I believe there is a technical solution to this attack and to other attacks. But if a technical solution does not exist, then online banking is inherently insecure and should not be used by anybody.
In this particular case: (a) block Javascript in different tabs from seeing what sites you are visiting, and (b) all popups should be clearly labelled by the browser with what site they came from. If it's an SSL site with an extended-validation certificate, then show the company name in large writing at the top. If not, display a clear visual indication that it's from an unknown site. Personally, I think some kind of Microsoft Bob style assistant could give non-technical users the hint they need to understand that a page or popup is not from their bank, even though it may display the bank's logo inside the page. The assistant should appear next to the popup window with a suspicious look, and require extra confirmation before entering data into an unknown popup if you have a secure site open.
Could you clarify what you mean? You said 'without manufacturing anything' and i intended to point out that there are many useful jobs that are not in manufacturing. (Service jobs are not manufacturing.)
Control over the use of one's ideas really constitutes control over other people's lives; and it is usually used to make their lives more difficult.
I wouldn't even say that characters entering the public domain is 'repayment' for anything. Rather, the exclusive right for a limited number of years is a special boon, and freedom for everyone to use the idea is the default state in the absence of special laws creating a new kind of property.
More to the point, who thought that James Lovelock was a 'climate scientist'? That Gaia thing seems like crackpottery to me, though I'd appreciate it if informed Slashdotters could prove me wrong by showing how rigorous, explanatory and falsifiable it is.
Since when was six megabits per second not 'high speed'? To me that sounds like enormous bandwidth. A wireless LAN might have only twice that. Sure, for high-definition porn in real time you might want more, but 6Mb/s is ample for all but the most greedy users.
More relevant is the quality of the upstream network and the amount of contention.
That's just the problem. Let people buy and sell IP addresses freely. You do not have to show a 'legitimate' use to buy oil or gold or land or trademarks. What we have now is a feudal system where space is 'allocated' by the king. Just as that changed to a free market in real property, we need a free market in IP addresses. That would provide the necessary incentive to conserve addresses, and to adopt IPv6 when it becomes necessary.
SQL Server is one of the better Microsoft products IMHO. It's no Oracle or Postgres, but it's a long way better than MySQL. I wouldn't start using it (why bother with anything else when Postgres exists?) but as a basic ACID-capable RDBMS there is nothing horribly bad about it from a developer's point of view. As a DBA forced to use the management tools it might be a different story, I don't know.
What about if a patched version of the crypto libraries deliberately fouled up the calculation of MD5 hashes (say, by returning random data), so you could be sure that you weren't depending on this weak algorithm?
It's not Disney who are disabling your remote. It is your remote control and DVD player that are broken. Disney are simply exploiting flaws in the player to make you watch what they want.
Why can't you buy a DVD player that has more sensible behaviour? Because of the DVD cartel that insists on this anti-user behaviour. If there were a competitive market in DVD players (e.g. if the necessary patents were licensed at the same rate to all manufacturers, regardless of whether they implement region coding or no-skip or other obnoxious features) then this crap would soon disappear.
Blaming Disney is a distraction. Focus on the real source of the problem. It's the same thing as blaming movie studios for not letting you watch a film on a non-HDCP display, when in fact it is the operating system (Windows Vista or Mac OS X) that enforces this restriction on you.
if a CA has truly incompetent practices, then yes, their public key will be removed.
Clearly not the case, since Comodo is still trusted.
The browser maker (or someone else - the government security agency?) would need a team of people constantly testing the certificate issuers, trying every ruse possible to get bogus certificates issued. If any issuer fell for it then they would be struck off the list of trusted issuers (and the updated list would be pushed out as a security update). I don't see this happening.
Did your system really go down every few days before you got the UPS? I'd say the manufacturer's logging software has an incentive to over-report how many times it has 'saved your system'. A faulty UPS unit that switched to battery several times a day even though it didn't need to would 'save your system' even more!
Maybe that's because Ubuntu is an open source application where we actually know why the test gave bad performance, and actually know that it's going to improve in the future?
