Trivially easy to circumvent once again. Google already offers SSL encryption for web searches and for Gmail and I don't even need to mention all the privacy tools available.
I don't understand how this doesn't stop ISPs from doing a man in the middle attack on gmail and using their own valid SSL cert - I mean, it's not like I can't register a certificate for mail.google.com, the majority of legitimate authorized SSL cert providers will let me purchase it regardless.
Or they could invest in buying one of Netronome's high performance transparent SSL proxies (What? Did you really think current SSL schemes are that secure these days?).
Everybody who has something to hide on the internet is already using these trivial methods and others.
If technical people are serious about implementing such a system correctly, the bar of entry for the knowledge to get around this will get raised quite exponentially.
This is about spying on the average citizen.
I doubt your 'average citizen' would even know (s)he needed to get around it first, and then having the knowledge bar of entry some how to get around it, seems highly unlikely.
seriously, why in hell it even exists an application that requires a specific database?
it was defined as a standard for a reason, SQL.
Actually it uses mysql out of the box and runs really well, but I am amused that nobody can seem to provide any alternative to this or even bothered asking if it worked well to begin with.
For me it is the other way around. The people who know or use MySQL are in the minority. Everybody I know uses mainly PostgreSQL (unless one shitty OSS project requires MySQL).
I'm quite fond of Zimbra, however it uses MySQL. Any ideas about a better solution that replaces Zimbra which is not in the "minority"?
It runs POSIX compliant unixes, even Mac OS 10.5 and later, Linux, etc.
Sorry to say, but OS X is no where near POSIX compliance.
To give one example, it can't even forking properly, it disallows a process to fork violates the POSIX standard. It does not forbid you to fork(), it demands you to fork() and exec() when it cannot guarantee you that the libraries you are using are safe from async-signal-safe. Guaranteeing your code can be forked even in a signal handler at any time is what POSIX demands. Trying to fork() without exec(), this is allowed by POSIX standards, however, if OS X cannot guarantee that the libraries in use are 'async-signal-safe' and this is not allowed, so it crashes the thread. There is tonnes of broken crap like this in OS X. Don't even get me started on the broken POSIX threading.
Now, the funny thing is that Windows actually possess a POSIX, which is fully compliant while OS X's is not. Why isn't VoltDB available for it? I find this sort of thing stupid.
Maybe we should have an icon for articles about Australia as well. I am not sure what though. I don't think a picture of a Sydney bus would convey the right impression. So whats our icon? A can of beer? A kangaroo diving head first through a windscreen?
The icon should be a cap, symbolizing how Australia is well known for it's bandwidth caps.
It's perfectly possible to run services under other accounts, so it's not a security model problem.
Yes, it is possible, but it doesn't by default and that is one of the main reasons why worms were able to infect the rest of the Windows system. Additionally, you may find that Windows IPC does not work correctly between different user accounts, so you end up in situations where daemons that should only have access to certain things, have access to more things as other daemons need to run under the same account to operate correctly.
When it comes to the "out of the box" argument, I am reminded of OpenBSD, where I end up finding users running with some of the most insecure systems out there because the default and only account created on setup is the root account, the default configuration of daemons being completely disconnected with common security practices used in other OSes - Sure, you can configure it and OpenBSD has the potential but it's horrible to see how many people simply don't.
A process cannot elevate itself via an UAC prompt.
It can with the windows messaging API to which Microsoft has still not solved.
A well-behaved application will just provide descriptive text to UAC.
So, you're essentially saying that Microsoft Windows' control panel and configuration dialogs are not well behaved? Because those are classic examples of doing that. A very classic example of this is, modifying windows update settings.
A malicious application can generate a temporary script with contents that contains the actual nasty stuff, but with a convincingly sounding name that is good enough to fool a casual user.
The point is, for a more experienced/computer literate, whatever you want to call it, won't be fooled. Especially when the script or executable is not stored in/usr/bin or/usr/sbin, it calls for caution. When it comes to Windows, well.. I guess you could say everyone gets the same experience.
Erm, that's the whole point of running UAC prompts on a separate desktop - no application can "push buttons and such" on it.
Oh I agree, it is the whole point, but the whole problem is that it's broken.
Then I have to deal with issues like making an application that requires compatibility mode work while compatibility mode is blocked in the OS.
