Uhm how's about this one, that's like three posts down from here? It's not quite a remote root exploit, but it is an exploit that, for a great many asp.net installations, will inevitably lead to you getting remote root.
It's a local user privilege escalation exploit. Every OS has those. What it means is that if someone can get in to your computer as a local user (or gain control of a process that runs as a local user, such as the web server process), then they can gain root access to your system.
However, the first step - getting in as a local user - is really really hard on most servers. Unless you're handing out local user accounts to people left and right (like a university cluster or something), it's going to be nearly impossible for Joe Random Hacker to get control of a local user account.
You know how it's generally held to be true that if you have physical access to a running machine, the only thing stopping you from getting root access to it is time? Well, the next step up (in terms of difficulty) is not having physical access, but having access to a local user account.
The exploits that work on Windows, on the other hand, are ones where someone who doesn't even have local user privileges - who's just looking at your website - can get root access, like the one Slashdot posted here.
One thing nobody's talking about is why Intel is doing this.
The only reason I can imagine is that they're sitting on some technology that will greatly reduce fabrication flaws, which means that far more chips will be coming out of their factories that are capable of running at full specification than the market wants.
That, or they're already outputting a high percentage of chips that are capable of running at higher rates, and disabling them - a much higher percentage than they used to be able to manage, if it makes sense to actually market these chips as upgradeable.
Actually, it's very possible for an allele that provides a small negative impact to spread throughout a species, just due to pure luck. After all, evolution has no way of differentiating between someone who has very successful offspring and someone who has very lucky offspring, and occasionally the latter will occur. If it spreads widely enough, it will become entrenched in the species' gene pool, despite being deleterious.
Also, it's not like evolution gets to pick perks and add stat points like in an RPG; living beings are hugely complicated entities, so sometimes evolution will promote a large chunk of genetic code that, for instance, improves speed and reflexes significantly despite also including a little coda that weakens intelligence. If you can target just that little chunk at the end, then you get to keep the benefits while disabling the drawbacks.
...so your users will simply not be able to do things the way they were used to doing them. This is where you hit your biggest resistance: they will have to re-learn things, which will take time, effort and money. People will get upset, they will hate the new system, and they will complain about it, loudly, and to anyone who will listen. And for good reason: they had a work flow that worked, and then management came and pulled the rug from under them and they had to re-learn things for no good reason.
Did you read the part about how now they're going to upgrade everyone to Windows 7? That almost certainly means either Office 2007 or Office 2010. Which means everything you said right there is going to be true anyway.
After looking at your (very well written!) documentation, all I can say is that I'm so very sorry you actally has to write that program. Its mere existence hints at a goldmine of WTFery.
Also, there's no conveniently damning repository of abandoned closed source projects - after all, it's not like there's some major website dedicated to hosting them (and how would that even work? "Give us your code but we promise we won't look at it?").
You just plain can't use Sourceforge or freshmeat as an indicator of how often open source projects are abandoned vs closed - using just that data, we have exactly zero information on how often closed source projects are abandoned. I bet you anything that closed source projects get abandoned more often, if only because they're more likely to be started by some PHB than by a dev with fire in his belly.
Actually it's kind of funny - if we were talking about creationism, there's actually a "law" about this sort of thing, known as Salem's Law. The gist of it is that whenever you get a creationist who claims to have a scientific degree, it will inevitably be an engineering degree (MechE, EE, what have you), not a degree in a science (physics, biology, etc). For some reason, engineers are far more susceptible to this sort of religious bullshit than scientists.
Hypotheses for why this is so are varied but my favorite is that the way engineers are taught makes them more likely to go along with arguments from authority; after all, engineers are very much on the "received knowledge" and "traditional methods" end of the spectrum: we tell you that this is so, and therefore it is true; we've always built bridges like this so therefore you should too. Further, they're used to working entirely with materials and instruments and policies that people have created, so it might be hard to not see agency in natural things.
This is not to say that engineers are always creationists, of course - it's just that whenever you get a creationist who claims to have a degree in something scientific, it's always a degree in engineering.
