Bonds? Are you serious? If facebook had the same returns as bonds, nobody would buy facebook. In order to justify a $100 value per person, you'd need to be worth $10 a year. In profit, not revenue.
Interesting. Same as Turkey and possibly Morocco. Some anti-islamists in Europe complain about people having two nationalities. I didn't know it was the same for the US.
How is it a problem? Will Google check and disqualify you? Can they even check? And if they can, why would they even need this contest to gather this data?
Are you saying it's impossible for a foreigner to become a US citizen? Or for a US citizen to lose his citizenship (by becoming citizen of another country, for example)?
Nothing you've quoted proves that either of these is the case. So city of birth is still not an indicator of citizenship.
Facebook's valuation is a real mystery to me. It's valued at $50 billion. It has 500 million users, which looks like a lot, but that puts it's worth at $100 per user. Do you think you are worth $100 to facebook? Do you know anyone who might be?
The value of a company is generally about 10 times its profit, so facebook should be making $5 billion profit a year, or $10 per user. And that should be profit, not revenue.
$50 billion is also about a third or a quarter of what really big companies like Google, Oracle, Apple and Microsoft are worth. Is facebook really that close to that league? I think anyone buying facebook stock at this price is insane.
So, do you understand Fiat Currency any better? Why Fiat Currency?
The problem with Fiat Currency is that it has no basis in value, except the faith of people in it. You think that is any better way of valuing something?
It's the same way of valuing something. Gold only works because we agree on it, just like any other kind of fiat currency. Gold is a bit more primitive and reliable, but otherwise it's the same. If people stop accepting gold, it loses its value. It has no inherent value. Unlike a functional device. Or food.
I don't have a PS3, and never intend to buy any kind of closed down console, so I don't care much about OtherOS myself (though I do enjoy reports about other people doing cool stuff with it), but I do consider it evil when a company takes an advertised feature away from customers without giving the customers any choice in the matter.
In fact, I don't see how anyone can disagree with this. Do you honestly think consumers should have no rights at all? That companies should be allowed to screw us over just because it happens to be in the company's best interest? That'd be arguing that we should become slaves to our corporate masters. Really.
It still surprises my that Sony has not been dragged through court over this. It sounds like something that should be very illegal, and yet, I don't recall hearing about any lawsuits that forced Sony to restore otherOS.
So yes you can blame Geohot for the current situation. Sony acted in an understandable and entirely predictable way. It's a shame that Other OS went but to leave it there would have jeopardized the entire platform. It's also laughable that people claim that hacking only started with its removal, it was removed BECAUSE of hacking. Maybe other exploits have subsequently surfaced but the Other OS hack was viable and if Sony had done nothing they'd probably in a worse place than they are now.
No. Yes, there were attempts to crack it, but they were pretty small scale. After the removal of OtherOS, there were suddenly a lot more people with an interest in cracking the PS3 just so they could continue using a feature that they paid for. Customers were defrauded by and angry at Sony. That's a powerful motivator.
Whichever way you turn it, removing OtherOS was both wrong and stupid. Arguably more wrong than stupid, but it was still a bad move.
I also have Windows at home, and I only have it because I want to play games. I've tried to get games to run in Wine, but that's just too much work and too often doesn't work for the games I want. I've considered running Windows in a VM, but hardware acceleration (which many games need) seems to be badly supported by VMs.
So I run Windows. And while I do have Ubuntu on that same machine, I don't use it anymore, because I don't want to have to close everything and reboot every time I want to do something else. So I ended up even programming under Windows. I hate it, but it's still more convenient than the other solutions I've tried. Though what I haven't tried, and what's probably the solution to my problem, is running Linux in a VM. I don't really need hardware acceleration there.
I wouldn't call Watchmen "drivel". It was an awesome movie in every possible way. But I do agree that the quality of independent/low budget productions these days is amazing. My only problem with JQ was that it was too short.
I wasn't very happy about the altered ending or the removal of the guy reading the comic book.
Despite that, it was still the most intelligent superhero movie ever. The problem is that intelligent movies rarely sell well. (Inception is a nice exception, but I'm sure most people who watched it didn't understand most of it.)
Mass protests are always good, of course, but in a democracy, you don't need them to overthrow your government. Your government is automatically overthrown every 4 or 5 years, and then you get to elect a new one.
