They aren't. Moving your hand/fingers over the keys makes most of the noice, and I have noticed that you can type pretty quitetly with the right technique, but that's nothing like the quietness of the laptop keyboards. Same goes with the Apple mouse. They should be made more silent, even though they are pretty good otherwise.
It seems that the cd9660.util allows you to mount your CD to any location. This means that an attacker could insert a malicious CD into the drive, umount/Volumes/CD and remount the CD eg. at/var/cron/tabs allowing the attacker to "change" system critical files or fake any directory in the filesystem. This will result in system compromise.
This cd9660.util does look a bit suspicious, and I recommend that on computers where local compromise is an issue, you could think of removing the set-uid bit until a fix is issued by Apple. This propably will cause some errors when inserting CDs. I'm investigating this further...
PS. As the cd9660.util calls mount_cd9660 it isn't possible to mount files, so unless there is physical local access to the machine, it shouldn't be very easy to exploit.
does anybody has a fix to propose besides removing the setuid bit (which, according to my quick and totally inconclusive test, serves no purpose) ?
I'm not familiar with the code, but mounting filesystems does require root access, doesn't it? So that is propably why it's set-uid. Anyway there is still quite many set-uid programs in OS X, and it would be nice to see that number somehow reduced.
No. That command wasn't meant to give you root privileges; it was just a demonstration that there *is* a buffer overflow in this program. Makes me wonder why anyone hasn't noticed/told about this earlier. There is quite many set-uid and set-gid programs in OS X (I have 79), so maybe people have been lazy finding these things. This is hoply going to change some of that.
To check your set-uid and set-gid programs, use: find / -perm +6000 -print
Neither it writes a core dump file
From man core:
NOTE
Core dumps are disabled by default under Darwin/Mac OS X. To re-enable core dumps, a privlaged user must edit/etc/hostconfig to contain the line:
DVDs are always something you can buy unless you come up with something else. Indiana Jones remastered movies could be a good choice for you who haven't got that already. Personally I watch much rather a high quality DVD than som crappy version from the net.
Was he controlling his guerilla army from his 'spider hole'?
I doubt that too, but Saddam Hussein was the "inspirational" source to his loyalists. Now that he is captured some of them might give up once their leader has been defeated. As the news I heard suggests that Saddam himself is willing to co-operate, his loyalits morale propably will take a serious hit.
Not only that, the people in Iraq are as tired of these guerillas as the US, and want to get rid of them. It will take some time for them to stop terrorist attacks in this grade, but I don't think they are going to do that forever. Why would they continue if their own people doesn't support them?
I would buy it, just as long as I don't have to compile anything (recompiling your kernel on a blender takes surprisingly long).
Even though compiling a custom kernel on your blender may take a while, you could always cross-compile the kernel on your relatively fast microwave oven.
1 inch = 2.54 cm; (all rounded up)
4.5 cm, 48.3 cm, 42.3/50.8 cm
I'm not sure about these figures. Eg. X-Serve is 28 inches (71.1 cm) deep, and it's a U1... right? Thats 8 inches more than your spec, or did I miss something?
I put here as a side note that Windows XP does to have some kind of Win95, 98, NT emulation (?) built-in. I don't however now how good it is. The biggest problem with games and such under XP is that all the games seems to require administrator rights to run (unless you use some cracked version). WTF is that? Is that somekind of copy-protection scheme trying to read raw data from the CD or what? Whatever the reason might be, it is the game design that sucks.
So shortly; new games don't work on Win9x or XP. *switch* *switch* *switch*
I understand that if I am involved in an accident and am incapacitated, that total strangers will actually stop and help.
The problem is that they don't. People don't seem to care. "It's none of their business anyway." Maybe they think they might end up in trouble helping someone. Who knows? I have myself witnessed that many people act like this. Some people even pretend that anything had happened.
I would want to think like you, but I'm not so sure if it's going to help you. Assuming someone would actually help may be a bit naive, so I would not be counting on that. It's just the invidualistic society we have today.
Women have been exploiting this built-in feature in men for years!
Unfortunately there are no vendor patches available at the time beign. A temporary fix is not to have any contact with these 'women' (this should not be a problem for usual/. reader)!
NOTE: Even pr0n should be avoided while doing important decisions.
Knowing these facts helps preventing such exploitaition in the future.
The update needs you to reboot the computer. *sigh* Why is that? This is a web browser we're talking about. Shouldn't it be enough quitting Safari + all applications that uses it's content rendering engine? As far as I know, Safari isn't integrated to the OS in any way like IE to Windows, so it shouldn't be neccesary to reboot the *whole* OS. On the other hand they effectively stop applications to interfere while updating and cause problems that way. Maybe it's some precautionary measure, but I don't think this should be neccesary...
