The point is, people aren't going to understand that they have hackable systems unless you hack them and say, "Look what I found!" By proving the flaws in their systems you inspire them to fix them, creating secure systems.
True, if you can get past the psychology of it all. Most programmers hate to find errors in their code. They will go to great lengths to show how the error is irrelevant or justifiable. I've actually had web programmers tell me that they didn't check for null values on less than 5 parameters because the project timeline was too short.
Great thought. They could lessen the effects of this attack by encoding/encrypting the HD instead of wiping it out though. While still a pain in the ass, at least the info would be easier to recover. Couldn't they also use ssl/certificates to verify the server?
Of course, it becomes even more effective when you've got one in your car too. I want to see a personal black box feature in my next car. Just like with these cameras, the data is destroyed unless I tell it otherwise. When a cop pulls me over, I hit record, and the last 10 minutes of buffered data, along with the new data, gets recorded and can then be used in court to prove I _did_ have my turn signal on...
My h.s. computer club got off the ground by getting a teacher to sponsor a extra-curricular field trip to a programming contest. We sent 3 or 4 students, along with a teacher, to a local college's programming contest. By my senior year, we were going to three or four a year and meeting on a weekly basis. It helped a lot in college.
If linux and apache are so secure, and they're open source, why is MS finding it so hard to replicate that success? They have the f'ing source!
They need to just drop the old code base, rethink their architecture and start from scratch. They have tons of brilliant programmers, and they have the source to (supposedly) secure competing products. What's the problem?
Java may be great on the server side, but it's a waste of time on the client side.
I beg to differ. While yes, most applets do suck, they can also be VERY usfull. I often use hidden applets to add functionality to a site where interaction with the server is required, but cannot be confined to just submitting forms. You can use applets to connect the server via a socket, hidden form submissions, or even RMI. You can communicate with the hidden applet through plain old javascript. This adds a lot of power to web applications.
You may be using client side java and not even know it, so it is VERY important to have a working, bug-free jre on the client side. To ensure this, I often require the Java Plug-in and bypass MS's jre all together.
Sure, blame it on the consumer for not being smart enough to see through the lies. Companies only spend millions of dollars on advertising and propaganda. Not to mention all the money spent on marketing research, so they can figure out exactly how to get you to buy things you don't need. And who can blame them? It's cheaper than making a quality product and letting the truth speak for itself.
OTOH, maybe you're right. Perhaps, if everyone investigated their purchases more, then selling the truth would be cheaper than selling lies. But that would require an culture that appreciated logic and intelligence.
Welcome to proof that Google works the way it was intended, in only 42 days!
Yeah, it works like it was intended, but not the way it should. This is similar to stuffing your meta tags to get a higher page rank on search engines. It hacks a publicly known algorithm to get the desired results. Using weblog syndication, one could reduce the page rank of static pages. If you wanted your opinion to be the 'google truth', just artificially create more links to it. With so many dynamic, interlocked websites on the web these days, it becomes much easier. This is proof of concept that you could cover up static content within weeks. If this becomes popular, it could reduce Google's usfullness. OTOH, they'll probably just change their algorithm to take RSS syndication into account.
As much as businesses love service subsctiptions, people (esp. me) hate them. I don't use many services (cell phone, tivo) that I normally would if they didn't require a subscription, or overcharge for pre-pay.
Yeah, so let me rephrase that for the picky...it's called extensible markup language because you can extend the tag set of the language.
That said, I don't know exactly how their version of XML differs. I read about it in a white paper a while ago. I'll post a link if I can dig it up. I didn't originally provide it because I assumed this was common knowlege...Sorry
MS has broken the real value of XML by creating their own version of it. By 'extending' it, they are breaking any kind of interoperability that XML brought to the table. But since they own 99% of the office/desktop world, they think they can ignore standards and everyone will have to follow. They're just pulling the same shit they did with html.
The original poster said: ...can't get the.NET to get the right data out of the response, even though the Perl server understands the.NET request fine, and is sending the right response.
