Why the hell is everyone trying to downplay the severity of this? This is a serious issue, its worse than most security problems I've seen with *any* operating system, stop the hand waving, and spread the word instead. This *is* serious and shows poorly on the Ubuntu developers. I mean, how many people have set up linux for their parents or family, chosen Ubuntu and now they have to make sure they go in and change that. Updating won't always work (for reasons listed elsewhere), the only sure thing to do is to physically change it (if ssh access is enabled than its easier).
One of Ubuntu's big things is giving out free cd's, in particular targeted to people who don't know what linux is. Me and my roommates actually had a 100 or so Ubuntu CDs, most of which we've given away. We both run Fedora, it fits our needs as "powerusers" better, but give out Ubuntu simply out of convenience and to help the "cause". They are both nice distros, but security is definitely one area where Fedora surpasses all of the other distros.
Fedora makes security transparent to the user, you're running SELinux but would never know it unless you needed to, you're running exec-shield but you'd never know it unless you needed to, all the major services are compiled to randomize memory mappings, but the user is none-the-wiser. That goes for advanced and beginning users. I can install Fedora and be fairly certain that even if somehow my system stopped updating, that any vulnerabilities found would be stopped by these additional measures anyway. The measures in place make most buffer overflows useless and even if you somehow got passed all of the measures to prevent overflows and you got root through an exploit in a vulnerable service (despite that the services don't run as root), SELiux would probably still make your entry pretty pointless.
The point I'm making is, the differece between a secure OS a non-secure OS are ones where even without updates, the security measures in place are foward looking and work to prevent current unknown attacks. Fedora has damn near perfected this, but if any of the users of the Ubuntu CDs I've given out somehow managed to disable updates, they are screwed now. There should never be a situation like that. Bravo on the response time, but seriously the users most likely to be affected don't read/. or digg and if they don't update then they are screwed more than they were before. I don't like knowing that a local user vulnerability will can give out root access Regards, Steve
Technically if they just threw two 3D accelerometers in the ends of the controller, they could get all the same information that they can using two external sensors. The only additional information they'll be able to obtain with external sensors is an exact point in relation the sensors, but thats only if the hardware knows exactly where the sensors are and even then,the information isn't that important (nobody will probably position it right). All you need is acceleration readings and everything else can be calculated, just assume the initial holding spot is the origin. Orientation, velocity, position etc... can all be calculated for 3 space. I'd imagine that the reason they're using an external wand with two sensors is a) for size b) battery life. Using the external sensors requires the controllers to simply output two low power time-encoded signals for position tracking, which means the battery life is going to be ridiculously long. I can see some other benefits too, like assuming the wand is, for all intents and purposes, at the same distance as the TV, you can know how far a player is, but for most games I'd imagine movement is all relative and not dependant on some predefined point. Regards, Steve
Middle clicking search results is also disabled. They actually had to go out of their way to stop me from opening search results in tabs by middle clicking. Regards, Steve
The guy who set up the server *enabled* the services like ssh, apache, etc... (they are off by default) The black hat who cracked it didn't specify whether the unknown vulnerability was for one of the services enabled (i.e. apache) or a local mac exploit, and there is a huge difference. If the server owner gave everyone some kind of guest account, then I can see this being an unpublished local exploit and a true problem for the mac. In any other case, the hacker probably used an unpublished vuln for one of the running services and the hacker is just making it seem like he knows an unpublished mac vuln to be "1337". The mac security by default is significantly better than the security on the box that was cracked. Regardless, I still prefer linux for my OS, I like the many security patches/options(exec-shield, SELinux, compiling with randomized memory mappings, virtualization -- not necessarily for security but can be, etc...), even if an attacker does find a way in, statistically it will give him no benefit in the majoirty of cases. Regards, Steve
Under Linux (using GTK/Gnome), Mac OS X, and Windows, it all works fine. You can't tell it's not native. Care to share your experience and where it didn't work? Seriously, I'd like to know so I can make a note about it and possibly work around it if need be in the future. Regards, Steve