BTW software updater was already automaticly fetching the update in the background while I read this. It's really nice when you don't have to wait while downloading them. I don't understand what's the big fuss of letting the OS fetch updates in the background, as long as it doesn't install them. I'm not sure but I think software update does only download the important updates...
The best thing about this is propably that new stabilized branch. In the past I've used almost everytime the newest sources available to keep up with all the patches, but if this new branch has only the important patches applied to it, it's definetely going to be the one I'm using. If this is going to be updated in the future too, the name of the new branch (pkgsrc-2003Q4) wasn't the best one though.
I hope they didn't exclude mobile phones from their final report. While most of the mobile phones still are plain old phones, there still is a great potential of insecurity among these "new generation" phones. As covered on Slashdot last week, it would be smart to understand the problems with integrating the phones into the Internet. I'm pretty sure that developers at Nokia hasn't yet seen the really big problems, and that's good - in a way.
How do you patch your mobile phone if someone finds a security bug in it anyway?
When iPod harddrive spins up, it's usually in the end of the song. That means that the risk of it spinning up in the middle of a song with you jumping around like crazy is pretty small.
My iPod has fell a couple of times to the floor while playing, and nothing happened. I heard from my cousin that some Apple salesmen even threw an iPod against a wall... or was it floor to demonstrate it. But if you're unlucky with the harddrive spinning at that time, it's propably not going to take that. Anyways, don't try this at home!
So if this project (and others that the US-military is funding), turns out to be succesfull, and allows machines like segway to do most of the tasks humans can do, can we expect them to replace human soldiers?
Not in a while anyways. This project doesn't seem about replacing humans. Instead it just seems to be a project on how to make machines do maintance and such. Instead of having soldiers having heavy backpacks with supplies, this robot just carries them behind and gives them when needed. And if someone gets injured, this robot takes the injured one to safty.
I would compare this project to a shell script. Instead of having me to do the same sets commands many times I write a shell script that does that for me, so I have one less thing to worry about. That doesn't mean I don't have any work left...
How do you explain to a robot the difference between an enemy and a civilian
Why should you? I didn't see any mention about it doing any shooting. They only mentioned using it for transport, like taking injured soldiers to safty. If something, maybe they have an algorithm how to take cover, but that's about it, I think. This isn't the movies, you know...
Even though I love IRC myself, it wouldn't be much of a IM service for everyone. There are several problems with IRC as an IM. There have been attempt to fix some of the problems with different methods like bots, and serverside modifications.
One of the problems are authentication. IRC servers don't give any guaranties by default that a person is what he claims to be. Some time we could count on the hostmask, but that isn't very good when there are large ISPs where many users would have a hostmask that would match some pattern. So we create bots that provide authentication via password. But if you are required to authenticate yourself for every bot in every channel you are on? Hey. Bots are in any case a bad solution, and authentication should be in the protocol itself.
Secondly IRC servers have nick collisions. It isn't very easy to pick yourself a good nick on a busy IRC network, especially if it's going to be a IM. That means a lot of users extra to the many users already on IRC. We would need to change the nick!user@host to something else. Pretty smart from MSN to use e-mail address as login. Best would be if the IM was decentralized to all the ISPs. So if you open an account at your ISP, you would get a IM account at the same.
Those were just examples of things to be improved for a new generation of IRC - before it's ready for IM. The potential is there.
PS. Maybe I'm wrong, but I do think that e-mail, IM and chats are going to become one standard sometime in the future. The time just isn't here yet.
Well. That's nice if your battery is dead, but just how many iPods are there with dead batteries anyway? I have had my own iPod for over a year now, and the battery is just fine even though I listen to the iPod daily. One charge lasts to me about 10 hours.
iPodlounge has btw some tips how to recharge and use the iPod to maximaze battery lifetime.
When RIAA writes something Anti-P2P they will know that a great number of the readers will be actual filesharers reacting to that article. That will give them plenty of IPs in their server logs... *That's* the real problem if you happen to be a filesharer. Not the EFF.:)
As a side note it could be wise for you filesharers to check your browser doesn't send a Down-with-the-RIAA-KaZaA-rules-forever site as the referring page while browsing. The site itself could also be a trap done by RIAA to get to know as many filesharers as possible. There have been trap sites of such kind in the past... Be careful out there!
Partly true. Port 641 and 1033 are bound only to localhost (127.0.0.1), so you shouldn't be able to access on the ethernet. Mac OS X uses some of the ports only for their internal services.
TCP 427 SLP (service location)
UDP 427 SLP (service location) 5353 Rendezvous (mDNSResponder) 53 DNS 123 Network Time Protocol (NTP) 1023 Mac OS X RPC-based services (for "example," NetInfo) 514 Syslog
This desk probably is designed for public computers (libraries etc.) rather than your office/home.
