Good for you, you must be running a lot more permissively then I'm willing to. But the problem isn't the bug, it's CIS response to the widespread problem. I wouldn't trust a home router that said just turn on upnp because there was bugs with port forwarding.
This is double plus funny as Steam doesnt let you own anything, you merely borrow software and Steam can take it away at any moment.
His point is clear, convenience is king. Steam is more convenient then pirating (oh a new patch, uncrack, patch, find new crack two weeks later). Steam is more convenient then media (now where did I put that disc). How long do you expect your games to work before the authentication servers go down or it's not compatible with modern OS. So does owning even matter? If you want to go back you have a lot of work in front of you anyways (dosbox is still awesome).
If steam ever stops working then I'll just pirate (the games will be there) but until then Steam's more convenient. Money isn't the issue, I don't pirate to save money, I pirate when it's more convenient. Nintendo should learn from the flashcarts.
The black screen bug doesn't effect you since it is limited to 64bit windows 7. So I'll inform you it effects basically every use of directx for fullscreen, If CIS attempts to make a popup. It's well-documented in the forums with hundreds of threads and they all get a response linking to that thread "Just put in it in trusted mode". The link may have been written by a guest, but it was also stickied and that's the intended solution they link to all over the place. I don't fault them for not working properly on 64bit win7, updating takes time (CIS still hasn't fixed this bug). I fault them for a response that leads to gaping security hole. This and their controversy over selling unverified SSL certificates and I've lost faith in them.
Comodo is a good start for people to do a simple baseline of security (and it's at least that, signature based AV are worse then useless). It's a good concept with some massive holes by design. Training mode will make massive whitelists (on unrelated apps) that skirt around your blacklists, it's just an insane implementation. It shows a design philosophy of usability over security policy.
"a trusted system is one which can break your security policy"
That is why I highly recommend Comodo Internet Security as it is free for personal use, so no subscriptions to run out, low resource ( according to process explorer it is using a whole 15Mb and 0% CPU while running both the firewall and AV) and most importantly IT WORKS.
Comodo is snake oil. The concept of use is when you install new software put it in training mode. Except training mode isn't per application, it's systemwide and if any process does something you blocked before, it now gets whitelisted. There is a known problem that with full screen games that if comodo tries to popup at all the computer locks up on quitting the game. Comodo's response, mark the game trusted or put it in training mode.
So if you have a program that you don't explicitly trust that uses fullscreen mode there's no way to handle it securely with comodo. Worse if you run a program while comodo is protecting you, that program can go to fullscreen mode and crash computer from a user account. Some protection that is...
You do know Valve has promised to patch around Steam authentication if the shit ever does hit the fan?
Unless it's already made and in escrow you can be sure they won't release one: 1. If the shit hits the fan it's too late, how are they going to pay to develop that patch? 2. If they're going bankrupt it's because they're in debt. Do you think their creditors will let them give away something they perceive as having value?
Why does so much of US law rest on precedent, when it's obvious that past rulings are sometimes (often) flawed? Please, don't say "because we always have."
Imagine if the betamax case didn't cause precedent. Every time someone released a product with a record functionality, they'd go through a lawsuit only to be decided on the whim of whatever judge they had that day. Some products get the seal of approval, some are marked illegal. It'd be chaos.
Precedent allows you to predict the outcome of that case without spending millions developing the product first.
I don't know much about python, but if you're using Integer data types, you're taking the wrong approach... 206 * 2 / 3
This story would be much more interesting if they did use integer division as 2 / 3 * 206. In fact since the law didn't declare the type for number_of_votes, I suggest we fall back to fortran conventions.
I could care less about "trade secrets", if the engineer leaked it to gizmodo that's one thing (and I won't discount that possibility). But for Gizmodo to come out and say they know the true owner but don't want to return it is bullshit.
Actually, it's more like: INTERNET -> PORT22, since just about anything can be sent through an ssh tunnel. And the encryption makes most types of deep packet inspection impossible.
