things will actually make the application safer in any real sense -- only very very slightly moderately harder to attack. ish.
And what was this about:
"If I would be able to insert Javascript in the web-application I am currently looking at in my other browser window, I would be able to easily delete any post the site allows me to delete. Now that doesn't seem all that destructive as it only affects that user? Wrong, any user visiting will have its own posts deleted. Ouch."
How is this relevant to sites using AJAX? I mean, *any* website that allows someone to inject script is vulnerable.
Oh and this classic:
"The question is -- can we perform an action while somebody is logged in somewhere else. It is basically XSS/CSS (Cross Site Scripting) but then again, it isn't."
Seriously.... this article was written by a twelve year old. If this is the best "darknet.org.uk" can do, then really, we do not need to worry too much about being hacked any time soon (webmaster of the ring-tone website accepted... but then, they probably don't freqeunt slashdot!!
Appologies for the rant!! But sometimes there are some rubbish articles posted to
Are you just smoking funny cigarettes today or does this come from somewhere? I doubt any software vendor knows what its 2009 roadmap looks like, so I'll bet on the former.
:D
The 2009 came from TFA... but it makes absolutely no sense in the context of the threads to which I appear to have replied! So, I'm inclined to agree with you and bet on the former also!!!
(seriously -- I'm not sure what I was trying to say. I think I must've been reading one thread and replying to another, or something)
... but it could take some time (/me looks at my watch)..... i.e. until 2009!!!
Possible.... but not very likely. More likely is simply that if the product needs ongoing support (e.g. bug fixes) and thus would mean the UK is dependant on the US, unless of course the UK has a copy of the source-code.
The "switching off" thing is (I think) really just not providing support, since an unsupported aircraft would be rather risky to use in combat; the enemy could potentially be aware of the bugs that exist and could potentially exploit them.
+1 for use of the word "trollfully"! I like that!! :D
Tip #1 -- don't sign it "Jesus 666"! ;)
I might be wrong, but I think "amliebsch" was illuding to the fact that entities with lots of money can, er, make sure things go their way! (nudge-nudge wink-wink)
Perhaps they [MS] can't see it ever really working out well long term, so they're just using delaying tacktics to put off the inevitable?
In a parallel universe somewhere, there's a version of Wales with sensible place names! ;)
What specifically do you object to?
I believe its the case that there's a cost issue with gaining access to source code (and presumably the 500 hours of support), which means that things aren't level.
Don't get me wrong here, I don't expect MS to provide free support to anyone. I'm simply pointing out that if you have to pay for it, then it isn't free! And if the intention of the EU action is to make the field level, then this won't help. Thus, we can ignore this and concentrate on the documentation...
Their "expert" took 48 hours to evaluate the 12,000 pages of documentation. Part of that evaluation included attempting to duplicate some portion of the specification.
Yes, that's right. They tried to write some massively complicated piece of code from scratch with no background or knowledge of the problem in 48 hours, failed, and then claimed the documentation was insufficient as a result.
I've not seen the documentation myself so I can't comment. So either it was good documentation, bad documentation, or something in the middle. If it was bad documenation, would it take longer to establish this? Maybe not. Maybe it would be obvious it was bad.
At least Microsoft's screwing is transparent. The comission's screwing happens behind closed doors.
Yeah, maybe. But at the end of the day, who's judging this? Its not like the parties get to throw their evidence on the table and ask the public to take a vote! On the otherhand, I don't see any reason the evidence shouldn't be public.
500 free hours of tech support
;)
To who? Who does that help?
and even the source code in question
Yeah, but not without strings! So it doesn't exactly level the playing field.
despite providing 1200 (or 12000, I forget which) pages of documentation
I believe that the problem is that the documentation is in some way lacking! That being the case (and I agree, it is subjective), then the EU would be correct in declaring is insufficient, since thats the whole point!
I think it's quite clear that no matter what Microsoft does, the EU commission will declare it insufficient because they want that cash.
Yeah, whatever. And... uh... its quite clear to me that, er, Microsoft wants to screw around in order to maintain their monopoly. Uh!
If they're good, they'll use a decent encryption system, but the problem is that they either have to have these skills themselves or they need to buy them in, the latter increasing their operational "risk", and both increasing their operational "cost".
In theory, criminals/terrorists would never get caught since they'd always use decent encryption systems. The fact that they don't always encrypt highlights the crim/orists plight!!
Is this something that should be enabled by default?
here is how it happened... The system needed to be updated, but the WSUS wouldn't update until the computer account was in the Admin container..... put the computer in the admin container... hmmm, now the computer is its own administrator! I just read that while studying for my MCSE Cert ;-) scary
:D
Sooooo, what you're saying is, the computers end up taking over the world, seizing control of all our automated systems and in turn starting the third world war, AND, you're out of a job 'cos "the system" no longer needs an MCSE?!
Double-whammy!
Cool -- thanks for that!
For the benefit of anyone else, this is a very very short, easy explaination of Huffman, and the Wikipedia entry is more verbose and contains a bunch of links.
Add in the fact that you can get a decent compression ration across this data (and your typical 6-8MP DSLRS certainly do) without any loss of data ... maybe 15mb ... or less.
How do they get this compression? (and don't say "by using jpegs"!)
It's because those who CAN'T handle juggling of memory pointers find solace in the language. When I was graduating, there were a lot of people standing alongside me that probably shouldn't have been. They had cheated their way through school, plagarizing projects and scamming answers to exams. They couldn't write a word in C or assembly, but they could force out a few lines of .NET because it's easy.
.NET does not imply stupidity. It abstracts some of the gorier details of programming so that smart people don't have to worry about it when they use .NET for smart applications. However, it also allows stupid people to not have to worry about the gorier details of programming.