Seriously, what's the point of worrying about things like that? Just do your best if you care to. It's not like you'll go to hell for accidentally eating a bug (ever eaten a guava? You've eaten bugs) or a bit of highly refined animal product. This isn't NetHack, you don't take a -1 alignment hit for every non-vegan meal.
The above AC is clearly lying about being a plasma physicist - he probably just read this book over the weekend and now understands everything. Literally.
If I want to make my desktop faster, I can replace the graphics card or CPU independently - it's big enough that an integrated CPU/GPU solution doesn't really make that much sense yet.
Mobile devices, on the other hand, make a lot more sense; if you can integrate the CPU and GPU on one chip with a reasonable max TDP, that's significantly less complexity in the design woth more computing power. You should see the heatsink arrangement in my HP laptop with a discrete CPU and GPU - it's insane, heat pipes and fans everywhere.
Yeah, I'm getting a pretty strong sense of deja-vu from this. Intel released their ill-considred 64-bit x86 extensions before AMD, but we all know what happened to the good ship Itanic.
Now AMD acquires ATI and starts making noises about releasing integrated CPU/GPUs, and what do we see? Intel releasing the same class of thing, in a package that runs hotter and draws more power which is exactly the opposite of what you want in a mobile computer (which, I would imagine, is where you're most likely to see these chips being used).
The Canadians also totally didn't burn down the White House back during the War of 1812.
Ever wonder why Canada still isn't the 51st State for real? We're still afraid of them. That was the largest symbolic attack on US soil until 9/11*, and we never really responded to it.
*Pearl Harbor was an army base, so an attack there is not that surprising.
Any scientist who disregards Stephen McIntyre because he's unqualified to offer an opinion is a douche bag.
You are correct, sir. Any scientist who ignres McIntyre simply because he doesn't have the right background is a douche - scientists should should ignore McIntyre because he's so often wrong, not just because of his lack of education.
At some point though, you really have to just give up. It is the instructor's primary duty to instruct as best they can, and it is the student's duty to learn. If the students don't want to learn, you shouldn't compromise your ability to be the best instructor you can in order to compel them to do their duty.
... my income disqualifies me from living in a smaller (cheaper) place.
... what? Pray explain how "more money -> no cheap housing", because unless you mean something weid like "the fact that I make a living wage disqualifies me from cheap government assisted housing" that statement is a real head scratcher. I just can't imagine why someone who makes more money can't just as easily live in a cheap apartment - after all, it's not like you store your salary under your mattress and need to keep it safe.
Are you saying software simply can't be inventive? That you can't possibly think of something in software that anyone else couldn't have thought of, even given the exact same problem set? Because boy oh boy, if that's true, we're really overpaying software "engineers" then, aren't we?
Nope, software cannot be inventive - we're overpaying those software engineers just as much as we're overpaying those mathematicians. Saying that you "invented" a piece of software is (if you accept the Church-Turing thesis) exactly like saying Poincaire invented his conjecture, or that Einstein invented relativity, or that some ancient (Hindu, I believe) mathematician invented the fact that that 0 + 1 = 1. Sure, the concepts used in software can be novel, but they are not invented - because all software is fundamentally mathematics, the concepts used in software already exist and we just discover them.
... only that it absolutely, positively, couldn't have been caused by the vaccine administered a few hours earlier.
Post hoc, ergo propter hoc - it never fails!
Did you consider that, perhaps, there is simply no reason to believe that the siezure was caused by the vaccine besides their temporal proximity? A hundred million babies being vaccinated a year means that statistically some of them will (for instance) have siezures soon after being vaccinated due to pure chance.
there's nothing that surprising or terrible about this case, actually.
Hannah Poling has a very very very rare mitochondrial disorder - so rare, in fact, that the usual anti-vax suspects have actually given up on claiming that maybe it's more common than we thought and thus causing this fake "autism epidemic". Winning this judgement is actually less likely than winning the lottery, if you compare the incidence of her condition to the chances of buyimg a winning lottery ticket.
Furthermore, proof means a different thing in this context. This trial's level of evidence was "more likely than not" - or in other words, if her lawyer could make the case that there was a 50+epsilon% chance that vaccines caused her autism, he won. What scientist accepts such low confidence levels?
