An SMS code sent to your phone is just a poor-man's RSA "rolling code" security token. The instant you begin to type that code on your keyboard, you've lost the battle again. The running malware can intercept the form submission attempt and then use the code you typed in to do whatever it wants while it delays or just fails your real login request. This isn't a theory, it's a proven fact that's already in use by malware in the wild.
This is exactly what is discussed in the article. Rolling codes (or a cute little SMS message) provide the illusion of security to those operating a compromised terminal. Once again -- if the interface you use to interact with your bank has been compromised, you've failed. End of story.
No, you're not. Did you miss the part where the malware is running on your computer? If they wanted to, they could simply use your computer to perform the actual transaction, thus your "only one session at a time" doesn't make a difference.
This combined with the description above that details why a 30-second code doesn't help you any (the malware delays/redirects your login and allows the attacker to use the code instead) has just wiped out your fancy 2-factor authentication. Still feeling clever?
A little two factor authentication would be nice to see in American banks. Passwords just aren't adequate any more.
And how would an n-factor authentication scheme help when software on your computer is logging keystrokes, mouse gestures, and capturing images of your screen and then sending them near realtime to the bad guys?
If your computer has been compromised in this fashion, you've already lost. For you car enthusiasts, it's like adding additional locks to the car doors -- it doesn't help if the windows (haha) are already broken.
and to get the damn Live-Mail, you almost have to use IE and jump through a lot of hoops just to get it.
That is completely and blatantly false.
Windows Live Essentials includes all the "extra" programs they previously shipped with Windows (Messenger, Movie Maker, Mail, etc) but now come packaged as a separate download. When you run the installer, it asks which of the programs you want to install (you can install all or one or any mix) and it does it. That's it, you're done.
It's a small 1 MB standalone "web" installer you can download with any browser. Running it means it downloads the real installers and runs them. No hoops to jump through.
Went through that the other day and it was a real PITA as the Live Downloaded wanted to install a whole rash of other crap
That would be all the other components to the Windows Live Essentials package. All you have to do is uncheck the half-dozen or so boxes for things you don't want. Was that really too challenging for you?
What kind of hard core religion do you practice where TP is a vice?
That would be Scientology. True followers are so anal retentive that if you need toilet paper, you're clearly a sinner.
Really though, that's what happens when you change a word right before posting without re-reading the whole thing. Instead of vices I meant to say luxuries.
Riiiight. When the government is bankrupt, it _can't_ payout.
If you really believe that the government will falter to such a degree that it will not be able to honor its FDIC obligations, I suggest you remove your funds from your bank, and put them into food storage, ammunition and firearms, and other dystopian future necessities.
Least in the old days you had _some_ assets to cover your debts, and one just couldn't "print" more pseudo-assets.
If you're talking about the dollar being backed by the gold standard, this is just as big of an illusion of security as current paper currency is. The only reason gold was ever considered valuable in the "old days" was due to its scarcity, and relying on an object's absolute physical availability to determine it's value is flawed in an economy of our size. If we tried to back the GDP of countries like the US, Canada, Russia, Europe, etc., with gold we'd have run out of the metal a long time ago.
The funny thing is that gold has only recently become really valuable as a commodity with the advent of integrated circuits and other electronic components that make use of it. If society really does degenerate to the point some people think it will all the gold in the world won't help you. People will need and want to trade for required things like ammunition, canned food, fuels, etc. After that comes the vices such as cigarettes, alcohol, and toilet paper. Gold is going to be waaay down the list.
If you're really worried about money for the post-apocalyptic society of tomorrow, I'd suggest you start collecting bottle caps.
42.zip contains 4.5PB of data, compressed to 42kb. My university's mailserver marks it as a false positive.
That's not a false positive at all. It's a well known "exploit" called a Zip Bomb. You think it would be a good thing if unsuspecting users unzipped that file onto their system partition or network drive?
selfgz.gz is a gzip file that decompresses to itself. My university's mailserver tries to decompress it forever to scan all the nested files. It marks it as a false positive
You can call this a false positive, but that implies the original file was useful to begin with. As somebody else pointed out, this is just designed to screw with mail servers (in addition to just being a cleverly written file). Most servers stop extracting nested archives at 6-8 levels deep to prevent this from dragging the server down. Rejecting potentially dangerous (to both mail daemons and users) files like this is better than just blocking all compressed files, isn't it?
