They said it was not secure because it "may contain unfixed security issues".
That statement was 100% true for every earlier version of TrueCrypt and every single piece of software ever created. Including dm-crypt, your recommendation.
Steve has a lot of hate coming from the traditional hacker community, some of it for good reasons. He got started in all this trying to defend himself from some attacks, and definitely made some noob mistakes. In particular, he made the mistake of lumping in penetration testers (white hats) with criminal hackers (black hats). That generated a lot of hate from the pen tester community and many labled him a fraud and never looked back.
His biggest offense seems to be that he is not of, and does not participate in, the traditional hacker/pen tester community.
I think it is very telling that none of his detractors are actually point out problems in his proposal for SQRL. They are relying entirely on "we all know Steve Gibson is a fraud" arguments.
Start using LastPass. Pick a single, strong password for it and then let it auto generate and remember all your passwords. It is a robust and secure system and you are not entrusting your secrets to anyone - all the encryption is done client-side and LastPass themselves are only storing ciphertext.
A full security analysis and examination of its capabilities can be found here:
The reference is this blog posting over at Foreign Policy which was posted back in March:
http://shadow.foreignpolicy.com/blog/5630
The test was of a sub-orbital kill vehicle intercepting a sub-orbital target, both launched from ballistic missiles. There was no orbital debris generated and a satellite was not destroyed. This can be verified by looking at NASA's Orbital debris Quarterly Reports as well as the satellite catalog on Space Track:
http://www.orbitaldebris.jsc.nasa.gov/newsletter/newsletter.htmlhttp://www.space-track.org/perl/login.pl
However, because the same technology can be used for both hit-to-kill missile defense and hit-to-kill ASATs, the test can be seen as another test of China's ASAT capability, in the same way as the destruction of USA 193 (a satellite) by the US Aegis missile defense system
On Episode 133 of Security Now, Steve Gibson does a test to try and calculate the overhead of Truecrypt and comes up with a number in the single percents. The test was to defrag an image with whole disk encryption and without and compare the times.
Quote: "The near absence of gravity (microgravity)"
Hate to break it to people but there is gravity in space. Otherwise, what keeps the satellites and Moon in orbit? In fact, at the altitude the space station orbits, the Earth's gravity is about 88.9% as strong as it on the Earth's surface.
One of the biggest mistakes in the history of science was the term "zero-gee" which people assumed meant "zero-gravity" when in fact it means "zero force due to the acceleration from gravity". A "gee" is the amount of force gravity exerts at sea level.
Microgravity doesn't mean that gravity is 10^-6 what it is on Earth - it means that the force resulting on an object due to gravity is 1 million times less than what it is on Earth, and thus you get all the nice effects mentioned in the article.
Remember back in the old days when there was one monster mainframe that served all the users and access to it was tightly controlled? Then we discovered the wonders of having thousands of smaller computers all networked together, giving incredible flexibility and scaling?
That's what this is for satellites. Instead of having billion-dollar single point failures floating around in space, DARPA is trying to develop the technologies to have constellations of tens, hundreds, thousands of smaller satellites working together in an integrated mesh network. A network that can be improved by launching new nodes with upgraded features, one with fault tolerance in case of node failure.
F6 is one of the precursor technologies to be able to do this. And yes, like many things in space it can be used for evil purposes just as it can be used for good.
In his book "The Physics of Immortality" Dr. Frank Tipler puts forth a mathmatical proof for the existence of "God" (what he calls the Omega Point) and the ressurection. A very interesting read.
One of the testable results of his proof was that the Higgs bosun had to have a certain mass for the universe to collapse in the specific way needed to create the Omega Point.
Tipler's theory is still controversial and unlikely to be proven true given the recent findings out the amount of mass in the universe and that it is still acceleration away but still a really interesting read.
This is a reason NOT to get Vists. Stop and go back and listen to the Security Now! episode linked above.
