The real concern isn't game consoles its network printers. Pretty much every company has at least one these days on their network and most of the machines assume its trusted. All someone would have to do is modify the firmware on one of the printers to start cracking the network. Getting access to the printer would be pretty easy in many cases. Many companies out source their printing to a third party that fixes them and supplies them with ink and paper. All someone would have to do is pretend to be fixing a printer and they're in.
Even custom ROMs suffer from this a bit. Whatever the author of the ROM thinks is a good application your stuck with. The only way I've been able to get a slim down ROM from my Droid is by downloading a ROM and customizing it myself.
I'm currently in a computer science undergrad program. While my university offers many different tracks to focus on(AI, OS, networking, etc) there is no security/reverse engineering track. There really aren't that many security courses either. The first thing is universities have to start offering more courses on security. This should get more people interested as well as more skilled people in the field.
I did have a friend who applied to become one of the governments cyberwariors. He passed everything with flying colors but didn't get the job. Why? He admitted that he downloaded music. The kind of people they want for being a cyberwarrior are the kind of people that will download music, movies, games, break DRM, and possibly even break into a system or two. Thats how they gained the knowledge the government wants. But doing any of those disqualifies you from the job. The government needs to realize this and allow people who have done these things in.
I'm pretty sure the FBI would have to handle the case. The crime happened in one state, the criminal is in another, and the ISP may be in a third. A judge would have to issue a warrant to get the physical address from the ISP. A judge would than have to issue a search warrant for that address. When you call the FBI again first ask the name, department and so on. Explain the situation and try to nicely convince them that this is an easy case for them to solve makes them look go etc. If they still refuse simply say you have no other alternative than to contact the media with what happened and how the FBI refused to investigate the case. Then make sure you contact as much media as you can. If a few reporters start asking them why they won't investigate a simple case they'll probably apologize and do it.
I work for a very large American computer company and while everyone thinks we build machines we don't. We don't even really design it. We goto the ODM(Original design manufacturer) with an idea, spec out the parts, help design the case and they put the thing together. Their the ones that really control the quality of the board and most of the parts. Even when we do come to them with certain parts we want(CPU, GPU, etc) they end up making the decision on everything else(SATA controller, audio card, etc). There are a number of ODMs(Foxcon, Miatec, and a bunch more I forgot the names of) their all competing for the lowest price so the company(Dell, HP, Apple) can sell it to you at the best price. The part that always amuses me is that the ODMs are the ones building the machines for everyone. So a Dell, HP, Apple, all can be built by the came company with the same parts the only difference is the case.
That being said the company can control the quality of the parts but that means price goes but which makes customers goto cheaper competitors.
Thats been happening for years. The courts view all patents legal but both parties know they are using another companies patents so they cross patent. That way both of them can keep going on like normal. The real downside to that is if your trying to start a new smart phone company and have little if any patents the big boys use your screwed.
The current system keeps lawyers rich and startups impossible.
Is it really the ISPs fault? Most people I know bought there own router and connected it to the modem supplied by their ISP. I'm still on my old Linksys WRT54G with Tomato on it because its the best thing out there. I'd buy a new 802.11n router in a heart beat if it supported gigabit lan and wan, dual band, external antenna(s), OpenWRT support, and a USB port or two would be nice but not really needed. I really don't think its to much to ask but last I looked no company makes one.
The problem with changing what an arm device runs is in the bootloader that arm devices run. What most arm devices have is firmware that not only configures the CPU and other devices but loads the OS. Unlike a PC where it loads some code off the first sector of the drive most arm devices actually have the code to load the file system, put a file in memory, and execute it. This is great except there is no standard on how to do this and can be configured from very easy to change(i.e just change the file it loads) to very hard(i.e the firmware checks the file checksum). Your best bet is to do some googling on the device and see who makes the CPU. Then google and CPU and you should find what the standard firmware the manufacture uses. Next you need to hook a serial device(most devices have these just no serial port on the board, you need to sodier it on). Then you can start hacking away.
Marvell based devices are great since the OpenRD and Netplug devices have plenty of documentation and they all use the same boot loader and such.
What the hell are you doing to your systems? I'm running many systems with ext4 and I haven't had data loss on any of them. Are you just pulling the power out to see what happens?
Well at this rate we're not going to have anything. I think its better to get a number of people together from industry and come up with a new codec. Part of this would include all the major players(Apple, Microsoft, Google, etc) comming together and promising not to sue and help if anyone is sued for using this codec.