I don't think you can assume that. Remember the recent benchmarks showing that Ubuntu had become slower in recent releases? Even if those were flawed, you still can't assume that future releases will be faster, any more than you could assume that future Windows releases will be an improvement. It's quite possible for software to get slower not faster.
If users haven't got the sense to move from IE to Firefox or Chrome, what makes you think that they will upgrade from IE6 or IE7 to IE8? It'll be quite some time before Microsoft pushes out the IE8 update automatically.
Re:Still not safe to use Suse of any sort
on
openSUSE Launches 11.1
·
· Score: 2, Interesting
Our IT dept (as well as many other IT departments) saw a potential for incompatible licenses after that licensing agreement and made a purchasing decision not to purchase SUSE or other Novell products due to potential incompatibilities in licensing.
Ahh... that's interesting. Still it does not rule out using OpenSUSE, which is not a Novell product (in the sense that they do not sell it, and OpenSUSE users are not Novell customers) and is not covered by the no-sue agreement.
Re:Still not safe to use Suse of any sort
on
openSUSE Launches 11.1
·
· Score: 1, Flamebait
SUSE always made clear distinction between commercial/non-free software they include and core OS. Core OS always was and is GPL'ed Linux.
You have a short memory. YaST was non-free not so long ago. I think Novell made it free software after they bought SuSE.
Back in the day, SuSE intentionally tried to package non-free software without warning the user: see this talk by RMS:
Stallman made an additional remark about Linux. Many different distributions are available, and one day, he tried to install one of them called "SUSE". He noticed that SUSE installed non-free (from a GPL point of view) software, but didn't tell you so. They were concealing the fact that non-GPL software was being installed on your computer. Asked about this, the SUSE people told RMS that it was intentional, that they didn't regard this detail as important, but that mentioning it might worry people and discourage them from using SUSE. Bottom line : RMS says "Don't Use SUSE" (for those interested, he recommends the Debian, which is one of the rare things him and I agree on:-)).
Since then, of course, they've seen the light and nowadays OpenSUSE is pretty good (I believe) about making a fully free distribution. There was some debacle with a non-free EULA on some beta releases, but I think that is resolved now.
If it's a matter of principle to have nothing to do with Microsoft, then don't run Microsoft programs. If you're just picking the best software for your business to get work done, then there is no particular reason to drop Novell. You can't have it both ways.
But when switching to Suse, people *are* joining the subset of Linux users protected from Ballmers patent war dreams.
That's not the case. Only Novell customers (that is, those paying Novell for SLES) and Microsoft customers are covered by the no-sue agreement. OpenSUSE users are not included, so I don't think you are breaking solidarity in that sense.
Slashdot Mirror
I believe there is a technical solution to this attack and to other attacks. But if a technical solution does not exist, then online banking is inherently insecure and should not be used by anybody.
In this particular case: (a) block Javascript in different tabs from seeing what sites you are visiting, and (b) all popups should be clearly labelled by the browser with what site they came from. If it's an SSL site with an extended-validation certificate, then show the company name in large writing at the top. If not, display a clear visual indication that it's from an unknown site. Personally, I think some kind of Microsoft Bob style assistant could give non-technical users the hint they need to understand that a page or popup is not from their bank, even though it may display the bank's logo inside the page. The assistant should appear next to the popup window with a suspicious look, and require extra confirmation before entering data into an unknown popup if you have a secure site open.
The Beatles' music has been available on compact disc for many years. That's a digital format.
Could you clarify what you mean? You said 'without manufacturing anything' and i intended to point out that there are many useful jobs that are not in manufacturing. (Service jobs are not manufacturing.)
I expect most Slashdot readers, if they have a job or make money, do it without producing anything physical.
I think rms put it best:
I wouldn't even say that characters entering the public domain is 'repayment' for anything. Rather, the exclusive right for a limited number of years is a special boon, and freedom for everyone to use the idea is the default state in the absence of special laws creating a new kind of property.
More to the point, who thought that James Lovelock was a 'climate scientist'? That Gaia thing seems like crackpottery to me, though I'd appreciate it if informed Slashdotters could prove me wrong by showing how rigorous, explanatory and falsifiable it is.