Writing a new stack from the ground up is a VERY BAD IDEA from a security perspective. Why? Because you have no idea what weaknesses, exploits, buffer vulnerabilites, etc are written in your brand new stack. The stack in WinXP was really good for only one reason - Microsoft simply copied a UNIX stack that had been around for ages and had already had a ton of bugs fixed.
Now, all that is scrapped and written from the start. Who knows how many mistakes that were already made and fixed in the past were re-made in Vista.
I have been cautioned by others with startup experience that without sufficient capital to defend the patent you might as well not have the patent in the first place. There is nothing to prevent a competitor with more resources from exploiting it. And even if you do have the funds, defending it be a very lengthy process with many appeals, all the time you could be bleeding more cash than your competitor. How serious of a concern should this be for an open-source software project and should funds for patent defense be part of the original VC outlay and planned for from the beginning?
Recently the Economist did a large report on Globalization and the effects on economies. They reached several of the same conclusions, but had differing reasons for them. Across the board they see that Globalization has improved many significant economic factors in both the 1st world and developing world. However, those increases are NOT being passed on to the middle class - there is no appreciable increase in real wages nor increase in jobs.
So where is the money going? In short, to the top 1%. In the last 10 years the revolution in worker efficiency brought about by computers and technoloy in general has resulted in little to no increase in wages for the middle class but HUGE leaps in profits for those at the top.
Bottom line, globalization isn't the problem. It is proven that implemented correctly, it can lift both economies. The problem has been with that implementation. As usual, those with the money and the power use their influence to tap it before it gets to us working slobs and thus grow richer.
If you RTFA Apple is not screwing the artist. They are taking a fairly reasonable share (around 30%), most of which goes to pay for infrastructure, bandwidth, etc. The record labels are taking 65% to pay for advances, marketing, and other "fees". The artist ends up with around 5%.
This is a completely fucked up model. And what is sad is that the record labels have been doing this to artists for DECADES. Why is the only person in the loop that has creativity/talent/unique ability getting 5% of the money while all of the suits, lawyers, and management are sucking up 65%? I can understand some cost in production, but with modern technology you can do it for a few grand in software and hardware in your home.
iTunes/Apple is not the problem. The are just bringing to light the awful business practices of the record labels and the way they treat their slave labor....I mean artists.
Sony has put clauses in the Blue Ray licensing agreement that prohibits a manufacturer from building a drive capable of playing both Blue-Ray and HD-DVD. If they do, Sony can yank their Blue-Ray license.
The Air Force has officially labeled all web-based emails (Yahoo, MSN, Hotmail, Juno, Gmail, etc) as serious threats to network security. As such, starting at the end of this month they are going to be blocking access to all web email sites at our base.
Of course, we are still using Windows, IIS, IE, and Outlook on all our systems. I guess Gmail is more of a security threat than any Microsoft products...
Seriously folks, why is everyone jumping on Netflix for actually earning a profit? Is making money now considering evil? They still provide a great service and those who want to "abuse" it (maybe push the envelope is a better term) cost them money. So they throttle that behavior back. Big deal.
Would you rather that Netflix bled money and eventually went under? Or were bought by Blockbuster? Does anyone remember the extrememly shady business practices that Blockbuster used before they had competition in Netflix? Can you imagine life where you choice was Blockbuster (free to go back to old tactics) and DRMd video on demand from your cable company that you had to pay for every time you watched and couldn't copy?
As one of the heavy users affected by this I'm not thrilled. But I will be one to admit I was abusing the service by ripping copies as soon as the movies arrived and sending them back. So I cannot blame Netflix for this. If you do, you are a hypocrite. You are abusing a service provided by a company to make illegal copies of products you don't own, and then when they do something about it you bitch and moan. Now, I'm sure there are a few out there who will reply with "But I actually watch 25 movies a month". Rest assured that you are a tiny portion of the user base. I feel sorry for you but what did you really expect? Everything for free?
