Doing this exactly once would destroy trust in the root, and it's a piece of piss for anyone else to set themselves up as an alternative. Once the existing root was proved to be corrupt, there's no reason not to accept an alternative.
Really. A piece of piss.
Not going to happen over "pirate" movies or gambling. Let me know if you come up with something drastic enough to throw this away over.
To do this, by the way (unless you're a conspiracy nut who thinks maybe it's all secretly controlled from the Whitehouse basement) the US government has to corrupt a bunch of Unix graybeards who couldn't give a shit about gambling, pornography, illegal copying or any of this stuff that gets US judges so excited as to order irrational and nonsensical actions.
"Since my approach was to conservatively estimate the dosage released and acquired cancers, I think the point still stands."
No, your approach was to make up scary nonsense. You "point" doesn't stand because you never made one. In fact you never did anything except hide your response full of lies in another thread so that the original author wouldn't be notified that you'd written it. And look how desperate you got - when someone shows you a published report documenting the 56 deaths, you respond with a grand conspiracy theory and an allegation about "slow agonising death" for which of course you have no evidence whatsoever.
Time is on the side of truth. When people like you started out you could scare everyone into believing there'd be millions of dead, lying in piles across Europe. But it's hard to sell that story now, as the curve flattens and Chernobyl fades into memory. The reality is that direct exposure killed less than a hundred, the long term effects on residents and workers were smaller even than expected, and then there's some unknown (in the sense that we're not even too sure it's negative) but small long term environment effect. And that's it. Only the nuclear mystique makes it worth talking about.
Nuclear Power just isn't as dangerous as the images of an A-bomb denotation would suggest. It's dangerous of course, and we should be careful, but all our power sources are dangerous, burning coal wasn't safer, even wind and wave power has its share of dangers.
Yes, and this also exists today (assuming you have working DNSSEC) for OpenSSH.
That is, OpenSSH is already programmed to be able to confirm a remote host fingerprint by looking in DNS. This means "ssh foo.example.com" would reliably connect you to the machine that example.com's owners call 'foo' subject only to interference from the COM registry operator and the DNS root. If someone spoofs DNS, DNSSEC will report it, if they try to spoof the machine itself or TCP/IP, the OpenSSH fingerprint won't match. If they try a Man-in-the-middle attack the protocol design leaves them just moving your encrypted data with no clue what it says.
A public key trust system needs a trust root, but DNS conveniently already has one. We may fix a remarkable number of technical problems via DNSSEC, once we get the root signed and the political problems solved.
It _is_ a replica, but just not in the way you imagined.
The (British) _Science_ Museum has (or had) a workshop for building Difference Engine No. 2. This is the second one, built by replicating the first. They can't build one by following Babbage's plans, because his plans are wrong in subtle ways, and had to be corrected. One of the things the Science Museum gained by making the first one was a _correct_ set of plans for the machine. If you have a lot of money and want a Difference Engine, I have no doubt that the Science Museum would start up that workshop again and build another replica for you too.
Also, while I'm here, it's a lot harder to MitM the link between a user and their ISP in most cases. Both addresses are inside the ISP's range, so it should and probably does have border rules that prevent such packets traversing the border. That means to attack user X at ISP A, you need to be able to mess with packets inside ISP A. Whereas today, by doing MitM on some poor.com site's DNS servers, you get every user visiting the site. So "does nothing to protect" isn't really true.
If you're going to say "What if the bad guys just reconfigure the victim's machine to use their DNS server" Well, yeah, but in that case they broke in and changed system level configuration, it's game over. They could just as easily add an OS patch that redirects all IP traffic via their servers so that DNS is irrelevant.
Yes the digital exchange recognises pulse dialing. It might get phased out eventually because it sucks technically (unintentional "dialing" is common especially on above ground rural lines) and hasn't been needed on new phones for half a lifetime, but even then a $5 adapter could recognise pulse dialing on older phones and convert to tones if you're attached to the specific model of phone. All the smarts in the telephone network are in the exchanges, the telephone itself is nearly unchanged since it was invented.
If the cell network is functioning at all at your location, emergency calls have priority (a new 911 call will bump someone calling their mother if the load is too high to handle both). Whilst the same priority exists on your landline, most likely if there's a problem it'll fail altogether rather than being limited to emergency service.
It's true.. sort of. The smallest software company wins. So the big software company gets sued by a smaller one, and then the smaller one gets sued by a single lawyer working out of a shared office.
He's not infringing you see, all he does is file for patents and write lawsuits. So he wins every time in your system.
Patent supporters mistake "economic activity" (moving money around) for economic _productivity_ ie actually making something. They maximise the former at the cost of the latter and end up up to their necks in debt.