Besides, if this MS software is lightweight and really good at catching the bad stuff, but every now and then (as in, once every couple months) gets a "false positive", I'd say it's a winner. It's easy to drag a file out of a software quarantine -- lots easier than removing the latest and greatest rootkit.
Imagine a wikipedia discussion page (click 'discussion' at the top of any article for an example) in real time.
To be honest, the thought makes me cringe. It seems like it would be impossible to maintain any kind of threaded conversation with that kind of chaos.
The nice thing about email and instant messaging (IM or IRC style) is that it is stateful. At any one point you have a conversation state that can be referenced and responded to. With the kind of multi-user editing and discussing this seems to suggest, it becomes impossible to reference any state except the current one. Instead of past, present, and future, you only have present.
I've tried editing Google docs with other people at the same time. It's complete unordered chaos (unless you have some other directed medium of communication such as voice chat). I guess I like the idea of trying to combine the various methods of communication into a unified system that works better than any of the sole constituents, but if information overload (as discussed above) was a problem with a system like Exchange, what will it be like with this?
I haven't used Wave, but I'm more interested in seeing what people do with an extensible cross-system information exchange that operates in near realtime. I think the Google demo of an online chess game using Wave is a better example of how this might be really cool than the "normal" use cases.
Actually, anyone other than the staff/dev team having a "launch party" for a movie/game is only slightly less pathetic than someone having a launch party for an OS.
Oh, I don't think that's necessarily true. Lots of people go to midnight showings of a new movie, and that's pretty much as close to a "launch party" you can have with movies. Same thing for video games -- people meet up and purchase their copy of the game at midnight of release day, and this can be (but isn't always) somewhat party-ish.
Traditionally I'd agree with you that launch parties are usually best left for designers to celebrate the completion of a big product. That said, if you are going to have a release party, operating systems seem like they're right down there with word processing and spreadsheet software in terms of exciting.
I have an awful headache, and my eyes and ears are starting to bleed.
To be honest, I didn't even make it half-way through. Being mere seconds away from death by boredom I clicked a Win7 Launch Party related video which looked much more interesting.
It was. Much.
Seriously though, I think part of the problem is my complete lack of ability to understand why anyone would have a launch party for an operating system. Yes, Windows 7 is very nice, but a launch party? Really? A launch party is for things like movies and video games. You get a group together and have fun with some brand new entertainment you all enjoy and looked forward to being released. The excitement at an OS launch party? "Ooh, look! I can get work done on my computer more efficiently now! You guys have to try this!"
what makes the TI calculators better than, say, Pi Cubed (and a few other apps) for the iPhone?
Primarily the fact that it is a calculator and not a phone. The TI-89 has better numeric capabilities, great graphing ability, and a nice display. It can also run for months on a single pair of AA batteries.
That, and it doesn't cost more than $800 a year to operate.
Is it the interface, dedicated keys? RPN?
Yes, yes, and no. I can't imagine trying to use a tiny little touch screen for any serious calculator use.
One thing I'm sad that has not been fixed since Office 97 is the bullet points.
I really have never had trouble with bullet points in Office. Controlling indentation is usually pretty easy, you just TAB or SHIFT+TAB to move the bullet right or left. If you need to insert a new bullet, just put the cursor at the end of the previous bullet and hit ENTER.
Another important thing to know about bullets if you want to use them effectively is that you can left-click on a bullet to select the bullets in that particular list (each set of bullets is a separate "object" in a document). Right-clicking the selection to bring up a context menu gives you a bunch of options, including some nice ones such as changing the indentation en masse, changing the bullet graphics, and, for numbered lists, either continuing or restarting the numbering sequence.
Obviously YMMV based on what you're doing, but I've never come across any obvious or egregious problems with bullets in Word. They seem to behave the way you would expect. Tables are maybe less robust, but even then, if you know what you're doing (a key component to everything I suppose) they also work pretty well (and more flexibly than Excel in many cases).