You missed his point which wasn't about the protocol, but the port being used. If you use port 22, it'll be blocked many places because they don't want to allow you to ssh. If you use port 443 it'll be allowed since https is "necessary", even if you're using 443 to carry your ssh traffic. What's sad is seeing other services move to 443 to be more accessible. Most usenet providers offer SSL encrypted NNTP on port 443 (despite having an RFC port specifically for nntps).
But it is much harder to block if they actually use legitimate looking packets for protocols that get out rather then just it's port. So people have encapsulated IP within real HTTP traffic. Better yet they'll use ICMP or even DNS to carry your traffic. I find the DNS one particularly amusing because it uses your nameserver to redirect the traffic even if the host isn't given any outside access.
What's even better is you can run this server in a sandbox with very limited system privileges and the game executable needs no modification. I've never seen a scene release with malware but I have seen a couple in some independent cracks.
I'd like to setup a computer that all it does is run a dictionary attack (w/ munging) against the passwords. As soon as it hits on a user that account is marked as due for a password change. Let people pick their passwords that will last 3 days. Eventually they'll pick something decent just to avoid the constant pw changes. Then one night I'd walk around and swap everyone's postit notes between desks.
(Wine in Ubuntu used to set the minimum mmap address to zero, I'm not sure whether it still does)
Okay that's scary. Seriously reenabling a known exploit is not a workaround any distro should be using. I checked my box and it was set to 0 with up to date karmic w/ wine, not anymore.
kind of pointless though, because there are still printers and pencils, and human memory if that fails.
If your employees are trying to violate your security, you'll never stop them reliably.
Instead you assume your employees are stupid and/or lazy. You make policies that when followed will prevent them from becoming a victim of social engineering or accidently leaking info. Plus if thumbdrives are prohibited then the act of having a thumbdrive on you is a security incident that's pretty hard to explain.
Re:Pound and a half and its too heavy?
on
iPad Review
·
· Score: 1
Yes. Even a magazine is too heavy, but usually you can rest it on your chair/lap until you need to turn the page. Now you have this gadget that needs lots of user input/interaction...hello gorilla arms. It isn't the ability to lift and hold the device or media, it is the need to continuously hold it and interact with it for long periods of time that becomes the problem.
I compiled some weights to compare items you hold in front of you (or don't in case of textbook):
Having had my ear to the ground in robotics for the last few years, it seems to me that this is a wasted effort. Much more fundamental problems in robot-human interaction, basic things like being able to track a moving object in the room, or walking on two legs without having each movement preprogrammed, have yet to be solved reliably.
But those problems are being worked on as well by many teams and by some that are very well funded. Research should be diverse because it's hard to predict what kind of breakthroughs may come out of it.
That said the problems you bring up are mostly research problems while this is mostly an engineering problem. As far as geeky engineering pursuits, I think this is a lot more productive then building life-size models of gundams. Not that I'd condemn that either.
MW2 was simply made in a different era. I mean, back then MS Flight Sim was one of, if not *the* biggest PC franchise of all
The different era is the standardization of computers. Back with the early mechwarriors not even mouses were a standard on all computers. The standard PC didn't have a sound card. You bought a sound card specifically for games (which is why sound cards have gameports for joysticks). Every PC game released in that era required setting up. So an extra $50 for a joystick and dozens of keybindings wasn't considered that much of a pain.
Nowadays PC games are standardized, they assume you have a keyboard+mouse (or are using an xbox gamepad). With DirectX it's mostly seamless for controls, sound, and video. Joysticks are a very niche product. What's common about mech/space/flight sims is they all basically require a joystick. Gamers with joysticks nowadays are so few that the market is small.
Copying has only become faster and cheaper. Now, more than ever, copyright is relevant.
Exactly why our copyright system is broken. It's designed for publishers not artists. Publishers are quickly going obsolete and we shouldn't be using copyright to prop them up.
I want them to do at least 80% less than they do, so if they waste a bunch of time on online games, that's okay with me.
Except lazy administrators are the most wasteful. They take the word of the contractor that pitches "Your town needs a monorail and we're your best choice" without challenging that statement or even reading the proposal. Then they'll sign off on cost overruns without investigating (eww more work). A diligent official will actually check into those details.
Do you also like sysadmins who play videogames rather then patch because patches might break things and right now the systems work?
