To prevent maliciously formatted video streams from providing a backdoor into your system, type the video stream by hand and verify that it contains no malicious code.
Right now, RealPlayer is a program you use when you half to. For open standards, there's a better program out there, but there is a lot of content out there that is only available if you pay for it through RealNetworks, and then you can only watch it if you use one of Real's products.
If you want to get the web access to major sports or news content that used to be free, you need Real's products and have no way around it...
When the company was called Progressive Networks, they put out some of the most revolutionairy software on the Internet... software that could make decent sounding realtime talk radio streams with just 14.4kbps of modem bandwidth to work with. When 28.8kbps modems came out, they came up with a codec good enough for most FM radio stations...
But, oh how the mighty have fallen. The RealNetworks of today stopped advancing their audio protocols long ago, and have sense been lapped by the field of other audio standards. Now, RealNetworks is more of a content company, selling "-Pass" products that create monthly fees to access streams that used to be free.
So, I guess I'm not surprised that there's a "lazy programmer" style security flaw in their products today. They stoped being a tech innovator, and have slid over into the category of a content pusher. Oh well... another.com bites the dust.
The $480 in software to give your accountant a Windows XP machine that runs Quickbooks Pro is well worth it, but there's no reason why the secretary needs XP... (s)he can have all the resources (s)he needs with a Linux box that's capable of running OpenOffice.org and Mozilla, assuming the business is running an HTML-based system for its main workflow-tracking software so there's no Win-only client involved there.
You are not going to find an out-of-box product that is perfectly made for your business. Use the open-source LAMP combination (Linux, Apache, MySQL, PHP) to build your own application complete with a built-for you database scheme and user interface. That way, you're sure it'll support absoultely everything your business does, and have the ability to upgrade the software should you ever expand into another product line.
Hire a consultant, and make sure you own the rights to the resulting code when you're done.
It appears you have fallen victim to a common New York Times problem, a reporter who wants to use your name in order to create a character that fits their story, which is based upon but isn't quite you. We were reacting to what the story said about you, some of which clearly you are saying is not true.
If only the NY Times had to print retractions for all the times they do this...
Actually, the second airport metal detector shouldn't be as much burden as the first. Why? Because most of the problems were already discovered at the first one. There should never be a line in front of the second metal detector, because it would have the same throughput ability as the first, but would never be challenged with anything more than the actual output (always less than the potential) of the first.
I'm in the camp that all security methods are, at their core, security by obscurity. You're only as safe as your code and key are secret... once that's compromised by either guess and check or outright leak, you're not secure anymore.
Think of it this way... it's an extra password combined with bonus security-by-obscurity of not having a visible password prompt.
The "knocking ports" could also be configured that if there are random hits to the standard port without the proper knock, the system could lock down for 30 seconds and even ignore the proper knock so that if somebody's trying to brute force all the possible knocks, they'll never get feedback when they have the right one.
Yeah, this is no substitute for properly securing the original service, but it's an extra layer that means there's even more that needs to be captured for a successful hack...
I usually respond to such situations by saying that tech is a form of magic. I've just done something extremely complicated that you don't understand, but would be really simple if I had the 3 hours or so it'd take to explain what was really going on...
It's interesting how there's quite a large population of unemployed geeks, yet an overload of computer problems out in the wild. If you want us to clean up the mess you're making... pay us! Making the mess and then asking us to clean it up for free just isn't going to work.
When I was in high school, I got several offers from teachers to come over to their house to fix their computers, even paying me to do so. I steadfastly refused to go over to anybody's house for the sole purpose of fixing their computer. However, if there was some other reason for me to be there, and I wasn't the only one invited, such as when I was one of the yearbook editors meeting at the yearbook coordinators house, I then spend a little time fixing their computer while I was there.
More or less, I just didn't have time to help random teachers I barely knew, but I'd help the teachers who went out of their way to support the projects I was working on.
From the point of view of a non-educated user, they think clicking on the "click here to be removed from this list" link in an e-mail is what to do to in order to get less spam. They think running the patch that comes in via e-mail will protect their system. They think the deposed Nigerian leader who e-mails them really needs their help and will pay them millions...