This isn't to say I don't have have any gripes with Word (~$obar.doc anyone?). Any person who has used a piece of software for any meaningful amount of time will have legitimate gripes. If not they're either a blind fanboy or in marketing.
I would have thought the NY Times would have had better security.
As my sibling points out, this is what happens when you allow an unknown entity to inject arbitrary content into your page.
It actually makes me wonder what the contract for these ad agencies (DoubleClick, etc) looks like. When somebody like the New York Times signs up with them, does the ad company waive all potential liability? For example, if the NYT was sued for distributing malware by somebody who's computer was infected, would the NYT be responsible for the by-proxy content on their site, or would they be able to "pass the buck" to DoubleClick? Personally I tend to think both parties should be held liable.
I realize that "the Internet was built on free content paid for by advertising", but lately it seems like most of these "ad agencies" are little better than spammers.
Of course not, and you shouldn't make light of important research like this. The goal of this project is to ensure that our children's children are still able to enjoy the majesty that is the New York City New Year's celebration.
When MS invested millions of dollars in Apple, Apple had billions of dollars in the bank. The investment was merely a part of a settlement between Apple and MS that ended the lawsuits Apple had against MS, and for Microsoft's part, they had to buy some Apple stock and promise to keep selling Office for a number of years.
You're mostly correct. When MS invested in Apple, they had a little over a billion dollars in cash available. The bigger problem was that their market share and stock price had been tumbling for years (1997-1998 was a huge low point, the lowest in some 10 years). Apple wasn't in tremendous financial trouble just yet, but they were worried about the direction things were going, and (as Apple should know better than anyone) public perception of a company's performance is just as important as the real numbers.
The $150 million was really a drop in the bucket. What was more important was that they paid Apple that via purchasing stock which they weren't allowed to sell for 3 years. As you said, they also agreed to continue writing and selling Office for the Mac. They agreed to collaborate on Java to ensure interoperability. Best of all was the agreement to make IE the default browser on the Mac!;)
Basically, it was Microsoft showing faith in the Apple platform that "saved Apple". Yes, they are competitors, but as Steve Jobs said, "We have to let go of the notion that for Apple to win, Microsoft has to lose, and for Microsoft to win, Apple has to lose." Considering Microsoft is a publicly-owned company, their motives were obviously more than just being buddy-buddy with Apple. That's not really the point, however.
This video is pretty neat to watch now (some 12 years later). It's Jobs announcing the new partnership with Microsoft and the reation of the audience (imagine what it would be like now).
Having actually tried this on three windows 7 machines now, it doesn't seem to work on every machine. (Actually, it's yet to work on any here, although I hear tell that it does work on some).
We have a couple Windows 7 Ultimate x64 installs here (the RTM version downloaded from TechNet - not the RC or beta) so I thought I'd see if it worked on them.
As mentioned in another comment, in order to get the script to work as intended, you have to change it so that you "import socket" and define s as "s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)". After doing this I was still unable to get any of the Win7 installs to crash (the connect() call succeeded, but the machine did not crash). These have firewalls off, sharing enabled, etc.
What's more interesting, however, is that I was able to get two different fully patched Vista Enterprise x86 boxes to BSoD using the script. I haven't tried it on our 2008 R2 server just yet. It's kind of busy, um, serving.
Has anyone here actually managed to crash Win7 RTM using this vulnerabilty?
In Canada, if you're running a business, there is a specific field for "accounts receivable that you do not expect to receive." You are not taxed on that income.
Never having filed any taxes more complicated than a 1040 in the US, I don't know if a similar field exists on US tax forms, but I laughed out loud at the thought of certain companies filling that in. Company name: Microsoft Accounts receivable you do not expect to receive: $500,000,000,000,000 Reason(s) you do not expect to receive these funds: China, India, Software piracy (based on BSA estimates, +/- 1 US GDP)
and Company name: Warner Bros. Pictures Accounts receivable you do not expect to receive: $+INFINITY Reason(s) you do not expect to receive these funds: THE INTERNET PIRATES ARE TURNING ALL OUR GREAT RELEASES INTO BOX OFFICE BOMBS!!
