I call BS. At the very least they could bring a hell of a lot of the ship above the waterline, which they haven't done. You could fit a bloody kernel inside that blob. All of that is potential attack vector. Opening whatever parts are openable should be a no-brainer unless there's something else going on in there.
And it ain't DRM - how much DRM-workaroundery is done in collusion with your videocard?
We've all seen enough crappy investigative work to know that it's best not to speculate wildly and say things we'll all regret later and wait and see what unfolds. So for once, let's do that.
I remember back at Defcon 9, a blue haired guy named 0ptyx was presenting something he called "Kernel Intrustion System" (KIS). It was a ridiculously cool rootkit.
During his talk he mentioned a topic that hasn't really been jumped all over by a lot of people since then: signing kernel modules. If nothing else illustrates that it's a good idea, I hope this does.
Conceded, though I would hasten to point out that skill, talent, and a deep level of understanding are not necessarily requirements for defeating obfuscation.
"I don't know how GuyIDontLike did something, therefore he must have cheated."
Some developpers are extremely slow to realize that things which seem nigh impossible to them are in fact, run-of-the-mill easy for talented hackers, crackers, upper-teir skr1pt k1dd13s, and others. Code obfuscation is not by any means adequate protection.
Neither is sticking anti-debugger crap in your code, for that matter.
Scheme syntax, while uncomplicated, is a brain-melting mess.
Anyhow, BASIC was not the language I had in mind when I said "relevant." There are other languages out there that are at least as featureful as scheme - and more coherent of specification - that are more interesting from an engineering perspective. If you want a formal theoretical computer science background, I can understand the reason to make use of the lambda languages, but as most people learning a language couldn't give a rats ass, scheme would be the last language I teach someone.
As far as MIT and top universities starting off with scheme, perhaps you haven't considered that the original creators and proponents of scheme might still be around and somewhat biased as to their creation? Emulation drives Berkeley and other schools to adopt similar curricula, but that doesn't mean there's a coherent reason why scheme is chosen over other languages.
You are a sick, sick person. There are a lot of languages which are far easier these days and actually have relevance. Why in the world would you point someone at Scheme as a first language - given that it is a language they may have at most 3 or 4 opporunities to use later in life?
Of course, even the potential threat of termination and suspension of health benefits is more than enough to scare the living hell out of people. This stuff really does need to be spelled out in unambiguous terms in employee handbooks.
I'm not saying I support every random person bringing an animal into the work-place, but I don't think a service dog is an unreasonable exception, whether it is paired with a person who has a condition justifying its presence or a if it is being actively trained as a service dog and behaves in an acceptible manner while wearing the harness.
It's not like these dogs are running around and depositing fur everywhere, they really do pretty much just sit there while the harness is on.
Someone I know has a service dog and her employer is not allowing the dog at work, despite the fact that it is, as best I can tell, properly trained and unresponsive while wearing it's harness, sitting or lying down until it's needed or needs to go outside to do its business. Even people with a good reason to bring an animal into the work, some employers are being unreasonable on this subject.
Don't take that the wrong way - I am a firm believer in the idea that sitting in awkward, unnatural positions can cause some nasty problems, but honeslty I don't think a webcam can collect enough information to make an informed decision about whether or not you are sitting 'safely.'
If you want to prevent damage, take a rest break every 15 minutes or so to stretch out your arms, wrists, and back, don't type on a laptop keyboard, don't rest your hands on your keyboard, and above all, relax and vary your how you sit now and again. Stick a leg up on that desk. Pull the 'Thinker' pose. Lean back absurdly. Sit on your armrest. Perfect that slouch. Exercise may help, from what I've heard.
Not only will you surprise your coworkers, you'll find that you really don't like sitting in the same damned 'good posture' pose all the time. Sometimes, it's just bloody uncomfortable.
Disclaimer: have had RSI symptoms before. Got me a buckler-spring keyboard and an interesting chair to sit in and never looked back.
