Before you implement a captcha, please consider the effect this will have on visually impaired users. Obviously, any system relying on an image will not be accessible to blind people; systems making use of colored images may not work for colorblind people. Providing audio captchas would help, but this will be a problem for people who are deaf -- and one cannot simply assume that users are not both deaf and blind.
I have seen some captchas that ask users in plain text to solve a simple arithmetic or logic problem. This is going to be far more accessible than anything relying on embedded media.
If you're sure that none of your users are blind or colorblind (which would be plausible only for an extremely small user base), then I suppose something like KittenAuth might be appropriate.
To imply that RIAA influence peddling is a "Republican" phenomenon is simply foolish. Don't forget who voted for the DMCA -- 99 senators, the only abstention being a Republican. Don't forget who signed it -- a Democratic president.
The selling-out of our rights is a decidedly bipartisan effort.
Once you've worked with a real X11 window manager, you can never go back to the crude hacks used on other platforms. Are you talking about an icon theme or something? Maybe you're thinking of KDE circa 1998?
and gained the ability to run industry standard applications
You're talking about "de facto standards", not standards. Standards are publicly documented and have been the prime focus of Linux systems since before day 1. Undocumented, un-POSIX-compliant applications may be popular, but they are not "standards".
it's popularity would likely increase to the level where malware authors would notice it.
A nice try, but Unix-like systems have something that we call a "security model". Except in the case of people who refuse to apply updates or do things like purposefully disabling the firewall, this provides a level of protection that most other systems simply can't rival.
Think about it for a second. Apache with Linux or BSD run a huge majority of the servers on the Web. If you wanted to deliver spyware, you'd exploit and infect these systems with a delivery mechanism. The reason malware authors have to target the client OS with email worms and things that start their own mini-webservers is that it's just too freaking difficult to compromise Unix-like systems.
Of course, as long as the majority of client systems *do* run a swiss-cheesed NT variant with the security-hackaround-of-the-week, it's entirely theoretical as to whether a widespread change in client platforms would affect malware viability in that market.
This is news? When a machine is compromised by an attacker, you take an image (so that you can do a postmortem analysis) and wipe the disks. Then you reinstall the OS and applications and restore user data from backups.
Is this implying that there are people who don't do a complete rebuild after a system is compromised?
Yes. The Tweak UI tool will allow you to click a setting that offers to prevent applications from stealing focus, but I'm not sure what they think that's doing.
The problem, really, is that Windows doesn't really have a window manager, which is why virtual desktop tools and focus settings pretty much end up being ugly hacks.
the RIAA will stop letting Apple run the iTMS, and we're back to where we started - having to buy entire albums to get one good track.
Weird. I've never experienced this problem. In my experience there is rarely such a thing as an artist that can produce one song worth having but not many.
Not to mention the dialog that pops up essentially says, "Hey! It looks like you've plugged your iPod into someone else's computer. I'd better erase all of your music, is that OK?"
Don't think for a moment that this isn't specifically designed to cultivate a fear of plugging your iPod into someone else's computer. After all, if people share music, Apple can't take a cut of the transaction.
Huh. My gaming box runs Debian. Between UT2004, Nexuiz, and the entire Doom and Quake series, I simply haven't been able find time to figure out how to install and secure Windows.
Do you think that anyone back during the conception of that feature thought that a decade down the road companies were going to distribute executables on music cds that install rootkits a la DRM? Outside of that whole fiasco there's no possibly reason why autoplay is not a feature. Nearly everyone knows that programs launch when they insert their cds and most the time this feature saves them the time of loading it. Anyone who really needs to do anything besides run whatever the default program is should know to hold down shift anyway. It's not like the cd-rom is a vulnerable part of the computer where unapproved information is readily inserted, it's a piece of hardware a foot away from my leg - I know if anything malicious is going to be placed in there.
yes. autoplay is a security flaw. merely inserting a removable disc should not allow the execution of arbitrary code. at best, it's an incredible annoyance to have some program window pop up and start eating memory and CPU just because you wanted to read some files on a disc. at worst, it is an attack vector for malware (e.g., sony).
the claim that you "know" if anything malicious is going to be inserted in there is kind of strange, considering you have acknowledged that audio CD's (which we would all expect to be free of files and certainly free of executables) were used as an attack vector exploiting this very flaw.
the existence of workarounds (such as holding shift or disabling the flawed subsystem) is helpful, but it does not change the fact that arbitrary code execution on disc insertion is an attack vector which offers very little value in return.