Your reference to some compatibility flags that, if I understand you correctly, let one work around that is interesting, but I'm not aware of such a thing. Can you provide references?
Exploiting it under Windows 7 is rather simple, provided you included a compatibility flag on your executable for a previous version of windows, you will have the ability to manipulate anything on console 0 as you essentially are broken out of the virtual desktop virtualization when in compatibility mode. You can then perform UAC actions, look for the UAC window handle. You will need to then remove the window restrictions from the window handle the same way as shown in the shatter exploit to deliver any large amount of shell code necessary, you can use Message.WParam to override various wmdproc settings.
Now here is the fun part, you can inject your own shell code into the window just like in
From what I have observed, members don't tend to have much say or power. Look at the whole issue with Greece or even how laws are being steam rolled into the UK with the Lisbon treaty with no way out.
So go ahead, explain what exactly is inproper in Windows XP security model, preferably in comparison to "proper security models dating back decades".
I'm not the original poster, but some things I was doing in Ubuntu before Vista was even out. I have no idea when these things came into existence, but I believe these concepts already existed previously in other systems. All daemons with the exception of x.org were running under their own restricted user name accounts that were locked down enough to not touch the rest of the system while Windows runs daemons under various accounts including SYSTEM, LOCAL SERVICE, NETWORK SERVICE which all have varying degrees of access to the rest of the system which is how many Windows worms are capable of accessing the rest of the system.
As for UAC, it's exactly the same as gksudo.
I don't see how, gksudo is not wrapped around applications waiting for them to perform some operation that requires extra permissions and then prompting about it. It requires you run the command in question as the given user if you wish to do so. Unlike UAC however, these commands are usually simplified in some way such as you will see it prompting to run '/usr/bin/updatedb' as gksudo rather than application want to do action "{0f15391e-105f-4b05-91e3-48b73c60ae63}". Even for power users, stuff like "{0f15391e-105f-4b05-91e3-48b73c60ae63}" makes no sense. Does that mean it's going to install adware in IE? Does that mean it's just going to read/write some configuration settings? No idea. At least with gksudo you could see exactly what script/command it was executing and investigate.
gksudo also is not vulnerable to window messaging APIs like UAC is, where by you can craft various specially crafted applications to push buttons and such (hint: just get the application to toggle compatibility flags to get around windows 7's fixes against that) which defeats the whole purpose of Microsoft locking down console 0, but alas...
I can think of other things employed such as intrusion detection and elimination done on Linux via things like apparmor and selinux. Windows' closest functionality to that is group policy settings and unfortunately it is no where near as capable.
I hope this was sufficient enough to answer your question.
Smokescreen. It replicates every feature of flash. From what I've seen, there isn't a smidgen of quality difference.
I haven't seen a development suite similar to that of Adobe's for generating HTML5 content. I saw nothing really at all with animation anywhere beyond silly fade in/out effects. But since it's all a smokescreen as you say, where can I get a copyo of this mysterious editor?
I used to play the game with SL, developed in-world items and scripts.
The only things I can think of that essentially got 'banned' from Second life with regards to scripts were bank ATMs (due to all the ponzi schemes) and any gambling stuff that used a random number generator since Second life did not have a true random number generator available and as such would violate various gambling laws.
I don't really see this being similar to Apple honestly.
Then I don't think you understand the laws very well.
I'm pretty sure that's only the case when it comes to common carrier scenarios. Since ISPs aren't considered common carriers, I am sceptical this applies to such instances as I have been told by actual lawyers due to related work.
In the UK, I have a phone that includes a skype client on it. It uses the regular voice network for voice calls and costs me absolutely nohing for skype to skype calls, I can also do calls to foreign country numbers using my skype credit. In fact, you can get a pay as you go card and not have to refill it or anything to use the skype functionality.
But every time I notice slashdot taking a long time to load it is always one of the a.fsdn.com links that it is "stuck" or sluggish on (as you see them in the status bar). I wonder why that is?
So, what you're saying is, these people are tresspassing on Google's property by broadcasting data into Google's streetview trucks?
I can't see this comment of your making sense any other way, since system wasn't being interactive with the networks (ie: talking to them) to get the data, they were just recieving unencrypted broadcasted data.