You honestly can't even tell what parts you're getting these days. Your videocard could be using crappy RAM, you don't know the CAS timings on your memory, your motherboard probably isn't all that solid.
In the end, you're buying a dell nowadays.
Just buy your parts separately and assemble yourself. Much more satisfying that way, anyhow.
Pakistan would probably resent your remark. That country doesn't get nearly enough credit when it comes to the mechanics of their justice system or the education of its populace. I can't speak to Burma, but the same might hold true there.
You know, Forbes put out an article about a year ago saying Seattle was the most overpriced city in the USA. As I had just started working when this article came out, I was mildly concerned about that statement.
Turns out Forbes is a rag. Seattle is cheaper than any other city I have ever lived in. Rent is cheaper. Wages are about the same. Gas is just as bad here as anywhere. Fruit is decent quality and only slightly worse than california prices. There's no state income tax.
Considering the rather 'innovative' reporting they've done on the SCO v. IBM matter as well, I really do wonder if there's a substantial difference in quality between New Scientist and Forbes.
I'm not saying THIS article is crap, but quality of life and cost of living can be very different matters and are not easy things to sum up. I'd advise that nobody use an article like this to make a life-altering decision.
Microsoft should be the one contacting the main antivirus companies around to make sure that their products work without problems with the new version of Windows as soon as it hits the stores.
[snip] Q. Patch protection prevents my application or driver from running. What are my options? A. Modify your application or driver to use only Microsoft-documented interfaces. If the functionality you want to enable is not supported with Microsoft-documented interfaces, then you cannot safely enable that functionality. There is no mechanism to selectively disable patch protection or "special-case" a given application to work around patch protection. If an application or driver patches the kernel, it generates a bug check and shuts down the system. Note that patch protection in the operating system might be extended in future releases or service packs, so using any undocumented mechanisms in your application or driver (even if they seem to work on released versions of Windows that support patch protection) might result in further incompatibilities in the future.
If your application or driver must perform a task that you believe cannot be accomplished without patching the kernel, contact Microsoft Customer Support Services or your Microsoft representative for help in finding a documented alternative.
If no documented alternative exists for the functionality that you want to implement, then the functionality will not be supported on any Windows operating system that includes patch protection support. [/snip]
I wonder what percent of the BSOD minidumps that come back to Microsoft are caused by somebody patching something they didn't understand or because some internal API changed?
'futurist' and 'technologist' are dirty words. They spout 100% speculation and are generally equally far off. If you keep encouraging them by giving them airtime, they will never learn the value of actual research and contribute anything to society.
I'm sick of the ever-growing number of people who 'invented the internet' or 'predicted such and such' or 'is an expert on X'. I strongly discourage anyone from reading their trashy ghost-written novels as a message to publishers not to pollute the pseudo-intellectual landscape with pseudo-intellectual crap. Hard science, hard results, hard predictions for problems that are occurring in more immediate than 500 year future.
We all know traffic shaping is going on - and that's fine and dandy so long as it's mild in degree and hard to show, and as long as it's being done to preserve quality of service.
The issue is that some jerk ISP's want people to pay them money for preferential shaping, which is basically blackmail, in my eyes.
I see this as a women's rights issue, in addition to the obvious 'they looked at our DNA!' complaint.
No employer is ever going to just take a single hair or a few skin scrapings. They're going to want blood, and more than just a finger prick. If they do that before getting back to you with a decision, they could be screening for, say... PREGNANCY. SSRI's. Who knows what.
Even if the system were perfect it would give employers a blank check to perform unwelcome and illegal tests on job applicants. And that just ain't cool.
Slashdot Mirror
I call BS. At the very least they could bring a hell of a lot of the ship above the waterline, which they haven't done.
You could fit a bloody kernel inside that blob. All of that is potential attack vector. Opening whatever parts are openable should be a no-brainer unless there's something else going on in there.
And it ain't DRM - how much DRM-workaroundery is done in collusion with your videocard?
We've all seen enough crappy investigative work to know that it's best not to speculate wildly and say things we'll all regret later and wait and see what unfolds. So for once, let's do that.