I'll agree that the use of
Basically, it empowers all people, both capable and non-capable.
Which from an employers POV is a good thing as it drives down the cost of hiring. (albeit that entirely conflicts with the CNN article)
One specific time I had to upgrade my BIOS was on a Packard Bell iGo 4450 laptop (aka NEC Vesa something or other) because when using a Netgear WG511T PCMCIA wireless card, it would just lock up after a minute or three of use. Updating the BIOS to a newer version fixed this.
My point is that all this kit is totally consumer grade stuff... although I agree that likely the "average" user would need to get someone "professional" (in quotes, because I need to include PC World employees!) to do this, not least because the laptop in question has no floppy and only a DVD-ROM but the update requires read/write bootable media.
Two new ideas on the subject:
- What about those dual BIOS motherboards with backups to protect against bad flashes?
- What about that "virus protection" setting that some BIOS used to have?
Dual BIOS mobos -- well, I have an old Packard Bell desktop (466MHz Celeron) circa year 2000, that has a Gigabyte mobo. This motherboard does feature dual bios, but in Packard Bell confgiuration, anything that would increase cost has been removed..... so it features 1 BIOS and 1 solder point! I guess it all comes down to cost in the end, so maybe consumer kit is doomed!!
As for "virus protection" in the BIOS, isn't that just to prevent anything writting to the boot sector of the HD?
> US TV: "Power" button on the TV itself and the one on the remote
> do exactly the same thing: switch between "on" and "standby". The
> only way to get it off is to unplug the mains cord.
That would be illegal in the UK and EU. It wouldn't meet the safety requirements.
Not sure thats true; I don't believe I've ever had a UK VCR that didn't work that way, although you can see the logic... unless you don't need the clock/timer!
But at least with a HD, if you really really really need to get your data back, then it is possible to employ the services of a data recover company to get it back. With something solid-state, I think it is more likely you will never be able to recover that data.
Not that a data recovery company is a good, cost effective thing, but at least there is a plan-b in the event you need one!
Sorry, I got here late and I'm disappointed that no one has mentioned Chubby Rain!
Google have a trusted brand, and they do already sell server appliances. The business model is unlikely to be based on selling the boxes per se, but more likely on renting software and/or ad-sponsored applications. I think as long as they don't sell it as a computer but rather a web browser/email/a few bundled apps in a box machine, then it could work. If they stick to that, they don't need any removable media drive, just a HD and broadband net connection.
All pure speculation of course!!
Uhm... The country-code TLDs were designed to be controlled by the recognized governments of the territories represented by those codes. There is absolutely nothing questionable that with a clear, catastrophic change of government in a region that ICANN would "redelegate" that domain to the proper identification of that new government.
.af and .iq to the point that it is impossible to separate the issue.
:) )
.af and .iq go, those two ccTLDs are the ones where the US is justified in have a hand in by virtue of recent events. Any debate about whether those events were justified is beyond the scope of this discusion. :)
/. for "Why ICANN SUXX0RZ." It would probably comprise 20% of the site.
/. does seem to have got particularly polarised in the last year or so. :(
So who is it that actually makes the decision? To quote from tfa:
At that meeting, consciously and for the first time, ICANN used a US government-provided reason to turn over Kazakhstan's internet ownership to a government owned and run association without requiring consent from the existing owners. The previous owners, KazNIC, had been created from the country's Internet community.
Exactly what catastrophic change of government in a region occured in Kazakhstan that required this change? (note -- this is a rhetorical question)
For all I know, it was 100%, completely legitimate to make the changes that were made. If any other entity such as the UN, the EU or whoever, had made the decision, it may have been the same. But the problem is that they didn't! Instead, a self appointed judge and jury, namely the US, made that decision for the rest of the world.
What you seem to be saying here is that the US is largely determining who that recognized government is which is a valid criticism and _certainly_ is applicable in the case of
I don't understand! (I'm aware that often when people say things like that, they're trying to imply that the original poster said something un-intelligable. Please note, I'm not trying to imply that.... I simply couldn't understand what point you were making!
Just to clarify, as far as
Appolgies if you were making the same point!!
However, that does rather draw question to your claim that this isn't about attacking the US or ICANN.
I probably should've said "This isn't about attacking capitalism or even the US or ICANN per se". If ICANN was a French organisation and the French government had recently refused to relinquish absolute control, then they would be the focus of... erm... attack (for want of a better word!). My point in the "This isn't about attacking..." statement was to counter the "oh you lefties, you always attack ICANN/US/Bush/etc" sentiment of the parent.
For that matter, they should have a top-level category on
Agreed --
The point was that the US gave up control, and is still getting shit for it. And the rest of the world wonders why we don't give a shit that we're hated.. We'll be hated in certain circles no matter what we do, so why should we even bother trying to be liked?
:P
Ooooooooh, now you're just being silly!
Anyway, if that were true and you really believed that you'd be hated whatever, then there would be no point in your replying in the first place!
Accepting that the US does get a load of shit thrown at it, much of it probably rather unfairly, if I were from the US[1], I'd console myself with the thought that this type of thing happens only when the other party in in some way jealous... otherwise, why would *everyone else* waste so much time giving the US so much stick? (don't answer that!)
[1] I don't usually think of myself as an entire nation!
Result of the US giving control over the .kz domain to the government of Kazakhstan : "The US unilaterally made decisions over internet governance! They want to tell the whole world what to do!"
.kz domain to the government of Kazakhstan : "The US refuses to allow a sovereign country to control their own TLD! They want to tell the whole world what to do!"
Result if the US had denied control over the
You'll note that in both your examples, the decision making is done by the US. Is that not the problem and the point of the article?
Oh, and before you mention it, the fact that if any other entity had made the decision, it may have been the same is not the point!