The common bond? What you see in e-mail, particularly an e-mail from somebody you've never heard of before, cannot be taken at face value. Just because it's in an e-mail doesn't make it true.
Maybe the safest thing to do would be to set up clueless users with a whitelist-based e-mail client... if a sender is not already in the address book the message won't be displayed, with maybe a "Knock-knock, do you know this person?" box for unrecognized senders. That'd at least cut down on the number of scams...
From the article... Miriam Tauber, 24, makes no apologies for her lack of computer knowledge. To her, computers are like "moody people" who behave illogically.
Uh oh. Computers, by definition, are cold and logical. They don't have personalities. They don't have moods.
If users think computers do have mood swings just like the typical female human, we've got serious user education problems. They clearly don't know the basics of what a computer does, and that makes it much harder to explain how to properly operate a computer.
To decide what days are worth changing the logo for is an editorial decision. Did you know it was Gaston Julia's birthday yesterday? I didn't. I hadn't even heard of Gaston Julia until Google brought it up...
Nah... it'd be for folks who get Slashdotted, which can happen with any major media outlet. It's for the people who'd rather stay up than go down when that happens.
But Yahoo and MSN are both networks, and Alexa is counting almost anything that ends in yahoo.com or msn.com in the ratings. My assertion was that Google's main page is the most visited single page...
Google made a rare editoral decision yesterday when it suggested searches of "julia fractal" on its Image Search system. Clearly, it wasn't a good one... users got directed to 404 pages.
If somebody wanted to be really naughty... they could have replaced their highly-ranked fractal page with a redirect to popup hell, and pocketed the money resulting from that.
Yes, but this is the first time they've ever supplied an image search as the linked query, which always leads to pages with big pretty images, and uh, oh.
From the Real Player Knowledge Base:
To prevent maliciously formatted video streams from providing a backdoor into your system, type the video stream by hand and verify that it contains no malicious code.
Anybody out there who can type at 128 kbps?
Right now, RealPlayer is a program you use when you half to. For open standards, there's a better program out there, but there is a lot of content out there that is only available if you pay for it through RealNetworks, and then you can only watch it if you use one of Real's products.
If you want to get the web access to major sports or news content that used to be free, you need Real's products and have no way around it...
Mod parent as funny... and send the line to Simon Cowell for use on American Idol...
When the company was called Progressive Networks, they put out some of the most revolutionairy software on the Internet... software that could make decent sounding realtime talk radio streams with just 14.4kbps of modem bandwidth to work with. When 28.8kbps modems came out, they came up with a codec good enough for most FM radio stations...
.com bites the dust.
But, oh how the mighty have fallen. The RealNetworks of today stopped advancing their audio protocols long ago, and have sense been lapped by the field of other audio standards. Now, RealNetworks is more of a content company, selling "-Pass" products that create monthly fees to access streams that used to be free.
So, I guess I'm not surprised that there's a "lazy programmer" style security flaw in their products today. They stoped being a tech innovator, and have slid over into the category of a content pusher. Oh well... another
The $480 in software to give your accountant a Windows XP machine that runs Quickbooks Pro is well worth it, but there's no reason why the secretary needs XP... (s)he can have all the resources (s)he needs with a Linux box that's capable of running OpenOffice.org and Mozilla, assuming the business is running an HTML-based system for its main workflow-tracking software so there's no Win-only client involved there.
You are not going to find an out-of-box product that is perfectly made for your business. Use the open-source LAMP combination (Linux, Apache, MySQL, PHP) to build your own application complete with a built-for you database scheme and user interface. That way, you're sure it'll support absoultely everything your business does, and have the ability to upgrade the software should you ever expand into another product line.
Hire a consultant, and make sure you own the rights to the resulting code when you're done.
Not true, it results in a "Did you mean?" that fixes the typo. :)
I'm sorry, Miriam.
It appears you have fallen victim to a common New York Times problem, a reporter who wants to use your name in order to create a character that fits their story, which is based upon but isn't quite you. We were reacting to what the story said about you, some of which clearly you are saying is not true.
If only the NY Times had to print retractions for all the times they do this...