You'd be supplying the key or passphrase for the signature, ideally.
The point is to make it hard to insert an untrusted module into the kernel without building a new one.
Really? '*'? You're quite sure about that?
I remember back at Defcon 9, a blue haired guy named 0ptyx was presenting something he called "Kernel Intrustion System" (KIS). It was a ridiculously cool rootkit.
During his talk he mentioned a topic that hasn't really been jumped all over by a lot of people since then: signing kernel modules. If nothing else illustrates that
it's a good idea, I hope this does.
As best I know, the service + filter driver + scanning UI model is still valid. Do you know something I don't?
Conceded, though I would hasten to point out that skill, talent, and a deep level of understanding are not necessarily requirements for defeating obfuscation.
"Give me a lever long enough..."
"I don't know how GuyIDontLike did something, therefore he must have cheated."
Some developpers are extremely slow to realize that things which seem nigh impossible to them are in fact, run-of-the-mill easy for talented hackers, crackers, upper-teir skr1pt k1dd13s, and others. Code obfuscation is not by any means adequate protection.
Neither is sticking anti-debugger crap in your code, for that matter.
I was correcting the man on his Latin.
He obviously knows what a pun is - his comment had the form and context of a very well crafted one; he just can't tell his right from his left.
Don't you mean dexter?
Scheme syntax, while uncomplicated, is a brain-melting mess.
Anyhow, BASIC was not the language I had in mind when I said "relevant." There are other languages out there that are at least as featureful as scheme - and more coherent of specification - that are more interesting from an engineering perspective. If you want a formal theoretical computer science background, I can understand the reason to make use of the lambda languages, but as most people learning a language couldn't give a rats ass, scheme would be the last language I teach someone.
As far as MIT and top universities starting off with scheme, perhaps you haven't considered that the original creators and proponents of scheme might still be around and somewhat biased as to their creation? Emulation drives Berkeley and other schools to adopt similar curricula, but that doesn't mean there's a coherent reason why scheme is chosen over other languages.
You are a sick, sick person. There are a lot of languages which are far easier these days and actually have relevance. Why in the world would you point someone at Scheme as a first language - given that it is a language they may have at most 3 or 4 opporunities to use later in life?
Of course, even the potential threat of termination and suspension of health benefits is more than enough to scare the living hell out of people. This stuff really does need to be spelled out in unambiguous terms in employee handbooks.
I'm not saying I support every random person bringing an animal into the work-place, but I don't think a service dog is an unreasonable exception, whether it is paired with a person who has a condition justifying its presence or a if it is being actively trained as a service dog and behaves in an acceptible manner while wearing the harness.
It's not like these dogs are running around and depositing fur everywhere, they really do pretty much just sit there while the harness is on.
Someone I know has a service dog and her employer is not allowing the dog at work, despite the fact that it is, as best I can tell, properly trained and unresponsive while wearing it's harness, sitting or lying down until it's needed or needs to go outside to do its business. Even people with a good reason to bring an animal into the work, some employers are being unreasonable on this subject.
Don't take that the wrong way - I am a firm believer in the idea that sitting in awkward, unnatural positions can cause some nasty problems, but honeslty I don't think a webcam can collect enough information to make an informed decision about whether or not you are sitting 'safely.'
If you want to prevent damage, take a rest break every 15 minutes or so to stretch out your arms, wrists, and back, don't type on a laptop keyboard, don't rest your hands on your keyboard, and above all, relax and vary your how you sit now and again. Stick a leg up on that desk. Pull the 'Thinker' pose. Lean back absurdly. Sit on your armrest. Perfect that slouch. Exercise may help, from what I've heard.
Not only will you surprise your coworkers, you'll find that you really don't like sitting in the same damned 'good posture' pose all the time. Sometimes, it's just bloody uncomfortable.
Disclaimer: have had RSI symptoms before. Got me a buckler-spring keyboard and an interesting chair to sit in and never looked back.