Seriously however, the Canadian tax on blank CD media has always completely confounded me. I just can't understand how such an asinine and baseless law not only managed to get passed, but has been on the books for more than 12 years!. The US certainly isn't always a shining example of sane laws, but I tend to hope we wouldn't stand for such a tax down here. I mean, if we had wanted to put the MAFIAA's board of directors in Congress, we would have just voted them in directly.
Every major browser except IE supports SVG out of the box.
That's an incredibly disingenuous statement. If you want to be accurate, you should say that "Every major browser except IE supports various subsets of SVG out of the box."
Looking at the SVG browser support page, there is no major browser fully supports SVG -- they all only support parts of it. Even the partially supported features are not common across browsers.
SVG hasn't really materialized because it is not a fully supported standard feature in any major browser. However, like any feature, one reason it's not supported is that there just isn't that much demand for it (which I realize is a cyclic argument). 98% of websites can make do just fine using XML+HTML/CSS and Javascript. Pages that need additional functionality that could be supplied by SVG prefer to just use Flash as it is nearly ubiquitously supported and there are a myriad of developers available. The same cannot be said for SVG.
People will just be playing on private battle.net servers
PvPGN is awesome -- I run a server at my school for a bunch of friends -- but to think that it will work with the new Battle.net that Blizzard is rolling out is absurd. At the very best it will probably be a year before they have a workable product (and if even then). Also, you have to consider that Blizzard knows very well about projects like it and will intentionally design the system to prevent private servers from being used.
After seeing what Blizzard did to bnetd and their new-found hatred for LAN play, I'd be willing to bet that cryptography will play a big part in the new Battle.net service. More than likely, anyone that wants to run a private server will have to do some serious work on the game client to get it to connect to non-Blizzard servers (as opposed to now where you just give the game your private server's IP address). The current Battle.net is a complete joke in terms of security making it easy to reverse engineer and re-implement. YCBYA that Blizzard won't make that mistake again.
Mac has a relatively tiny presence in the business world.
Fixed that for you.
What I asked for were examples of exploits, or reasons why this bug were really dangerous.
And a bunch of people already pointed out that this bug gives you write-access to the kernel's memory. That's bad, privilege escalation bad.
Market share, indeed. Remind me that the next time I want a cheap padlock, I should purchase a no-name lock. Since it has no market share, burglars won't try to pick it or break it.
That's funny, because I recall seeing all sorts of instructions on how you can open MasterLock(TM)(R) and (ALL THAT) combination locks. They were so detailed, they would even specify which serial numbers of which models were vulnerable to which cracking techniques. And yet, I never saw any instructions for opening the Wal-Mart special RandomBrand of padlock.
Market share does matter when it comes to investing time and money into exploiting flaws in a product. To say it is the only factor in operating system security is false, but saying it doesn't matter at all is just as wrong.
Thank you greylisting! Say that "it won't work" all you like, but the results speak differently.
I don't think anyone says that greylisting doesn't work because it does. The problem is that it's not a good idea for most email users. There are far too many (poorly configured) mail servers out there that will not attempt a second delivery -- mostly automated systems such as Delta's itinerary mailer, various online retailers, etc. Sure, you could reject their messages out of principle, but that doesn't work in the real world where people expect email delivery to be 100% error-free.
The only "solution" is to maintain a list of senders for which you should allow mail through on the first attempt. The problem with this is that these "broken sender" whitelists are impossible to keep up-to-date which means mail will be lost. Additionally, these lists are posted publicly everywhere online and if a spammer wants to get through the greylisting all they need do is send mail as if it were from one of these broken senders/domains.
The question is why more spammers don't do this. Yes, spammers are evil, but I didn't think the big ones were that stupid.
Slashdot Mirror
I think you missed the point
It seems it is you that's missing the point.
An SMS code sent to your phone is just a poor-man's RSA "rolling code" security token. The instant you begin to type that code on your keyboard, you've lost the battle again. The running malware can intercept the form submission attempt and then use the code you typed in to do whatever it wants while it delays or just fails your real login request. This isn't a theory, it's a proven fact that's already in use by malware in the wild.