That is of course part of the point. The hams have become like steam railway hobbyists. Some hobbyists will chew your ear off about the reliability of trains during the steam era. They'll give you stats which they like to pretend are comparable to today's passenger multiple units. So-and-so many miles between faults...
But they're telling you how often the steam/locomotive/ failed. The multiple unit is a whole train, its failure rate includes the idiot who tried to flush a nappy down the onboard toilet, that time the PA system didn't work in cars 3 and 4, and many other faults which didn't significantly inconvenience the passengers. If your steam loco fails, you're stuck until a replacement arrives.
This is the 21st century. You got an emergency and can't contact civilisation? 406MHz Distress beacon. Break seal, press button, help is on its way. Don't try to radio someone in Sweden and communicate the problem in Morse (yeah, yeah, I know, morse isn't required any more, bla la la).
The technical term you were looking for was "convolution reverb" and of course if you'd known that you could easily have found that one of the most popular plugin suites for LADSPA (the Linux plugin API) includes such a reverb and user-customisable impulse recordings.
I wonder how much, if anything, that you actually do is hard, let alone "impossible" with a Linux audio setup...
Microsoft does distribute and will presumably continue to distribute GPL'd software. They provide their customers with the GNU toolchain among other things.
They've been very good Free Software citizens all things considered, of course they're not a Free Software company like Red Hat, but they use, and abide by the terms of the GNU GPL, they provide the source code for the covered software on an open FTP site for anyone to download and they've always been very open about it. Of course the Microsoft VPs talking to the press are always going to say "Free Software is cancer" and such nonsense, but that's the same as when an Pharamaceutical Executive is saying "We need these high prices to pay for R&D". They're not actually stupid enough to believe this spin, and you shouldn't be either.
The Big Pharmaceutical company aren't evil, despite telling some half-truths about the relationship between prices and R&D costs (hint: marketing is also expensive, but unlike R&D it isn't actually saving lives) and Microsoft isn't evil, despite maybe giving people the impression that Free Software is bad, or at least unnecessary, rather than being just as much a part of Microsoft's strategy as anyone else's.
Wow, people suck. You were scared because you were in a nasty noisy machine? It made you/anxious/ and they had to give you/medication/ for it? Goodness knows you wouldn't last very long if there was actually some invasive medical procedure to be performed. Heck, I'm surprised you can even take a ride on an aeroplane with those cramped seats and all the engine noise. Or do you "dose up" on "anti-anxiety" medication before each flight?
You remind me of friends who insist on expensive private dental care because they can't stand someone working on their teeth while they're conscious -- they pay someone to put them under general anaesthetic for routine dental work.
"If I select a region and pour paint inside it, the paint shouldn't leave the margins of the selection."
Hold down SHIFT, or select the radio button for this kind of fill (which is labelled and has an annotation indicating that it can be activated with SHIFT).
These are blind scans, the attackers are searching the entire routable IPv4 space (actually they may even be searching unroutable space although obviously that will just slow them down).
If at any time 10% of Internet addresses actually lead to a machine that's switched on, and 5% of those machines are running a Unix of some kind (these numbers are probably a little wrong, but not by an order of magnitude) then typically 1-in-200 addresses scanned will answer a SSH connection, at that point the attacker tries a few dozen (or hundred in some cases it seems) user+password combinations and then moves on to someone else. They're probably scanning hundreds of thousands of machines every day in this way.
BUT.. let's try that again with IPv6 addresses. Under the present scheme for unicast address assignments blind jumps into the routable address space probably only have a 1-in-a million billion chance of hitting any machine at all choosing at random -- they'd need to scan a million billion times as long to get the same results, or to put it another way, you'd get scanned a million billion times less often.
I don't know about other readers, but despite daily encounters I haven't been scanned even _one_ million billion times yet, so making this problem a million billion times smaller seems like it would effectively go away completely.
So far experience bears this out, of course IPv6 isn't that widespread yet, so it could be that somehow no bad people are using it, but I suspect the vast address space simply makes scans prohibitively expensive. The daily logs I read show a fair few attempts with IPv4, but no unexpected connections using IPv6.
There's no evidence that Bill ever actually said that. Go on, find the quote. If it was in a magazine or newspaper someone would know which one and when. If it was at a keynote somewhere, there would be a recording.
"No-one should believe anything I post on Slashdot" - Aardwolf64
It's a disclaimer, no-one said everyone should be running these drivers today, just that they exist and will sooner rather than later be integrated into Linux distributions.
So far no-one has reported any damaged hardware, but Radeon 9800 users have reported lock-ups which obviously mean the driver isn't ready for them yet.