You honestly can't even tell what parts you're getting these days. Your videocard could be using crappy RAM, you don't know the CAS timings on your memory, your motherboard probably isn't all that solid.
In the end, you're buying a dell nowadays.
Just buy your parts separately and assemble yourself. Much more satisfying that way, anyhow.
Pakistan would probably resent your remark. That country doesn't get nearly enough credit when it comes to the mechanics of their justice system or the education of its populace. I can't speak to Burma, but the same might hold true there.
You know, Forbes put out an article about a year ago saying Seattle was the most overpriced city in the USA. As I had just started working when this article came out, I was mildly concerned about that statement.
Turns out Forbes is a rag. Seattle is cheaper than any other city I have ever lived in. Rent is cheaper. Wages are about the same. Gas is just as bad here as anywhere. Fruit is decent quality and only slightly worse than california prices. There's no state income tax.
Considering the rather 'innovative' reporting they've done on the SCO v. IBM matter as well, I really do wonder if there's a substantial difference in quality between New Scientist and Forbes.
I'm not saying THIS article is crap, but quality of life and cost of living can be very different matters and are not easy things to sum up. I'd advise that nobody use an article like this to make a life-altering decision.
Microsoft should be the one contacting the main antivirus companies around to make sure that their products work without problems with the new version of Windows as soon as it hits the stores.
p atch_FAQ.mspx
http://www.microsoft.com/whdc/driver/kernel/64bit
From the FAQ:
[snip]
Q. Patch protection prevents my application or driver from running. What are my options?
A. Modify your application or driver to use only Microsoft-documented interfaces. If the functionality you want to enable is not supported with Microsoft-documented interfaces, then you cannot safely enable that functionality. There is no mechanism to selectively disable patch protection or "special-case" a given application to work around patch protection. If an application or driver patches the kernel, it generates a bug check and shuts down the system. Note that patch protection in the operating system might be extended in future releases or service packs, so using any undocumented mechanisms in your application or driver (even if they seem to work on released versions of Windows that support patch protection) might result in further incompatibilities in the future.
If your application or driver must perform a task that you believe cannot be accomplished without patching the kernel, contact Microsoft Customer Support Services or your Microsoft representative for help in finding a documented alternative.
If no documented alternative exists for the functionality that you want to implement, then the functionality will not be supported on any Windows operating system that includes patch protection support.
[/snip]
I wonder what percent of the BSOD minidumps that come back to Microsoft are caused by somebody patching something they didn't understand or because some internal API changed?
You can do your antivirus activites just fine using supported methods and interfaces, and it doesn't require patching kernel code.
Filesystem filter driver. Possibly some other filter drivers. Cleaning service. Low-privilege interface. That's all you need.
'futurist' and 'technologist' are dirty words. They spout 100% speculation and are generally equally far off. If you keep encouraging them by giving them airtime, they will never learn the value of actual research and contribute anything to society.
I'm sick of the ever-growing number of people who 'invented the internet' or 'predicted such and such' or 'is an expert on X'. I strongly discourage anyone from reading their trashy ghost-written novels as a message to publishers not to pollute the pseudo-intellectual landscape with pseudo-intellectual crap. Hard science, hard results, hard predictions for problems that are occurring in more immediate than 500 year future.
The issue isn't the pipes.
It's the money.
We all know traffic shaping is going on - and that's fine and dandy so long as it's mild in degree and hard to show, and as long as it's being done to preserve quality of service.
The issue is that some jerk ISP's want people to pay them money for preferential shaping, which is basically blackmail, in my eyes.
Now they can all go to jail for downloading the game through it's normal distribution method.
I see this as a women's rights issue, in addition to the obvious 'they looked at our DNA!' complaint.
No employer is ever going to just take a single hair or a few skin scrapings. They're going to want blood, and more than just a finger prick. If they do that before getting back to you with a decision, they could be screening for, say... PREGNANCY. SSRI's. Who knows what.
Even if the system were perfect it would give employers a blank check to perform unwelcome and illegal tests on job applicants. And that just ain't cool.