Just by looking at the design, you see that it isn't meant to have tons of papers or books on it. It's more like a public terminal for everyone to use. If you would have seen this on a computer exhibition it definetely would have looked very stylish. Your company or organisation would have got much more positive attention because of this desk, I believe.
Slashdot Mirror
...unless you have been using that time chatting on IRC.
Yes, and that's propably why they go *BOOM*.
They aren't. Moving your hand/fingers over the keys makes most of the noice, and I have noticed that you can type pretty quitetly with the right technique, but that's nothing like the quietness of the laptop keyboards. Same goes with the Apple mouse. They should be made more silent, even though they are pretty good otherwise.
It seems that the cd9660.util allows you to mount your CD to any location. This means that an attacker could insert a malicious CD into the drive, umount /Volumes/CD and remount the CD eg. at /var/cron/tabs allowing the attacker to "change" system critical files or fake any directory in the filesystem. This will result in system compromise.
This cd9660.util does look a bit suspicious, and I recommend that on computers where local compromise is an issue, you could think of removing the set-uid bit until a fix is issued by Apple. This propably will cause some errors when inserting CDs. I'm investigating this further...
PS. As the cd9660.util calls mount_cd9660 it isn't possible to mount files, so unless there is physical local access to the machine, it shouldn't be very easy to exploit.
I'm not familiar with the code, but mounting filesystems does require root access, doesn't it? So that is propably why it's set-uid. Anyway there is still quite many set-uid programs in OS X, and it would be nice to see that number somehow reduced.
No. That command wasn't meant to give you root privileges; it was just a demonstration that there *is* a buffer overflow in this program. Makes me wonder why anyone hasn't noticed/told about this earlier. There is quite many set-uid and set-gid programs in OS X (I have 79), so maybe people have been lazy finding these things. This is hoply going to change some of that.
To check your set-uid and set-gid programs, use:
find / -perm +6000 -print
From man core:
DVDs are always something you can buy unless you come up with something else. Indiana Jones remastered movies could be a good choice for you who haven't got that already. Personally I watch much rather a high quality DVD than som crappy version from the net.
So what are you doing here then?
I doubt that too, but Saddam Hussein was the "inspirational" source to his loyalists. Now that he is captured some of them might give up once their leader has been defeated. As the news I heard suggests that Saddam himself is willing to co-operate, his loyalits morale propably will take a serious hit.
Not only that, the people in Iraq are as tired of these guerillas as the US, and want to get rid of them. It will take some time for them to stop terrorist attacks in this grade, but I don't think they are going to do that forever. Why would they continue if their own people doesn't support them?
Even though compiling a custom kernel on your blender may take a while, you could always cross-compile the kernel on your relatively fast microwave oven.
1 inch = 2.54 cm; (all rounded up)
4.5 cm, 48.3 cm, 42.3/50.8 cm
I'm not sure about these figures. Eg. X-Serve is 28 inches (71.1 cm) deep, and it's a U1... right? Thats 8 inches more than your spec, or did I miss something?
I put here as a side note that Windows XP does to have some kind of Win95, 98, NT emulation (?) built-in. I don't however now how good it is. The biggest problem with games and such under XP is that all the games seems to require administrator rights to run (unless you use some cracked version). WTF is that? Is that somekind of copy-protection scheme trying to read raw data from the CD or what? Whatever the reason might be, it is the game design that sucks.
So shortly; new games don't work on Win9x or XP. *switch* *switch* *switch*
The problem is that they don't. People don't seem to care. "It's none of their business anyway." Maybe they think they might end up in trouble helping someone. Who knows? I have myself witnessed that many people act like this. Some people even pretend that anything had happened.
I would want to think like you, but I'm not so sure if it's going to help you. Assuming someone would actually help may be a bit naive, so I would not be counting on that. It's just the invidualistic society we have today.
Women have been exploiting this built-in feature in men for years!
Unfortunately there are no vendor patches available at the time beign. A temporary fix is not to have any contact with these 'women' (this should not be a problem for usual /. reader)!
NOTE: Even pr0n should be avoided while doing important decisions.
Knowing these facts helps preventing such exploitaition in the future.
The update needs you to reboot the computer. *sigh* Why is that? This is a web browser we're talking about. Shouldn't it be enough quitting Safari + all applications that uses it's content rendering engine? As far as I know, Safari isn't integrated to the OS in any way like IE to Windows, so it shouldn't be neccesary to reboot the *whole* OS. On the other hand they effectively stop applications to interfere while updating and cause problems that way. Maybe it's some precautionary measure, but I don't think this should be neccesary...
