Everyone who is recommending that people should run the 'disable-vmslice-if-exploitable' file should stop doing this!
The fix does patch the syscall, yes, BUT, in doing so it tests the exploit. From what i have gathered in testing this myself, exploiting the bug actually corrupts the kernel memory map leaving your system in an undefined state, absolutely anything could break, including the possibility of the filesystem driver writing crap to your disk. BEWARE if you use this fix, or take out the test mechanism!
As previous posters have said earlier, IPv6 will not be adopted fully by consumers until Joe Public can walk into dixons or PC world and buy a router that will do IPV6.
Not to mention these other types of device, which will have to be replaced or flashed, and this will have to be AFFORDABLE to both consumer, and supplier/provider:
* Certain types of cable modems * Cable set top boxes (how else will you do your video on demand streaming over an ipv6 network?) * Certain types of ADSL Modems * Games consoles (wouldnt this be a great place to use that QoS?) * Mobile phones * Ubiquitous computing (An IP6 enabled T-Shirt, coming soon to a slashdot near you)
Just to point out to all the people who keep saying "paypal are not a bank and can confiscate your money without any real reason", if you live in Europe, PayPal cannot do this. To quote the bottom of their page:
PayPal (Europe) Ltd. is authorised and regulated by the Financial Services Authority in the United Kingdom as an electronic money institution.
PayPal FSA Register Number: 226056.
OEM software (preloaded on hard disks and on pre-built machines) is NOT FREE. I cannot emphasise this enough.
The retail price of OEM windows XP pro is (last time i checked anyway) $219. This isnt very free if you ask me. If that's free, then i'll have "one cent" from you please.
All start at zero, all use the device driver's name, seems pretty straight forwards and standardized to me, or are you suggesting that everyone should just copy linux and somehow, being the youngest OS around, it is more correct?:-)
It seems most of the victims to suffer radiation poisoning and radiation burns were those cought in the initial blast, most of whom died two weeks to a month later (see page 4 of the article) -- being as the reporter was not actually in the initial blast maybe his exposure and risk of poisoning was factors of hundreds less? (IANA nuclear physicist). At other times where there have been nuclear disasters (think chenobyl) most of the people to die were those cought in the blast, and even then, the probability of survival was seemingly random (e.g. radiation is not a gauranteed killer, varying very much upon the type, duration and strength of exposure and sometimes, even the direction in which the wind is blowing to move radioactive materials/dusts around).
please mod the parent post up, this is the most sensible comment on this article and probably took more bravery to share than most of us could ever imagine.
The "stepping stone" argument in relation to porn already exists (however it is just an argument i beleive, nothing more). There is psychological evidence that people who view pornographic material in fact become de-sensitized to it, and over time, require more and more graphical images to get their kicks. I don't know if this is proven or a theory, but i do know that if it WAS true, all the teenagers that started off looking at titty pics when they were young (lets be honest all guys do) would ALL eventually become perverts and child molesters. In my opinion, it takes a certain type of mindset to end up becoming such a person.
"Locked memory will not be moved or discarded, unless the memory object is reallocated by using the GlobalReAlloc function. The memory block of a locked memory object remains locked until its lock count is decremented to zero, at which time it can be moved or discarded."
Best guess is mac os has something similar too, but don't ask me what it is because i dont know!:)
I think what's happened here is that "Anonymous Coward" knows what he wants to say but hasnt quite portrayed it correctly. You *do* get call centers full of people who dont know their modem from their network card, and only get buy on the flowchart theyre given for problem solving on the phone. This is not fault of the people doing the job, theyre not 'stupid', theyre just lacking the required skills to work in IT technical support. Having done technical support jobs for a while i can tell you that you get things done much faster and much easier if you have the basic knowledge about what you're supporting.
If your call center is really as bad as this, then yes, the buck stops at the management for having a poor recruitment and training process which fails to give new hires the right knowledge, and vet people who simply arent capable of IT support -- for example, i *know* i cant be a decorator or a lawyer, so i wouldnt apply for the job, but there are many people applying for work in the IT field with no experience, relying totally upon the training given by their first employer. Yes, everyone starts somewhere, and we must all start from the bottom of the ladder *however* if these people new to the field end up starting with an employer who isnt willing to train them, then their failure is all but assured and that really isnt fair.