From what he's saying, it doesn't cut both ways; The server understands the.NET message correctly, the server responds correctly, but his tool can't extract the correct information from the response.
While I agree that it could be any of the tools breaking the chain, that is not what he said.
Working with your analogy, I guess the theory is to provide a car that can't be driven on dangerous bridges. This is surely a good thing, but like you say, MS should not be the one deciding what bridges are bad, especially when they require a fee to evaluate your bridge.
Couldn't the decision be based on a non-biased group or even a public voting system? What is stopping the OSS community from writing their own version of paladium? I guess there might be some hardware issues to iron out, but I'm no expert...
Isn't C dependant on the quality of the compiler and/or the OS system calls it makes? Following your logic, I can only write secure code in machine code.
God. FUD is such a buzzword. Can we all stop using it? What possible motive would I have to project fear, uncertainty and doubt? I only speak what I know, and I've never heard of Yellow Dog Linux, or Linux/PPC. Thank you for correcting me. Do these distributions use the same Linux kernel? I don't see how they could.
As for cheap hardware, you get what you pay for...
Assuming price is proportional to quality, how exactly is the PPC platform better than PCs? I see no increase in speed. Please site some benchmarks.
...incompatible with the standard" you say? How so?
I have no idea what the original poster meant, but for me, hardware comes to mind. Granted, Sun is in the same boat as Apple, but I simply can't see myself ever buying a Mac. They only work with one set of operating systems and they are expensive. If Sun, or Apple for that matter, can provide a good desktop OS that runs on cheap hardware, I'm in!
Slashdot Mirror
The point is, people aren't going to understand that they have hackable systems unless you hack them and say, "Look what I found!" By proving the flaws in their systems you inspire them to fix them, creating secure systems.
True, if you can get past the psychology of it all. Most programmers hate to find errors in their code. They will go to great lengths to show how the error is irrelevant or justifiable. I've actually had web programmers tell me that they didn't check for null values on less than 5 parameters because the project timeline was too short.
Great thought. They could lessen the effects of this attack by encoding/encrypting the HD instead of wiping it out though. While still a pain in the ass, at least the info would be easier to recover. Couldn't they also use ssl/certificates to verify the server?
Of course, it becomes even more effective when you've got one in your car too. I want to see a personal black box feature in my next car. Just like with these cameras, the data is destroyed unless I tell it otherwise. When a cop pulls me over, I hit record, and the last 10 minutes of buffered data, along with the new data, gets recorded and can then be used in court to prove I _did_ have my turn signal on...
who is paying for pop-up blocking?
Don't be silly. Someone has to write a frameset page for the browser to use frames.
My h.s. computer club got off the ground by getting a teacher to sponsor a extra-curricular field trip to a programming contest. We sent 3 or 4 students, along with a teacher, to a local college's programming contest. By my senior year, we were going to three or four a year and meeting on a weekly basis. It helped a lot in college.
Good luck...
My answer...
I sniff glue...and tell jokes at inappropriate times.
If linux and apache are so secure, and they're open source, why is MS finding it so hard to replicate that success? They have the f'ing source!
They need to just drop the old code base, rethink their architecture and start from scratch. They have tons of brilliant programmers, and they have the source to (supposedly) secure competing products. What's the problem?
Java may be great on the server side, but it's a waste of time on the client side.
I beg to differ. While yes, most applets do suck, they can also be VERY usfull. I often use hidden applets to add functionality to a site where interaction with the server is required, but cannot be confined to just submitting forms. You can use applets to connect the server via a socket, hidden form submissions, or even RMI. You can communicate with the hidden applet through plain old javascript. This adds a lot of power to web applications.
You may be using client side java and not even know it, so it is VERY important to have a working, bug-free jre on the client side. To ensure this, I often require the Java Plug-in and bypass MS's jre all together.
Sure, blame it on the consumer for not being smart enough to see through the lies. Companies only spend millions of dollars on advertising and propaganda. Not to mention all the money spent on marketing research, so they can figure out exactly how to get you to buy things you don't need. And who can blame them? It's cheaper than making a quality product and letting the truth speak for itself.
