Can I not telnet to facebook.com on port 80 and make a request by hand? Sorry, but their copyright ends after they distribute a URI over HTTP. What I do with the response is my prerogative. My browser does anything it wants to with your data... even if I'm not using a browser to connect to tcp/80 at the time.
We have had a request out for a Security Researcher with a clearance for over a year now. Not a single candidate with a military background has come through yet with the right skillset for exploitation development. The Military is only cranking out operations people, which aren't really that hard to come by.
I've seen the NSA recruiting at Defcon and making it a point to say that you would still be accepted even if you had drug convictions. Playing to the crowd for sure:P
About 20% of the best people I know employed as Security Researchers did not even graduate high school, including myself. I see this trending downward as more and more schools now have something of a security curriculum, but its still very much an industry of self-motivated voodoo programming. Universities have always been decent at training operational security people (configuring/monitoring security appliances and policy issues), but I've yet to hear of a school with a good program on vulnerability discovery, exploitation, and reverse engineering code. For me, at least, its much more of a mindset thing more than a skillset thing, which is a lot harder to teach.
I'm not so keen on my IDE being reliant on all those static code analysis tools to determine your code's structure. For the most part they find all your methods just fine, but so many times they fall short, especially when you are not using Java.
This is a great site with a good bit of introductory information. I implemented their LED flasher tutorials when I was playing with my Xylinx Spartan board. fpga4fun.com
go to the movie theater. The Alamo Drafthouse Cinema in Austin has been showing the debates. There really is no better way to watch them than to have a burger and knock back pitcher of beer.
This is neat, but it seems like a whole lot of hyperbole. What this is a chosen plaintext attack with a very small domain to choose from.
The attack requires an encrypted bitmap, and another encrypted bitmap of the exact same size and color palette.
The two ciphertexts must be saved and extracted from the exact starting block number on the disk (because the block number seeds the cipher)
This attack will only effect uncompressed images, because compression increases the entropy so that pixel information will be entirely different as the colors change.
Finding a pair of encrypted twin images like this is nearly impossible. How can they even tell where an image starts on disk when the filesystem itself is encrypted? Not to mention the very strict (and unlikely) requirements on the images themselves. The odds of actually being able to exploit this on a live system are very low IMHO.
The online model is a great thing for them. I'm a huge fan of Metallica's earlier work, and will certainly check out any new stuff they ever put out.
I pirated their last album to preview it (Well, probably all of them at some point).,, However, their last album is still the only one of which that I do not have a legitimate copy.
So, what makes the "pay what you want" model great?
By all estimates the new album will suck
Everyone gets a free preview
Everyone pays what they think the album is worth (likely $0)
Metallica stops releasing garbage for quick cash and becomes great again?
Odds of winning jackpot == 1 / 175711536
Odds of not winning jackpot == 175711535 / 175711536
Odds of not winning jackpot any number of times in a row = (175711535 / 175711536) ^ N
Amount of times you enter in a row before your odds become 50/50 (overall)
(175711535 / 175711536) ^ N = 0.50
log(175711535 / 175711536,.50) = N
ln(.50) / ln(175711535 / 175711536) = N
N = 121793955.42368374 ~ 121793956
Assuming one were to play twice a week, the lottery is only a good bet if you played (lived) for 1171095 YEARS. "...but theres still a chance" -- HAH!
Finally Linux being embraced. Microsoft is going to let us have our cake and eat it too! Then maybe they'll even provide thier own extended version after the Mono version is stable. Then we can scurry about trying to fix everything before we are extinguished
Re:Wikipedia article on the number is down too.
on
Censoring a Number
·
· Score: 1
Would you send me scalar(Adobe Photoshop) minus scalar(MS Office)? I have Office already and I need a copy of Photoshop, but I don't want to have to pirate it.
BreakingPoint Systems makes network test hardware that can go way beyond 1 Gbps simulations. You can also capture and recreate traffic at high speeds to better simulate a specific users load.
The parent is right, Hummingbird 's Exceed is definitely what you want. CygwinX is a joke IMHO for professional work, it crashes endlessly and the performance is horrible. Exceed has got good performance (even though it is Java, hehe), and a very thorough implementation of the X11 standard. It even has the GL extensions! It's expensive, but probably easier to requisition than a non-windows desktop.
For the whole package, you can kill explorer.exe in Windows, and set Exceed up to route "root mouse actions to X" and you can even fire up your favorite window manager. I used to run Fluxbox full screen over SSH from our development server all the time. So, in a way, I just made the dev server my Unix workstation.
