Unicode has been around for, what, over 15 years now? It's part of countless specifications from W3C and ISO. All modern OSes and DEs (Windows, OS X, KDE, Gnome) use one or another encoding of Unicode as the default representation for strings. No, it's not going away anytime soon.
And yet major vendors like Microsoft still get Unicode wrong. A couple of examples:
Windows Find/Search cannot find matches in Unicode text files, surely one of the simplest file formats of all, even though the command line FIND tool can (unless you install/enable Windows Indexing Service which then cripples the system with its stupid default indexing policies). This has been broken since Windows NT 4.0.
Microsoft Excel cannot open Unicode CSV and tab-delimited files automatically (i.e.: by drag-and-drop or double-click from Explorer) - you have to go through Excel's File/Open menu and go through the stupid import wizard.
Abuse of Unicode code points by various Office apps, causing interoperability issues even amongst themselves.
Nobody has actually foiled the high school fingerprint scanners yet, it's still only in the realm of (likely) possibility - especially after the kids see this story on/.
Hard to believe that Sci-Fi has been poking about the issues of non-standard docking ports since the 1960's and the real world is just catching up 50 years later.
So unpatched machines are vulnerable. Perhaps people don't auto-update Java as often.
Even patched machines are vulnerable as well, at least on Windows (don't know if it does this on other OSs). Java updates on Windows do not uninstall previous versions of Java, they just add a new one.
Since Java apps can request specific versions of the JRE to run in, even patched machines are vulnerable until the user/admin Uninstalls the previous versions.
On the "who will fix it" I found this quote FTA interesting:
"I need something I can rely on. If an open source based system breaks, who's going to fix it?" -- Jeff Cimmerer, Director of Technology, Pittsford School Districts
The whole idea of Open Source is that it's open for anybody to fix it. If you've got the skills you can fix it yourself. If you're a business with a genuine interest in the FOSS you think is broken, but don't have the skills to fix it yourself, you can at least log a bug report if not hire someone to fix it for you if you consider it urgent.
Yes, you can also log bug reports with Microsoft for their software. But you're still at the mercy of Microsoft to actually get it fixed - trawl support forums about Microsoft's ClickOnce deployment system for.NET Framework 2.0 or later and you'll understand that Microsoft is quite willing to acknowledge the presence of bugs (and anti-features) and, strangely, also willing to publicly acknowledge that they have no intention of fixing them. Ever.
I've logged the same bug on Windows Find/Search since Windows NT 4.0 and yet it still isn't fixed in Windows Vista/7. (You can get search matches from unicode text files using the command line find tool, but Windows Find/Search cannot find those same matches - it only understands ASCII/ANSI test files.)
An attacker could buy a general aviation ADS-B receiver [navworx.com] for $1495 and get the same data on an HP iPAQ. So this only protects against terrorists with very low budgets.
Bzzt. You can buy ADS-B receivers that plug into a USB port for about USD200. Even $1495 is probably less than the average SAM.
The Location Services permissions only "secure" the GPS receiver on the phone. There's plenty of other methods of locating a device without popping the Location Services prompt, such as by Wi-Fi SSIDs and signal strengths (thanks Google), and Geolocation by IP address. They may not be as accurate as GPS, but in a lot of cases near enough can be good enough.
Am I right in thinking that data recovery firms (and government agencies) can pull data off a hard drive, even after it's been overwritten - possibly several times?
You're not. In the interests of making people prove their claims, someone offered a challenge with a huge bounty a couple of years ago if anyone could successfully recover data from a hard drive he'd only formatted (with zeros, no fancy random overwrites). Nobody even tried to take him up on it. Wish I could find the link, but my Google Foo seems to be on holiday.
It's not like NASA doesn't have the money or the expertise to do this.
They probably don't have the money to do this any more, even if they have the expertise.
It's bone-headed is what it is. It's like some manufacturer saying "our notebook is going to start supplying 110vac at these connectors that just happen to look like USB host ports. Whatever you do, don't plug USB devices into them!"