This is exactly what is discussed in the article. Rolling codes (or a cute little SMS message) provide the illusion of security to those operating a compromised terminal. Once again -- if the interface you use to interact with your bank has been compromised, you've failed. End of story.
arent we fkn clever?
No, you're not. Did you miss the part where the malware is running on your computer? If they wanted to, they could simply use your computer to perform the actual transaction, thus your "only one session at a time" doesn't make a difference.
This combined with the description above that details why a 30-second code doesn't help you any (the malware delays/redirects your login and allows the attacker to use the code instead) has just wiped out your fancy 2-factor authentication. Still feeling clever?
http://www.petasavesanimals.com/petaKillsAnimals.cfm
* head explodes *
A little two factor authentication would be nice to see in American banks. Passwords just aren't adequate any more.
And how would an n-factor authentication scheme help when software on your computer is logging keystrokes, mouse gestures, and capturing images of your screen and then sending them near realtime to the bad guys?
If your computer has been compromised in this fashion, you've already lost. For you car enthusiasts, it's like adding additional locks to the car doors -- it doesn't help if the windows (haha) are already broken.
and to get the damn Live-Mail, you almost have to use IE and jump through a lot of hoops just to get it.
That is completely and blatantly false.
Windows Live Essentials includes all the "extra" programs they previously shipped with Windows (Messenger, Movie Maker, Mail, etc) but now come packaged as a separate download. When you run the installer, it asks which of the programs you want to install (you can install all or one or any mix) and it does it. That's it, you're done.
It's a small 1 MB standalone "web" installer you can download with any browser. Running it means it downloads the real installers and runs them. No hoops to jump through.
Went through that the other day and it was a real PITA as the Live Downloaded wanted to install a whole rash of other crap
That would be all the other components to the Windows Live Essentials package. All you have to do is uncheck the half-dozen or so boxes for things you don't want. Was that really too challenging for you?
What kind of hard core religion do you practice where TP is a vice?
That would be Scientology. True followers are so anal retentive that if you need toilet paper, you're clearly a sinner.
Really though, that's what happens when you change a word right before posting without re-reading the whole thing. Instead of vices I meant to say luxuries.
Riiiight. When the government is bankrupt, it _can't_ payout.
If you really believe that the government will falter to such a degree that it will not be able to honor its FDIC obligations, I suggest you remove your funds from your bank, and put them into food storage, ammunition and firearms, and other dystopian future necessities.
Least in the old days you had _some_ assets to cover your debts, and one just couldn't "print" more pseudo-assets.
If you're talking about the dollar being backed by the gold standard, this is just as big of an illusion of security as current paper currency is. The only reason gold was ever considered valuable in the "old days" was due to its scarcity, and relying on an object's absolute physical availability to determine it's value is flawed in an economy of our size. If we tried to back the GDP of countries like the US, Canada, Russia, Europe, etc., with gold we'd have run out of the metal a long time ago.
The funny thing is that gold has only recently become really valuable as a commodity with the advent of integrated circuits and other electronic components that make use of it. If society really does degenerate to the point some people think it will all the gold in the world won't help you. People will need and want to trade for required things like ammunition, canned food, fuels, etc. After that comes the vices such as cigarettes, alcohol, and toilet paper. Gold is going to be waaay down the list.
If you're really worried about money for the post-apocalyptic society of tomorrow, I'd suggest you start collecting bottle caps.
42.zip contains 4.5PB of data, compressed to 42kb. My university's mailserver marks it as a false positive.
That's not a false positive at all. It's a well known "exploit" called a Zip Bomb. You think it would be a good thing if unsuspecting users unzipped that file onto their system partition or network drive?
selfgz.gz is a gzip file that decompresses to itself. My university's mailserver tries to decompress it forever to scan all the nested files. It marks it as a false positive
You can call this a false positive, but that implies the original file was useful to begin with. As somebody else pointed out, this is just designed to screw with mail servers (in addition to just being a cleverly written file). Most servers stop extracting nested archives at 6-8 levels deep to prevent this from dragging the server down. Rejecting potentially dangerous (to both mail daemons and users) files like this is better than just blocking all compressed files, isn't it?