Why is the debate for the video tag codec only between h264 and ogm? The video tag is such an important part of html5 it really needs to get decided. Both seem to have too many things against them for general use. Why not just start from scratch and create a new video codec for the web. Meeting all the requirments both legal and technical and finally end this.
Some new games require newer firmwares, they have them on disc. If you don't upgrade you don't get to play. While that won't happen for a few months with this version it would prevent me from playing games or running Linux. The other issue is that many of the games I have advertise PSN which I won't be able to use.
I said backslash because if it effects 1% or 100% of the user base people are going to complain. Depending on how much they complain results in x amount of dollars Sony has to spend. This could be in getting support calls to law suits.
Thats like buying a car with power locks and windows and after owning it for two years the car maker says you can now only have power locks or power windows pick one.
I bought my PS3 for two things, cell development and games. So to play games I need the latest firmware but the latest firmware makes it impossible for me to do cell development. This was an advertised feature when I bought it(a few months after launch) so I don't see how Sony can do this without facing a class action suite.
HP has their own Debian Linux based client client OS called ThinPro. If you want to add more packages all you have to do is add the standard Debian repo's to/etc/apt/sources.list and your good to go. They're pretty flexible if you know some basic Linux. The best part is they have a much fuller Linux base then many other Linux thin clients. They support even more advanced features such as multimedia redirection(video and USB) as well as the basic XDM, ICA, RDP connections. All of them can drive almost any monitor from a standard 17" LCD to dual 30" LCDs. The cheapest model is ARM based. Its basically a Marvell OpenRD or Netplug with a video card and smaller disk space. All the others are x86 based and vary in speed and price.
Just make sure you have the latest version and play around with the variables and you should be fine. I've only tried u-boot straight from Marvell, not from http://www.denx.de/wiki/U-Boot
I'm doing some ARM development and we use an OpenRD(http://www.open-rd.org/) board to compile and test some apps. It has dual NICs, a ton of USB ports, and an eSATA port. Internally it only has a 4G SATA DOM so you probably want to use some sort of external media. It comes with Debian Lenny installed, but you can install other things. The biggest pain in the ass is dealing with uboot but once you get it working its like a normal PC.
I go to Drexel university which is known for being a big engineering school. The school policy itself is use whatever you want as long as you get your work done. One of the great things about Drexel is they don't require you to load a bunch of spyware on your computer to get access to their network by ethernet or wireless. Drexel also gives students free software and even has a Linux section. The computer science depart itself is 100% GNU/Linux and one of the earlier classes you have to take is Intro to Linux. Many departments are run on Linux so I guess thats a big reason why Drexel is Linux friendly.
I'm currently working at a major US tech company and litterly every program I have inherited from some out sourcing group is utter crap. I'm talking about EVERY variable is a global variable, one source file for a 5000 line program, no makefile just a line at the top which says compile with gcc blah blah blah, and the list goes on. The reason for out sourcing is not skill its cost. Why pay an American programmer who knows what hes doing when you can out source it and get a program which barely works and when bugs arise blame something/someone else.
In the long run these companies are going to learn the hard way that paying an out sourced developer who has a 3 month class in C will get you nowhere near a developer with a CS degree in terms of quality, functionality, and efficiency.
1. Create some way to register.desktop files. Only.desktop files registered will be executable.
2. White list all.desktop files in/usr/share.. and any place else apps store their.desktop files system wide. This way they can be executed without a problem since the user shouldn't have write access to that anyway. For all other.desktop files(such as ones in the users home directory) add another parameter which contains the systems signature. If the signature doesn't match the current systems signature don't execute it.
Warning: I current work as a Linux engineer for a major thin clients manufacture
Personally I think thin clients are the best way to go. When I was in school all teachers ever did in computer labs were a bit of web surfing and type up some word docs. Modern thin clients have web browsers built in with Firefox, Java and Flash. Which means pretty much any web site will work without the need of a server. For word processing and any other application you can just setup a server with RDP(free with Windows Server 2008) VNC(also free) or Citrix. Thinclients are cheap and durable which is what any school needs. If you want to put a few more apps on it you could go for a "chubby client" which is like a thin client but with more space for you to be what ever applications you want on it while remaining cheap.