WinXP, FoxIT (in sandboxie): No warning, got the calc popup (still within sandbox)
Scary stuff, noscript blocks pdf's for me but I'll be more careful with whitelisting until this is fixed. It's always been a good rule of thumb to never open untrusted PDF's. I think this weekend I'll configure my firefox to run in sandbox by default.
The term implies that if a person had a skull as delicate as the shell of an egg, and a tortfeasor who was unaware of the condition injured that person's head, causing the skull unexpectedly to break, the defendant would be held liable for all damages resulting from the wrongful contact, even if
1. such damages were not reasonably foreseeable, or
2. the tortfeasor did not intend to cause such a severe injury.
Military medical care is very unique. It's hard to say how it would scale. Doctors are officers that have real authority. Active duty can get in legal trouble for not following doctor's orders or missing appointments. It deals with far more amputees and special treatments not seen as commonly in civilian world. But for the whole they are in far better shape (they have to make it 20years passing PT tests and weight standards). It's also pretty common to see marriages of convenience where the spouse couldn't get healthcare any other way then marrying military. I don't think it's fair to use military medical as the example although I can't judge which way it's biased.
Slashdot Mirror
Good for you, you must be running a lot more permissively then I'm willing to. But the problem isn't the bug, it's CIS response to the widespread problem. I wouldn't trust a home router that said just turn on upnp because there was bugs with port forwarding.
This is double plus funny as Steam doesnt let you own anything, you merely borrow software and Steam can take it away at any moment.
His point is clear, convenience is king. Steam is more convenient then pirating (oh a new patch, uncrack, patch, find new crack two weeks later). Steam is more convenient then media (now where did I put that disc). How long do you expect your games to work before the authentication servers go down or it's not compatible with modern OS. So does owning even matter? If you want to go back you have a lot of work in front of you anyways (dosbox is still awesome).
If steam ever stops working then I'll just pirate (the games will be there) but until then Steam's more convenient. Money isn't the issue, I don't pirate to save money, I pirate when it's more convenient. Nintendo should learn from the flashcarts.
The black screen bug doesn't effect you since it is limited to 64bit windows 7. So I'll inform you it effects basically every use of directx for fullscreen, If CIS attempts to make a popup. It's well-documented in the forums with hundreds of threads and they all get a response linking to that thread "Just put in it in trusted mode". The link may have been written by a guest, but it was also stickied and that's the intended solution they link to all over the place. I don't fault them for not working properly on 64bit win7, updating takes time (CIS still hasn't fixed this bug). I fault them for a response that leads to gaping security hole. This and their controversy over selling unverified SSL certificates and I've lost faith in them.
Comodo is a good start for people to do a simple baseline of security (and it's at least that, signature based AV are worse then useless). It's a good concept with some massive holes by design. Training mode will make massive whitelists (on unrelated apps) that skirt around your blacklists, it's just an insane implementation. It shows a design philosophy of usability over security policy.
"a trusted system is one which can break your security policy"
That is why I highly recommend Comodo Internet Security as it is free for personal use, so no subscriptions to run out, low resource ( according to process explorer it is using a whole 15Mb and 0% CPU while running both the firewall and AV) and most importantly IT WORKS.
Comodo is snake oil. The concept of use is when you install new software put it in training mode. Except training mode isn't per application, it's systemwide and if any process does something you blocked before, it now gets whitelisted. There is a known problem that with full screen games that if comodo tries to popup at all the computer locks up on quitting the game. Comodo's response, mark the game trusted or put it in training mode.
https://forums.comodo.com/frequently-asked-questions-faq-for-comodo-firewall/a-note-to-gamers-t20008.0.html
http://www.google.com/search?q=comodo+black+screen
So if you have a program that you don't explicitly trust that uses fullscreen mode there's no way to handle it securely with comodo. Worse if you run a program while comodo is protecting you, that program can go to fullscreen mode and crash computer from a user account. Some protection that is...
You do know Valve has promised to patch around Steam authentication if the shit ever does hit the fan?