Everyone has right to agree or disagree, this is the basis of democracy itself. If nobody had the right to disagree with others, no real decisions would be made and the laws which are put in place would not be representative of public opinion.
Actually, for point (3) its more likely that theyre using some other technology which isn't even radio based which we won't be able to detect at all -- we'll only be able to detect civilizations that are relatively equal to our own. If you're an advanced (spacefaring?) civilization why would you be using a technology which can only broadcast at the speed of light?
Yes, in their past they will be transmitting RF, but the amount of time that a civilization will spend sending out RF (compared to the total time they exist) will probably turn out to be relatively short (a long period of time before they develop radio transmitters then an even longer time possibly when they develop past using it)
The best way to keep your PK secure is to burn it to a CD, put the CD in a locked drawer, and only EVER put it in your machine when you want to sign anything.
The place i worked at before did something similar by putting their HTTPS certificates on a floppy disk in the firesafe. If you ask me, a floppy isnt durable enough;-)
I'm tired of seeing these idiotic "stories" on Slashdot and eWeek and their ilk all the time. It's NOT news and it DOESN'T matter although the only people that care are NERDS.
Errrrrm.... am i missing something? Doesnt it say in the title of this very site "News For Nerds"? I enjoy coming to this site and reading everyone else's opinions, especially about things they have no control over like this;-)
ive seen watches that are powered by induction like this, but is there enough wattage in induction for what the specs say? its a pretty low power method isnt it?
ultrasound would be useful, but ive no idea how much it would weigh. It may be useful to firefighters, law enforcement, etc, but in the case of firefighting, i doubt this contraption is fireproof enough;-)
Now we know what scientists get paid for;-) is this the same guy that calculated the exact amount of time to dunk a biscuit in some tea before it went soggy?
By reading this reply you declare all previous contracts signed or agreed by you as null and void, including contracts of employment, mortgage and marriage. By closing this page all monetary assets you own belong to me, and should be submitted by credit transfer directly to my bank account.
Hows that for a nasty contract?:) good job you can't sign it, huh;-)
As mentioned very briefly above, mailers to a system can be forced to pass a turing test before their mails are passed on.
all email inbound to server generates an auto reply to a locally run server (with mysql?) which asks the user to go to a page like the following:/server/page/mail?mailid=XYZ
mailid=XYZ is an id to the mail which has been moved to temp storage on mysql. It is held there until a user visits the site, or maybe for a 30 day holding period, until the sender passes a turing test. Queued mails may be viewed by an admin and marked as 'always allow based on {to|from}' or 'always deny' (to save on bandwidth or allow a mailing list)
The turing test would be a simple 'type the sequence of chars on this jpeg' turing test (as discussed above - http://ask.slashdot.org/article.pl?sid=03/11/17/22 47251&mode=thread&tid=111&tid=126&tid=98&tid=9 9 )
once a user passes the turing test once their from: address is allowed for an administrator-defiend amount of time (30 days, means that even if a spammer goes around manually activating his access to his victims, he has to do it again every 30 days to MILLIONS of addresses, would require an entirely new department to his organisation staffed by humans), or maybe a conversation can also be tagged by the system with a special mail header?:-)
Of course this would generate a lot of heavy volume reply, either back to a spammer, or back to some hapless poor guy/gal who's having their email address abused by the spammer. However, if this system was not in place, these would simply be bounce messages instead in most cases. In the long run it would add very little to the size of a spammer-victims mailbox, and benifit users greatly, as NO spammer is going to develop a program able to read numbers out of jpegs, or go and activate themselves manually every 30 days or whatever on each users system.
I'm thinking of coding this some time, maybe as a public domain or GPL project, youll probably soon hear about it if i get anywhere;)
Many peer to peer programs do not require an open port to function. Popular examples of this are kazaa and winMX, which are two of the most popular p2p clients out there.
Slashdot Mirror
Everyone who is recommending that people should run the 'disable-vmslice-if-exploitable' file should stop doing this!