Exactly. They used SQL injection to get a list of users and hashed passwords from the database, used rainbow tables to find users with easy (short) passwords, and then tried if any of those passwords would also work on other accounts, that didn't even have anything to do with this database. Like linux accounts, gmail accounts, etc.
So it's the accumulation of 3 big errors that made this possible. Had they prevented SQL injection, it wouldn't have worked. Had they used very long passwords, it wouldn't have worked. Had they not reused the passwords in this database for other accounts, then maybe the database and apps relying on it would have been completely compromised, but their servers and email accounts would still have been safe.
Mozilla worked hard to produce a brilliant little browser - it had it's flaws, but it made it possible to do lots of cool things - but ever since 3.0 they've been working hard to DESTROY what they've done.
On the other hand, ever since 3.0 it's not a slow-as-molasses memory hog anymore. Firefox is pretty quick nowadays and doesn't need a restart every few days. I still remember the 1.5 days.
The problem with SQL-injection is that the programmer uses direct input from the user as part of a query for his database. Consider this SQL query:
select * from articles where topic='cars';
Now imagine that the user has some way to select the topic he wants to see articles of. Maybe there's a select box where you can select between 'cars', 'women' and 'beer'. So the programmer builds his query like this:
"select * from articles where topic='" + params.topic +"';"
He blindly assumes that params.topic can only be 'cars', 'women' or 'beer', because that's all the options that he wrote in the client side. The problem is that the client side (the HTML + javascript) runs on the user's machine, and is automatically compromised. Instead of asking for the web page brokensite.com/articles?topic=cars , he can also call:
brokensite.com/articles?topic='; select * from tables; --
And that turns the SQL query into:
select * from articles where topic=''; select * from tables; --';
So suddenly you've got two queries. (Everything after the -- is comment; it's ignored.) Exactly what happens now probably depends a bit on the web framework used, but with a bit of luck you'll get an error page that includes everything that these queries returned. Including the names of all the tables in the database. Figure out which table looks like it contains user information, and then you go to:
brokensite.com/articles?topic='; select * from users; --
Basically the brokensite.com/articles?topic='; part is now a prefix with which you can access their entire database from your browser. You can retrieve information, change it, destroy it, anything.
Of course the big mistake the programmer made is using user input as part of the query. You should never ever do that. The query should be a constant string, and user input should be added as parameters to that query. How you do that exactly depends on your language and framework, but in Ruby I believe it's something like:
["select * from articles where topic=?", params.topic]
This way, nobody can sneak a different query into your database.
Gotta say, the linked article was a great education for me, one who's interested but never had time to dig into some of the arcana of stuff like SQL injection.
SQL injection is not arcana. It's incredibly obvious to anyone who knows SQL. Exploiting OS security vulnerabilities to gain superuser access, that's arcana.
While Jussi's mistake was pretty damned boneheaded, how often do you do what your boss says, because they said so? Not from the perspective of "How I do my job right?", but "Will I get canned if I say no? I'm not going to tell my boss that he is too stupid to remember both his username and his password".
Remember Terry Childs? Withholding passwords from your boss can land you in jail, apparently.
But how many of these mistakes is your company making?
That's the important question here. And it wasn't any terribly advanced cracking that brought HBGary down. Apart from the bit where they gave a normal linux user superuser privileges through some exploit, I could have done every step of it myself. And I'm no security expert.
A couple of really basic lessons here: * Always, always use parametrized queries. It makes your code cleaner, and it automatically protects against SQL-injection. There's no reason not to do this. * Always salt your hash. Yeah, I don't do it either, but this article makes very clear why it's important. * Use long passwords, and don't reuse important passwords. Really, length is by far the most important defense for passwords. Don't go for 8 characters, go for 16. (I'm at 10-12 currently. I think I need to make them longer. Also, I do reuse passwords, which I clearly shouldn't.)
Slashdot Mirror
Bonds? Are you serious? If facebook had the same returns as bonds, nobody would buy facebook. In order to justify a $100 value per person, you'd need to be worth $10 a year. In profit, not revenue.
Interesting. Same as Turkey and possibly Morocco. Some anti-islamists in Europe complain about people having two nationalities. I didn't know it was the same for the US.