I recommend you download the Java 1.6.0 beta called Mustang. Swing is not only now multi-threaded and fast as hell, but it also takes on the native appearance perfectly regardless of your platform or theme. Regards, Steve
That's the crazy thing about people, we all don't work the same, and we all don't work properly. I mean call me crazy but maybe, just maybe, some people need certain hormone, enzyme, and drug levels artificially maintained because their bodies have a deficiency of some sort that does not allow their bodies to properly regulate themselves. Regards, Steve
AOL offers its own broadband service, and they have for years now. They also offer a whole bunch of multimedia, streaming concerts, music, and access to a lot of news/financial resources that typically you'd have to pay for. I don't use AOL, but I can see why some people stick with it. You get a lot for your money, but you also get a bad rep. Most people on slashdot, though, speak ignorantly of what AOL has to offer. They really have not a clue, and its no better than when a company makes false claims against linux. Regards, Steve
The underlying foundation of Xgl is questionable and complicated. I'd much rather Aiglx take a little longer to come out, but be more stable and easier to use. If its hard for programmers to write for, the features will never be used anyway. This Aiglx is the right way to go about this. (Also, it is your nVidia drivers that don't support all the gl extenstions) Regards, Steve
I was going to mod you flamebait, but I guess you'd be expecting that. Wikipedia is significantly more reputable than *any* encyclopedia that I've ever used. Look up Crooke's Radiometer on Wikipedia, then go look it up in Encyclopedia Britannica, then go look it up from at a reputable 3rd party in the sciences field. You'll see that Britannica has been giving out the wrong explanation for decades, and you know what? There is nothing any of us can do about it. Britannica is filled with innaccuracies, typos, and biases that have propagated from one version to the next for years. Wikipedia is the best source of information I've yet to come across. Every now and then there are some errors, as there are in all works done by humans, but they are often quickly corrected. If you get into a revert war, there are provisions in place to put an end to it and to facilitate debate and discussion. Essentially, not only does Wikipedia cover a significantly larger base of human knowledge, but it does so more accurately than any source I've come across and in a way that encourages little to no bias. Everybody has something to add, regardless of what you think of their intelligence. Don't be so full of yourself. Regards, Steve
How about... e-mail you send out is automatically whitelisted? And incoming e-mail has to receive permission. And e-mail has to be digitally signed by a gpg key. Is it just me or was jabber really thinking ahead when it was designed? Its got support for all of these features.
Regards, Steve
DC has some of the most corrupt traffic legislation I've ever seen, people really need to start doing something about it. One of the biggest offenders I can think of is them passing legislation to make yellow lights shorter so more people are likely to run through red lights, thus increasing ticket revenue. Nothing quite like putting your citizens' lives at stake by making them run through more red lights just so you can have some more money to play with. Regards, Steve
Umm.. everytime you move you are time traveling. When you run, time is moving slower for you, and so on. Take something the mass of Jupiter, cram it into a very thin spherical shell with an 8-foot diameter or so, sit inside it and come out a year later and you'll see time has advanced decades in comparison to your one year. We know how to time travel, but traveling far distances is hardly feasible (and traveling backwards still only works on paper). Regards, Steve
As far as storing the emails on another coroporation's servers go... externally hosting your email is a common solution for small businesses. Assuming the privacy policies are in line, this would be no different and it would lower the cost of infastructure and administration for the business. This beta even provides an administrator console so you have complete control over how your users are using it. If Google makes it either Outlook compatible in all regards, or if they add serious Calendaring/Scheduling capabilities, then they'll have a real winner. Small business represents over 99% of employees in the U.S (where a small business is defined as a business with less than 500 employees, although the majority of small businesses are less than 15 people), and small business is exactly the type of area that needs this stuff. Right now, externally hosting email typically costs around $12 per user per month, Google would smash that to hell. Regards, Steve
Regardless of their motives, chanting death to anything is just outright psychotic and these people need to be put under wraps. This shows nothing but that its easy to brainwash people en masse. Regards, Steve