The fix does patch the syscall, yes, BUT, in doing so it tests the exploit. From what i have gathered in testing this myself, exploiting the bug actually corrupts the kernel memory map leaving your system in an undefined state, absolutely anything could break, including the possibility of the filesystem driver writing crap to your disk. BEWARE if you use this fix, or take out the test mechanism!
As previous posters have said earlier, IPv6 will not be adopted fully by consumers until Joe Public can walk into dixons or PC world and buy a router that will do IPV6.
:)
Not to mention these other types of device, which will have to be replaced or flashed, and this will have to be AFFORDABLE to both consumer, and supplier/provider:
* Certain types of cable modems
* Cable set top boxes (how else will you do your video on demand streaming over an ipv6 network?)
* Certain types of ADSL Modems
* Games consoles (wouldnt this be a great place to use that QoS?)
* Mobile phones
* Ubiquitous computing (An IP6 enabled T-Shirt, coming soon to a slashdot near you)
The list is probably even larger than this
Just to point out to all the people who keep saying "paypal are not a bank and can confiscate your money without any real reason", if you live in Europe, PayPal cannot do this. To quote the bottom of their page:
PayPal (Europe) Ltd. is authorised and regulated by the Financial Services Authority in the United Kingdom as an electronic money institution. PayPal FSA Register Number: 226056.
OEM software (preloaded on hard disks and on pre-built machines) is NOT FREE. I cannot emphasise this enough. The retail price of OEM windows XP pro is (last time i checked anyway) $219. This isnt very free if you ask me. If that's free, then i'll have "one cent" from you please.
What is different?
:-)
All freebsd device names are in the form:
e.g. ad0, ad1... ed0, ed1... agp0, plip0...
All start at zero, all use the device driver's name, seems pretty straight forwards and standardized to me, or are you suggesting that everyone should just copy linux and somehow, being the youngest OS around, it is more correct?
> It is quiet. You are likely to be eaten by a slashdotter. >> Go east > You have been eaten by a grue. errrr, slashdotter.
It seems most of the victims to suffer radiation poisoning and radiation burns were those cought in the initial blast, most of whom died two weeks to a month later (see page 4 of the article) -- being as the reporter was not actually in the initial blast maybe his exposure and risk of poisoning was factors of hundreds less? (IANA nuclear physicist). At other times where there have been nuclear disasters (think chenobyl) most of the people to die were those cought in the blast, and even then, the probability of survival was seemingly random (e.g. radiation is not a gauranteed killer, varying very much upon the type, duration and strength of exposure and sometimes, even the direction in which the wind is blowing to move radioactive materials/dusts around).
please mod the parent post up, this is the most sensible comment on this article and probably took more bravery to share than most of us could ever imagine.
The "stepping stone" argument in relation to porn already exists (however it is just an argument i beleive, nothing more). There is psychological evidence that people who view pornographic material in fact become de-sensitized to it, and over time, require more and more graphical images to get their kicks. I don't know if this is proven or a theory, but i do know that if it WAS true, all the teenagers that started off looking at titty pics when they were young (lets be honest all guys do) would ALL eventually become perverts and child molesters. In my opinion, it takes a certain type of mindset to end up becoming such a person.
Just for information (not trying to prove anyone wrong or right) i believe this is what you are looking for on windows:
= /library/en-us/memory/base/globallock.asp
:)
http://msdn.microsoft.com/library/default.asp?url
The GlobalLock() function:
"Locked memory will not be moved or discarded, unless the memory object is reallocated by using the GlobalReAlloc function. The memory block of a locked memory object remains locked until its lock count is decremented to zero, at which time it can be moved or discarded."
Best guess is mac os has something similar too, but don't ask me what it is because i dont know!
I think what's happened here is that "Anonymous Coward" knows what he wants to say but hasnt quite portrayed it correctly. You *do* get call centers full of people who dont know their modem from their network card, and only get buy on the flowchart theyre given for problem solving on the phone. This is not fault of the people doing the job, theyre not 'stupid', theyre just lacking the required skills to work in IT technical support. Having done technical support jobs for a while i can tell you that you get things done much faster and much easier if you have the basic knowledge about what you're supporting.