I know why they've done it, though: it's expensive in time and labour designing and testing new connectors before going mass production. It's saving $ for them. And it'll bite the customers when they plug the wrong devices in and find out they've blown their warranty along with their PC/card/drive.
It's interesting to see that in Australia the highest concentrations of particulate matter are in the desert where nobody lives as opposed to the eastern coastline where the majority of industry is. This makes me a little suspicious of the low-end of the scale, but it could be due to airborne particulates from soil erosion.
After RTFA I watched the video on the Zen Magnets home page, and I watched the ZM-BB comparison video linked in the update to the summary. Thank you, Zen Magnets, I'm looking forward to my new sets arriving RSN.
I'm guessing here that the secure gambling connections to offshore sites would be a damn site more difficult (impossible?) to pass through a proxy and that the average on-line gambler may not even bother to try... just hop in the car, and go to the casino.
It's very simple to block SSL sites. Though SSL connections are encrypted once they are established, clients still have to pass a "CONNECT domain.com:443 HTTP/1.x" request through the proxy to create a tunnel. If the domain is in the proxy's blacklist it can just respond with a "forbidden" instead of establishing the tunnel.
Of course it was already demonstrated in the filter trials that the system can be bypassed trivially.
From less powerful to my most powerful this product just seems to work.
Granted, Ubuntu works pretty well with modern hardware. I've been surprised at how well it works with pluggable devices like printers, controllers and iThingies.
Except when doesn't.
After SMB mount found itself deprecated you wouldn't believe the pain I had to go through to get CIFS mount to work properly with a remote SMB share whose file system contained folders and files with Asian characters in their names. And it still doesn't create folders and files with the correct ugos - they're visible on all the Ubuntu systems, but none of the Windows computers until I specifically chmod them.
A recent/. story (which I can't find to link at the moment) mentioned that Google reported Ubuntu to be the highest-ranking Linux distribution involved in search terms. In my experience that's probably because people are having the most difficulty with it in getting things working. There's usually several ways to do something in Ubuntu, and each way is implemented slightly differently to every other distribution.
Why not have some system that sits there sending a message every 30 seconds, and warn when it stops....
Because in Australia people have to pay 15c or more per call for local calls. If alarm panels were doing heartbeats every 30 seconds you'd be looking at 2,880 calls per day, or a minimum cost of $432.00/day.
GP didn't say that they wanted wireless-powered TV's and monitors.
I believe GP was commenting on how much power is wasted in "standby mode" on such devices. For example, HDTV panels are often reported to consume less than 1-watt on standby but if you ask them to cache program info then parts of the system are active to monitor the DVB broadcast stream, often consuming 20-watts (or more).
If the pedophiles want to complain that Labor is blocking their access to their pedophilia then let them.
I wish it was only that kind of material that's getting blocked.
Unfortunately it isn't... filtering trials showed that a number of businesses, community support groups, dentists, anti-abortion political sites and even a betting agency were also getting blocked. If the ACMA were accountable for what gets blocked this wouldn't be a problem, but the block list is marked SECRET and they won't even acknowledge whether a given URI or site is in it, let alone allow you to state your case to have it removed. Where will they be allowed to draw the line?
The majority of Australians *want* the Internet to be filtered, and the government is accountable to *them* not *you*.
I call BS. I haven't met one person who actually said they want internet censorship in Australia.
The government couldn't even give NetAlert away when they tried - nobody wanted it, it was "cracked" by a kid inside of a week, and the few religious zealots who did get it now find themselves unsupported.
Unfortunately the not-quite-majority of Australians who voted Labor at the last election fell for the "look at the silly monkey" trick (the high-speed National Broadband Network) and failed to notice the venomous snake (internet censorship) in the other hand.
Slashdot Mirror
iPods/Phones/Pads have had serial ports for the longest time - why do you think there's such a thing as the iPod Accessory Serial Control protocol?
What's interesting about this is that an app has been able to steal the serial port from the system for its own purposes, i.e.: a tty.