As far as the interface goes... Apple was actually sued because someone patented a similar interface for software a few years prior. Apple came up with it themselves independently, as I'm sure many others could do simply because the interface makes sense. If I had never used a music app before and were designing one from scratch, I doubt it'd be all that different. I'm a fan of Apple, but you're giving them a little too much credit. Its like saying firefox invented tabs and nobody else should use them (you'd be wrong about both firefox inventing tabs and that nobody else should use them). Regards, Steve
They only produced 700,000 units to create artificial demand and press. And yes, I've seen Xbox 360s lying around. I could go buy 10 right now if I wanted, easily. Regards, Steve
I foresee a web based api to embed GTalk into your site. This web based chat interface is exactly what I've been waiting for, in fact I personally think they should do away with their desktop counterpart and do voip through an open source plugin of sorts. Using a desktop app just doesn't feel googly, no matter how well ddesigned it may be. Now if only they'd throw in support for GPG signing and/or encrypting in GMail(yes I know it'd kill their compression ratios). If everything was done client side in javascript, I'd imagine the security concern would be fairly low, the only thing I can think of is maybe other programs crawling the browser's memory after you've decrypted your private key client side (does anyone know if this would be an issue?) Regards, Steve
Go to London or Madrid or Paris with a swastika patch on your arm and see how well you are received by not only the locals but the government as well. Also, as far as the last comment goes about Americans... uhh every day they have to deal with the consequences of taking land from the Indians and participating in slavery, it is always an issue being dealt with because the "victims" feel like they deserve something. (Victims is quoted simply because one could argue that in this day and age they no longer are significantly affected by the consequences of things that happened generations before them) If a particular class is being mistreated, the states acknowledge it and then try to correct it, same thing goes for gender or murder or any problems that might arise. France's recent run in with the Muslims is a fine example to show the contrast between embracing differences and treating them as subpar. I wasn't trying to say one country is better than the other or anything like that, but if you ever spend any significant time stateside, you'll see a big difference in how problems are dealt with. In my experience, a lot of european governments have a habit of being in denial about things (granted that is a gross generalization). Regards, Steve
You talk as though Activision is the only one at fault here. Game publishers don't just make random ass games, they do market research with gamers just like the ones on slashdot. Apparently the results of their market research showed that such a game would be popular enough to make a profit. Sure Activision could have chosen not to make the game,but don't pretend that it in no way reflects back on society, and apparently it is historically accurate so you can't be that mad at Activision. Those who don't remember history are doomed to repeat it. Unlike many European countries who try to forget about the Nazis and often look down upon others for mentioning the nazi party, Americans typically openly discuss their history regardless of how nice it is. It might not always be all kind words coming from either side, but its better to argue about history than to forget about history. Regards, Steve
Any non-defense related sourcecode written by the government can be obtained by any citizen, although you may have to fill out paper work to get it. Alot of agencies just give it away though, NASA being a big supporter of that (I even believe they have some software for shuttle control available for download), but the department of defense also releases a ton of source code (quite a bit of it though you do need to sign a form and fax it, its not bad, I've done it). The NSA releases things like SELinux, but there is a lot more then just what I'm listing. I mean literally tons of stuff. If you're a citizen of the states it might be worth checking out. Regards, Steve
Global warming is blown way out of proportion. The earth is still coming out of the last ice age for chrissake and this is one of the few times in its history where both poles have had ice. No matter what we do you're going to see the earth get a hell of a sight hotter and the oceans are goign to raise a couple hundred meters again, its really no big deal... we'll probably be off this rock by that time anyway. Regards, Steve
Slashdot Mirror
Why the hell is everyone trying to downplay the severity of this? This is a serious issue, its worse than most security problems I've seen with *any* operating system, stop the hand waving, and spread the word instead. This *is* serious and shows poorly on the Ubuntu developers. I mean, how many people have set up linux for their parents or family, chosen Ubuntu and now they have to make sure they go in and change that. Updating won't always work (for reasons listed elsewhere), the only sure thing to do is to physically change it (if ssh access is enabled than its easier).
