Out of interest, what reasons did they give for making an amendment? were they all something like 'because people died for the flag blah blah' bullshit?
Pretty much. There's no convincing suburban WASP kids born of suburban WASP parents that there's anything other than god and country.
When my mother graduated high school in 1969, flag burning was not considered un-American. When I was in high school, we had a discussion in my American Government class (post-911) about flag burning. I was the only person in the class who opposed a constitutional amendment against flag burning. People don't seem to recognize that burning the flag is a statement. I have never burned a flag (except in the Boy Scouts when we retired an old one), but it is still protected speech.
You can set your preferences if you don't want to see certain articles. This falls under the realm of acceptable Slashdot articles -- if it's not something you're interested in, don't look at it.
Probably more like it'll be great *after* the first few seconds, during which you hear a few ads. But Google is likely going to keep track of some data. Remember the Google business model: their resources are data and ideas. Ideas they have in spades... they've got some brilliant people working for them, and are recruiting the best of the best of the best (with honors, sir) to come up with the NextBigThing. Data they've also got in spades, but more data = more money. So far they've been very benign... but who knows what the future holds. I do think, though, that if Google turns evil, I may lose all faith in humanity forever.
To be fair here, if you're running VNC on purpose, you'll know that it's not a "dangerous hacking tool." And people who aren't running it on purpose probably don't want someone connecting to their system.
Karma be damned, it's 4 AM and I need to say this.
I don't understand how big business gets all up in arms about someone building a better mousetrap. That's what this economy was built on. Craigslist doesn't charge for ads. Newspapers do. Craigslist is stealing business from newspapers. Then newspapers need to innovate. Free enterprise is great when you're on the rising edge of the curve, but I'm not gonna cry for you when you cut yourself on the other edge of that sword.
SP2 adds NX "protection." While this adds protection against buffer overflows on the stack, it does nothing for overflows on the heap, which can be just as bad. Also, if the return address is simply changed to an address on the heap, code in the heap can be executed. The heap has the executable bit, because of dynamic libraries loaded into the heap.
There are numerous Java versions, the z-file is available in a couple of places, and of course Z-Machine interpreters are all over the place. The first Java version I found on Google that doesn't require a serial number is here.
If you install a captcha such as AuthImage (the only one I've gotten to work), the comment spam really drops down to null. You kind of have to hack it in there -- I do wish plugin support was better -- but it does work quite well.
Second here. I got sick of MT when I tried to upgrade from 2.6 to 3.01, and while I was at it, switch from Berkeley DB files to MySQL. The upgrade alone took me 6 hours or so (over a number of days), I posted questions on the forums and go no answers. This is for a *paid* product. The BerkDB->MySQL switch simply did not work. They have a script that supposedly does the conversion, but it doesn't work with all versions of BerkDB files, even though MT pretty much does.
I posted this problem to the forums and got a response within about 15 minutes telling me to upgrade to 3.01. I told them I already did. A week later, I hadn't gotten any response, and started looking for alternative CMSs. I had heard good things about Greymatter, but it turned out that it wasn't the style I was looking for at all -- GM is more for journals and such, not blogs. But within 15 minutes of asking about GM on the GM forums, the lead developer told me, no, this probably isn't what you're looking for, your feature wishlist sounds a lot like WordPress.
20 minutes after hearing of WordPress, I had it installed and my MT bloggings imported (therefore importing all my authors). Another hour to mess with the stylesheet and I haven't messed with it since (except to update it, and add a captcha for comments).
Notice that the subject and the majority of the material in the story was NOT "please feel sorry for me, slashdot." It was about the announcement of these security holes. If anything, it was to express pride because I was able to find the holes I did. The fact that most of the class is failing is simply an aside.
I would have told you the same thing three months ago, but frankly, there are plenty of safe uses of strcpy, strcat, sprintf, etc, all the functions everyone assumes mean "overflow me!" gets is a different story... there's no way to protect gets. But I've looked at enough code with enough strcpy's in it:
void suspicious_function(char* previously_mallocd_buffer) {
char buffer[MAX_LEN];
if (strlen(previously_mallocd_buffer) >= MAX_LEN) {
fprintf(stderr, "input too long\n");
exit(1);
}
strcpy(buffer,previously_mallocd_buffer); }
Is there anything wrong with this? Other than the fact that they could have used a simple strncpy, no... it isn't unsafe, just pointless and time consuming. I think it's the fact that s[canf,scanf,printf,trcpy,trcat] are so ingrained in people's minds that that's what they have to use -- they just know it's unsafe so they jump through hoops to make it safe.