I don't understand how this doesn't stop ISPs from doing a man in the middle attack on gmail and using their own valid SSL cert - I mean, it's not like I can't register a certificate for mail.google.com, the majority of legitimate authorized SSL cert providers will let me purchase it regardless.
Or they could invest in buying one of Netronome's high performance transparent SSL proxies (What? Did you really think current SSL schemes are that secure these days?).
If technical people are serious about implementing such a system correctly, the bar of entry for the knowledge to get around this will get raised quite exponentially.
I doubt your 'average citizen' would even know (s)he needed to get around it first, and then having the knowledge bar of entry some how to get around it, seems highly unlikely.
Actually it uses mysql out of the box and runs really well, but I am amused that nobody can seem to provide any alternative to this or even bothered asking if it worked well to begin with.
I went out of my way to do a few google searches, here is just a short sample of them:
Ubuntu unpolished
Kubuntu unpolished
Vista unpolished
OS X unpolished
Seems the view of all software lacking polish is a fairly common one. I also did more than just look at the first page of results.
I'm quite fond of Zimbra, however it uses MySQL. Any ideas about a better solution that replaces Zimbra which is not in the "minority"?
Sorry to say, but OS X is no where near POSIX compliance.
To give one example, it can't even forking properly, it disallows a process to fork violates the POSIX standard. It does not forbid you to fork(), it demands you to fork() and exec() when it cannot guarantee you that the libraries you are using are safe from async-signal-safe. Guaranteeing your code can be forked even in a signal handler at any time is what POSIX demands. Trying to fork() without exec(), this is allowed by POSIX standards, however, if OS X cannot guarantee that the libraries in use are 'async-signal-safe' and this is not allowed, so it crashes the thread. There is tonnes of broken crap like this in OS X. Don't even get me started on the broken POSIX threading.
Now, the funny thing is that Windows actually possess a POSIX, which is fully compliant while OS X's is not. Why isn't VoltDB available for it? I find this sort of thing stupid.
The icon should be a cap, symbolizing how Australia is well known for it's bandwidth caps.
How many hours do you believe there is per day?
You've never seen a doctor's handwriting, have you?
In an undemocratic manor as mentioned in this parliament video and many others: http://www.youtube.com/watch?v=mNkRc2OBdCY
Fortunately the entire situation is not screwed and we may have a chance to have a referendum on the issues: http://www.youtube.com/watch?v=XBp4En0Zehc
Asking the EU for permission to leave the EU, where they officially have three years to decide? Yeah, I'm not really convinced.
This is the same EU that can't even manage it's funds and wants to manage everyone else's: http://www.youtube.com/watch?v=wANxxNOsfb4 http://www.youtube.com/watch?v=20B12TdWeyo
Yes, it is possible, but it doesn't by default and that is one of the main reasons why worms were able to infect the rest of the Windows system. Additionally, you may find that Windows IPC does not work correctly between different user accounts, so you end up in situations where daemons that should only have access to certain things, have access to more things as other daemons need to run under the same account to operate correctly.
When it comes to the "out of the box" argument, I am reminded of OpenBSD, where I end up finding users running with some of the most insecure systems out there because the default and only account created on setup is the root account, the default configuration of daemons being completely disconnected with common security practices used in other OSes - Sure, you can configure it and OpenBSD has the potential but it's horrible to see how many people simply don't.
It can with the windows messaging API to which Microsoft has still not solved.
So, you're essentially saying that Microsoft Windows' control panel and configuration dialogs are not well behaved? Because those are classic examples of doing that. A very classic example of this is, modifying windows update settings.
The point is, for a more experienced/computer literate, whatever you want to call it, won't be fooled. Especially when the script or executable is not stored in /usr/bin or /usr/sbin, it calls for caution. When it comes to Windows, well.. I guess you could say everyone gets the same experience.
Oh I agree, it is the whole point, but the whole problem is that it's broken.
Then I have to deal with issues like making an application that requires compatibility mode work while compatibility mode is blocked in the OS.