Netflix, as a company whose goal is TO MAKE A PROFIT and not provide us will unlimited movies, has every right to do this. They either throttle heavy users, or charge more for subscriptions and/or excessive postage. We as users have every right to not user their service.
Accepting would only hurt Intel so there is absolutely no reason why they should take the challenge. I mean come on, they are in the business of making money, not proving a community of geeks right.
AMD has scored some points with this challenge but IMHO missed a huge opportunity. They should have started an ad campaign pointing out that all the P4 class products that Intel has dumped on the world were sub-par to their own.
Intel presentations today were full of hyping a per watt performance. I would have immediately launched an ad campaign that showed exactly where Intel stood with it's current desktop and server offerings in a per watt basis.
It really pisses me off how a company can talk up its products and convince a ton of people to buy them, then turn around and say that they really sucked and they just managed to sucker people in with marketing and brand name recognition.
Of the $0.99 charged for each song, approximately $0.70 goes to the label. Apple said in an article shortly after the iTMS launch that its costs of hosting and distribution were around $0.30 and that is basically was making zero profit on all iTMS downloads.
So basically right now the music labels are making 100% profit on the iTMS sales and think that the prices need to go up. Why? Because they feel that the online music business is taking away from their CD sales.
Think about that for a second. There are two modes of thought. One, they are making 100% profit on a revenue stream and want to make MORE money on it because its taking away from their other revenue stream.
Two, they feel that online music sales are so good that they are priced below what the market would support and thus in their mind are losing money since they could be charging more.
Either way, this is just another example of both the greed and the ignorance of the music labels when it comes to the new marketplace.
And I can tell you that aside from some of the information delivery, none of our threat detection system is automated. There are many humans in the loop and you can bet that when this happens we will know about it beforehand that it should be a space launch and not a missile threat.
This guy on one of my mailing lists claims Firefox has a huge security hole as compared to IE. His post:
After using Firefox far more aggressively I am a pleased to say it does
quite a bit. Very nice plugin support and very nice extensions for web
developers. Also, because it does not support active X at all, it has a
decent layer of security.
However, it has some very serious drawbacks. Firefox claims it is using
a cutting edge framework and avoided the "per process" feature that IE
has. This means IE lets me spawn a new IE process on demand if I wanted
to. This has a lot of pros, including
- security from cross-site scripting attacks, if you auth into one site,
the other can never see your session cookies
- isolation from crashing, one bad IE can only kill it's children, if
you spawn a new instance on demand you restrict your damage
- shut down plugins on demand to keep things very light, if my new IE
spawn uses Java, I can kill that and still keep my existing IE windows.
- lets me login to the same website multiple times with different
credentials, this is handy for web devs and power users.
Unfortunately, the Mozilla framework, in their infinite wisdom decided
not to support "per process" or even make it an option. A big surprise
coming from people who planned on allowing extensions.
So now if someone does trick me into opening a URL and knows my web site
habits, I will be vulnerable to a cross-site scripting attack. Of
course, the Mozilla developers vehemently deny this, yet this is an
ancient Bugtraq CSS attack technique that has been around for years.
They claim it's not common, is that why a "tiny" army of people have
already complained?
They claim IE's way is not intuitive, could have fooled me. I can
launch multiple spawns in about 1-2 seconds thanks to the way IE
defaults to new spawn process via shortcut.
They claim it's secure. That's why kiosk developers have already
complained that it makes it difficult if not impossible to run a serious
kiosk?
Their "workaround" was to run as a different profile on demand? That
means I have to save all tabs, shutdown everything, then restart as a
different profile? Sorry, I actually keep my machine running for months
on end with IE Windows nested far up my taskbar (I dont' use XP, I hate
the "bundled taskbar windows idea"). Now I have to kill all of them
before I open a foreign URL in fear of Cross-site scripting? And thanks
to the ridiculous load up time (which I cannot blame them entirely for),
this makes it more expensive to do.