So basically, it's not that bad in terms of the anti-vax wars.
Not to demean Notch's achevements or anything, but Minecraft does not form an entirely new genre by any means - it is, essentially, a voxel-based first person roguelike, or as another poster said "first-person Dwarf Fortress".
Slashdot Mirror
Uhm how's about this one, that's like three posts down from here? It's not quite a remote root exploit, but it is an exploit that, for a great many asp.net installations, will inevitably lead to you getting remote root.
It's a local user privilege escalation exploit. Every OS has those. What it means is that if someone can get in to your computer as a local user (or gain control of a process that runs as a local user, such as the web server process), then they can gain root access to your system.
However, the first step - getting in as a local user - is really really hard on most servers. Unless you're handing out local user accounts to people left and right (like a university cluster or something), it's going to be nearly impossible for Joe Random Hacker to get control of a local user account.
You know how it's generally held to be true that if you have physical access to a running machine, the only thing stopping you from getting root access to it is time? Well, the next step up (in terms of difficulty) is not having physical access, but having access to a local user account.
The exploits that work on Windows, on the other hand, are ones where someone who doesn't even have local user privileges - who's just looking at your website - can get root access, like the one Slashdot posted here.
One thing nobody's talking about is why Intel is doing this.
The only reason I can imagine is that they're sitting on some technology that will greatly reduce fabrication flaws, which means that far more chips will be coming out of their factories that are capable of running at full specification than the market wants.
That, or they're already outputting a high percentage of chips that are capable of running at higher rates, and disabling them - a much higher percentage than they used to be able to manage, if it makes sense to actually market these chips as upgradeable.
Actually, it's very possible for an allele that provides a small negative impact to spread throughout a species, just due to pure luck. After all, evolution has no way of differentiating between someone who has very successful offspring and someone who has very lucky offspring, and occasionally the latter will occur. If it spreads widely enough, it will become entrenched in the species' gene pool, despite being deleterious.
Also, it's not like evolution gets to pick perks and add stat points like in an RPG; living beings are hugely complicated entities, so sometimes evolution will promote a large chunk of genetic code that, for instance, improves speed and reflexes significantly despite also including a little coda that weakens intelligence. If you can target just that little chunk at the end, then you get to keep the benefits while disabling the drawbacks.
Did you read the part about how now they're going to upgrade everyone to Windows 7? That almost certainly means either Office 2007 or Office 2010. Which means everything you said right there is going to be true anyway.
Really? They've come up with toddler/dog/angry ex-proof diskettes?
After looking at your (very well written!) documentation, all I can say is that I'm so very sorry you actally has to write that program. Its mere existence hints at a goldmine of WTFery.
Also, there's no conveniently damning repository of abandoned closed source projects - after all, it's not like there's some major website dedicated to hosting them (and how would that even work? "Give us your code but we promise we won't look at it?").
You just plain can't use Sourceforge or freshmeat as an indicator of how often open source projects are abandoned vs closed - using just that data, we have exactly zero information on how often closed source projects are abandoned. I bet you anything that closed source projects get abandoned more often, if only because they're more likely to be started by some PHB than by a dev with fire in his belly.
Actually it's kind of funny - if we were talking about creationism, there's actually a "law" about this sort of thing, known as Salem's Law. The gist of it is that whenever you get a creationist who claims to have a scientific degree, it will inevitably be an engineering degree (MechE, EE, what have you), not a degree in a science (physics, biology, etc). For some reason, engineers are far more susceptible to this sort of religious bullshit than scientists.
Hypotheses for why this is so are varied but my favorite is that the way engineers are taught makes them more likely to go along with arguments from authority; after all, engineers are very much on the "received knowledge" and "traditional methods" end of the spectrum: we tell you that this is so, and therefore it is true; we've always built bridges like this so therefore you should too. Further, they're used to working entirely with materials and instruments and policies that people have created, so it might be hard to not see agency in natural things.
This is not to say that engineers are always creationists, of course - it's just that whenever you get a creationist who claims to have a degree in something scientific, it's always a degree in engineering.