Besides, if this MS software is lightweight and really good at catching the bad stuff, but every now and then (as in, once every couple months) gets a "false positive", I'd say it's a winner. It's easy to drag a file out of a software quarantine -- lots easier than removing the latest and greatest rootkit.
Imagine a wikipedia discussion page (click 'discussion' at the top of any article for an example) in real time.
To be honest, the thought makes me cringe. It seems like it would be impossible to maintain any kind of threaded conversation with that kind of chaos.
The nice thing about email and instant messaging (IM or IRC style) is that it is stateful. At any one point you have a conversation state that can be referenced and responded to. With the kind of multi-user editing and discussing this seems to suggest, it becomes impossible to reference any state except the current one. Instead of past, present, and future, you only have present.
I've tried editing Google docs with other people at the same time. It's complete unordered chaos (unless you have some other directed medium of communication such as voice chat). I guess I like the idea of trying to combine the various methods of communication into a unified system that works better than any of the sole constituents, but if information overload (as discussed above) was a problem with a system like Exchange, what will it be like with this?
I haven't used Wave, but I'm more interested in seeing what people do with an extensible cross-system information exchange that operates in near realtime. I think the Google demo of an online chess game using Wave is a better example of how this might be really cool than the "normal" use cases.
Actually, anyone other than the staff/dev team having a "launch party" for a movie/game is only slightly less pathetic than someone having a launch party for an OS.
Oh, I don't think that's necessarily true. Lots of people go to midnight showings of a new movie, and that's pretty much as close to a "launch party" you can have with movies. Same thing for video games -- people meet up and purchase their copy of the game at midnight of release day, and this can be (but isn't always) somewhat party-ish.
Traditionally I'd agree with you that launch parties are usually best left for designers to celebrate the completion of a big product. That said, if you are going to have a release party, operating systems seem like they're right down there with word processing and spreadsheet software in terms of exciting.
I have an awful headache, and my eyes and ears are starting to bleed.
To be honest, I didn't even make it half-way through. Being mere seconds away from death by boredom I clicked a Win7 Launch Party related video which looked much more interesting.
It was. Much.
Seriously though, I think part of the problem is my complete lack of ability to understand why anyone would have a launch party for an operating system. Yes, Windows 7 is very nice, but a launch party? Really? A launch party is for things like movies and video games. You get a group together and have fun with some brand new entertainment you all enjoy and looked forward to being released. The excitement at an OS launch party? "Ooh, look! I can get work done on my computer more efficiently now! You guys have to try this!"
what makes the TI calculators better than, say, Pi Cubed (and a few other apps) for the iPhone?
Primarily the fact that it is a calculator and not a phone. The TI-89 has better numeric capabilities, great graphing ability, and a nice display. It can also run for months on a single pair of AA batteries.
That, and it doesn't cost more than $800 a year to operate.
Is it the interface, dedicated keys? RPN?
Yes, yes, and no. I can't imagine trying to use a tiny little touch screen for any serious calculator use.
PulseAudio
Something so easy? With all that time and money, I would expect you to take on an challenge of Olympian difficulty.
Me, I'd offer to fix Slashdot's CSS.
(in before "web design isn't programming")
One thing I'm sad that has not been fixed since Office 97 is the bullet points.
I really have never had trouble with bullet points in Office. Controlling indentation is usually pretty easy, you just TAB or SHIFT+TAB to move the bullet right or left. If you need to insert a new bullet, just put the cursor at the end of the previous bullet and hit ENTER.
Another important thing to know about bullets if you want to use them effectively is that you can left-click on a bullet to select the bullets in that particular list (each set of bullets is a separate "object" in a document). Right-clicking the selection to bring up a context menu gives you a bunch of options, including some nice ones such as changing the indentation en masse, changing the bullet graphics, and, for numbered lists, either continuing or restarting the numbering sequence.
Obviously YMMV based on what you're doing, but I've never come across any obvious or egregious problems with bullets in Word. They seem to behave the way you would expect. Tables are maybe less robust, but even then, if you know what you're doing (a key component to everything I suppose) they also work pretty well (and more flexibly than Excel in many cases).