Sorry, just that the Mozilla developer's attitude is disgusting. A
Mozilla developer insisted "per process was monolithic" and this issue
was only a big deal "three years ago".
(https://bugzilla.mozilla.org/show_bug.cgi?id=8617 4) Gee, this is the
same stupid behavior Netscape used for years. So where is the "cutting
edge" non-monolithic feel? Because, running a handful of browser
windows at a time and being forced to close every single one out sure
feels more monolithic to me. That's exactly the reason why Unix GUI
browsers were horrible for power users, and now it turns out Firefox
heads just re-continued the monolithic thinking. Good job!
The Firefox developers insisted this isn't a security issue (oh but it
is), insisted it is a pointless feature (web devs and power users use
this all the time), and insisted no one does this (right, that's why now
they are seeing flak beyond flak?).
I totally understand if they cannot fix it easily due to their poor
design choice early on. However, their rational for being unable to do
so is a huge cop out. Their poor design skill in the beginning only
made me wonder once again, how grounded to reality are these open source
developers?
Ok so is this just FUD or is he on to something? He claims a pretty big security hole, one that I don't think I have seen discussed here or elsewhere. I'm by no means a security expert but this sounds pretty serious to me.
I agree with you that physically our evolution as a species is slowing down considerable. But that doesn't mean we have stopped evolving. What about social evolution? I would argue that plays as big a role in shaping/changing the future of our race as physical characteristics.
As we evolve socially different things become important. Life started with a focus on gathering food and survival. It then shifted to agriculture and building basic societies. Hopefully at some point technology will be able to take care of most - if not all - of basic human needs. Think Star Trek for a perfect world example. You are already seeing people start to question why they are here and what is the point to existence and that there has to be something more to life than just working a job and buying things.
Hopefully when we get to the point where we don't have to worry about food/shelter/survival/money we can focus instead on more important things like colonization of other worlds, intellectual development, spiritual development, and ecology.
You hit on a great point. The answer to the whole debate is how do you define a human being? Of course it can't be anything physical because you can always find someone with a birth defect. The same thing for a social aspect - "savage" humans raised by animals are rare but stil exist and you will always have humans with various mental disorders.
You have to base the definition on science and genetics. The best I can come up with is to define a human being as an organism with 23 pairs of chromosomes. Of course that begs the question - when do you have 23 pairs of chromosomes? Sperm and eggs don't count as they each have half. But a fertilized egg has the full complement. Thus by this definition a human being occurrs at conception.
Of course now you have the problem of ethics and morality. If this is indeed how you define a human being, any kind of monkeying or destruction of this fertilizted egg should be considered some level of murder. On one hand you can say that masturbation and contraception are not "sins" but on the other hand aborion is one.
Sticky subject, especially for someone like me who wants to see stem cell research progress.
If you believed the evidence that was presented at the time then voting for war was the only option (as it happens I didn't believe the evidence, but that is a freedom a popularly elected official doesn't really have if he wants to be re-elected)
So you are saying that you knew better than every Congressman on the intellgence committee, the CIA, British Intelligence, and the UN Weapons Inspectors?
Or are you saying that all of the above knew the truth just like you but choose to do the wrong thing because they felt the public wouldn't re-elect them?
Am I the only one concerned about lack of speed?
on
The Ultimate MacDate
·
· Score: 1
Let me get this straight. You have a DUAL 2.5 GZ system with half a gig of memory, and running office is sluggish? Dragging and dropping pictures taxes the system???
I give Mac 1,000,000 bonus points when it comes to the design and usability of the OS and wish very much they could port it to x86, but am I the only one here who thinks it should perform a little better? I'm still running my WinXP system on a 1.6 Ghz Tbred with 1 Gig of RAM and it doesn't slow down a hitch unless I start doing CPU intensive multitasking, like video encoding + multiple browser windows + mp3 playback.