Seriously, what's the point of worrying about things like that? Just do your best if you care to. It's not like you'll go to hell for accidentally eating a bug (ever eaten a guava? You've eaten bugs) or a bit of highly refined animal product. This isn't NetHack, you don't take a -1 alignment hit for every non-vegan meal.
Unfortunately, all the conference rooms are booked.
Yes, all of them. Forever.
The above AC is clearly lying about being a plasma physicist - he probably just read this book over the weekend and now understands everything. Literally.
Or in other words:
And how does a blanket Microsoft license prevent corrupt authorities from using the pretext of, say, pirated Adobe products?
If I want to make my desktop faster, I can replace the graphics card or CPU independently - it's big enough that an integrated CPU/GPU solution doesn't really make that much sense yet.
Mobile devices, on the other hand, make a lot more sense; if you can integrate the CPU and GPU on one chip with a reasonable max TDP, that's significantly less complexity in the design woth more computing power. You should see the heatsink arrangement in my HP laptop with a discrete CPU and GPU - it's insane, heat pipes and fans everywhere.
Yeah, I'm getting a pretty strong sense of deja-vu from this. Intel released their ill-considred 64-bit x86 extensions before AMD, but we all know what happened to the good ship Itanic.
Now AMD acquires ATI and starts making noises about releasing integrated CPU/GPUs, and what do we see? Intel releasing the same class of thing, in a package that runs hotter and draws more power which is exactly the opposite of what you want in a mobile computer (which, I would imagine, is where you're most likely to see these chips being used).
Seriously, Intel, what are you guys doing?
The Canadians also totally didn't burn down the White House back during the War of 1812.
Ever wonder why Canada still isn't the 51st State for real? We're still afraid of them. That was the largest symbolic attack on US soil until 9/11*, and we never really responded to it.
*Pearl Harbor was an army base, so an attack there is not that surprising.
You are correct, sir. Any scientist who ignres McIntyre simply because he doesn't have the right background is a douche - scientists should should ignore McIntyre because he's so often wrong, not just because of his lack of education.
At some point though, you really have to just give up. It is the instructor's primary duty to instruct as best they can, and it is the student's duty to learn. If the students don't want to learn, you shouldn't compromise your ability to be the best instructor you can in order to compel them to do their duty.
Look, when you're fat you don't get to pick what you tap. Just be thankful and go with it, man.
Nope, software cannot be inventive - we're overpaying those software engineers just as much as we're overpaying those mathematicians. Saying that you "invented" a piece of software is (if you accept the Church-Turing thesis) exactly like saying Poincaire invented his conjecture, or that Einstein invented relativity, or that some ancient (Hindu, I believe) mathematician invented the fact that that 0 + 1 = 1. Sure, the concepts used in software can be novel, but they are not invented - because all software is fundamentally mathematics, the concepts used in software already exist and we just discover them.
Post hoc, ergo propter hoc - it never fails!
Did you consider that, perhaps, there is simply no reason to believe that the siezure was caused by the vaccine besides their temporal proximity? A hundred million babies being vaccinated a year means that statistically some of them will (for instance) have siezures soon after being vaccinated due to pure chance.
there's nothing that surprising or terrible about this case, actually.
Hannah Poling has a very very very rare mitochondrial disorder - so rare, in fact, that the usual anti-vax suspects have actually given up on claiming that maybe it's more common than we thought and thus causing this fake "autism epidemic". Winning this judgement is actually less likely than winning the lottery, if you compare the incidence of her condition to the chances of buyimg a winning lottery ticket.
Furthermore, proof means a different thing in this context. This trial's level of evidence was "more likely than not" - or in other words, if her lawyer could make the case that there was a 50+epsilon% chance that vaccines caused her autism, he won. What scientist accepts such low confidence levels?
So basically, it's not that bad in terms of the anti-vax wars.
Not to demean Notch's achevements or anything, but Minecraft does not form an entirely new genre by any means - it is, essentially, a voxel-based first person roguelike, or as another poster said "first-person Dwarf Fortress".