Keep in mind that people in large companies would usually rather do things by the book than cater to the exception. Unless you are buddies with the CTO, it's not likely you're going to convince anyone to brush aside any long-standing policies.
As a GNU/Linux user, even though I refuse to run KDE, I have had the best luck with Amarok. My archive (only about 150 GB) is nearly entirely rips of my albums. It has just about the best interface I have seen for dealing with a large (and sorted) archive. The features I like most are album cover manager, last.fm integration, ipod-style (artist->album->track) menus, the wikipedia info and lyrics based on context, and the random-album play mode.
There is a gnome equivalent but it is not quite as stable. I can't speak for the MacOSX crowd, but when in Win32 (rare these days) I reluctantly choose to use Winamp.
Some tips from my experience:
Be an ID3 tag-nazi - No player can compensate for 750 GB of badly named media. MP3Tag is your friend for batch editing ID3 tags.
Sort all your files using a resonable naming system. I use '/path/to/archive/%Artist%/[%Year] %Album%/%02Track% - %Title%.%Ext%'. This comes in real handy for writing scripts to deal with an archive to large to manage by hand.
Basically it says that putting the holes in a fractal pattern give much better results than holes in more 'normal' pattern. The rest is Calculus explaining how they can generate patterns that are really good at transmitting a certain frequency.
Sounds really interesting. I wonder if any of this applies to antenna design at average RF.
As a Security Researcher, I read and write assembly all the time while analyzing vulnerabilities and writing/reading exploits. In some cases (relative jumps especially, 0xEB + ptr32) I even write raw machine code into memory.
Also for the embedded world: there are a _lot_ of broken compilers for not-so-common architectures. If you're ever stuck using one of these, you can bet you'll end up stepping through disassembly in a debugger at some point. Be sure to submit bug reports when you do find problems, most of those compilers are produced by small shops and listen closely to feedback. It can even get you free development boards;)
You've got a good point there. Disclaimer: IANAL. If I were Linus I would sue. It is not exactly positive towards his namesake. Sure, it would give Microsoft a lot of free press and show them as being "serious" about retaking what Linux has built, but at the same time the FOSS movement could use an easy legal win. Most people think that the 'Linux' name is as free as the code. It seems to me that bringing a battle like this to the public front would help a lot of new potential users/developers/testers to realize that the industry surrounding Linux is as legitimate as any other -- that 'Linux' has its legal groundwork in order.
The problem though is that OpenID is currently just a framework. There is no way to prevent people from making 100 accounts, which is still the problem. Once we have a way of making sure each person only has one account, even if we don't know who that person is and can't identify them in any way, then and only then will social software be able to break through this quality barrier that it is currently capped it.
Actually, I think the ability to make many disconnected accounts would be a great feature for maintaining the end-user's security. I'm already peeved at about the need for all sorts of my data to be sitting around in hundreds of online applications... The last thing I want to see is some sort of "global foreign key" linking all that data together.
In Tokyo, I spend about 1000-1500 yen on lunch every day. Given this new exchange rate, that means my lunch today will cost between $216.66 and $324.99 USD! Of course, now I'll be rich when I go back home to the states:)
Slashdot Mirror
Pretty please?
Can I not telnet to facebook.com on port 80 and make a request by hand? Sorry, but their copyright ends after they distribute a URI over HTTP. What I do with the response is my prerogative. My browser does anything it wants to with your data... even if I'm not using a browser to connect to tcp/80 at the time.
We have had a request out for a Security Researcher with a clearance for over a year now. Not a single candidate with a military background has come through yet with the right skillset for exploitation development. The Military is only cranking out operations people, which aren't really that hard to come by.
I've seen the NSA recruiting at Defcon and making it a point to say that you would still be accepted even if you had drug convictions. Playing to the crowd for sure :P
About 20% of the best people I know employed as Security Researchers did not even graduate high school, including myself. I see this trending downward as more and more schools now have something of a security curriculum, but its still very much an industry of self-motivated voodoo programming. Universities have always been decent at training operational security people (configuring/monitoring security appliances and policy issues), but I've yet to hear of a school with a good program on vulnerability discovery, exploitation, and reverse engineering code. For me, at least, its much more of a mindset thing more than a skillset thing, which is a lot harder to teach.
I'm not so keen on my IDE being reliant on all those static code analysis tools to determine your code's structure. For the most part they find all your methods just fine, but so many times they fall short, especially when you are not using Java.
This is a great site with a good bit of introductory information. I implemented their LED flasher tutorials when I was playing with my Xylinx Spartan board. fpga4fun.com
"New startup makes it easier and standard practice to legitimize the practice of patent trolling."