I fear the same thing is going to happen with Longhorn. Between Avalon and the 3D desktop and everything else I fear it's going to slow the system to a crawl unless you have top of the line hardware. And donning my tinfoil hat, maybe that's the point - the industry is now choosing to boost lagging hardware sales through the OS instead of just games.
Looking at the performance of OSX doing non-CPU intensive tasks I can't help but think that Apple has already gone that route.
Is it too much to ask for a simple, clean, effecient UI that has multitasking convenience built-in without fancy graphics and translucence and animations and all the other useless crap?
Anti-matter weapons are radioactive in the same way as neutron bombs - a burst of gamma radiation. But they are NOT like fission bombs in releasing radioactive particles.
In a fission reaction the fallout comes from two sources. The first is the by-products of the fission reaction. I believe it is radioactive isotopes of Cesium and Potassium. This radioactive particles combine with the uranium/plutonim that did not fission and get distributed as fallout.
A pure fusion bomb, e.g. neutron bomb, has only a fusion reaction and thus theoretically produces no radioactive fallout. However in practice a fission reaction is used to create the pressure and heat needed to start the fusion reaction.
Slashdot Mirror
They said it was not secure because it "may contain unfixed security issues". That statement was 100% true for every earlier version of TrueCrypt and every single piece of software ever created. Including dm-crypt, your recommendation.
Steve has a lot of hate coming from the traditional hacker community, some of it for good reasons. He got started in all this trying to defend himself from some attacks, and definitely made some noob mistakes. In particular, he made the mistake of lumping in penetration testers (white hats) with criminal hackers (black hats). That generated a lot of hate from the pen tester community and many labled him a fraud and never looked back. His biggest offense seems to be that he is not of, and does not participate in, the traditional hacker/pen tester community. I think it is very telling that none of his detractors are actually point out problems in his proposal for SQRL. They are relying entirely on "we all know Steve Gibson is a fraud" arguments.
A full security analysis and examination of its capabilities can be found here:
http://www.grc.com/securitynow.htm#256
The reference is this blog posting over at Foreign Policy which was posted back in March: http://shadow.foreignpolicy.com/blog/5630 The test was of a sub-orbital kill vehicle intercepting a sub-orbital target, both launched from ballistic missiles. There was no orbital debris generated and a satellite was not destroyed. This can be verified by looking at NASA's Orbital debris Quarterly Reports as well as the satellite catalog on Space Track: http://www.orbitaldebris.jsc.nasa.gov/newsletter/newsletter.html http://www.space-track.org/perl/login.pl However, because the same technology can be used for both hit-to-kill missile defense and hit-to-kill ASATs, the test can be seen as another test of China's ASAT capability, in the same way as the destruction of USA 193 (a satellite) by the US Aegis missile defense system
Wow - this has to be in the Top 10 Worst Article Summaries ever on Slashdot. And why is the link pointing to a CSMonitor dupe instead of the original story at Space.com which has the best coverage? Most of the other commenters already pointed out the problems (it's not a GPS satellite, the libration points are not Earth-Moon Lagrange points, etc), so I will just point everyone to the real articles with real facts on this story: http://www.space.com/news/out-of-control-satellite-threatens-others-sn-100503.html http://www.space.com/news/zombiesat-galaxy-15-shutdown-fails-sn-100505.html
Transcript:
http://www.grc.com/sn/sn-133.htm
Hate to break it to people but there is gravity in space. Otherwise, what keeps the satellites and Moon in orbit? In fact, at the altitude the space station orbits, the Earth's gravity is about 88.9% as strong as it on the Earth's surface.
One of the biggest mistakes in the history of science was the term "zero-gee" which people assumed meant "zero-gravity" when in fact it means "zero force due to the acceleration from gravity". A "gee" is the amount of force gravity exerts at sea level.
Microgravity doesn't mean that gravity is 10^-6 what it is on Earth - it means that the force resulting on an object due to gravity is 1 million times less than what it is on Earth, and thus you get all the nice effects mentioned in the article.