Given that this is the first Free Software driver for modern programmable 3D hardware (ATI's R300 and R400 series) and it was done apparently without even so much as a donated card from the hardware manufacturer I think a "sane person" ought to be pretty glad that it's happening at all.
Unlike the proprietary drivers, this Free Software R300 driver would be included right in the box with your Linux distro, and automatically upgraded with each kernel version for zero hassle. So if we get together and make it happen it will actually be easier than nVidia's proprietary driver as well as more free.
Ah, but although distributors like Red Hat continue to describe holes as "exploitable" - because they subscribe to the theory that if it's possible someone out there will do it - the actual attack surface has been hardened considerably. This means working POCs are now much harder to write, which means we can reasonably assume actual compromises are also rarer.
[ If you believe that POCs are commonly the source of real exploit code, which is plausible, this follows directly. Otherwise it follows from the assumption that Black hats are fundamentally using the same methods as White or Grey hats ]
Let's start from a classic buffer overrun on the stack. Once upon a time you could expect that most such overruns, especially ones larger than a single machine word, were going to be remote compromises, and most of those would escalate to full root before you could say "setuid binary".
These days you can't execute inserted code (due to W^X policies implemented in various ways) and you can't reliably guess a return address because they're randomised with wrong guesses leading to a crash (if you can cause the service to be restarted, perhaps dozens of times, before you are discovered a guessing strategy might work).
Now, supposing that you either get lucky or have found a much rarer bug which lets you control the flawed software without executing inserted code. You now have a limited security context. If the daemon you've attacked wasn't supposed to create users, or overwrite the OS kernel or whatever, then you probably can't do it either. Most daemons aren't supposed to fork a shell, so their context is forbidden from doing so. This alone makes a lot of previously "easy" attacks very tricky.
This layered approach to security isn't an excuse for bugs in software, but an acceptance that such bugs will happen and we should mitigate their effects (e.g. script kiddie attack leads to crashed web server, not a root kit)
If the thousands or millions of compromised Windows PCs now running botnets and spammer tools had been hardened years ago many of them would have just become unusable through crashing (which might make the owner take it to be "repaired") rather than being havens for 12 year old IRC losers and Nigerian scammers.
The hotplug system is part of the OS, running as root, and is intended to do things like insert driver modules, pump firmware around, and set permissions. This is useful even on a server, although its more important for a laptop or desktop machine. It doesn't do anything to your desktop directly though...
HAL uses DBUS to notify the user's desktop software about these exciting events so that it can do something appropriate. The desktop doesn't have dangerous privileges (so it's unlikely to accidentally format your main SCSI drive instead of the freshly inserted USB flash) and is able to interfact with the user through pop-ups and making icons appear in file managers etc.
This system (Hotplug + HAL + DBUS) replaces earlier systems where desktop software polled for any interesting changes every few seconds. The new system is event driven, using resources only when they're needed, and should hopefully be more powerful too.
I suggest you write this to the GIMP developer's mailing list which iirc is gimp-developer@scam.xcf.berkeley.edu
Make sure you specify that you're serious about offering people real money that will pay rent & bills, not just giving some college kid more pocket change. Or if it's the latter, don't be surprised at the lack of traction.
The features you want are already in the long term plan for the GIMP (obviously, because they're desirable and the developers aren't stupid) but I have no idea how far this plan is from fruition, or even how viable it is in practice (it smelled like Second System Syndrome to me when I first heard about it, some years ago now). So you need to ensure that it's clear you're paying for results - a usable GIMP with floating point images & adjustment layers.
This is a patent on link-local address autoconfiguration for IPv4 (not as the article misleadingly says IPv6). Many Linux, Mac OS and Windows machines use this feature, but none of them need it to use the IPv4 or IPv6 Internet, in fact it's a fallback for when Internet service is not available.
Microsoft told the IETF back in August 2000 that they had patented this and offered RAND + Royalty Free terms to anyone willing to reciprocate.
http://www.ietf.org/ietf/IPR/MICROSOFT-499.txt Software patents are an abomination, but this just seems to be a case of mis-reporting.
We bought a 3ware controller for a large and somewhat valuable datastore (high resolution images of Alan Turing's personal papers which include all the text available elsewhere plus handwritten annotations, scribbled diagrams, etc.)
In the end I only used it as a fast and not particularly full-featured ATA controller, running Linux software RAID on top because it was not only _faster_ in every test I could think of, but also simpler to set up and maintain.
There aren't many published comparisons of this sort of thing precisely because the low-end (PCI card etc.) hardware RAID manufacturers lose, and that means they won't be renewing their advertisements in your publication any time soon. In _theory_ they should win if your application is both disk I/O and computationally heavy, and thus you can't spare any CPU to run software RAID, but I've never seen a benchmark that could demonstrate this apparently obvious result with real hardware.