Unless it's already made and in escrow you can be sure they won't release one:
1. If the shit hits the fan it's too late, how are they going to pay to develop that patch?
2. If they're going bankrupt it's because they're in debt. Do you think their creditors will let them give away something they perceive as having value?
Why does so much of US law rest on precedent, when it's obvious that past rulings are sometimes (often) flawed? Please, don't say "because we always have."
Imagine if the betamax case didn't cause precedent. Every time someone released a product with a record functionality, they'd go through a lawsuit only to be decided on the whim of whatever judge they had that day. Some products get the seal of approval, some are marked illegal. It'd be chaos.
Precedent allows you to predict the outcome of that case without spending millions developing the product first.
I don't know much about python, but if you're using Integer data types, you're taking the wrong approach... 206 * 2 / 3
This story would be much more interesting if they did use integer division as 2 / 3 * 206. In fact since the law didn't declare the type for number_of_votes, I suggest we fall back to fortran conventions.
If by CYA you mean they've opened themselves up to even more legal liability, then yes.
What's worse it's them acknowledging that they know the person selling it to them didn't have a legal claim of ownership. Finder's keepers isn't a legal term. http://en.wikipedia.org/wiki/Lost,_mislaid,_and_abandoned_property
I could care less about "trade secrets", if the engineer leaked it to gizmodo that's one thing (and I won't discount that possibility). But for Gizmodo to come out and say they know the true owner but don't want to return it is bullshit.
Actually, it's more like: INTERNET -> PORT22, since just about anything can be sent through an ssh tunnel. And the encryption makes most types of deep packet inspection impossible.
You missed his point which wasn't about the protocol, but the port being used. If you use port 22, it'll be blocked many places because they don't want to allow you to ssh. If you use port 443 it'll be allowed since https is "necessary", even if you're using 443 to carry your ssh traffic. What's sad is seeing other services move to 443 to be more accessible. Most usenet providers offer SSL encrypted NNTP on port 443 (despite having an RFC port specifically for nntps).
But it is much harder to block if they actually use legitimate looking packets for protocols that get out rather then just it's port. So people have encapsulated IP within real HTTP traffic. Better yet they'll use ICMP or even DNS to carry your traffic. I find the DNS one particularly amusing because it uses your nameserver to redirect the traffic even if the host isn't given any outside access.
4 - Finally, run server.exe and start your game.
What's even better is you can run this server in a sandbox with very limited system privileges and the game executable needs no modification. I've never seen a scene release with malware but I have seen a couple in some independent cracks.
I know you are joking, but this kind of stuff is actually very important to historians.
Plus in twenty years when the current college crowd is running for public office we will have all sorts of shit to dredge up.
I'd like to setup a computer that all it does is run a dictionary attack (w/ munging) against the passwords. As soon as it hits on a user that account is marked as due for a password change. Let people pick their passwords that will last 3 days. Eventually they'll pick something decent just to avoid the constant pw changes. Then one night I'd walk around and swap everyone's postit notes between desks.
(Wine in Ubuntu used to set the minimum mmap address to zero, I'm not sure whether it still does)
Okay that's scary. Seriously reenabling a known exploit is not a workaround any distro should be using. I checked my box and it was set to 0 with up to date karmic w/ wine, not anymore.
The problem is that now if you want to get into NSA's network (being an employee, I mean), you will HAVE to run Windows.
Says who?
Have you tried setting up SELinux? It being invented by the NSA is proof that NSA doesn't use linux. No sane person would want to use it.
kind of pointless though, because there are still printers and pencils, and human memory if that fails.
If your employees are trying to violate your security, you'll never stop them reliably.
Instead you assume your employees are stupid and/or lazy. You make policies that when followed will prevent them from becoming a victim of social engineering or accidently leaking info. Plus if thumbdrives are prohibited then the act of having a thumbdrive on you is a security incident that's pretty hard to explain.
Yes. Even a magazine is too heavy, but usually you can rest it on your chair/lap until you need to turn the page. Now you have this gadget that needs lots of user input/interaction...hello gorilla arms. It isn't the ability to lift and hold the device or media, it is the need to continuously hold it and interact with it for long periods of time that becomes the problem.