Remember back in the old days when there was one monster mainframe that served all the users and access to it was tightly controlled? Then we discovered the wonders of having thousands of smaller computers all networked together, giving incredible flexibility and scaling?
That's what this is for satellites. Instead of having billion-dollar single point failures floating around in space, DARPA is trying to develop the technologies to have constellations of tens, hundreds, thousands of smaller satellites working together in an integrated mesh network. A network that can be improved by launching new nodes with upgraded features, one with fault tolerance in case of node failure.
F6 is one of the precursor technologies to be able to do this. And yes, like many things in space it can be used for evil purposes just as it can be used for good.One of the testable results of his proof was that the Higgs bosun had to have a certain mass for the universe to collapse in the specific way needed to create the Omega Point.
Tipler's theory is still controversial and unlikely to be proven true given the recent findings out the amount of mass in the universe and that it is still acceleration away but still a really interesting read.
Writing a new stack from the ground up is a VERY BAD IDEA from a security perspective. Why? Because you have no idea what weaknesses, exploits, buffer vulnerabilites, etc are written in your brand new stack. The stack in WinXP was really good for only one reason - Microsoft simply copied a UNIX stack that had been around for ages and had already had a ton of bugs fixed.
Now, all that is scrapped and written from the start. Who knows how many mistakes that were already made and fixed in the past were re-made in Vista.
I have been cautioned by others with startup experience that without sufficient capital to defend the patent you might as well not have the patent in the first place. There is nothing to prevent a competitor with more resources from exploiting it. And even if you do have the funds, defending it be a very lengthy process with many appeals, all the time you could be bleeding more cash than your competitor. How serious of a concern should this be for an open-source software project and should funds for patent defense be part of the original VC outlay and planned for from the beginning?
Recently the Economist did a large report on Globalization and the effects on economies. They reached several of the same conclusions, but had differing reasons for them. Across the board they see that Globalization has improved many significant economic factors in both the 1st world and developing world. However, those increases are NOT being passed on to the middle class - there is no appreciable increase in real wages nor increase in jobs.
So where is the money going? In short, to the top 1%. In the last 10 years the revolution in worker efficiency brought about by computers and technoloy in general has resulted in little to no increase in wages for the middle class but HUGE leaps in profits for those at the top.
Bottom line, globalization isn't the problem. It is proven that implemented correctly, it can lift both economies. The problem has been with that implementation. As usual, those with the money and the power use their influence to tap it before it gets to us working slobs and thus grow richer.
This is a completely fucked up model. And what is sad is that the record labels have been doing this to artists for DECADES. Why is the only person in the loop that has creativity/talent/unique ability getting 5% of the money while all of the suits, lawyers, and management are sucking up 65%? I can understand some cost in production, but with modern technology you can do it for a few grand in software and hardware in your home.
iTunes/Apple is not the problem. The are just bringing to light the awful business practices of the record labels and the way they treat their slave labor....I mean artists.
Sony has put clauses in the Blue Ray licensing agreement that prohibits a manufacturer from building a drive capable of playing both Blue-Ray and HD-DVD. If they do, Sony can yank their Blue-Ray license.
Of course, we are still using Windows, IIS, IE, and Outlook on all our systems. I guess Gmail is more of a security threat than any Microsoft products...
Seriously folks, why is everyone jumping on Netflix for actually earning a profit? Is making money now considering evil? They still provide a great service and those who want to "abuse" it (maybe push the envelope is a better term) cost them money. So they throttle that behavior back. Big deal.
Would you rather that Netflix bled money and eventually went under? Or were bought by Blockbuster? Does anyone remember the extrememly shady business practices that Blockbuster used before they had competition in Netflix? Can you imagine life where you choice was Blockbuster (free to go back to old tactics) and DRMd video on demand from your cable company that you had to pay for every time you watched and couldn't copy?