/. or digg and if they don't update then they are screwed more than they were before. I don't like knowing that a local user vulnerability will can give out root access
One of Ubuntu's big things is giving out free cd's, in particular targeted to people who don't know what linux is. Me and my roommates actually had a 100 or so Ubuntu CDs, most of which we've given away. We both run Fedora, it fits our needs as "powerusers" better, but give out Ubuntu simply out of convenience and to help the "cause". They are both nice distros, but security is definitely one area where Fedora surpasses all of the other distros.
Fedora makes security transparent to the user, you're running SELinux but would never know it unless you needed to, you're running exec-shield but you'd never know it unless you needed to, all the major services are compiled to randomize memory mappings, but the user is none-the-wiser. That goes for advanced and beginning users. I can install Fedora and be fairly certain that even if somehow my system stopped updating, that any vulnerabilities found would be stopped by these additional measures anyway. The measures in place make most buffer overflows useless and even if you somehow got passed all of the measures to prevent overflows and you got root through an exploit in a vulnerable service (despite that the services don't run as root), SELiux would probably still make your entry pretty pointless.
The point I'm making is, the differece between a secure OS a non-secure OS are ones where even without updates, the security measures in place are foward looking and work to prevent current unknown attacks. Fedora has damn near perfected this, but if any of the users of the Ubuntu CDs I've given out somehow managed to disable updates, they are screwed now. There should never be a situation like that. Bravo on the response time, but seriously the users most likely to be affected don't read
Regards,
Steve
Technically if they just threw two 3D accelerometers in the ends of the controller, they could get all the same information that they can using two external sensors. The only additional information they'll be able to obtain with external sensors is an exact point in relation the sensors, but thats only if the hardware knows exactly where the sensors are and even then,the information isn't that important (nobody will probably position it right). All you need is acceleration readings and everything else can be calculated, just assume the initial holding spot is the origin. Orientation, velocity, position etc... can all be calculated for 3 space. I'd imagine that the reason they're using an external wand with two sensors is a) for size b) battery life. Using the external sensors requires the controllers to simply output two low power time-encoded signals for position tracking, which means the battery life is going to be ridiculously long. I can see some other benefits too, like assuming the wand is, for all intents and purposes, at the same distance as the TV, you can know how far a player is, but for most games I'd imagine movement is all relative and not dependant on some predefined point.
Regards,
Steve
The third theory involves the big phone companies simply degrading the quality of alternative voice services.
Regards,
Steve
Middle clicking search results is also disabled. They actually had to go out of their way to stop me from opening search results in tabs by middle clicking.
Regards,
Steve
The guy who set up the server *enabled* the services like ssh, apache, etc... (they are off by default) The black hat who cracked it didn't specify whether the unknown vulnerability was for one of the services enabled (i.e. apache) or a local mac exploit, and there is a huge difference. If the server owner gave everyone some kind of guest account, then I can see this being an unpublished local exploit and a true problem for the mac. In any other case, the hacker probably used an unpublished vuln for one of the running services and the hacker is just making it seem like he knows an unpublished mac vuln to be "1337". The mac security by default is significantly better than the security on the box that was cracked. Regardless, I still prefer linux for my OS, I like the many security patches/options(exec-shield, SELinux, compiling with randomized memory mappings, virtualization -- not necessarily for security but can be, etc...), even if an attacker does find a way in, statistically it will give him no benefit in the majoirty of cases.
Regards,
Steve
Under Linux (using GTK/Gnome), Mac OS X, and Windows, it all works fine. You can't tell it's not native. Care to share your experience and where it didn't work? Seriously, I'd like to know so I can make a note about it and possibly work around it if need be in the future.