Don't you think, that with a $500 reward for a local security hole, and a $5000 reward for a remote hole in qmail, someone would have done that already? I pose to you the same challenge I posed the other guy. If it's that easy, then you do it.
Let's say this. You are the head of the MSCS department at UIC. Your most distinguished professor is D. J. Bernstein. He fought the U.S. government to abolish export restrictions on cryptography. He wrote the mail server and the DNS software you use.
And he's 33 years old. You keep him around, and you've probably got another 30 years out of him. Or -- you can him for being a jackass to some students and some other school snatches him up.
I don't think anyone went into this class without knowing who DJB was. He's a very well known and generally respected security professional. On a personal note... well, you either love him or hate him. A lot of people tend to take the latter approach. He's not a "nice" guy. That shouldn't have anything to do with his teaching style, however.
I went into this class saying "OK, this is going to be hard, but it's going to be fun. Prerequisites are fluency in C. OK, I'm fluent in C. He doesn't even want us to know Unix... that's funny." I expected that it would be hard, but that he would teach us to the point where we could do it. The AP Calculus test is hard. My AP Calc teacher taught my class so that all of us got 5s. That says something for the class, yes, but it says more from the teacher: we came into the class not knowing a damn thing about calculus, and came out getting 5s on the exam. DJB overestimated what the class would be able to do, and then did not correct for it in his grading scale.
That's not hard. That would take about a days work for any proficient C hacker.
Really? Then you do it. I'm sick and tired of people telling me that I didn't work hard enough or that I obviously don't understand C, or that "there's TOTALLY that many bugs out there." A day's work? Give me ten by a month from today, January 15, and I'll admit that I should have failed.
I know of 3 (possibly 4) people who are passing this course. One of them, Limin Wang, is DJB's grad student. She didn't take any other courses this semester, and had the entire time to work on this. One is a very knowledgable and hard working student, Ariel Berkman, and he deserves a better grade than he got.
The other two are Tom Palarz, the president of the ACM at UIC, and Kris Kubicki, a senior editor for AnandTech. They've slept about an hour a day the past few weeks, most of that in the CS computer labs.
There was a mailing list for the course on which you were supposed to announce the programs you were looking at. If more than one person found the same hole (independently or working together) they were each given 1/n credit (for n people).
Slashdot Mirror
I just renewed my domain Tuesday. I'd have done it with Google if I could have.
Pretty much. There's no convincing suburban WASP kids born of suburban WASP parents that there's anything other than god and country.
When my mother graduated high school in 1969, flag burning was not considered un-American. When I was in high school, we had a discussion in my American Government class (post-911) about flag burning. I was the only person in the class who opposed a constitutional amendment against flag burning. People don't seem to recognize that burning the flag is a statement. I have never burned a flag (except in the Boy Scouts when we retired an old one), but it is still protected speech.
Does this mean you can get bluesnarfed at higher speeds and longer range?
You can set your preferences if you don't want to see certain articles. This falls under the realm of acceptable Slashdot articles -- if it's not something you're interested in, don't look at it.
Someone else posted this regarding the original story when gbrowser.com was registered:
They should call it a Growser.
"Hey Hank, did you growse that data last night?"
"Yeah, Bill, my growser growsed it up real nice."
"That's some mighty fine growsing, Hank."
I laughed for about 6 weeks.
Probably more like it'll be great *after* the first few seconds, during which you hear a few ads. But Google is likely going to keep track of some data. Remember the Google business model: their resources are data and ideas. Ideas they have in spades... they've got some brilliant people working for them, and are recruiting the best of the best of the best (with honors, sir) to come up with the NextBigThing. Data they've also got in spades, but more data = more money. So far they've been very benign... but who knows what the future holds. I do think, though, that if Google turns evil, I may lose all faith in humanity forever.
When did it ask for ANSI C/C++? The question was looking for problem solving/knowledge of the language. Not for it to pass --ansi, or even -Wall.
void swap (int &a,int & b)
{
a ^= b ^= a ^= b;
}
Yeah, it's the same thing, but you know CS majors... we have to compete to get the shortest, most obscure code.
To be fair here, if you're running VNC on purpose, you'll know that it's not a "dangerous hacking tool." And people who aren't running it on purpose probably don't want someone connecting to their system.