I'll provide you information to get you started, I can't provide my own research here due to the fact I don't have ownership of it (private company owns full rights to it). You need to know about the window messaging APIs, a good chunk of information on how to 'miss-use' it on previous versions of windows an be found on:
http://www.hacking-lab.com/export/sites/default/cases/7005-windows-security-privilege-escalation-shatter-attack/shatter.pdf
Exploiting it under Windows 7 is rather simple, provided you included a compatibility flag on your executable for a previous version of windows, you will have the ability to manipulate anything on console 0 as you essentially are broken out of the virtual desktop virtualization when in compatibility mode. You can then perform UAC actions, look for the UAC window handle. You will need to then remove the window restrictions from the window handle the same way as shown in the shatter exploit to deliver any large amount of shell code necessary, you can use Message.WParam to override various wmdproc settings.
Now here is the fun part, you can inject your own shell code into the window just like in
From what I have observed, members don't tend to have much say or power. Look at the whole issue with Greece or even how laws are being steam rolled into the UK with the Lisbon treaty with no way out.
I'm not the original poster, but some things I was doing in Ubuntu before Vista was even out. I have no idea when these things came into existence, but I believe these concepts already existed previously in other systems. All daemons with the exception of x.org were running under their own restricted user name accounts that were locked down enough to not touch the rest of the system while Windows runs daemons under various accounts including SYSTEM, LOCAL SERVICE, NETWORK SERVICE which all have varying degrees of access to the rest of the system which is how many Windows worms are capable of accessing the rest of the system.
I don't see how, gksudo is not wrapped around applications waiting for them to perform some operation that requires extra permissions and then prompting about it. It requires you run the command in question as the given user if you wish to do so. Unlike UAC however, these commands are usually simplified in some way such as you will see it prompting to run '/usr/bin/updatedb' as gksudo rather than application want to do action "{0f15391e-105f-4b05-91e3-48b73c60ae63}". Even for power users, stuff like "{0f15391e-105f-4b05-91e3-48b73c60ae63}" makes no sense. Does that mean it's going to install adware in IE? Does that mean it's just going to read/write some configuration settings? No idea. At least with gksudo you could see exactly what script/command it was executing and investigate.
gksudo also is not vulnerable to window messaging APIs like UAC is, where by you can craft various specially crafted applications to push buttons and such (hint: just get the application to toggle compatibility flags to get around windows 7's fixes against that) which defeats the whole purpose of Microsoft locking down console 0, but alas...
I can think of other things employed such as intrusion detection and elimination done on Linux via things like apparmor and selinux. Windows' closest functionality to that is group policy settings and unfortunately it is no where near as capable.
I hope this was sufficient enough to answer your question.
Never heard of it.
Google webkit.
Don't be afraid of disappearing into irrelevance, you already are for the most part. There really isn't that many Flash oriented websites any more.
I haven't seen a development suite similar to that of Adobe's for generating HTML5 content. I saw nothing really at all with animation anywhere beyond silly fade in/out effects. But since it's all a smokescreen as you say, where can I get a copyo of this mysterious editor?
The only things I can think of that essentially got 'banned' from Second life with regards to scripts were bank ATMs (due to all the ponzi schemes) and any gambling stuff that used a random number generator since Second life did not have a true random number generator available and as such would violate various gambling laws.
I don't really see this being similar to Apple honestly.
I'm pretty sure that's only the case when it comes to common carrier scenarios. Since ISPs aren't considered common carriers, I am sceptical this applies to such instances as I have been told by actual lawyers due to related work.
In the UK, I have a phone that includes a skype client on it. It uses the regular voice network for voice calls and costs me absolutely nohing for skype to skype calls, I can also do calls to foreign country numbers using my skype credit. In fact, you can get a pay as you go card and not have to refill it or anything to use the skype functionality.
The latest PDF spec supports embedded flash - I would say the abilities of PDF are quite large.
Non-sense. DALnet has been using it now for years and the TCP connections to their anycast IRC servers appear to be perfectly reliable.
So, why exactly couldn't you find this information in their knowledge base again?
Failure to provide a non-"computer illiterate" reason will require you to hand in your geek card.
Most wiretapping laws that I am aware of do not protect you from 'eaves dropping' from private companies when you're using their services.
Duh, they're getting slashdotted!
So, what you're saying is, these people are tresspassing on Google's property by broadcasting data into Google's streetview trucks?
I can't see this comment of your making sense any other way, since system wasn't being interactive with the networks (ie: talking to them) to get the data, they were just recieving unencrypted broadcasted data.