Since when was six megabits per second not 'high speed'? To me that sounds like enormous bandwidth. A wireless LAN might have only twice that. Sure, for high-definition porn in real time you might want more, but 6Mb/s is ample for all but the most greedy users.
More relevant is the quality of the upstream network and the amount of contention.
That's just the problem. Let people buy and sell IP addresses freely. You do not have to show a 'legitimate' use to buy oil or gold or land or trademarks. What we have now is a feudal system where space is 'allocated' by the king. Just as that changed to a free market in real property, we need a free market in IP addresses. That would provide the necessary incentive to conserve addresses, and to adopt IPv6 when it becomes necessary.
SQL Server is one of the better Microsoft products IMHO. It's no Oracle or Postgres, but it's a long way better than MySQL. I wouldn't start using it (why bother with anything else when Postgres exists?) but as a basic ACID-capable RDBMS there is nothing horribly bad about it from a developer's point of view. As a DBA forced to use the management tools it might be a different story, I don't know.
Nothing is really so special about Her Majesty. You can award people titles too if you wish.
What about if a patched version of the crypto libraries deliberately fouled up the calculation of MD5 hashes (say, by returning random data), so you could be sure that you weren't depending on this weak algorithm?
It's not Disney who are disabling your remote. It is your remote control and DVD player that are broken. Disney are simply exploiting flaws in the player to make you watch what they want.
Why can't you buy a DVD player that has more sensible behaviour? Because of the DVD cartel that insists on this anti-user behaviour. If there were a competitive market in DVD players (e.g. if the necessary patents were licensed at the same rate to all manufacturers, regardless of whether they implement region coding or no-skip or other obnoxious features) then this crap would soon disappear.
Blaming Disney is a distraction. Focus on the real source of the problem. It's the same thing as blaming movie studios for not letting you watch a film on a non-HDCP display, when in fact it is the operating system (Windows Vista or Mac OS X) that enforces this restriction on you.
Hah! On my Windows boxes at home I stuck with Windows NT 3.51 until 2004. (Then moved them all to Linux.)
Clearly not the case, since Comodo is still trusted.
The browser maker (or someone else - the government security agency?) would need a team of people constantly testing the certificate issuers, trying every ruse possible to get bogus certificates issued. If any issuer fell for it then they would be struck off the list of trusted issuers (and the updated list would be pushed out as a security update). I don't see this happening.
...or Reactos.
Did your system really go down every few days before you got the UPS? I'd say the manufacturer's logging software has an incentive to over-report how many times it has 'saved your system'. A faulty UPS unit that switched to battery several times a day even though it didn't need to would 'save your system' even more!
I don't think you can assume that. Remember the recent benchmarks showing that Ubuntu had become slower in recent releases? Even if those were flawed, you still can't assume that future releases will be faster, any more than you could assume that future Windows releases will be an improvement. It's quite possible for software to get slower not faster.
2009 is the year of Solaris on the laptop!
It looks like most UPSes make systems *less* reliable on balance. How frequent is a power failure compared to a UPS failure?
Encarta.
If users haven't got the sense to move from IE to Firefox or Chrome, what makes you think that they will upgrade from IE6 or IE7 to IE8? It'll be quite some time before Microsoft pushes out the IE8 update automatically.
Ahh... that's interesting. Still it does not rule out using OpenSUSE, which is not a Novell product (in the sense that they do not sell it, and OpenSUSE users are not Novell customers) and is not covered by the no-sue agreement.
You have a short memory. YaST was non-free not so long ago. I think Novell made it free software after they bought SuSE. Back in the day, SuSE intentionally tried to package non-free software without warning the user: see this talk by RMS:
Since then, of course, they've seen the light and nowadays OpenSUSE is pretty good (I believe) about making a fully free distribution. There was some debacle with a non-free EULA on some beta releases, but I think that is resolved now.
If it's a matter of principle to have nothing to do with Microsoft, then don't run Microsoft programs. If you're just picking the best software for your business to get work done, then there is no particular reason to drop Novell. You can't have it both ways.
That's not the case. Only Novell customers (that is, those paying Novell for SLES) and Microsoft customers are covered by the no-sue agreement. OpenSUSE users are not included, so I don't think you are breaking solidarity in that sense.