BTW software updater was already automaticly fetching the update in the background while I read this. It's really nice when you don't have to wait while downloading them. I don't understand what's the big fuss of letting the OS fetch updates in the background, as long as it doesn't install them. I'm not sure but I think software update does only download the important updates...
The best thing about this is propably that new stabilized branch. In the past I've used almost everytime the newest sources available to keep up with all the patches, but if this new branch has only the important patches applied to it, it's definetely going to be the one I'm using. If this is going to be updated in the future too, the name of the new branch (pkgsrc-2003Q4) wasn't the best one though.
I hope they didn't exclude mobile phones from their final report. While most of the mobile phones still are plain old phones, there still is a great potential of insecurity among these "new generation" phones. As covered on Slashdot last week, it would be smart to understand the problems with integrating the phones into the Internet. I'm pretty sure that developers at Nokia hasn't yet seen the really big problems, and that's good - in a way.
How do you patch your mobile phone if someone finds a security bug in it anyway?
When iPod harddrive spins up, it's usually in the end of the song. That means that the risk of it spinning up in the middle of a song with you jumping around like crazy is pretty small.
My iPod has fell a couple of times to the floor while playing, and nothing happened. I heard from my cousin that some Apple salesmen even threw an iPod against a wall... or was it floor to demonstrate it. But if you're unlucky with the harddrive spinning at that time, it's propably not going to take that. Anyways, don't try this at home!
Not in a while anyways. This project doesn't seem about replacing humans. Instead it just seems to be a project on how to make machines do maintance and such. Instead of having soldiers having heavy backpacks with supplies, this robot just carries them behind and gives them when needed. And if someone gets injured, this robot takes the injured one to safty.
I would compare this project to a shell script. Instead of having me to do the same sets commands many times I write a shell script that does that for me, so I have one less thing to worry about. That doesn't mean I don't have any work left...
Why should you? I didn't see any mention about it doing any shooting. They only mentioned using it for transport, like taking injured soldiers to safty. If something, maybe they have an algorithm how to take cover, but that's about it, I think. This isn't the movies, you know...
Even though I love IRC myself, it wouldn't be much of a IM service for everyone. There are several problems with IRC as an IM. There have been attempt to fix some of the problems with different methods like bots, and serverside modifications.
One of the problems are authentication. IRC servers don't give any guaranties by default that a person is what he claims to be. Some time we could count on the hostmask, but that isn't very good when there are large ISPs where many users would have a hostmask that would match some pattern. So we create bots that provide authentication via password. But if you are required to authenticate yourself for every bot in every channel you are on? Hey. Bots are in any case a bad solution, and authentication should be in the protocol itself.
Secondly IRC servers have nick collisions. It isn't very easy to pick yourself a good nick on a busy IRC network, especially if it's going to be a IM. That means a lot of users extra to the many users already on IRC. We would need to change the nick!user@host to something else. Pretty smart from MSN to use e-mail address as login. Best would be if the IM was decentralized to all the ISPs. So if you open an account at your ISP, you would get a IM account at the same.
Those were just examples of things to be improved for a new generation of IRC - before it's ready for IM. The potential is there.
PS. Maybe I'm wrong, but I do think that e-mail, IM and chats are going to become one standard sometime in the future. The time just isn't here yet.
Well. That's nice if your battery is dead, but just how many iPods are there with dead batteries anyway? I have had my own iPod for over a year now, and the battery is just fine even though I listen to the iPod daily. One charge lasts to me about 10 hours.
iPodlounge has btw some tips how to recharge and use the iPod to maximaze battery lifetime.
When RIAA writes something Anti-P2P they will know that a great number of the readers will be actual filesharers reacting to that article. That will give them plenty of IPs in their server logs... *That's* the real problem if you happen to be a filesharer. Not the EFF. :)
As a side note it could be wise for you filesharers to check your browser doesn't send a Down-with-the-RIAA-KaZaA-rules-forever site as the referring page while browsing. The site itself could also be a trap done by RIAA to get to know as many filesharers as possible. There have been trap sites of such kind in the past... Be careful out there!
Partly true. Port 641 and 1033 are bound only to localhost (127.0.0.1), so you shouldn't be able to access on the ethernet. Mac OS X uses some of the ports only for their internal services.
Anyone interested should check this document.
PS. You scan your *outside* IP to leave the internal services alone. A netstat -a should also help. :)
This desk probably is designed for public computers (libraries etc.) rather than your office/home.
Just by looking at the design, you see that it isn't meant to have tons of papers or books on it. It's more like a public terminal for everyone to use. If you would have seen this on a computer exhibition it definetely would have looked very stylish. Your company or organisation would have got much more positive attention because of this desk, I believe.