Actually, the second airport metal detector shouldn't be as much burden as the first. Why? Because most of the problems were already discovered at the first one. There should never be a line in front of the second metal detector, because it would have the same throughput ability as the first, but would never be challenged with anything more than the actual output (always less than the potential) of the first.
I'm in the camp that all security methods are, at their core, security by obscurity. You're only as safe as your code and key are secret... once that's compromised by either guess and check or outright leak, you're not secure anymore.
Think of it this way... it's an extra password combined with bonus security-by-obscurity of not having a visible password prompt.
The "knocking ports" could also be configured that if there are random hits to the standard port without the proper knock, the system could lock down for 30 seconds and even ignore the proper knock so that if somebody's trying to brute force all the possible knocks, they'll never get feedback when they have the right one.
Yeah, this is no substitute for properly securing the original service, but it's an extra layer that means there's even more that needs to be captured for a successful hack...
Just be careful. You might get undercut by somebody who works for peanuts instead of cookies.
I usually respond to such situations by saying that tech is a form of magic. I've just done something extremely complicated that you don't understand, but would be really simple if I had the 3 hours or so it'd take to explain what was really going on...
It's interesting how there's quite a large population of unemployed geeks, yet an overload of computer problems out in the wild. If you want us to clean up the mess you're making... pay us! Making the mess and then asking us to clean it up for free just isn't going to work.
When I was in high school, I got several offers from teachers to come over to their house to fix their computers, even paying me to do so. I steadfastly refused to go over to anybody's house for the sole purpose of fixing their computer. However, if there was some other reason for me to be there, and I wasn't the only one invited, such as when I was one of the yearbook editors meeting at the yearbook coordinators house, I then spend a little time fixing their computer while I was there.
More or less, I just didn't have time to help random teachers I barely knew, but I'd help the teachers who went out of their way to support the projects I was working on.
From the point of view of a non-educated user, they think clicking on the "click here to be removed from this list" link in an e-mail is what to do to in order to get less spam. They think running the patch that comes in via e-mail will protect their system. They think the deposed Nigerian leader who e-mails them really needs their help and will pay them millions...
The common bond? What you see in e-mail, particularly an e-mail from somebody you've never heard of before, cannot be taken at face value. Just because it's in an e-mail doesn't make it true.
Maybe the safest thing to do would be to set up clueless users with a whitelist-based e-mail client... if a sender is not already in the address book the message won't be displayed, with maybe a "Knock-knock, do you know this person?" box for unrecognized senders. That'd at least cut down on the number of scams...
From the article...
Miriam Tauber, 24, makes no apologies for her lack of computer knowledge. To her, computers are like "moody people" who behave illogically.
Uh oh. Computers, by definition, are cold and logical. They don't have personalities. They don't have moods.
If users think computers do have mood swings just like the typical female human, we've got serious user education problems. They clearly don't know the basics of what a computer does, and that makes it much harder to explain how to properly operate a computer.
No, it's more likely because Julia's birthday was yesterday, so the 24 hours that they featured the special logo for expired on schedule...
To decide what days are worth changing the logo for is an editorial decision. Did you know it was Gaston Julia's birthday yesterday? I didn't. I hadn't even heard of Gaston Julia until Google brought it up...
Nah... it'd be for folks who get Slashdotted, which can happen with any major media outlet. It's for the people who'd rather stay up than go down when that happens.
But Yahoo and MSN are both networks, and Alexa is counting almost anything that ends in yahoo.com or msn.com in the ratings. My assertion was that Google's main page is the most visited single page...
Google made a rare editoral decision yesterday when it suggested searches of "julia fractal" on its Image Search system. Clearly, it wasn't a good one... users got directed to 404 pages.
If somebody wanted to be really naughty... they could have replaced their highly-ranked fractal page with a redirect to popup hell, and pocketed the money resulting from that.
Exactly, but if these ads were limited to campaigns such as the "What is mLife?" campaign, Google could get a few million dollars each time.
GoTo.com/Overture.com predated AdWords, but AdWords went to #1 because it was designed as self serve and has a minimum buy-in of only $5.
Ever try to figure out what's the mimimum buy at Akamai?
Yes, but this is the first time they've ever supplied an image search as the linked query, which always leads to pages with big pretty images, and uh, oh.