This isn't to say I don't have have any gripes with Word (~$obar.doc anyone?). Any person who has used a piece of software for any meaningful amount of time will have legitimate gripes. If not they're either a blind fanboy or in marketing.
I would have thought the NY Times would have had better security.
As my sibling points out, this is what happens when you allow an unknown entity to inject arbitrary content into your page.
It actually makes me wonder what the contract for these ad agencies (DoubleClick, etc) looks like. When somebody like the New York Times signs up with them, does the ad company waive all potential liability? For example, if the NYT was sued for distributing malware by somebody who's computer was infected, would the NYT be responsible for the by-proxy content on their site, or would they be able to "pass the buck" to DoubleClick? Personally I tend to think both parties should be held liable.
I realize that "the Internet was built on free content paid for by advertising", but lately it seems like most of these "ad agencies" are little better than spammers.
So can we have our Dodo bird back?
Of course not, and you shouldn't make light of important research like this. The goal of this project is to ensure that our children's children are still able to enjoy the majesty that is the New York City New Year's celebration.
That's right - they've cloned Dick Clark.
When MS invested millions of dollars in Apple, Apple had billions of dollars in the bank. The investment was merely a part of a settlement between Apple and MS that ended the lawsuits Apple had against MS, and for Microsoft's part, they had to buy some Apple stock and promise to keep selling Office for a number of years.
You're mostly correct. When MS invested in Apple, they had a little over a billion dollars in cash available. The bigger problem was that their market share and stock price had been tumbling for years (1997-1998 was a huge low point, the lowest in some 10 years). Apple wasn't in tremendous financial trouble just yet, but they were worried about the direction things were going, and (as Apple should know better than anyone) public perception of a company's performance is just as important as the real numbers.
The $150 million was really a drop in the bucket. What was more important was that they paid Apple that via purchasing stock which they weren't allowed to sell for 3 years. As you said, they also agreed to continue writing and selling Office for the Mac. They agreed to collaborate on Java to ensure interoperability. Best of all was the agreement to make IE the default browser on the Mac! ;)
Basically, it was Microsoft showing faith in the Apple platform that "saved Apple". Yes, they are competitors, but as Steve Jobs said, "We have to let go of the notion that for Apple to win, Microsoft has to lose, and for Microsoft to win, Apple has to lose." Considering Microsoft is a publicly-owned company, their motives were obviously more than just being buddy-buddy with Apple. That's not really the point, however.
This video is pretty neat to watch now (some 12 years later). It's Jobs announcing the new partnership with Microsoft and the reation of the audience (imagine what it would be like now).
Having actually tried this on three windows 7 machines now, it doesn't seem to work on every machine. (Actually, it's yet to work on any here, although I hear tell that it does work on some).
We have a couple Windows 7 Ultimate x64 installs here (the RTM version downloaded from TechNet - not the RC or beta) so I thought I'd see if it worked on them.
As mentioned in another comment, in order to get the script to work as intended, you have to change it so that you "import socket" and define s as "s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)". After doing this I was still unable to get any of the Win7 installs to crash (the connect() call succeeded, but the machine did not crash). These have firewalls off, sharing enabled, etc.
What's more interesting, however, is that I was able to get two different fully patched Vista Enterprise x86 boxes to BSoD using the script. I haven't tried it on our 2008 R2 server just yet. It's kind of busy, um, serving.
Has anyone here actually managed to crash Win7 RTM using this vulnerabilty?
In Canada, if you're running a business, there is a specific field for "accounts receivable that you do not expect to receive." You are not taxed on that income.
Never having filed any taxes more complicated than a 1040 in the US, I don't know if a similar field exists on US tax forms, but I laughed out loud at the thought of certain companies filling that in.
Company name: Microsoft
Accounts receivable you do not expect to receive: $500,000,000,000,000
Reason(s) you do not expect to receive these funds: China, India, Software piracy (based on BSA estimates, +/- 1 US GDP)
and
Company name: Warner Bros. Pictures
Accounts receivable you do not expect to receive: $+INFINITY
Reason(s) you do not expect to receive these funds: THE INTERNET PIRATES ARE TURNING ALL OUR GREAT RELEASES INTO BOX OFFICE BOMBS!!