That happens because Win9x provides a very cheap way to create and use OK|Cancel and Yes|No|Cancel dialogs, maybe 5-10 lines of code to handle the whole thing.
Whereas Delete|Print|Cancel requires you to manually instantiate a dialog box, add labels (which need translating if you support foreign locales), add icons to match the labels, write a sensible title (not "Dialog") and _still_ you have to write an explanation for the user in the main text. After you've created dialog box, you need to handle the events for the three options (plus the non-obvious stuff like users who close the dialog without hitting a button) and you need to stitch all of that into your application somewhere.
So guess which programmers choose if there isn't a usability testing person breathing down their neck?
Hence more modern systems emphasise making the Right Thing(TM) as easy as possible for programmers, because if there's a Wrong Thing(TM) that's 10 times easier, they'll do that instead.
Note that Free Software (DRI) support for ATI's R3xx and R4xx (ie Radeon up to and including X800) support is in progress, and might make much better use of a few spare hours of your time than the Open Graphics Project.
If you have a Radeon 9600 or higher, know a fair bit of C and a little bit about graphics cards, why not help make this driver happen faster than it would otherwise. Read the DRI mailing list archives, follow the instructions for building and testing the r300 driver. Provide feedback, try things out etc.
For the adventurous this driver is not far off usable. Basic 3D seems to work, it can now play Quake 3 (with some rendering bugs), but there's lots more to be done before this can be included in all the Linux distros.
Well, that guy may know what he's talking about with film (although guessing what a movie director intended from what was shown in the theatre is... imprecise at best) but he knows nothing about computers
He starts ranting about the definition of a megabyte/ gigabyte part way through, claiming storage manufacturers invented the idea of using metric to screw over customers.
That's just not true. Everyone uses metric except for RAM chip makers and a few other people who work only in powers of two. The fundamental hardware design makes it impractical to have a million bytes or a billion bytes of storage on the chip, you have to make it a power of two in order to address it sensibly from hardware. It's easier to just not worry about the extra fraction and call it 1GB or whatever.
[ Note how hard disks don't come in "power of two seeming" sizes? 4GB? Yes. 12GB? Er... 40GB? Nope, losing me. 200GB? Still not a power of two. It's not a coincidence, it's not a conspiracy it's just physics ]
Your 100Mbit network card? That's 100 000 000 bits per second, not 100 x 1024 x 1024 bits. Your 1.2 Megapixel camera? That's 1 200 000 picture elements, not 1.2 x 1024 x 1024. It's the same for practically everything, except RAM.
A more legitimate gripe (but one I still don't support) is that they advertise the theoretical capacity of the disk rather than the formatted capacity when running Windows 98SE. But this argument goes nowhere, you can store a different amount if you use Windows XP, and yet a different amount in Linux. If you use a lot of small files in BeOS it will declare the disk "full" even when it's half empty. Why is this the responsibility of the hard disk maker?
Some people have (wrongly) claimed that disk manufacturers include things like space reserved for replacing failed blocks, or firmware test tracks in their advertised sizes. This isn't true, the reported ATA capacity is all addressable from the operating system. Reserved areas are not reported at all.
The only storage industry gripe I do support is the complaint about the "compression assumption" in tape and tape drive descriptions. All tape manufacturers seem to have agreed to pretend that you can compress data by 2:1 when storing it on tape. But today many archives are full of JPEGs, MP3s compressed tarballs or packages, and other things which don't compress further. Unfortunately no-one wants to be first to say "Our tapes are now half the size they used to be".
But the request to the CA is only asking for (signed) data about cancelled certs. You can't use it to issue your own certs, that's not how it works.
For MITM attacks to work against a bank, shop or similar SSL protected service you need to persuade the user to click through a dialog warning them that you're trying to spoof them.
Why not just walk up to them and say "Government Wallet inspector" ? It should work on the same people.
It was designed that way because it was not intended primarily as a Firewire killer but as a CHEAP replacement for dumb serial and parallel port hardware.
USB makes the host complicated (which is fine, it's a PC, it already has an entire 3D rendering infrastructure, and a TCP/IP implementation) and allows peripherals to be very simple, and thus both cheap and easy to use.
In practice after a few years even the host controller prices have fallen far enough that a $100 printer can be a USB host and run a bidirectional protocol with a USB camera so that the camera provides the printer with a GUI (this technology is called "Pict Bridge" but it's actually just a branding exercise for some simple PTP stuff. There is no reason why the more expensive USB cameras couldn't do the same thing in turn with USB memory sticks, so long as the sticks used only one of the 18 USB storage protocols.