How is it a problem? Will Google check and disqualify you? Can they even check? And if they can, why would they even need this contest to gather this data?
Are you saying it's impossible for a foreigner to become a US citizen? Or for a US citizen to lose his citizenship (by becoming citizen of another country, for example)?
Nothing you've quoted proves that either of these is the case. So city of birth is still not an indicator of citizenship.
Facebook's valuation is a real mystery to me. It's valued at $50 billion. It has 500 million users, which looks like a lot, but that puts it's worth at $100 per user. Do you think you are worth $100 to facebook? Do you know anyone who might be?
The value of a company is generally about 10 times its profit, so facebook should be making $5 billion profit a year, or $10 per user. And that should be profit, not revenue.
$50 billion is also about a third or a quarter of what really big companies like Google, Oracle, Apple and Microsoft are worth. Is facebook really that close to that league? I think anyone buying facebook stock at this price is insane.
So, do you understand Fiat Currency any better? Why Fiat Currency?
The problem with Fiat Currency is that it has no basis in value, except the faith of people in it. You think that is any better way of valuing something?
It's the same way of valuing something. Gold only works because we agree on it, just like any other kind of fiat currency. Gold is a bit more primitive and reliable, but otherwise it's the same. If people stop accepting gold, it loses its value. It has no inherent value. Unlike a functional device. Or food.
By that reasoning, there's nothing really wrong with theft or fraud either. I don't buy it.
On its own, gasoline won't get you very far. Ideally, you should have a car or motorbike to put it in.
Although I imagine that cars are also cheaper per kilogram than tablets.
Yeah. I don't see why inert metal should be more valuable than a compact yet very functional device.
I don't understand gold either.
I don't think evil is restricted to acts of violence.
I don't have a PS3, and never intend to buy any kind of closed down console, so I don't care much about OtherOS myself (though I do enjoy reports about other people doing cool stuff with it), but I do consider it evil when a company takes an advertised feature away from customers without giving the customers any choice in the matter.
In fact, I don't see how anyone can disagree with this. Do you honestly think consumers should have no rights at all? That companies should be allowed to screw us over just because it happens to be in the company's best interest? That'd be arguing that we should become slaves to our corporate masters. Really.
It still surprises my that Sony has not been dragged through court over this. It sounds like something that should be very illegal, and yet, I don't recall hearing about any lawsuits that forced Sony to restore otherOS.
So yes you can blame Geohot for the current situation. Sony acted in an understandable and entirely predictable way. It's a shame that Other OS went but to leave it there would have jeopardized the entire platform. It's also laughable that people claim that hacking only started with its removal, it was removed BECAUSE of hacking. Maybe other exploits have subsequently surfaced but the Other OS hack was viable and if Sony had done nothing they'd probably in a worse place than they are now.
No. Yes, there were attempts to crack it, but they were pretty small scale. After the removal of OtherOS, there were suddenly a lot more people with an interest in cracking the PS3 just so they could continue using a feature that they paid for. Customers were defrauded by and angry at Sony. That's a powerful motivator.
Whichever way you turn it, removing OtherOS was both wrong and stupid. Arguably more wrong than stupid, but it was still a bad move.
I also have Windows at home, and I only have it because I want to play games. I've tried to get games to run in Wine, but that's just too much work and too often doesn't work for the games I want. I've considered running Windows in a VM, but hardware acceleration (which many games need) seems to be badly supported by VMs.
So I run Windows. And while I do have Ubuntu on that same machine, I don't use it anymore, because I don't want to have to close everything and reboot every time I want to do something else. So I ended up even programming under Windows. I hate it, but it's still more convenient than the other solutions I've tried. Though what I haven't tried, and what's probably the solution to my problem, is running Linux in a VM. I don't really need hardware acceleration there.
I wouldn't call Watchmen "drivel". It was an awesome movie in every possible way. But I do agree that the quality of independent/low budget productions these days is amazing. My only problem with JQ was that it was too short.
I wasn't very happy about the altered ending or the removal of the guy reading the comic book.
Despite that, it was still the most intelligent superhero movie ever. The problem is that intelligent movies rarely sell well. (Inception is a nice exception, but I'm sure most people who watched it didn't understand most of it.)