Slashdot Mirror
The real concern isn't game consoles its network printers. Pretty much every company has at least one these days on their network and most of the machines assume its trusted. All someone would have to do is modify the firmware on one of the printers to start cracking the network. Getting access to the printer would be pretty easy in many cases. Many companies out source their printing to a third party that fixes them and supplies them with ink and paper. All someone would have to do is pretend to be fixing a printer and they're in.
Well thats what I do. I take a custom ROM and delete the things I don't want.
Even custom ROMs suffer from this a bit. Whatever the author of the ROM thinks is a good application your stuck with. The only way I've been able to get a slim down ROM from my Droid is by downloading a ROM and customizing it myself.
I'm currently in a computer science undergrad program. While my university offers many different tracks to focus on(AI, OS, networking, etc) there is no security/reverse engineering track. There really aren't that many security courses either. The first thing is universities have to start offering more courses on security. This should get more people interested as well as more skilled people in the field. I did have a friend who applied to become one of the governments cyberwariors. He passed everything with flying colors but didn't get the job. Why? He admitted that he downloaded music. The kind of people they want for being a cyberwarrior are the kind of people that will download music, movies, games, break DRM, and possibly even break into a system or two. Thats how they gained the knowledge the government wants. But doing any of those disqualifies you from the job. The government needs to realize this and allow people who have done these things in.
I'm pretty sure the FBI would have to handle the case. The crime happened in one state, the criminal is in another, and the ISP may be in a third. A judge would have to issue a warrant to get the physical address from the ISP. A judge would than have to issue a search warrant for that address. When you call the FBI again first ask the name, department and so on. Explain the situation and try to nicely convince them that this is an easy case for them to solve makes them look go etc. If they still refuse simply say you have no other alternative than to contact the media with what happened and how the FBI refused to investigate the case. Then make sure you contact as much media as you can. If a few reporters start asking them why they won't investigate a simple case they'll probably apologize and do it.
I work for a very large American computer company and while everyone thinks we build machines we don't. We don't even really design it. We goto the ODM(Original design manufacturer) with an idea, spec out the parts, help design the case and they put the thing together. Their the ones that really control the quality of the board and most of the parts. Even when we do come to them with certain parts we want(CPU, GPU, etc) they end up making the decision on everything else(SATA controller, audio card, etc). There are a number of ODMs(Foxcon, Miatec, and a bunch more I forgot the names of) their all competing for the lowest price so the company(Dell, HP, Apple) can sell it to you at the best price. The part that always amuses me is that the ODMs are the ones building the machines for everyone. So a Dell, HP, Apple, all can be built by the came company with the same parts the only difference is the case. That being said the company can control the quality of the parts but that means price goes but which makes customers goto cheaper competitors.
Thats been happening for years. The courts view all patents legal but both parties know they are using another companies patents so they cross patent. That way both of them can keep going on like normal. The real downside to that is if your trying to start a new smart phone company and have little if any patents the big boys use your screwed. The current system keeps lawyers rich and startups impossible.
Is it really the ISPs fault? Most people I know bought there own router and connected it to the modem supplied by their ISP. I'm still on my old Linksys WRT54G with Tomato on it because its the best thing out there. I'd buy a new 802.11n router in a heart beat if it supported gigabit lan and wan, dual band, external antenna(s), OpenWRT support, and a USB port or two would be nice but not really needed. I really don't think its to much to ask but last I looked no company makes one.
The problem with changing what an arm device runs is in the bootloader that arm devices run. What most arm devices have is firmware that not only configures the CPU and other devices but loads the OS. Unlike a PC where it loads some code off the first sector of the drive most arm devices actually have the code to load the file system, put a file in memory, and execute it. This is great except there is no standard on how to do this and can be configured from very easy to change(i.e just change the file it loads) to very hard(i.e the firmware checks the file checksum). Your best bet is to do some googling on the device and see who makes the CPU. Then google and CPU and you should find what the standard firmware the manufacture uses. Next you need to hook a serial device(most devices have these just no serial port on the board, you need to sodier it on). Then you can start hacking away. Marvell based devices are great since the OpenRD and Netplug devices have plenty of documentation and they all use the same boot loader and such.
What the hell are you doing to your systems? I'm running many systems with ext4 and I haven't had data loss on any of them. Are you just pulling the power out to see what happens?
Well at this rate we're not going to have anything. I think its better to get a number of people together from industry and come up with a new codec. Part of this would include all the major players(Apple, Microsoft, Google, etc) comming together and promising not to sue and help if anyone is sued for using this codec.