Slashdot Mirror
Doing this exactly once would destroy trust in the root, and it's a piece of piss for anyone else to set themselves up as an alternative. Once the existing root was proved to be corrupt, there's no reason not to accept an alternative.
Really. A piece of piss.
Not going to happen over "pirate" movies or gambling. Let me know if you come up with something drastic enough to throw this away over.
To do this, by the way (unless you're a conspiracy nut who thinks maybe it's all secretly controlled from the Whitehouse basement) the US government has to corrupt a bunch of Unix graybeards who couldn't give a shit about gambling, pornography, illegal copying or any of this stuff that gets US judges so excited as to order irrational and nonsensical actions.
"Since my approach was to conservatively estimate the dosage released and acquired cancers, I think the point still stands."
No, your approach was to make up scary nonsense. You "point" doesn't stand because you never made one. In fact you never did anything except hide your response full of lies in another thread so that the original author wouldn't be notified that you'd written it. And look how desperate you got - when someone shows you a published report documenting the 56 deaths, you respond with a grand conspiracy theory and an allegation about "slow agonising death" for which of course you have no evidence whatsoever.
Time is on the side of truth. When people like you started out you could scare everyone into believing there'd be millions of dead, lying in piles across Europe. But it's hard to sell that story now, as the curve flattens and Chernobyl fades into memory. The reality is that direct exposure killed less than a hundred, the long term effects on residents and workers were smaller even than expected, and then there's some unknown (in the sense that we're not even too sure it's negative) but small long term environment effect. And that's it. Only the nuclear mystique makes it worth talking about.
Nuclear Power just isn't as dangerous as the images of an A-bomb denotation would suggest. It's dangerous of course, and we should be careful, but all our power sources are dangerous, burning coal wasn't safer, even wind and wave power has its share of dangers.
Yes, and this also exists today (assuming you have working DNSSEC) for OpenSSH.
That is, OpenSSH is already programmed to be able to confirm a remote host fingerprint by looking in DNS. This means "ssh foo.example.com" would reliably connect you to the machine that example.com's owners call 'foo' subject only to interference from the COM registry operator and the DNS root. If someone spoofs DNS, DNSSEC will report it, if they try to spoof the machine itself or TCP/IP, the OpenSSH fingerprint won't match. If they try a Man-in-the-middle attack the protocol design leaves them just moving your encrypted data with no clue what it says.
A public key trust system needs a trust root, but DNS conveniently already has one. We may fix a remarkable number of technical problems via DNSSEC, once we get the root signed and the political problems solved.
It _is_ a replica, but just not in the way you imagined.
The (British) _Science_ Museum has (or had) a workshop for building Difference Engine No. 2. This is the second one, built by replicating the first. They can't build one by following Babbage's plans, because his plans are wrong in subtle ways, and had to be corrected. One of the things the Science Museum gained by making the first one was a _correct_ set of plans for the machine. If you have a lot of money and want a Difference Engine, I have no doubt that the Science Museum would start up that workshop again and build another replica for you too.
Also, while I'm here, it's a lot harder to MitM the link between a user and their ISP in most cases. Both addresses are inside the ISP's range, so it should and probably does have border rules that prevent such packets traversing the border. That means to attack user X at ISP A, you need to be able to mess with packets inside ISP A. Whereas today, by doing MitM on some poor .com site's DNS servers, you get every user visiting the site. So "does nothing to protect" isn't really true.
If you're going to say "What if the bad guys just reconfigure the victim's machine to use their DNS server" Well, yeah, but in that case they broke in and changed system level configuration, it's game over. They could just as easily add an OS patch that redirects all IP traffic via their servers so that DNS is irrelevant.
Yes the digital exchange recognises pulse dialing. It might get phased out eventually because it sucks technically (unintentional "dialing" is common especially on above ground rural lines) and hasn't been needed on new phones for half a lifetime, but even then a $5 adapter could recognise pulse dialing on older phones and convert to tones if you're attached to the specific model of phone. All the smarts in the telephone network are in the exchanges, the telephone itself is nearly unchanged since it was invented.
If the cell network is functioning at all at your location, emergency calls have priority (a new 911 call will bump someone calling their mother if the load is too high to handle both). Whilst the same priority exists on your landline, most likely if there's a problem it'll fail altogether rather than being limited to emergency service.
It's true.. sort of. The smallest software company wins. So the big software company gets sued by a smaller one, and then the smaller one gets sued by a single lawyer working out of a shared office.
He's not infringing you see, all he does is file for patents and write lawsuits. So he wins every time in your system.
Patent supporters mistake "economic activity" (moving money around) for economic _productivity_ ie actually making something. They maximise the former at the cost of the latter and end up up to their necks in debt.