Just fix the damn system already!
go to the movie theater. The Alamo Drafthouse Cinema in Austin has been showing the debates. There really is no better way to watch them than to have a burger and knock back pitcher of beer.
This attack will only effect uncompressed images, because compression increases the entropy so that pixel information will be entirely different as the colors change.
Finding a pair of encrypted twin images like this is nearly impossible. How can they even tell where an image starts on disk when the filesystem itself is encrypted? Not to mention the very strict (and unlikely) requirements on the images themselves. The odds of actually being able to exploit this on a live system are very low IMHO.
I pirated their last album to preview it (Well, probably all of them at some point).,, However, their last album is still the only one of which that I do not have a legitimate copy.
So, what makes the "pay what you want" model great?
Odds of winning jackpot == 1 / 175711536
Odds of not winning jackpot == 175711535 / 175711536
Odds of not winning jackpot any number of times in a row = (175711535 / 175711536) ^ N
Amount of times you enter in a row before your odds become 50/50 (overall)
(175711535 / 175711536) ^ N = 0.50
log(175711535 / 175711536,.50) = N
ln(.50) / ln(175711535 / 175711536) = N
N = 121793955.42368374 ~ 121793956
Assuming one were to play twice a week, the lottery is only a good bet if you played (lived) for 1171095 YEARS. "...but theres still a chance" -- HAH!
Finally Linux being embraced . Microsoft is going to let us have our cake and eat it too! Then maybe they'll even provide thier own extended version after the Mono version is stable. Then we can scurry about trying to fix everything before we are extinguished
Would you send me scalar(Adobe Photoshop) minus scalar(MS Office)? I have Office already and I need a copy of Photoshop, but I don't want to have to pirate it.
BreakingPoint Systems makes network test hardware that can go way beyond 1 Gbps simulations. You can also capture and recreate traffic at high speeds to better simulate a specific users load.
The parent is right, Hummingbird 's Exceed is definitely what you want. CygwinX is a joke IMHO for professional work, it crashes endlessly and the performance is horrible. Exceed has got good performance (even though it is Java, hehe), and a very thorough implementation of the X11 standard. It even has the GL extensions! It's expensive, but probably easier to requisition than a non-windows desktop.
For the whole package, you can kill explorer.exe in Windows, and set Exceed up to route "root mouse actions to X" and you can even fire up your favorite window manager. I used to run Fluxbox full screen over SSH from our development server all the time. So, in a way, I just made the dev server my Unix workstation.
Keep in mind that people in large companies would usually rather do things by the book than cater to the exception. Unless you are buddies with the CTO, it's not likely you're going to convince anyone to brush aside any long-standing policies.
There is a gnome equivalent but it is not quite as stable. I can't speak for the MacOSX crowd, but when in Win32 (rare these days) I reluctantly choose to use Winamp.
Some tips from my experience:
Basically it says that putting the holes in a fractal pattern give much better results than holes in more 'normal' pattern. The rest is Calculus explaining how they can generate patterns that are really good at transmitting a certain frequency.
Sounds really interesting. I wonder if any of this applies to antenna design at average RF.
- Computer Security
- Shitty compilers
As a Security Researcher, I read and write assembly all the time while analyzing vulnerabilities and writing/reading exploits. In some cases (relative jumps especially, 0xEB + ptr32) I even write raw machine code into memory.Also for the embedded world: there are a _lot_ of broken compilers for not-so-common architectures. If you're ever stuck using one of these, you can bet you'll end up stepping through disassembly in a debugger at some point. Be sure to submit bug reports when you do find problems, most of those compilers are produced by small shops and listen closely to feedback. It can even get you free development boards
Oh golden irony... The domain is registered to a gmail user :)
Where's persona #6? "I'll write propaganda for anyone given $$, but secretly I'll use products that actually have value"
You've got a good point there. Disclaimer: IANAL. If I were Linus I would sue. It is not exactly positive towards his namesake. Sure, it would give Microsoft a lot of free press and show them as being "serious" about retaking what Linux has built, but at the same time the FOSS movement could use an easy legal win. Most people think that the 'Linux' name is as free as the code. It seems to me that bringing a battle like this to the public front would help a lot of new potential users/developers/testers to realize that the industry surrounding Linux is as legitimate as any other -- that 'Linux' has its legal groundwork in order.
Someone needs to immediately train this to catch /. dupes and/or run Linux.
"6 million yen ($US 1.3 Million)"
:)
In Tokyo, I spend about 1000-1500 yen on lunch every day. Given this new exchange rate, that means my lunch today will cost between $216.66 and $324.99 USD! Of course, now I'll be rich when I go back home to the states
I feel the need to side with Microsoft on something!