Why is the debate for the video tag codec only between h264 and ogm? The video tag is such an important part of html5 it really needs to get decided. Both seem to have too many things against them for general use. Why not just start from scratch and create a new video codec for the web. Meeting all the requirments both legal and technical and finally end this.
Some new games require newer firmwares, they have them on disc. If you don't upgrade you don't get to play. While that won't happen for a few months with this version it would prevent me from playing games or running Linux. The other issue is that many of the games I have advertise PSN which I won't be able to use. I said backslash because if it effects 1% or 100% of the user base people are going to complain. Depending on how much they complain results in x amount of dollars Sony has to spend. This could be in getting support calls to law suits.
IBM actually killed Cell a few months ago on their mainframes. I beleive the Power7 chip no longer has it and IBM announced nothing new will.
Thats like buying a car with power locks and windows and after owning it for two years the car maker says you can now only have power locks or power windows pick one.
Why should I have to spend $400 more to do something that I have already does?
I bought my PS3 for two things, cell development and games. So to play games I need the latest firmware but the latest firmware makes it impossible for me to do cell development. This was an advertised feature when I bought it(a few months after launch) so I don't see how Sony can do this without facing a class action suite.
HP has their own Debian Linux based client client OS called ThinPro. If you want to add more packages all you have to do is add the standard Debian repo's to /etc/apt/sources.list and your good to go. They're pretty flexible if you know some basic Linux. The best part is they have a much fuller Linux base then many other Linux thin clients. They support even more advanced features such as multimedia redirection(video and USB) as well as the basic XDM, ICA, RDP connections. All of them can drive almost any monitor from a standard 17" LCD to dual 30" LCDs. The cheapest model is ARM based. Its basically a Marvell OpenRD or Netplug with a video card and smaller disk space. All the others are x86 based and vary in speed and price.
Just make sure you have the latest version and play around with the variables and you should be fine. I've only tried u-boot straight from Marvell, not from http://www.denx.de/wiki/U-Boot
I'm doing some ARM development and we use an OpenRD(http://www.open-rd.org/) board to compile and test some apps. It has dual NICs, a ton of USB ports, and an eSATA port. Internally it only has a 4G SATA DOM so you probably want to use some sort of external media. It comes with Debian Lenny installed, but you can install other things. The biggest pain in the ass is dealing with uboot but once you get it working its like a normal PC.
I go to Drexel university which is known for being a big engineering school. The school policy itself is use whatever you want as long as you get your work done. One of the great things about Drexel is they don't require you to load a bunch of spyware on your computer to get access to their network by ethernet or wireless. Drexel also gives students free software and even has a Linux section. The computer science depart itself is 100% GNU/Linux and one of the earlier classes you have to take is Intro to Linux. Many departments are run on Linux so I guess thats a big reason why Drexel is Linux friendly.
I've always said Apple has poor security. Look who's laughing now!!!!
I'm currently working at a major US tech company and litterly every program I have inherited from some out sourcing group is utter crap. I'm talking about EVERY variable is a global variable, one source file for a 5000 line program, no makefile just a line at the top which says compile with gcc blah blah blah, and the list goes on. The reason for out sourcing is not skill its cost. Why pay an American programmer who knows what hes doing when you can out source it and get a program which barely works and when bugs arise blame something/someone else.
In the long run these companies are going to learn the hard way that paying an out sourced developer who has a 3 month class in C will get you nowhere near a developer with a CS degree in terms of quality, functionality, and efficiency.
Two ways to fix this off the top of my head.
.desktop files. Only .desktop files registered will be executable.
.desktop files in /usr/share.. and any place else apps store their .desktop files system wide. This way they can be executed without a problem since the user shouldn't have write access to that anyway. For all other .desktop files(such as ones in the users home directory) add another parameter which contains the systems signature. If the signature doesn't match the current systems signature don't execute it.
1. Create some way to register
2. White list all
Warning: I current work as a Linux engineer for a major thin clients manufacture
Personally I think thin clients are the best way to go. When I was in school all teachers ever did in computer labs were a bit of web surfing and type up some word docs. Modern thin clients have web browsers built in with Firefox, Java and Flash. Which means pretty much any web site will work without the need of a server. For word processing and any other application you can just setup a server with RDP(free with Windows Server 2008) VNC(also free) or Citrix. Thinclients are cheap and durable which is what any school needs. If you want to put a few more apps on it you could go for a "chubby client" which is like a thin client but with more space for you to be what ever applications you want on it while remaining cheap.