There is quite a large amount of open-source software available for library management. A full-blown ILS might be overkill for a personal collection, but I'd suggest checking out Koha and the listings at OSS4Lib.
The next step is that Thunderbird+Lightning will be integrated into Firefox -- and then we'll finally have the Mozilla-based internet suite we've all been waiting for!
surely it's impossible for an extenion author to say that their extension won't work in a version of FF that doesn't exist yet
surely it's *more* impossible to say that an extension *will* work with a version of firefox that doesn't exist yet. the nightly tester tools include an option to override that.
Well, you know what they say -- the only problem that can't be solved by adding another layer of Microsoft is when you've got too many layers of Microsoft!
Having encrypted information for which you do not have the key is bad, because it just is.
No, having encrypted information for which you do not have the key is bad because it puts you in possession of information you can't be responsible for. How would you like for someone to put some encrypted child porn on your computer? Bomb plans?
If there's a blob of encrypted data on your drive, MAKE SURE YOU KNOW THE KEY.
I will NOT have encrypted data stored on my systems unless I know the keys to decrypt it... no matter how "friendly" the people are who withhold those keys.
I doubt it is too. I suspect rather that the entire unit including the file system falls under a patent and DCMA and a windows EULA (as another poster suggested).
inventions are patented, not products, duder. if there's patent-enforcible IP in the filesystem (that which he reverse-engineered), the patent's on the filesystem, not "the entire unit." it doesn't take a lawyer to absorb a remedial understanding of patents -- you might check out... i dunno, wikipedia before whipping out like that.
Combine that with the other post commenting that this company enjoys filing lawsuits, and what do you think will happen to Mr. Reverse Engineer when he rolls out his Linux client and source to the world?
what do i think will happen? he'll see limited adoption, and alesis will ignore him. he doesn't threaten their market.
I think it's highly doubtful that their filesystem is patented (see how quickly it was reverse engineered) -- and that's all his software deals with. Their chance for dictating terms to him was when he requested documentation on the system; they've declined to provide it to him, so he reverse-engineered it. If he can get legal advice indicating that the risk from releasing his software is permissible, then I don't see any reason for him to offer Alesis another chance at determining how *his* software will be used.
The "honest route" was exactly the route he took (at least, based on his submission) -- writing the driver without using any NDA-restricted documentation. The fact that the driver is used for reading their filesystem is next to irrelevant. The driver is his, and his decision should be based upon his level of commitment to Free software, and on the legal risks, as determined by someone qualified to give such advice.
Zend is a software company focused on PHP. In addition to the Zend Framework (mentioned in the article) they produce a PHP IDE called Zend Studio, and tool called Zend Optimizer said to improve PHP execution times (it also runs "encoded" applications by PHP developers who do not wish to disclose their source code).
Slashdot Mirror
I have seen some captchas that ask users in plain text to solve a simple arithmetic or logic problem. This is going to be far more accessible than anything relying on embedded media.
If you're sure that none of your users are blind or colorblind (which would be plausible only for an extremely small user base), then I suppose something like KittenAuth might be appropriate.
I think his point was that in this spam/junk case, they are actually separate departments.
The selling-out of our rights is a decidedly bipartisan effort.
Once you've worked with a real X11 window manager, you can never go back to the crude hacks used on other platforms. Are you talking about an icon theme or something? Maybe you're thinking of KDE circa 1998?
You're talking about "de facto standards", not standards. Standards are publicly documented and have been the prime focus of Linux systems since before day 1. Undocumented, un-POSIX-compliant applications may be popular, but they are not "standards".