I don't understand how big business gets all up in arms about someone building a better mousetrap. That's what this economy was built on. Craigslist doesn't charge for ads. Newspapers do. Craigslist is stealing business from newspapers. Then newspapers need to innovate. Free enterprise is great when you're on the rising edge of the curve, but I'm not gonna cry for you when you cut yourself on the other edge of that sword.
SP2 adds NX "protection." While this adds protection against buffer overflows on the stack, it does nothing for overflows on the heap, which can be just as bad. Also, if the return address is simply changed to an address on the heap, code in the heap can be executed. The heap has the executable bit, because of dynamic libraries loaded into the heap.
There are numerous Java versions, the z-file is available in a couple of places, and of course Z-Machine interpreters are all over the place. The first Java version I found on Google that doesn't require a serial number is here.
If you install a captcha such as AuthImage (the only one I've gotten to work), the comment spam really drops down to null. You kind of have to hack it in there -- I do wish plugin support was better -- but it does work quite well.
I posted this problem to the forums and got a response within about 15 minutes telling me to upgrade to 3.01. I told them I already did. A week later, I hadn't gotten any response, and started looking for alternative CMSs. I had heard good things about Greymatter, but it turned out that it wasn't the style I was looking for at all -- GM is more for journals and such, not blogs. But within 15 minutes of asking about GM on the GM forums, the lead developer told me, no, this probably isn't what you're looking for, your feature wishlist sounds a lot like WordPress.
20 minutes after hearing of WordPress, I had it installed and my MT bloggings imported (therefore importing all my authors). Another hour to mess with the stylesheet and I haven't messed with it since (except to update it, and add a captcha for comments).
Notice that the subject and the majority of the material in the story was NOT "please feel sorry for me, slashdot." It was about the announcement of these security holes. If anything, it was to express pride because I was able to find the holes I did. The fact that most of the class is failing is simply an aside.
I would have told you the same thing three months ago, but frankly, there are plenty of safe uses of strcpy, strcat, sprintf, etc, all the functions everyone assumes mean "overflow me!" gets is a different story... there's no way to protect gets. But I've looked at enough code with enough strcpy's in it:
void suspicious_function(char* previously_mallocd_buffer) {
char buffer[MAX_LEN];
if (strlen(previously_mallocd_buffer) >= MAX_LEN) {
fprintf(stderr, "input too long\n");
exit(1);
}
strcpy(buffer,previously_mallocd_buffer);
}
Is there anything wrong with this? Other than the fact that they could have used a simple strncpy, no... it isn't unsafe, just pointless and time consuming. I think it's the fact that s[canf,scanf,printf,trcpy,trcat] are so ingrained in people's minds that that's what they have to use -- they just know it's unsafe so they jump through hoops to make it safe.
Ah, yes, the whine of the man who cannot take his karma dropping and thus posts as AC.
Don't you think, that with a $500 reward for a local security hole, and a $5000 reward for a remote hole in qmail, someone would have done that already? I pose to you the same challenge I posed the other guy. If it's that easy, then you do it.
And he's 33 years old. You keep him around, and you've probably got another 30 years out of him. Or -- you can him for being a jackass to some students and some other school snatches him up.
No one's gonna can DJB.
I went into this class saying "OK, this is going to be hard, but it's going to be fun. Prerequisites are fluency in C. OK, I'm fluent in C. He doesn't even want us to know Unix... that's funny." I expected that it would be hard, but that he would teach us to the point where we could do it. The AP Calculus test is hard. My AP Calc teacher taught my class so that all of us got 5s. That says something for the class, yes, but it says more from the teacher: we came into the class not knowing a damn thing about calculus, and came out getting 5s on the exam. DJB overestimated what the class would be able to do, and then did not correct for it in his grading scale.
Really? Then you do it. I'm sick and tired of people telling me that I didn't work hard enough or that I obviously don't understand C, or that "there's TOTALLY that many bugs out there." A day's work? Give me ten by a month from today, January 15, and I'll admit that I should have failed.
I know of 3 (possibly 4) people who are passing this course. One of them, Limin Wang, is DJB's grad student. She didn't take any other courses this semester, and had the entire time to work on this. One is a very knowledgable and hard working student, Ariel Berkman, and he deserves a better grade than he got.
The other two are Tom Palarz, the president of the ACM at UIC, and Kris Kubicki, a senior editor for AnandTech. They've slept about an hour a day the past few weeks, most of that in the CS computer labs.
I suppose it's good to see that someone remembers me from the o-board.
There was a mailing list for the course on which you were supposed to announce the programs you were looking at. If more than one person found the same hole (independently or working together) they were each given 1/n credit (for n people).
Look on page 3.