Mass protests are always good, of course, but in a democracy, you don't need them to overthrow your government. Your government is automatically overthrown every 4 or 5 years, and then you get to elect a new one.
Exactly. They used SQL injection to get a list of users and hashed passwords from the database, used rainbow tables to find users with easy (short) passwords, and then tried if any of those passwords would also work on other accounts, that didn't even have anything to do with this database. Like linux accounts, gmail accounts, etc.
So it's the accumulation of 3 big errors that made this possible. Had they prevented SQL injection, it wouldn't have worked. Had they used very long passwords, it wouldn't have worked. Had they not reused the passwords in this database for other accounts, then maybe the database and apps relying on it would have been completely compromised, but their servers and email accounts would still have been safe.
Mozilla worked hard to produce a brilliant little browser - it had it's flaws, but it made it possible to do lots of cool things - but ever since 3.0 they've been working hard to DESTROY what they've done.
On the other hand, ever since 3.0 it's not a slow-as-molasses memory hog anymore. Firefox is pretty quick nowadays and doesn't need a restart every few days. I still remember the 1.5 days.
Go ahead and hire a private tutor to shovel knowledge into your brain, then.
Until you can afford that, show some gratitude to people who point you in the right direction.
The problem with SQL-injection is that the programmer uses direct input from the user as part of a query for his database. Consider this SQL query:
select * from articles where topic='cars';
Now imagine that the user has some way to select the topic he wants to see articles of. Maybe there's a select box where you can select between 'cars', 'women' and 'beer'. So the programmer builds his query like this:
"select * from articles where topic='" + params.topic +"';"
He blindly assumes that params.topic can only be 'cars', 'women' or 'beer', because that's all the options that he wrote in the client side. The problem is that the client side (the HTML + javascript) runs on the user's machine, and is automatically compromised. Instead of asking for the web page brokensite.com/articles?topic=cars , he can also call:
brokensite.com/articles?topic='; select * from tables; --
And that turns the SQL query into:
select * from articles where topic=''; select * from tables; --';
So suddenly you've got two queries. (Everything after the -- is comment; it's ignored.) Exactly what happens now probably depends a bit on the web framework used, but with a bit of luck you'll get an error page that includes everything that these queries returned. Including the names of all the tables in the database. Figure out which table looks like it contains user information, and then you go to:
brokensite.com/articles?topic='; select * from users; --
Basically the brokensite.com/articles?topic='; part is now a prefix with which you can access their entire database from your browser. You can retrieve information, change it, destroy it, anything.
Of course the big mistake the programmer made is using user input as part of the query. You should never ever do that. The query should be a constant string, and user input should be added as parameters to that query. How you do that exactly depends on your language and framework, but in Ruby I believe it's something like:
["select * from articles where topic=?", params.topic]
This way, nobody can sneak a different query into your database.
Gotta say, the linked article was a great education for me, one who's interested but never had time to dig into some of the arcana of stuff like SQL injection.
SQL injection is not arcana. It's incredibly obvious to anyone who knows SQL. Exploiting OS security vulnerabilities to gain superuser access, that's arcana.
While Jussi's mistake was pretty damned boneheaded, how often do you do what your boss says, because they said so? Not from the perspective of "How I do my job right?", but "Will I get canned if I say no? I'm not going to tell my boss that he is too stupid to remember both his username and his password".
Remember Terry Childs? Withholding passwords from your boss can land you in jail, apparently.
Forgot another important one: don't neglect to install the security patches for your OS.
But how many of these mistakes is your company making?
That's the important question here. And it wasn't any terribly advanced cracking that brought HBGary down. Apart from the bit where they gave a normal linux user superuser privileges through some exploit, I could have done every step of it myself. And I'm no security expert.
A couple of really basic lessons here:
* Always, always use parametrized queries. It makes your code cleaner, and it automatically protects against SQL-injection. There's no reason not to do this.
* Always salt your hash. Yeah, I don't do it either, but this article makes very clear why it's important.
* Use long passwords, and don't reuse important passwords. Really, length is by far the most important defense for passwords. Don't go for 8 characters, go for 16. (I'm at 10-12 currently. I think I need to make them longer. Also, I do reuse passwords, which I clearly shouldn't.)