That is of course part of the point. The hams have become like steam railway hobbyists. Some hobbyists will chew your ear off about the reliability of trains during the steam era. They'll give you stats which they like to pretend are comparable to today's passenger multiple units. So-and-so many miles between faults...
But they're telling you how often the steam /locomotive/ failed. The multiple unit is a whole train, its failure rate includes the idiot who tried to flush a nappy down the onboard toilet, that time the PA system didn't work in cars 3 and 4, and many other faults which didn't significantly inconvenience the passengers. If your steam loco fails, you're stuck until a replacement arrives.
This is the 21st century. You got an emergency and can't contact civilisation? 406MHz Distress beacon. Break seal, press button, help is on its way. Don't try to radio someone in Sweden and communicate the problem in Morse (yeah, yeah, I know, morse isn't required any more, bla la la).
"reverbs using impulse responses"
The technical term you were looking for was "convolution reverb" and of course if you'd known that you could easily have found that one of the most popular plugin suites for LADSPA (the Linux plugin API) includes such a reverb and user-customisable impulse recordings.
I wonder how much, if anything, that you actually do is hard, let alone "impossible" with a Linux audio setup...
Microsoft does distribute and will presumably continue to distribute GPL'd software. They provide their customers with the GNU toolchain among other things.
They've been very good Free Software citizens all things considered, of course they're not a Free Software company like Red Hat, but they use, and abide by the terms of the GNU GPL, they provide the source code for the covered software on an open FTP site for anyone to download and they've always been very open about it. Of course the Microsoft VPs talking to the press are always going to say "Free Software is cancer" and such nonsense, but that's the same as when an Pharamaceutical Executive is saying "We need these high prices to pay for R&D". They're not actually stupid enough to believe this spin, and you shouldn't be either.
The Big Pharmaceutical company aren't evil, despite telling some half-truths about the relationship between prices and R&D costs (hint: marketing is also expensive, but unlike R&D it isn't actually saving lives) and Microsoft isn't evil, despite maybe giving people the impression that Free Software is bad, or at least unnecessary, rather than being just as much a part of Microsoft's strategy as anyone else's.
Wow, people suck. You were scared because you were in a nasty noisy machine? It made you /anxious/ and they had to give you /medication/ for it? Goodness knows you wouldn't last very long if there was actually some invasive medical procedure to be performed. Heck, I'm surprised you can even take a ride on an aeroplane with those cramped seats and all the engine noise. Or do you "dose up" on "anti-anxiety" medication before each flight?
You remind me of friends who insist on expensive private dental care because they can't stand someone working on their teeth while they're conscious -- they pay someone to put them under general anaesthetic for routine dental work.
"If I select a region and pour paint inside it, the paint shouldn't leave the margins of the selection."
Hold down SHIFT, or select the radio button for this kind of fill (which is labelled and has an annotation indicating that it can be activated with SHIFT).
These are blind scans, the attackers are searching the entire routable IPv4 space (actually they may even be searching unroutable space although obviously that will just slow them down).
If at any time 10% of Internet addresses actually lead to a machine that's switched on, and 5% of those machines are running a Unix of some kind (these numbers are probably a little wrong, but not by an order of magnitude) then typically 1-in-200 addresses scanned will answer a SSH connection, at that point the attacker tries a few dozen (or hundred in some cases it seems) user+password combinations and then moves on to someone else. They're probably scanning hundreds of thousands of machines every day in this way.
BUT.. let's try that again with IPv6 addresses. Under the present scheme for unicast address assignments blind jumps into the routable address space probably only have a 1-in-a million billion chance of hitting any machine at all choosing at random -- they'd need to scan a million billion times as long to get the same results, or to put it another way, you'd get scanned a million billion times less often.
I don't know about other readers, but despite daily encounters I haven't been scanned even _one_ million billion times yet, so making this problem a million billion times smaller seems like it would effectively go away completely.
So far experience bears this out, of course IPv6 isn't that widespread yet, so it could be that somehow no bad people are using it, but I suspect the vast address space simply makes scans prohibitively expensive. The daily logs I read show a fair few attempts with IPv4, but no unexpected connections using IPv6.
There's no evidence that Bill ever actually said that. Go on, find the quote. If it was in a magazine or newspaper someone would know which one and when. If it was at a keynote somewhere, there would be a recording.
"No-one should believe anything I post on Slashdot" - Aardwolf64
It's a disclaimer, no-one said everyone should be running these drivers today, just that they exist and will sooner rather than later be integrated into Linux distributions.
So far no-one has reported any damaged hardware, but Radeon 9800 users have reported lock-ups which obviously mean the driver isn't ready for them yet.