Seriously however, the Canadian tax on blank CD media has always completely confounded me. I just can't understand how such an asinine and baseless law not only managed to get passed, but has been on the books for more than 12 years!. The US certainly isn't always a shining example of sane laws, but I tend to hope we wouldn't stand for such a tax down here. I mean, if we had wanted to put the MAFIAA's board of directors in Congress, we would have just voted them in directly.
Every major browser except IE supports SVG out of the box.
That's an incredibly disingenuous statement. If you want to be accurate, you should say that "Every major browser except IE supports various subsets of SVG out of the box."
Looking at the SVG browser support page, there is no major browser fully supports SVG -- they all only support parts of it. Even the partially supported features are not common across browsers.
SVG hasn't really materialized because it is not a fully supported standard feature in any major browser. However, like any feature, one reason it's not supported is that there just isn't that much demand for it (which I realize is a cyclic argument). 98% of websites can make do just fine using XML+HTML/CSS and Javascript. Pages that need additional functionality that could be supplied by SVG prefer to just use Flash as it is nearly ubiquitously supported and there are a myriad of developers available. The same cannot be said for SVG.
I hear the internet wants a pony.
The Internet is 40, not 4. It's not a pony it wants, but a Mustang.
It also wants you off its lawn.
Someone has. Check out Privoxy.
It's also great for filtering a bunch of computers (like an entire network) at once without needing to update rules on each of them.
People will just be playing on private battle.net servers
PvPGN is awesome -- I run a server at my school for a bunch of friends -- but to think that it will work with the new Battle.net that Blizzard is rolling out is absurd. At the very best it will probably be a year before they have a workable product (and if even then). Also, you have to consider that Blizzard knows very well about projects like it and will intentionally design the system to prevent private servers from being used.
After seeing what Blizzard did to bnetd and their new-found hatred for LAN play, I'd be willing to bet that cryptography will play a big part in the new Battle.net service. More than likely, anyone that wants to run a private server will have to do some serious work on the game client to get it to connect to non-Blizzard servers (as opposed to now where you just give the game your private server's IP address). The current Battle.net is a complete joke in terms of security making it easy to reverse engineer and re-implement. YCBYA that Blizzard won't make that mistake again.
Mac has a relatively tiny presence in the business world.
Fixed that for you.
What I asked for were examples of exploits, or reasons why this bug were really dangerous.
And a bunch of people already pointed out that this bug gives you write-access to the kernel's memory. That's bad, privilege escalation bad.
Market share, indeed. Remind me that the next time I want a cheap padlock, I should purchase a no-name lock. Since it has no market share, burglars won't try to pick it or break it.
That's funny, because I recall seeing all sorts of instructions on how you can open MasterLock(TM)(R) and (ALL THAT) combination locks. They were so detailed, they would even specify which serial numbers of which models were vulnerable to which cracking techniques. And yet, I never saw any instructions for opening the Wal-Mart special RandomBrand of padlock.
Market share does matter when it comes to investing time and money into exploiting flaws in a product. To say it is the only factor in operating system security is false, but saying it doesn't matter at all is just as wrong.
Thank you greylisting! Say that "it won't work" all you like, but the results speak differently.
I don't think anyone says that greylisting doesn't work because it does. The problem is that it's not a good idea for most email users. There are far too many (poorly configured) mail servers out there that will not attempt a second delivery -- mostly automated systems such as Delta's itinerary mailer, various online retailers, etc. Sure, you could reject their messages out of principle, but that doesn't work in the real world where people expect email delivery to be 100% error-free.
The only "solution" is to maintain a list of senders for which you should allow mail through on the first attempt. The problem with this is that these "broken sender" whitelists are impossible to keep up-to-date which means mail will be lost. Additionally, these lists are posted publicly everywhere online and if a spammer wants to get through the greylisting all they need do is send mail as if it were from one of these broken senders/domains.
The question is why more spammers don't do this. Yes, spammers are evil, but I didn't think the big ones were that stupid.