Regards,
Steve
I recommend you download the Java 1.6.0 beta called Mustang. Swing is not only now multi-threaded and fast as hell, but it also takes on the native appearance perfectly regardless of your platform or theme.
Regards,
Steve
That's the crazy thing about people, we all don't work the same, and we all don't work properly. I mean call me crazy but maybe, just maybe, some people need certain hormone, enzyme, and drug levels artificially maintained because their bodies have a deficiency of some sort that does not allow their bodies to properly regulate themselves.
Regards,
Steve
AOL offers its own broadband service, and they have for years now. They also offer a whole bunch of multimedia, streaming concerts, music, and access to a lot of news/financial resources that typically you'd have to pay for. I don't use AOL, but I can see why some people stick with it. You get a lot for your money, but you also get a bad rep. Most people on slashdot, though, speak ignorantly of what AOL has to offer. They really have not a clue, and its no better than when a company makes false claims against linux.
Regards,
Steve
The underlying foundation of Xgl is questionable and complicated. I'd much rather Aiglx take a little longer to come out, but be more stable and easier to use. If its hard for programmers to write for, the features will never be used anyway. This Aiglx is the right way to go about this. (Also, it is your nVidia drivers that don't support all the gl extenstions)
Regards,
Steve
I was going to mod you flamebait, but I guess you'd be expecting that. Wikipedia is significantly more reputable than *any* encyclopedia that I've ever used. Look up Crooke's Radiometer on Wikipedia, then go look it up in Encyclopedia Britannica, then go look it up from at a reputable 3rd party in the sciences field. You'll see that Britannica has been giving out the wrong explanation for decades, and you know what? There is nothing any of us can do about it. Britannica is filled with innaccuracies, typos, and biases that have propagated from one version to the next for years. Wikipedia is the best source of information I've yet to come across. Every now and then there are some errors, as there are in all works done by humans, but they are often quickly corrected. If you get into a revert war, there are provisions in place to put an end to it and to facilitate debate and discussion. Essentially, not only does Wikipedia cover a significantly larger base of human knowledge, but it does so more accurately than any source I've come across and in a way that encourages little to no bias. Everybody has something to add, regardless of what you think of their intelligence. Don't be so full of yourself.
Regards,
Steve
How about... e-mail you send out is automatically whitelisted? And incoming e-mail has to receive permission. And e-mail has to be digitally signed by a gpg key. Is it just me or was jabber really thinking ahead when it was designed? Its got support for all of these features.
Regards,
Steve
DC has some of the most corrupt traffic legislation I've ever seen, people really need to start doing something about it. One of the biggest offenders I can think of is them passing legislation to make yellow lights shorter so more people are likely to run through red lights, thus increasing ticket revenue. Nothing quite like putting your citizens' lives at stake by making them run through more red lights just so you can have some more money to play with.
Regards,
Steve
Umm.. everytime you move you are time traveling. When you run, time is moving slower for you, and so on. Take something the mass of Jupiter, cram it into a very thin spherical shell with an 8-foot diameter or so, sit inside it and come out a year later and you'll see time has advanced decades in comparison to your one year. We know how to time travel, but traveling far distances is hardly feasible (and traveling backwards still only works on paper).
Regards,
Steve
As far as storing the emails on another coroporation's servers go... externally hosting your email is a common solution for small businesses. Assuming the privacy policies are in line, this would be no different and it would lower the cost of infastructure and administration for the business. This beta even provides an administrator console so you have complete control over how your users are using it. If Google makes it either Outlook compatible in all regards, or if they add serious Calendaring/Scheduling capabilities, then they'll have a real winner. Small business represents over 99% of employees in the U.S (where a small business is defined as a business with less than 500 employees, although the majority of small businesses are less than 15 people), and small business is exactly the type of area that needs this stuff. Right now, externally hosting email typically costs around $12 per user per month, Google would smash that to hell.
Regards,
Steve
Perhaps this would be a good time to start introducing people to GPG.