As one of the heavy users affected by this I'm not thrilled. But I will be one to admit I was abusing the service by ripping copies as soon as the movies arrived and sending them back. So I cannot blame Netflix for this. If you do, you are a hypocrite. You are abusing a service provided by a company to make illegal copies of products you don't own, and then when they do something about it you bitch and moan. Now, I'm sure there are a few out there who will reply with "But I actually watch 25 movies a month". Rest assured that you are a tiny portion of the user base. I feel sorry for you but what did you really expect? Everything for free?
Netflix, as a company whose goal is TO MAKE A PROFIT and not provide us will unlimited movies, has every right to do this. They either throttle heavy users, or charge more for subscriptions and/or excessive postage. We as users have every right to not user their service.
AMD has scored some points with this challenge but IMHO missed a huge opportunity. They should have started an ad campaign pointing out that all the P4 class products that Intel has dumped on the world were sub-par to their own.
Intel presentations today were full of hyping a per watt performance. I would have immediately launched an ad campaign that showed exactly where Intel stood with it's current desktop and server offerings in a per watt basis.
It really pisses me off how a company can talk up its products and convince a ton of people to buy them, then turn around and say that they really sucked and they just managed to sucker people in with marketing and brand name recognition.
So basically right now the music labels are making 100% profit on the iTMS sales and think that the prices need to go up. Why? Because they feel that the online music business is taking away from their CD sales.
Think about that for a second. There are two modes of thought. One, they are making 100% profit on a revenue stream and want to make MORE money on it because its taking away from their other revenue stream.
Two, they feel that online music sales are so good that they are priced below what the market would support and thus in their mind are losing money since they could be charging more.
Either way, this is just another example of both the greed and the ignorance of the music labels when it comes to the new marketplace.
And I can tell you that aside from some of the information delivery, none of our threat detection system is automated. There are many humans in the loop and you can bet that when this happens we will know about it beforehand that it should be a space launch and not a missile threat.
After using Firefox far more aggressively I am a pleased to say it does quite a bit. Very nice plugin support and very nice extensions for web developers. Also, because it does not support active X at all, it has a decent layer of security.
However, it has some very serious drawbacks. Firefox claims it is using a cutting edge framework and avoided the "per process" feature that IE has. This means IE lets me spawn a new IE process on demand if I wanted to. This has a lot of pros, including - security from cross-site scripting attacks, if you auth into one site, the other can never see your session cookies - isolation from crashing, one bad IE can only kill it's children, if you spawn a new instance on demand you restrict your damage - shut down plugins on demand to keep things very light, if my new IE spawn uses Java, I can kill that and still keep my existing IE windows. - lets me login to the same website multiple times with different credentials, this is handy for web devs and power users.
Unfortunately, the Mozilla framework, in their infinite wisdom decided not to support "per process" or even make it an option. A big surprise coming from people who planned on allowing extensions.
So now if someone does trick me into opening a URL and knows my web site habits, I will be vulnerable to a cross-site scripting attack. Of course, the Mozilla developers vehemently deny this, yet this is an ancient Bugtraq CSS attack technique that has been around for years.
They claim it's not common, is that why a "tiny" army of people have already complained?
They claim IE's way is not intuitive, could have fooled me. I can launch multiple spawns in about 1-2 seconds thanks to the way IE defaults to new spawn process via shortcut.
They claim it's secure. That's why kiosk developers have already complained that it makes it difficult if not impossible to run a serious kiosk?
Their "workaround" was to run as a different profile on demand? That means I have to save all tabs, shutdown everything, then restart as a different profile? Sorry, I actually keep my machine running for months on end with IE Windows nested far up my taskbar (I dont' use XP, I hate the "bundled taskbar windows idea"). Now I have to kill all of them before I open a foreign URL in fear of Cross-site scripting? And thanks to the ridiculous load up time (which I cannot blame them entirely for), this makes it more expensive to do.