Unicode has been around for, what, over 15 years now? It's part of countless specifications from W3C and ISO. All modern OSes and DEs (Windows, OS X, KDE, Gnome) use one or another encoding of Unicode as the default representation for strings. No, it's not going away anytime soon.
And yet major vendors like Microsoft still get Unicode wrong. A couple of examples:
Nobody has actually foiled the high school fingerprint scanners yet, it's still only in the realm of (likely) possibility - especially after the kids see this story on /.
Hard to believe that Sci-Fi has been poking about the issues of non-standard docking ports since the 1960's and the real world is just catching up 50 years later.
So unpatched machines are vulnerable. Perhaps people don't auto-update Java as often.
Even patched machines are vulnerable as well, at least on Windows (don't know if it does this on other OSs). Java updates on Windows do not uninstall previous versions of Java, they just add a new one.
Since Java apps can request specific versions of the JRE to run in, even patched machines are vulnerable until the user/admin Uninstalls the previous versions.
"I need something I can rely on. If an open source based system breaks, who's going to fix it?" -- Jeff Cimmerer, Director of Technology, Pittsford School Districts
The whole idea of Open Source is that it's open for anybody to fix it. If you've got the skills you can fix it yourself. If you're a business with a genuine interest in the FOSS you think is broken, but don't have the skills to fix it yourself, you can at least log a bug report if not hire someone to fix it for you if you consider it urgent.
Yes, you can also log bug reports with Microsoft for their software. But you're still at the mercy of Microsoft to actually get it fixed - trawl support forums about Microsoft's ClickOnce deployment system for .NET Framework 2.0 or later and you'll understand that Microsoft is quite willing to acknowledge the presence of bugs (and anti-features) and, strangely, also willing to publicly acknowledge that they have no intention of fixing them. Ever.
I've logged the same bug on Windows Find/Search since Windows NT 4.0 and yet it still isn't fixed in Windows Vista/7. (You can get search matches from unicode text files using the command line find tool, but Windows Find/Search cannot find those same matches - it only understands ASCII/ANSI test files.)
Using XSS & Google To Find Physical Location
http://it.slashdot.org/article.pl?sid=10/08/03/0117215
An attacker could buy a general aviation ADS-B receiver [navworx.com] for $1495 and get the same data on an HP iPAQ. So this only protects against terrorists with very low budgets.
Bzzt. You can buy ADS-B receivers that plug into a USB port for about USD200. Even $1495 is probably less than the average SAM.
The Location Services permissions only "secure" the GPS receiver on the phone. There's plenty of other methods of locating a device without popping the Location Services prompt, such as by Wi-Fi SSIDs and signal strengths (thanks Google), and Geolocation by IP address. They may not be as accurate as GPS, but in a lot of cases near enough can be good enough.
The summary left out the following important words before quoting performance figures: "Jaguar believes..."
Am I right in thinking that data recovery firms (and government agencies) can pull data off a hard drive, even after it's been overwritten - possibly several times?
You're not. In the interests of making people prove their claims, someone offered a challenge with a huge bounty a couple of years ago if anyone could successfully recover data from a hard drive he'd only formatted (with zeros, no fancy random overwrites). Nobody even tried to take him up on it. Wish I could find the link, but my Google Foo seems to be on holiday.
It's not like NASA doesn't have the money or the expertise to do this.
They probably don't have the money to do this any more, even if they have the expertise.
Neil jumped first!
It's bone-headed is what it is. It's like some manufacturer saying "our notebook is going to start supplying 110vac at these connectors that just happen to look like USB host ports. Whatever you do, don't plug USB devices into them!"
I know why they've done it, though: it's expensive in time and labour designing and testing new connectors before going mass production. It's saving $ for them. And it'll bite the customers when they plug the wrong devices in and find out they've blown their warranty along with their PC/card/drive.
It's interesting to see that in Australia the highest concentrations of particulate matter are in the desert where nobody lives as opposed to the eastern coastline where the majority of industry is. This makes me a little suspicious of the low-end of the scale, but it could be due to airborne particulates from soil erosion.