Regards,
Steve
Regardless of their motives, chanting death to anything is just outright psychotic and these people need to be put under wraps. This shows nothing but that its easy to brainwash people en masse.
Regards,
Steve
As far as the interface goes... Apple was actually sued because someone patented a similar interface for software a few years prior. Apple came up with it themselves independently, as I'm sure many others could do simply because the interface makes sense. If I had never used a music app before and were designing one from scratch, I doubt it'd be all that different. I'm a fan of Apple, but you're giving them a little too much credit. Its like saying firefox invented tabs and nobody else should use them (you'd be wrong about both firefox inventing tabs and that nobody else should use them).
Regards,
Steve
They only produced 700,000 units to create artificial demand and press. And yes, I've seen Xbox 360s lying around. I could go buy 10 right now if I wanted, easily.
Regards,
Steve
I foresee a web based api to embed GTalk into your site. This web based chat interface is exactly what I've been waiting for, in fact I personally think they should do away with their desktop counterpart and do voip through an open source plugin of sorts. Using a desktop app just doesn't feel googly, no matter how well ddesigned it may be. Now if only they'd throw in support for GPG signing and/or encrypting in GMail(yes I know it'd kill their compression ratios). If everything was done client side in javascript, I'd imagine the security concern would be fairly low, the only thing I can think of is maybe other programs crawling the browser's memory after you've decrypted your private key client side (does anyone know if this would be an issue?)
Regards,
Steve
Go to London or Madrid or Paris with a swastika patch on your arm and see how well you are received by not only the locals but the government as well. Also, as far as the last comment goes about Americans... uhh every day they have to deal with the consequences of taking land from the Indians and participating in slavery, it is always an issue being dealt with because the "victims" feel like they deserve something. (Victims is quoted simply because one could argue that in this day and age they no longer are significantly affected by the consequences of things that happened generations before them) If a particular class is being mistreated, the states acknowledge it and then try to correct it, same thing goes for gender or murder or any problems that might arise. France's recent run in with the Muslims is a fine example to show the contrast between embracing differences and treating them as subpar. I wasn't trying to say one country is better than the other or anything like that, but if you ever spend any significant time stateside, you'll see a big difference in how problems are dealt with. In my experience, a lot of european governments have a habit of being in denial about things (granted that is a gross generalization).
Regards,
Steve
You talk as though Activision is the only one at fault here. Game publishers don't just make random ass games, they do market research with gamers just like the ones on slashdot. Apparently the results of their market research showed that such a game would be popular enough to make a profit. Sure Activision could have chosen not to make the game,but don't pretend that it in no way reflects back on society, and apparently it is historically accurate so you can't be that mad at Activision. Those who don't remember history are doomed to repeat it. Unlike many European countries who try to forget about the Nazis and often look down upon others for mentioning the nazi party, Americans typically openly discuss their history regardless of how nice it is. It might not always be all kind words coming from either side, but its better to argue about history than to forget about history.
Regards,
Steve
Any non-defense related sourcecode written by the government can be obtained by any citizen, although you may have to fill out paper work to get it. Alot of agencies just give it away though, NASA being a big supporter of that (I even believe they have some software for shuttle control available for download), but the department of defense also releases a ton of source code (quite a bit of it though you do need to sign a form and fax it, its not bad, I've done it). The NSA releases things like SELinux, but there is a lot more then just what I'm listing. I mean literally tons of stuff. If you're a citizen of the states it might be worth checking out.
Regards,
Steve
In 100 year no one will remember that he killed netscape.
May our fallen brethren never be forgotten!
-Steve
Global warming is blown way out of proportion. The earth is still coming out of the last ice age for chrissake and this is one of the few times in its history where both poles have had ice. No matter what we do you're going to see the earth get a hell of a sight hotter and the oceans are goign to raise a couple hundred meters again, its really no big deal... we'll probably be off this rock by that time anyway.
Regards,
Steve