Sorry, just that the Mozilla developer's attitude is disgusting. A Mozilla developer insisted "per process was monolithic" and this issue was only a big deal "three years ago". (https://bugzilla.mozilla.org/show_bug.cgi?id=8617 4) Gee, this is the
same stupid behavior Netscape used for years. So where is the "cutting
edge" non-monolithic feel? Because, running a handful of browser
windows at a time and being forced to close every single one out sure
feels more monolithic to me. That's exactly the reason why Unix GUI
browsers were horrible for power users, and now it turns out Firefox
heads just re-continued the monolithic thinking. Good job!
The Firefox developers insisted this isn't a security issue (oh but it is), insisted it is a pointless feature (web devs and power users use this all the time), and insisted no one does this (right, that's why now they are seeing flak beyond flak?).
I totally understand if they cannot fix it easily due to their poor design choice early on. However, their rational for being unable to do so is a huge cop out. Their poor design skill in the beginning only made me wonder once again, how grounded to reality are these open source developers?
Ok so is this just FUD or is he on to something? He claims a pretty big security hole, one that I don't think I have seen discussed here or elsewhere. I'm by no means a security expert but this sounds pretty serious to me.
As we evolve socially different things become important. Life started with a focus on gathering food and survival. It then shifted to agriculture and building basic societies. Hopefully at some point technology will be able to take care of most - if not all - of basic human needs. Think Star Trek for a perfect world example. You are already seeing people start to question why they are here and what is the point to existence and that there has to be something more to life than just working a job and buying things.
Hopefully when we get to the point where we don't have to worry about food/shelter/survival/money we can focus instead on more important things like colonization of other worlds, intellectual development, spiritual development, and ecology.
You have to base the definition on science and genetics. The best I can come up with is to define a human being as an organism with 23 pairs of chromosomes. Of course that begs the question - when do you have 23 pairs of chromosomes? Sperm and eggs don't count as they each have half. But a fertilized egg has the full complement. Thus by this definition a human being occurrs at conception.
Of course now you have the problem of ethics and morality. If this is indeed how you define a human being, any kind of monkeying or destruction of this fertilizted egg should be considered some level of murder. On one hand you can say that masturbation and contraception are not "sins" but on the other hand aborion is one.
Sticky subject, especially for someone like me who wants to see stem cell research progress.
So you are saying that you knew better than every Congressman on the intellgence committee, the CIA, British Intelligence, and the UN Weapons Inspectors?
Or are you saying that all of the above knew the truth just like you but choose to do the wrong thing because they felt the public wouldn't re-elect them?
I give Mac 1,000,000 bonus points when it comes to the design and usability of the OS and wish very much they could port it to x86, but am I the only one here who thinks it should perform a little better? I'm still running my WinXP system on a 1.6 Ghz Tbred with 1 Gig of RAM and it doesn't slow down a hitch unless I start doing CPU intensive multitasking, like video encoding + multiple browser windows + mp3 playback.
I fear the same thing is going to happen with Longhorn. Between Avalon and the 3D desktop and everything else I fear it's going to slow the system to a crawl unless you have top of the line hardware. And donning my tinfoil hat, maybe that's the point - the industry is now choosing to boost lagging hardware sales through the OS instead of just games.
Looking at the performance of OSX doing non-CPU intensive tasks I can't help but think that Apple has already gone that route.
Is it too much to ask for a simple, clean, effecient UI that has multitasking convenience built-in without fancy graphics and translucence and animations and all the other useless crap?
In a fission reaction the fallout comes from two sources. The first is the by-products of the fission reaction. I believe it is radioactive isotopes of Cesium and Potassium. This radioactive particles combine with the uranium/plutonim that did not fission and get distributed as fallout.
A pure fusion bomb, e.g. neutron bomb, has only a fusion reaction and thus theoretically produces no radioactive fallout. However in practice a fission reaction is used to create the pressure and heat needed to start the fusion reaction.
See the Special Weapons Primer at http://www.fas.org/nuke/intro/nuke/index.html for more info.