Instead of complaining for it's removal, they should instead implement an alternative to systems like re-captcha, such as a world wide phone verification system and their expense and provide it free to webmasters. Otherwise free solutions like re-captcha will remain dominant.
Honestly, I don't see these mass scale "new scary communist thing" happening over there. There is always a few incidents of abuse that can be found in any legal system, so I hope you're basing your arguments on some massive thing that applies to a good chunk of people instead of one of these incidents that happens in some really low statistic of 0.000001% incidents.
When they decide to look through the last 5 years of data in the database and round up anybody with Fox in their online name because that has been deemed the new scary communist thing then it becomes a problem. The data being collected only helps to look back in the past after acts have been done to see where connections are made.
What you're saying is that they don't have sufficient controls in "new scary communist thing". Sounds like a different problem to me.
As an outsider, you should learn the history of the constitution before using modern meanings of words (you know, that whole 'twisting the meaning') to judge it.
I keep getting told that the only thing that matters is the constitution and that the government isn't interpreting correctly or abiding by it. If that's the case, then one must look at the constitution alone and not what legalese, government, common law and various influential parties try to change meanings of.
The problem is that corporations must allow them to do it involuntarily and indiscriminately. Its the Generat Writ all over again.
Then go argue this point on your own thread instead of trying to hijack this one.
If I can't notice it, so how would I know that I am being searched?
I don't really get why you need to know your name is being searched to check if you're on the sex offenders list. Nor do I see you needing to know if the police decide to call in your plates to do a quick ownership, insurance, stolen vehicle checks before deciding to pull you over if they find something.
To do a physical search
Which is an inconvenience when performed and can deny a person's mobility, work, whatever etc. Looking at data in a database? Not really.
As an outsider, I don't read it that way at all. I don't see monitoring of traffic on corporate, government networks to be a violation. From the way it's even worded, it looks like it's intended to prevent inconvenient searches and seizure and since monitoring online traffic doesn't effect you at all like a physical search would. You wouldn't even notice it, the search it self is not even done on your systems or premises, therefore it's not unreasonable. I feel that Americans have been twisting the meaning and interpretation of the 4th Amendment for decades and are hypocritical when it comes to demanding government follow the constitution.
And if you try to patent an algorithm without specifying the hardware it runs on, then you're attempting to patent an idea rather than an implementation.
So, they just add the phrase "on programmable hardware" which encompasses modern computer systems, big deal.
Are you kidding me? Cygwin tools are the buggiest, bloated, slowest piece of crap I've seen in a long time.
You clearly aren't very experienced with development tools in many different languages then.
The entire tool chain is crap produced by people who shouldn't be allowed to call themselves developers.
To be honest, I think their implementation decisions they made on POSIX layering on top of Win32 fairly decent. I don't think they're incompetent.
Use a native toolkit rather than that cygwin crap and you'll learn how its supposed to be done.
From my understanding, Cygwin is native. All compiled code runs within the Win32 subsystem with a support library (not much different from MSVC etc). It's even more native than say.NET.
then Google wouldn't have released any patch at all, and Samsung wouldn't have applied the OS patch and distributed it.
I don't see why they wouldn't. They stopped the exploit from working on the play store, but the exploit is 'technically' still there, just not usable.
It affects any signed package that would normally be found on the play store.
It wouldn't because signature checking is only used with the play store.
All you'd need to do is trick someone into downloading the app from some source other than the play store
Which wouldn't work if "install from unknown sources" is enabled and if it is, you could install software regardless. The unknown sources option checks which application is launching the installer too (in other words: only the play store can launch the installers in this mode).
perhaps claiming that it's an upgrade to an app that they already have. Or by releasing a paid app for free.
You could do that regardless, just ask the person to enable "install from unknown sources". Android won't let you install packages downloaded through other methods otherwise.
More to the point, though, Apple doesn't sell devices that aren't up to date.
I don't know many people who buy things directly from Apple, Sony, Samsung. They usually buy stuff from places like mobile network stores like 'carphone warehouse' (which sell second hand, first gen iPhones still).
New phones don't come encumbered with the problems of old phones.
Because I'm having a problem right now with my Xperia Z, right?
That's a big step up. Android's current fragmentation woes come from a lot of new phones as well as old ones.
As an Android user and iOS user. I can tell you that I don't have 'problems' on Android.
I dare say you're a bit overconfident in this regard.
Well, let's see. It only effects packages that can be downloaded from the Google Play store, a fix was placed in the Google Play store, to block 'malicious packages'. Killing the ability to use the vulnerability.
They'll disable protections and allow anything to be installed.
Which wouldn't be anything to do with this exploit then.
You think that you can't trick an Android user on an unpatched system?
The fix was done by fixing Google Play to block it, not through a software update to the handset. I don't see an issue, since this exploit is only for packages distributed through the Google Play store.
what we're looking at is hundreds of millions of people buying into a system that is remarkably hard to patch properly because it relies on organisations with a vested interest in either selling you a new phone or keeping costs low by not updating old systems
Indeed.