Didn't you know they're flying the iSS up there?
a single 386 can easily guide a spaceship to another galaxy.
A 386 is overkill. The Apollo Guidance Computer got astronauts to the moon and back with less CPU power than a 6502.
Advertising, definitely...
After RTFA I watched the video on the Zen Magnets home page, and I watched the ZM-BB comparison video linked in the update to the summary. Thank you, Zen Magnets, I'm looking forward to my new sets arriving RSN.
Or a Futaba 14-channel transmitter for Radio Control aircraft. What's the point of putting Windows on that again?
Me either. Judging by the Google cache they had a whole lot of games for under $10...
http://webcache.googleusercontent.com/search?q=cache:6-5HiGthQgEJ:www.gog.com/en/catalogue/+site:gog.com+gog.com&cd=2&hl=en&ct=clnk&gl=au
I'm guessing here that the secure gambling connections to offshore sites would be a damn site more difficult (impossible?) to pass through a proxy and that the average on-line gambler may not even bother to try ... just hop in the car, and go to the casino.
It's very simple to block SSL sites. Though SSL connections are encrypted once they are established, clients still have to pass a "CONNECT domain.com:443 HTTP/1.x" request through the proxy to create a tunnel. If the domain is in the proxy's blacklist it can just respond with a "forbidden" instead of establishing the tunnel.
Of course it was already demonstrated in the filter trials that the system can be bypassed trivially.
From less powerful to my most powerful this product just seems to work.
Granted, Ubuntu works pretty well with modern hardware. I've been surprised at how well it works with pluggable devices like printers, controllers and iThingies.
Except when doesn't.
After SMB mount found itself deprecated you wouldn't believe the pain I had to go through to get CIFS mount to work properly with a remote SMB share whose file system contained folders and files with Asian characters in their names. And it still doesn't create folders and files with the correct ugos - they're visible on all the Ubuntu systems, but none of the Windows computers until I specifically chmod them.
A recent /. story (which I can't find to link at the moment) mentioned that Google reported Ubuntu to be the highest-ranking Linux distribution involved in search terms. In my experience that's probably because people are having the most difficulty with it in getting things working. There's usually several ways to do something in Ubuntu, and each way is implemented slightly differently to every other distribution.
Why not have some system that sits there sending a message every 30 seconds, and warn when it stops....
Because in Australia people have to pay 15c or more per call for local calls. If alarm panels were doing heartbeats every 30 seconds you'd be looking at 2,880 calls per day, or a minimum cost of $432.00/day.
GP didn't say that they wanted wireless-powered TV's and monitors.
I believe GP was commenting on how much power is wasted in "standby mode" on such devices. For example, HDTV panels are often reported to consume less than 1-watt on standby but if you ask them to cache program info then parts of the system are active to monitor the DVB broadcast stream, often consuming 20-watts (or more).
If the pedophiles want to complain that Labor is blocking their access to their pedophilia then let them.
I wish it was only that kind of material that's getting blocked.
Unfortunately it isn't... filtering trials showed that a number of businesses, community support groups, dentists, anti-abortion political sites and even a betting agency were also getting blocked. If the ACMA were accountable for what gets blocked this wouldn't be a problem, but the block list is marked SECRET and they won't even acknowledge whether a given URI or site is in it, let alone allow you to state your case to have it removed. Where will they be allowed to draw the line?
The majority of Australians *want* the Internet to be filtered, and the government is accountable to *them* not *you*.
I call BS. I haven't met one person who actually said they want internet censorship in Australia.
The government couldn't even give NetAlert away when they tried - nobody wanted it, it was "cracked" by a kid inside of a week, and the few religious zealots who did get it now find themselves unsupported.
Unfortunately the not-quite-majority of Australians who voted Labor at the last election fell for the "look at the silly monkey" trick (the high-speed National Broadband Network) and failed to notice the venomous snake (internet censorship) in the other hand.