Given that this is the first Free Software driver for modern programmable 3D hardware (ATI's R300 and R400 series) and it was done apparently without even so much as a donated card from the hardware manufacturer I think a "sane person" ought to be pretty glad that it's happening at all.
Unlike the proprietary drivers, this Free Software R300 driver would be included right in the box with your Linux distro, and automatically upgraded with each kernel version for zero hassle. So if we get together and make it happen it will actually be easier than nVidia's proprietary driver as well as more free.
Ah, but although distributors like Red Hat continue to describe holes as "exploitable" - because they subscribe to the theory that if it's possible someone out there will do it - the actual attack surface has been hardened considerably. This means working POCs are now much harder to write, which means we can reasonably assume actual compromises are also rarer.
[ If you believe that POCs are commonly the source of real exploit code, which is plausible, this follows directly. Otherwise it follows from the assumption that Black hats are fundamentally using the same methods as White or Grey hats ]
Let's start from a classic buffer overrun on the stack. Once upon a time you could expect that most such overruns, especially ones larger than a single machine word, were going to be remote compromises, and most of those would escalate to full root before you could say "setuid binary".
These days you can't execute inserted code (due to W^X policies implemented in various ways) and you can't reliably guess a return address because they're randomised with wrong guesses leading to a crash (if you can cause the service to be restarted, perhaps dozens of times, before you are discovered a guessing strategy might work).
Now, supposing that you either get lucky or have found a much rarer bug which lets you control the flawed software without executing inserted code. You now have a limited security context. If the daemon you've attacked wasn't supposed to create users, or overwrite the OS kernel or whatever, then you probably can't do it either. Most daemons aren't supposed to fork a shell, so their context is forbidden from doing so. This alone makes a lot of previously "easy" attacks very tricky.
This layered approach to security isn't an excuse for bugs in software, but an acceptance that such bugs will happen and we should mitigate their effects (e.g. script kiddie attack leads to crashed web server, not a root kit)
If the thousands or millions of compromised Windows PCs now running botnets and spammer tools had been hardened years ago many of them would have just become unusable through crashing (which might make the owner take it to be "repaired") rather than being havens for 12 year old IRC losers and Nigerian scammers.
hotplug isn't enough
The hotplug system is part of the OS, running as root, and is intended to do things like insert driver modules, pump firmware around, and set permissions. This is useful even on a server, although its more important for a laptop or desktop machine. It doesn't do anything to your desktop directly though...
HAL uses DBUS to notify the user's desktop software about these exciting events so that it can do something appropriate. The desktop doesn't have dangerous privileges (so it's unlikely to accidentally format your main SCSI drive instead of the freshly inserted USB flash) and is able to interfact with the user through pop-ups and making icons appear in file managers etc.
This system (Hotplug + HAL + DBUS) replaces earlier systems where desktop software polled for any interesting changes every few seconds. The new system is event driven, using resources only when they're needed, and should hopefully be more powerful too.
I suggest you write this to the GIMP developer's mailing list which iirc is gimp-developer@scam.xcf.berkeley.edu
Make sure you specify that you're serious about offering people real money that will pay rent & bills, not just giving some college kid more pocket change. Or if it's the latter, don't be surprised at the lack of traction.
The features you want are already in the long term plan for the GIMP (obviously, because they're desirable and the developers aren't stupid) but I have no idea how far this plan is from fruition, or even how viable it is in practice (it smelled like Second System Syndrome to me when I first heard about it, some years ago now). So you need to ensure that it's clear you're paying for results - a usable GIMP with floating point images & adjustment layers.
This is a patent on link-local address autoconfiguration for IPv4 (not as the article misleadingly says IPv6). Many Linux, Mac OS and Windows machines use this feature, but none of them need it to use the IPv4 or IPv6 Internet, in fact it's a fallback for when Internet service is not available.
Microsoft told the IETF back in August 2000 that they had patented this and offered RAND + Royalty Free terms to anyone willing to reciprocate.
http://www.ietf.org/ietf/IPR/MICROSOFT-499.txt
Software patents are an abomination, but this just seems to be a case of mis-reporting.
Anecdotal because I'm not paid to do this stuff..
We bought a 3ware controller for a large and somewhat valuable datastore (high resolution images of Alan Turing's personal papers which include all the text available elsewhere plus handwritten annotations, scribbled diagrams, etc.)
In the end I only used it as a fast and not particularly full-featured ATA controller, running Linux software RAID on top because it was not only _faster_ in every test I could think of, but also simpler to set up and maintain.
There aren't many published comparisons of this sort of thing precisely because the low-end (PCI card etc.) hardware RAID manufacturers lose, and that means they won't be renewing their advertisements in your publication any time soon. In _theory_ they should win if your application is both disk I/O and computationally heavy, and thus you can't spare any CPU to run software RAID, but I've never seen a benchmark that could demonstrate this apparently obvious result with real hardware.