You can't really EOL these products because the source is out there and easy to fork, and so as long as you allow new apps to run on old phones, you'll have this.
Didn't stop rooted versions of iOS from existing that are unpatched and not updated. Nor did Apple bother to update their older generation of iPhone hardware. Then when they presented their statistic of fragmentation, they decided to not to show the statistics of older iPhone hardware they didn't wish to support in that but completely forgot to do the same for the other mobile phone manufacturers representing Android. Now, regarding forking, the mobile phone producers aren't using "Android Open Source Project", they are using a commercially licensed version of Android from Google that has very specific terms and conditions attached to it as well.
I'm not really seeing this being a unique issue. Companies are going to stop supporting handsets when they want and unless the platform is open (which a lot of Android handsets are not, they are locked down), there is little the end users can do about it other than spending their money else where.
Im sure it would have gone better if the database restricted itself to ASCII characters; clearly opening a 1GB database in notepad is helpful if you can read the characters, right?
I'm sure I would have been able to recover it had it been some form of 'human readable' format. Instead, I gave up after the third month of modifying existing parsers to scrape what data wasn't corrupted into a plain text.sql file. Sadly, this was one of those times when backups couldn't help me due to missing significant amounts of data from the last backup.
He's correct, the fragmentation issue is quite overblown, especially when compared to Android ‘Master Key’ Security Hole Puts 99% Of Devices At Risk Of Exploitation
Since this is to do with source signature verification which only the Google App store uses (other stores use alternative signature mechanisms) and from the article you linked:
Update: According to a report in CIO, Google has already modified its Play Store’s app entry process so that apps that have been modified using this exploit are blocked and can no longer be distributed via Play.
I have to concede, I agree, it is quite overblown.
This really looks like its reimplementing TCP and SCTP.
It doesn't to me, it looks like it's a design intended to prevent the requirement of multiple connections to a server to enable parallelism, thus improving its use on existing TCP systems. TCP and SCTP don't do that. Reimplementing TCP and SCTP won't fix that on existing TCP systems.
Its bloated and slow to parse becuase we've needed to add additional aritfacts to it (like numerous video formats, bytecode, and whatever else) that it was never intended to deal with.
Video formats does not effect the protocol, it's returned in the body in the standard way and bytecode also does not effect the protocol, it's returned in the body in the standard way.
Adding a newer version of the protocol MAY aliviate some of that overhead, at least on the processing side.
Gnash is the perfect example - you have the opportunity to fix it, but the source code is such a pain in the ass to get around that nobody does it. Pick any large project with long standing bugs...
I don't consider Gnash even close to being a large project. OpenOffice.org, Linux Kernel, Ubuntu, KDE, Firefox, Second life.. Sure.
Pick any large project with long standing bugs - why are they long standing? Because nobody wants to fix it
I decided to look at the longest standing bug in Ubuntu that was recently closed (bug 1):
Pick a large project with long standing bugs (memory leaks in firefox were a good example until too many people complained about it) and ask yourself why those bugs are long standing and well documented.
Wasn't the issue in Firefox that people couldn't reproduce it (I couldn't)? And there was no reasonable documentation presented to explain exactly where the issue was.
4 getting SPANKED: You stated you know what you're talking about
You mean where I said
Okay, I'm going to pretend I don't know what I'm talking about now...
And then I got a response that didn't fully answer things and only workarounds that involve breaking the DNS cache.
You show how LITTLE you know, and most especially about FastFlux botnets taking advantage of flaws in DNS you apparently didn't know about Mr. Know it all.
Slashdot Mirror
Two problems:
1) People are lazy and don't want to know.
2) People can't figure out how to get Bitcoins - See 1.
Instead of complaining for it's removal, they should instead implement an alternative to systems like re-captcha, such as a world wide phone verification system and their expense and provide it free to webmasters. Otherwise free solutions like re-captcha will remain dominant.
More information available here: http://bit.ly/196JZ2u
Honestly, I don't see these mass scale "new scary communist thing" happening over there. There is always a few incidents of abuse that can be found in any legal system, so I hope you're basing your arguments on some massive thing that applies to a good chunk of people instead of one of these incidents that happens in some really low statistic of 0.000001% incidents.
So far, you haven't convinced me.
What you're saying is that they don't have sufficient controls in "new scary communist thing". Sounds like a different problem to me.
I keep getting told that the only thing that matters is the constitution and that the government isn't interpreting correctly or abiding by it. If that's the case, then one must look at the constitution alone and not what legalese, government, common law and various influential parties try to change meanings of.
Then go argue this point on your own thread instead of trying to hijack this one.
I don't really get why you need to know your name is being searched to check if you're on the sex offenders list. Nor do I see you needing to know if the police decide to call in your plates to do a quick ownership, insurance, stolen vehicle checks before deciding to pull you over if they find something.