I compiled some weights to compare items you hold in front of you (or don't in case of textbook):
Wii Remote / Nunchuk: 3.1oz / 2.6oz
1984 Paperback 248pgs: 5.6oz
Kindle: 10.2oz
People Magazine: 11.5oz
Kindle DX: 19oz
War and Peace paperback 1424pgs: 19oz
Ipad: 25oz
Average Physics Textbook: 58oz
Having had my ear to the ground in robotics for the last few years, it seems to me that this is a wasted effort. Much more fundamental problems in robot-human interaction, basic things like being able to track a moving object in the room, or walking on two legs without having each movement preprogrammed, have yet to be solved reliably.
But those problems are being worked on as well by many teams and by some that are very well funded. Research should be diverse because it's hard to predict what kind of breakthroughs may come out of it.
That said the problems you bring up are mostly research problems while this is mostly an engineering problem. As far as geeky engineering pursuits, I think this is a lot more productive then building life-size models of gundams. Not that I'd condemn that either.
MW2 was simply made in a different era. I mean, back then MS Flight Sim was one of, if not *the* biggest PC franchise of all
The different era is the standardization of computers. Back with the early mechwarriors not even mouses were a standard on all computers. The standard PC didn't have a sound card. You bought a sound card specifically for games (which is why sound cards have gameports for joysticks). Every PC game released in that era required setting up. So an extra $50 for a joystick and dozens of keybindings wasn't considered that much of a pain.
Nowadays PC games are standardized, they assume you have a keyboard+mouse (or are using an xbox gamepad). With DirectX it's mostly seamless for controls, sound, and video. Joysticks are a very niche product. What's common about mech/space/flight sims is they all basically require a joystick. Gamers with joysticks nowadays are so few that the market is small.
Copying has only become faster and cheaper. Now, more than ever, copyright is relevant.
Exactly why our copyright system is broken. It's designed for publishers not artists. Publishers are quickly going obsolete and we shouldn't be using copyright to prop them up.
I want them to do at least 80% less than they do, so if they waste a bunch of time on online games, that's okay with me.
Except lazy administrators are the most wasteful. They take the word of the contractor that pitches "Your town needs a monorail and we're your best choice" without challenging that statement or even reading the proposal. Then they'll sign off on cost overruns without investigating (eww more work). A diligent official will actually check into those details.
Do you also like sysadmins who play videogames rather then patch because patches might break things and right now the systems work?
WinXP, FoxIT (in sandboxie):
No warning, got the calc popup (still within sandbox)
Scary stuff, noscript blocks pdf's for me but I'll be more careful with whitelisting until this is fixed. It's always been a good rule of thumb to never open untrusted PDF's. I think this weekend I'll configure my firefox to run in sandbox by default.
Otherwise known as eggshell skull rule.
The term implies that if a person had a skull as delicate as the shell of an egg, and a tortfeasor who was unaware of the condition injured that person's head, causing the skull unexpectedly to break, the defendant would be held liable for all damages resulting from the wrongful contact, even if
1. such damages were not reasonably foreseeable, or
2. the tortfeasor did not intend to cause such a severe injury.
The ubuntu version of sandboxie is apparmor. You can install apparmor-profiles that include profiles for a lot of apps.
https://help.ubuntu.com/community/AppArmor?action=fullsearch&context=180&value=linkto%3A%22AppArmor%22
Since Ubuntu 9.10 (Karmic), AppArmor ships with a profile for Firefox which is disabled by default.
You can enable it using the following command:
sudo aa-enforce /etc/apparmor.d/usr.bin.firefox-3.5
I don't understand why you think that the government won't reflect this disparity?
I wasn't clear, government runs into same problems. I'd just rather government deciding when someone gets cutoff.
Military medical care is very unique. It's hard to say how it would scale. Doctors are officers that have real authority. Active duty can get in legal trouble for not following doctor's orders or missing appointments. It deals with far more amputees and special treatments not seen as commonly in civilian world. But for the whole they are in far better shape (they have to make it 20years passing PT tests and weight standards). It's also pretty common to see marriages of convenience where the spouse couldn't get healthcare any other way then marrying military. I don't think it's fair to use military medical as the example although I can't judge which way it's biased.