OTOH, maybe you're right. Perhaps, if everyone investigated their purchases more, then selling the truth would be cheaper than selling lies. But that would require an culture that appreciated logic and intelligence.
W3C Standard For Job Titles? But what if I applied to Microsoft? No one would be able to read my resume!
Welcome to proof that Google works the way it was intended, in only 42 days!
Yeah, it works like it was intended, but not the way it should. This is similar to stuffing your meta tags to get a higher page rank on search engines. It hacks a publicly known algorithm to get the desired results. Using weblog syndication, one could reduce the page rank of static pages. If you wanted your opinion to be the 'google truth', just artificially create more links to it. With so many dynamic, interlocked websites on the web these days, it becomes much easier. This is proof of concept that you could cover up static content within weeks. If this becomes popular, it could reduce Google's usfullness. OTOH, they'll probably just change their algorithm to take RSS syndication into account.
As much as businesses love service subsctiptions, people (esp. me) hate them. I don't use many services (cell phone, tivo) that I normally would if they didn't require a subscription, or overcharge for pre-pay.
I guess I'm just afraid of commitment...
I do the same thing 'cept I 'kazaa' it...
language is a combination of both syntax/grammar
Yeah, so let me rephrase that for the picky...it's called extensible markup language because you can extend the tag set of the language.
That said, I don't know exactly how their version of XML differs. I read about it in a white paper a while ago. I'll post a link if I can dig it up. I didn't originally provide it because I assumed this was common knowlege...Sorry
That is what I thought. Thanks.
That's why it's called extensible markup language
uh..No, it's called extensible because you can extend the language, not because you can extend the syntax.
microsofts implementation is very bad.
MS has broken the real value of XML by creating their own version of it. By 'extending' it, they are breaking any kind of interoperability that XML brought to the table. But since they own 99% of the office/desktop world, they think they can ignore standards and everyone will have to follow. They're just pulling the same shit they did with html.
The original poster said:
...can't get the .NET to get the right data out of the response, even though the Perl server understands the .NET request fine, and is sending the right response.
.NET message correctly, the server responds correctly, but his tool can't extract the correct information from the response.
From what he's saying, it doesn't cut both ways; The server understands the
While I agree that it could be any of the tools breaking the chain, that is not what he said.
It works great for the core database for iTunes, iPhoto and many other apps
Are they using a XML database or are they storing the data in XML files? Thanks.
Working with your analogy, I guess the theory is to provide a car that can't be driven on dangerous bridges. This is surely a good thing, but like you say, MS should not be the one deciding what bridges are bad, especially when they require a fee to evaluate your bridge.
Couldn't the decision be based on a non-biased group or even a public voting system? What is stopping the OSS community from writing their own version of paladium? I guess there might be some hardware issues to iron out, but I'm no expert...
Isn't C dependant on the quality of the compiler and/or the OS system calls it makes? Following your logic, I can only write secure code in machine code.
the hackerspeak is probably the number one reason why no comments are floating up in moderation
Sorry, I don't get it (I'm a little slow). What does hakerspeak have to do with the moderation of comments?
styling it as "n00z 4 n33rD$" is a disservice to this forum
Again, why? You're currently a 4, so obviously someone gets it, just not me. Please elaborate...
Again, more FUD
God. FUD is such a buzzword. Can we all stop using it? What possible motive would I have to project fear, uncertainty and doubt? I only speak what I know, and I've never heard of Yellow Dog Linux, or Linux/PPC. Thank you for correcting me. Do these distributions use the same Linux kernel? I don't see how they could.
As for cheap hardware, you get what you pay for...
Assuming price is proportional to quality, how exactly is the PPC platform better than PCs? I see no increase in speed. Please site some benchmarks.
...incompatible with the standard" you say? How so?
I have no idea what the original poster meant, but for me, hardware comes to mind. Granted, Sun is in the same boat as Apple, but I simply can't see myself ever buying a Mac. They only work with one set of operating systems and they are expensive. If Sun, or Apple for that matter, can provide a good desktop OS that runs on cheap hardware, I'm in!