Which is an inconvenience when performed and can deny a person's mobility, work, whatever etc. Looking at data in a database? Not really.
As an outsider, I don't read it that way at all. I don't see monitoring of traffic on corporate, government networks to be a violation. From the way it's even worded, it looks like it's intended to prevent inconvenient searches and seizure and since monitoring online traffic doesn't effect you at all like a physical search would. You wouldn't even notice it, the search it self is not even done on your systems or premises, therefore it's not unreasonable. I feel that Americans have been twisting the meaning and interpretation of the 4th Amendment for decades and are hypocritical when it comes to demanding government follow the constitution.
I don't see them built into manufactured equipment?
So, they just add the phrase "on programmable hardware" which encompasses modern computer systems, big deal.
You clearly aren't very experienced with development tools in many different languages then.
To be honest, I think their implementation decisions they made on POSIX layering on top of Win32 fairly decent. I don't think they're incompetent.
From my understanding, Cygwin is native. All compiled code runs within the Win32 subsystem with a support library (not much different from MSVC etc). It's even more native than say .NET.
It is only stripped if the new page is on HTTP. If it's HTTPS, it will retain the referrer header.
I don't see why they wouldn't. They stopped the exploit from working on the play store, but the exploit is 'technically' still there, just not usable.
It wouldn't because signature checking is only used with the play store.
Which wouldn't work if "install from unknown sources" is enabled and if it is, you could install software regardless. The unknown sources option checks which application is launching the installer too (in other words: only the play store can launch the installers in this mode).
You could do that regardless, just ask the person to enable "install from unknown sources". Android won't let you install packages downloaded through other methods otherwise.
I don't know many people who buy things directly from Apple, Sony, Samsung. They usually buy stuff from places like mobile network stores like 'carphone warehouse' (which sell second hand, first gen iPhones still).
Because I'm having a problem right now with my Xperia Z, right?
As an Android user and iOS user. I can tell you that I don't have 'problems' on Android.
Well, let's see. It only effects packages that can be downloaded from the Google Play store, a fix was placed in the Google Play store, to block 'malicious packages'. Killing the ability to use the vulnerability.
Which wouldn't be anything to do with this exploit then.
The fix was done by fixing Google Play to block it, not through a software update to the handset. I don't see an issue, since this exploit is only for packages distributed through the Google Play store.
Indeed.
Didn't stop rooted versions of iOS from existing that are unpatched and not updated. Nor did Apple bother to update their older generation of iPhone hardware. Then when they presented their statistic of fragmentation, they decided to not to show the statistics of older iPhone hardware they didn't wish to support in that but completely forgot to do the same for the other mobile phone manufacturers representing Android. Now, regarding forking, the mobile phone producers aren't using "Android Open Source Project", they are using a commercially licensed version of Android from Google that has very specific terms and conditions attached to it as well.
I'm not really seeing this being a unique issue. Companies are going to stop supporting handsets when they want and unless the platform is open (which a lot of Android handsets are not, they are locked down), there is little the end users can do about it other than spending their money else where.
And resolved for 100% of them.
I'm sure I would have been able to recover it had it been some form of 'human readable' format. Instead, I gave up after the third month of modifying existing parsers to scrape what data wasn't corrupted into a plain text .sql file. Sadly, this was one of those times when backups couldn't help me due to missing significant amounts of data from the last backup.
Since this is to do with source signature verification which only the Google App store uses (other stores use alternative signature mechanisms) and from the article you linked:
I have to concede, I agree, it is quite overblown.
Digest, NTLM, NTLM2.
It doesn't to me, it looks like it's a design intended to prevent the requirement of multiple connections to a server to enable parallelism, thus improving its use on existing TCP systems. TCP and SCTP don't do that. Reimplementing TCP and SCTP won't fix that on existing TCP systems.
No pictures, video, audio or compression for you.
Video formats does not effect the protocol, it's returned in the body in the standard way and bytecode also does not effect the protocol, it's returned in the body in the standard way.
What processing?
I've wasted months on trying to recover SQL stores, please go.
Again, I was pretending. You can even check the post, I did say that.
This has nothing to do with my setup.
My DNS setup lets me configure bypasses for other bad DNS setups. As well as blocking with wildcards, which by the way, you failed to address.
Go look in the mirror.
I don't consider Gnash even close to being a large project. OpenOffice.org, Linux Kernel, Ubuntu, KDE, Firefox, Second life.. Sure.
I decided to look at the longest standing bug in Ubuntu that was recently closed (bug 1):
https://bugs.launchpad.net/ubuntu/+bug/1
It doesn't appear to match your explanation.
Wasn't the issue in Firefox that people couldn't reproduce it (I couldn't)? And there was no reasonable documentation presented to explain exactly where the issue was.
You mean where I said
And then I got a response that didn't fully answer things and only workarounds that involve breaking the DNS cache.
I don't? You seem misinformed.