If your call center is really as bad as this, then yes, the buck stops at the management for having a poor recruitment and training process which fails to give new hires the right knowledge, and vet people who simply arent capable of IT support -- for example, i *know* i cant be a decorator or a lawyer, so i wouldnt apply for the job, but there are many people applying for work in the IT field with no experience, relying totally upon the training given by their first employer. Yes, everyone starts somewhere, and we must all start from the bottom of the ladder *however* if these people new to the field end up starting with an employer who isnt willing to train them, then their failure is all but assured and that really isnt fair.
Everyone has right to agree or disagree, this is the basis of democracy itself. If nobody had the right to disagree with others, no real decisions would be made and the laws which are put in place would not be representative of public opinion.
"If you don't like it, start your own company and set the rules how you like them! Otherwise, sit down"
But if its modified, doesnt that make it unacceptable in a business role? *grin*
Actually, for point (3) its more likely that theyre using some other technology which isn't even radio based which we won't be able to detect at all -- we'll only be able to detect civilizations that are relatively equal to our own. If you're an advanced (spacefaring?) civilization why would you be using a technology which can only broadcast at the speed of light? Yes, in their past they will be transmitting RF, but the amount of time that a civilization will spend sending out RF (compared to the total time they exist) will probably turn out to be relatively short (a long period of time before they develop radio transmitters then an even longer time possibly when they develop past using it)
The place i worked at before did something similar by putting their HTTPS certificates on a floppy disk in the firesafe. If you ask me, a floppy isnt durable enough ;-)
Errrrrm.... am i missing something? Doesnt it say in the title of this very site "News For Nerds"? I enjoy coming to this site and reading everyone else's opinions, especially about things they have no control over like this ;-)
ive seen watches that are powered by induction like this, but is there enough wattage in induction for what the specs say? its a pretty low power method isnt it?
ultrasound would be useful, but ive no idea how much it would weigh. It may be useful to firefighters, law enforcement, etc, but in the case of firefighting, i doubt this contraption is fireproof enough ;-)
Now we know what scientists get paid for ;-) is this the same guy that calculated the exact amount of time to dunk a biscuit in some tea before it went soggy?
By reading this reply you declare all previous contracts signed or agreed by you as null and void, including contracts of employment, mortgage and marriage. By closing this page all monetary assets you own belong to me, and should be submitted by credit transfer directly to my bank account. Hows that for a nasty contract? :) good job you can't sign it, huh ;-)
As mentioned very briefly above, mailers to a system can be forced to pass a turing test before their mails are passed on. all email inbound to server generates an auto reply to a locally run server (with mysql?) which asks the user to go to a page like the following: /server/page/mail?mailid=XYZ
mailid=XYZ is an id to the mail which has been moved to temp storage on mysql. It is held there until a user visits the site, or maybe for a 30 day holding period, until the sender passes a turing test. Queued mails may be viewed by an admin and marked as 'always allow based on {to|from}' or 'always deny' (to save on bandwidth or allow a mailing list)
The turing test would be a simple 'type the sequence of chars on this jpeg' turing test (as discussed above - http://ask.slashdot.org/article.pl?sid=03/11/17/22 47251&mode=thread&tid=111&tid=126&tid=98&tid=9 9 )
once a user passes the turing test once their from: address is allowed for an administrator-defiend amount of time (30 days, means that even if a spammer goes around manually activating his access to his victims, he has to do it again every 30 days to MILLIONS of addresses, would require an entirely new department to his organisation staffed by humans), or maybe a conversation can also be tagged by the system with a special mail header? :-)
Of course this would generate a lot of heavy volume reply, either back to a spammer, or back to some hapless poor guy/gal who's having their email address abused by the spammer. However, if this system was not in place, these would simply be bounce messages instead in most cases. In the long run it would add very little to the size of a spammer-victims mailbox, and benifit users greatly, as NO spammer is going to develop a program able to read numbers out of jpegs, or go and activate themselves manually every 30 days or whatever on each users system.
I'm thinking of coding this some time, maybe as a public domain or GPL project, youll probably soon hear about it if i get anywhere ;)
I wonder if such big fish will be just as interested in funding the other people who have been involved in this such as Stallman etc...
Many peer to peer programs do not require an open port to function. Popular examples of this are kazaa and winMX, which are two of the most popular p2p clients out there.