That happens because Win9x provides a very cheap way to create and use OK|Cancel and Yes|No|Cancel dialogs, maybe 5-10 lines of code to handle the whole thing.
Whereas Delete|Print|Cancel requires you to manually instantiate a dialog box, add labels (which need translating if you support foreign locales), add icons to match the labels, write a sensible title (not "Dialog") and _still_ you have to write an explanation for the user in the main text. After you've created dialog box, you need to handle the events for the three options (plus the non-obvious stuff like users who close the dialog without hitting a button) and you need to stitch all of that into your application somewhere.
So guess which programmers choose if there isn't a usability testing person breathing down their neck?
Hence more modern systems emphasise making the Right Thing(TM) as easy as possible for programmers, because if there's a Wrong Thing(TM) that's 10 times easier, they'll do that instead.
Note that Free Software (DRI) support for ATI's R3xx and R4xx (ie Radeon up to and including X800) support is in progress, and might make much better use of a few spare hours of your time than the Open Graphics Project.
If you have a Radeon 9600 or higher, know a fair bit of C and a little bit about graphics cards, why not help make this driver happen faster than it would otherwise. Read the DRI mailing list archives, follow the instructions for building and testing the r300 driver. Provide feedback, try things out etc.
For the adventurous this driver is not far off usable. Basic 3D seems to work, it can now play Quake 3 (with some rendering bugs), but there's lots more to be done before this can be included in all the Linux distros.
Well, that guy may know what he's talking about with film (although guessing what a movie director intended from what was shown in the theatre is... imprecise at best) but he knows nothing about computers
He starts ranting about the definition of a megabyte/ gigabyte part way through, claiming storage manufacturers invented the idea of using metric to screw over customers.
That's just not true. Everyone uses metric except for RAM chip makers and a few other people who work only in powers of two. The fundamental hardware design makes it impractical to have a million bytes or a billion bytes of storage on the chip, you have to make it a power of two in order to address it sensibly from hardware. It's easier to just not worry about the extra fraction and call it 1GB or whatever.
[ Note how hard disks don't come in "power of two seeming" sizes? 4GB? Yes. 12GB? Er... 40GB? Nope, losing me. 200GB? Still not a power of two. It's not a coincidence, it's not a conspiracy it's just physics ]
Your 100Mbit network card? That's 100 000 000 bits per second, not 100 x 1024 x 1024 bits. Your 1.2 Megapixel camera? That's 1 200 000 picture elements, not 1.2 x 1024 x 1024. It's the same for practically everything, except RAM.
A more legitimate gripe (but one I still don't support) is that they advertise the theoretical capacity of the disk rather than the formatted capacity when running Windows 98SE. But this argument goes nowhere, you can store a different amount if you use Windows XP, and yet a different amount in Linux. If you use a lot of small files in BeOS it will declare the disk "full" even when it's half empty. Why is this the responsibility of the hard disk maker?
Some people have (wrongly) claimed that disk manufacturers include things like space reserved for replacing failed blocks, or firmware test tracks in their advertised sizes. This isn't true, the reported ATA capacity is all addressable from the operating system. Reserved areas are not reported at all.
The only storage industry gripe I do support is the complaint about the "compression assumption" in tape and tape drive descriptions. All tape manufacturers seem to have agreed to pretend that you can compress data by 2:1 when storing it on tape. But today many archives are full of JPEGs, MP3s compressed tarballs or packages, and other things which don't compress further. Unfortunately no-one wants to be first to say "Our tapes are now half the size they used to be".
But the request to the CA is only asking for (signed) data about cancelled certs. You can't use it to issue your own certs, that's not how it works.
For MITM attacks to work against a bank, shop or similar SSL protected service you need to persuade the user to click through a dialog warning them that you're trying to spoof them.
Why not just walk up to them and say "Government Wallet inspector" ? It should work on the same people.
It was designed that way because it was not intended primarily as a Firewire killer but as a CHEAP replacement for dumb serial and parallel port hardware.
USB makes the host complicated (which is fine, it's a PC, it already has an entire 3D rendering infrastructure, and a TCP/IP implementation) and allows peripherals to be very simple, and thus both cheap and easy to use.
In practice after a few years even the host controller prices have fallen far enough that a $100 printer can be a USB host and run a bidirectional protocol with a USB camera so that the camera provides the printer with a GUI (this technology is called "Pict Bridge" but it's actually just a branding exercise for some simple PTP stuff. There is no reason why the more expensive USB cameras couldn't do the same thing in turn with USB memory sticks, so long as the sticks used only one of the 18 USB storage protocols.