A nice try, but Unix-like systems have something that we call a "security model". Except in the case of people who refuse to apply updates or do things like purposefully disabling the firewall, this provides a level of protection that most other systems simply can't rival.
Think about it for a second. Apache with Linux or BSD run a huge majority of the servers on the Web. If you wanted to deliver spyware, you'd exploit and infect these systems with a delivery mechanism. The reason malware authors have to target the client OS with email worms and things that start their own mini-webservers is that it's just too freaking difficult to compromise Unix-like systems.
Of course, as long as the majority of client systems *do* run a swiss-cheesed NT variant with the security-hackaround-of-the-week, it's entirely theoretical as to whether a widespread change in client platforms would affect malware viability in that market.
Is this implying that there are people who don't do a complete rebuild after a system is compromised?
The problem, really, is that Windows doesn't really have a window manager, which is why virtual desktop tools and focus settings pretty much end up being ugly hacks.
Weird. I've never experienced this problem. In my experience there is rarely such a thing as an artist that can produce one song worth having but not many.
Don't think for a moment that this isn't specifically designed to cultivate a fear of plugging your iPod into someone else's computer. After all, if people share music, Apple can't take a cut of the transaction.
No, it's just the ubuntu devs. The debian package is fine.
Huh. My gaming box runs Debian. Between UT2004, Nexuiz, and the entire Doom and Quake series, I simply haven't been able find time to figure out how to install and secure Windows.
the claim that you "know" if anything malicious is going to be inserted in there is kind of strange, considering you have acknowledged that audio CD's (which we would all expect to be free of files and certainly free of executables) were used as an attack vector exploiting this very flaw.
the existence of workarounds (such as holding shift or disabling the flawed subsystem) is helpful, but it does not change the fact that arbitrary code execution on disc insertion is an attack vector which offers very little value in return.
There is quite a large amount of open-source software available for library management. A full-blown ILS might be overkill for a personal collection, but I'd suggest checking out Koha and the listings at OSS4Lib.
The next step is that Thunderbird+Lightning will be integrated into Firefox -- and then we'll finally have the Mozilla-based internet suite we've all been waiting for!
what are you so mad about again?
Well, you know what they say -- the only problem that can't be solved by adding another layer of Microsoft is when you've got too many layers of Microsoft!
Hmmm... This thing i wear on my wrist says they're not poisonous!
No, having encrypted information for which you do not have the key is bad because it puts you in possession of information you can't be responsible for. How would you like for someone to put some encrypted child porn on your computer? Bomb plans?
If there's a blob of encrypted data on your drive, MAKE SURE YOU KNOW THE KEY.
Also the case has two locks on it :-P
I will NOT have encrypted data stored on my systems unless I know the keys to decrypt it... no matter how "friendly" the people are who withhold those keys.
Wow. How unfortunate for you. I guess this just ought to remind me how lucky I am that promoting interoperability is what pays my bills.
inventions are patented, not products, duder. if there's patent-enforcible IP in the filesystem (that which he reverse-engineered), the patent's on the filesystem, not "the entire unit." it doesn't take a lawyer to absorb a remedial understanding of patents -- you might check out... i dunno, wikipedia before whipping out like that.
Combine that with the other post commenting that this company enjoys filing lawsuits, and what do you think will happen to Mr. Reverse Engineer when he rolls out his Linux client and source to the world?
what do i think will happen? he'll see limited adoption, and alesis will ignore him. he doesn't threaten their market.
I think it's highly doubtful that their filesystem is patented.
The "honest route" was exactly the route he took (at least, based on his submission) -- writing the driver without using any NDA-restricted documentation. The fact that the driver is used for reading their filesystem is next to irrelevant. The driver is his, and his decision should be based upon his level of commitment to Free software, and on the legal risks, as determined by someone qualified to give such advice.
Zend is a software company focused on PHP. In addition to the Zend Framework (mentioned in the article) they produce a PHP IDE called Zend Studio, and tool called Zend Optimizer said to improve PHP execution times (it also runs "encoded" applications by PHP developers who do not wish to disclose their source code).
-- american