From what I recall, Winamp 2.x has multiple serious security vulnerabilities (remote code execution through music files, mostly). The only version that's still maintained is the much more bloated Winamp 5.
From the comments in TFA: "So is it now possible to seek in flac-files?" "This depends on the phonon backend you use, it works with the vlc backend."
Of course, unlike the old 1.x Amarok backends, changing the Phonon backend is a system-wide setting with the potential to break other stuff (not to mention cause licensing headaches - VLC is under the GPL v2 and some Phonon-using apps may be under GPL incompatible licenses).
If you look at the instructions on how to record a new "voice" for speech synthesis software like Festival, one of the warnings is actually that it may render voice-based biometric security insecure for the person whose voice is being sampled. IIRC there's currently research on synthesizing voices from segments of natural speech. I can't imagine voice working out any better than any other form of biometrics.
So the non-frivolous claim on which Apple actually prevailed was essentially a regex to find things that look like phone numbers in unstructured text documents, which then link to a dialer app?
It's slightly more complicated than that IIRC, but pretty much.
As far as I know, the only Linux netbooks that saw a high return rate were MSI ones which didn't have working drivers installed for a lot of the hardware that they shipped with and were advertised as having.
Chrome defaults to automatically downloading them to your Downloads directory and just leaving them there. I hear that Safari does the same thing; it's a bit obnoxious from a security point of view.
Not quite. The browser plugin is being disabled immediately and at some point in the future they'll also be pushing out dummy packages to remove the Sun JDK from user's machines altogether. See the mailing list post.
You're not the only one. Chromium pretty much always uses more memory than Firefox in my experience - it's just harder to tell because Chromium splits its memory usage between a whole bunch of processes and there's no easy way to get a summary.
Because Chrome actually allows you to view PDFs within the browser rather than insisting on downloading them to disk and making you mess around to manually open them with an external app?
Chromium is decidedly inferior to Chrome, unfortunately. In particular it lacks Chrome's (proprietary) integrated PDF reader and is from what I can tell entirely incapable of launching an external one; you have to download PDFs and manually open them in an external reader. This is unbelievably annoying if you encounter as many PDFs as I do.
(Oh, and I'm hearing that the new NaCl native code stuff they're pushing both relies on non-open-source code and is so closely tied to Google Chrome and the particular implementation that it's probably impossible to implement elsewhere.)
Have you had any security vulnerabilities in Net-SNMP? What proportion of vendor hardware and software shipping with it in actually received patches for them and how easy was it for users of the rest of the hardware to build their own patched version, while being sure that it wouldn't unexpectedly remove vendor-specific features? That's one of the things the GPL is designed to prevent.
From what I recall, the same thing happened with the Macsyma symbolic algebra package, and in fact that was probably part of the inspiration for creating the GPL in the first place.
Most of CIA is comprised of analysts, communications and support staff, and researchers/scientists.
AKA liars, thieves and criminals. By all accounts, the CIA's analysts have a habit of either telling politicians what they want to hear or what the CIA wants them to hear, and even when they're not intentionally lying they tend to get a lot of important things badly wrong.
There are definitely women out there that were offered exactly that choice and chose prostitution though. Apparently the hours and pay are better and you have the ability to reject assholish customers.
Without SOPA-style BS, you're free to put your funny cat videos up on your own server, and Google can't take them down.
Until UMG start pressuring hosting and bandwidth providers to sign similar contracts anyway. Pretty much the entire Internet infrastructure is privately owned by companies whose interests aren't aligned with yours.
On the other hand, a whole bunch of data that could really have used encryption instead got send across the net in the clear because it wasn't worth the cost of a certificate and I've no doubt that some of that could've been used for fraud...
Then people wanted certs cheap and now, not something high levels of integrity checking really allow for
For a lot of applications that's all that's really needed. In fact, for many of them even just SSH-style remembering of the last certificate seen would provide enough security - but unfortunately web browsers don't support that, so if you've got a website with anything you don't want transmitted over the internet in the clear then you need a certificate from a CA.
Yah, how *dare* they not let you take their property (a domain name they pay for) and use it for free?!?
It seems scummy because they managed to lure a whole bunch of people in by offering service for free and then changing the rules, using the fact that users can't move their subdomains to anywhere else to force them to pay for an overpriced service. It's not actually terribly hard to run your own dynamic DNS, it's just that there wasn't any reason to and it didn't work as well because most consumer routers only supported DynDNS.
What's really disturbing is the sense of entitlement on the internet
Not really. DynDNS was a good-enough free option for so long that a lot of home routers don't support sending IP update to anything else. There are alternatives out there and ways of running your own, but that doesn't matter because due to DynDNS providing a free service most people are locked in to using them even if they now have to pay. Their free service harmed competition and now they're reaping the rewards.
Then buy the service or run your own DNS why don't you?
I tried this actually. If you run your own dynamic DNS service most consumer routers won't update it - they're hardcoded to only support DynDNS. That's why this is such a big deal. Because the free DynDNS option was "good enough" for so long nearly all hardware manufacturers didn't bother to support anything else.
Slashdot Mirror
From what I recall, Winamp 2.x has multiple serious security vulnerabilities (remote code execution through music files, mostly). The only version that's still maintained is the much more bloated Winamp 5.
From the comments in TFA:
"So is it now possible to seek in flac-files?"
"This depends on the phonon backend you use, it works with the vlc backend."
Of course, unlike the old 1.x Amarok backends, changing the Phonon backend is a system-wide setting with the potential to break other stuff (not to mention cause licensing headaches - VLC is under the GPL v2 and some Phonon-using apps may be under GPL incompatible licenses).
If you look at the instructions on how to record a new "voice" for speech synthesis software like Festival, one of the warnings is actually that it may render voice-based biometric security insecure for the person whose voice is being sampled. IIRC there's currently research on synthesizing voices from segments of natural speech. I can't imagine voice working out any better than any other form of biometrics.
So the non-frivolous claim on which Apple actually prevailed was essentially a regex to find things that look like phone numbers in unstructured text documents, which then link to a dialer app?
It's slightly more complicated than that IIRC, but pretty much.
I'm not sure Windows even lets you format USB sticks as NTFS by default these days...
As far as I know, the only Linux netbooks that saw a high return rate were MSI ones which didn't have working drivers installed for a lot of the hardware that they shipped with and were advertised as having.
Sorry, I mean that Chromium does that. Chrome apparently displays them within the browser itself.
Chrome defaults to automatically downloading them to your Downloads directory and just leaving them there. I hear that Safari does the same thing; it's a bit obnoxious from a security point of view.
That seems kind of counter-intuitive, but I guess I could give it a go...
Not quite. The browser plugin is being disabled immediately and at some point in the future they'll also be pushing out dummy packages to remove the Sun JDK from user's machines altogether. See the mailing list post.
Because you have more RAM to use and don't want your browser to suddenly die when it hits the 2/3/4 GB limit?
You're not the only one. Chromium pretty much always uses more memory than Firefox in my experience - it's just harder to tell because Chromium splits its memory usage between a whole bunch of processes and there's no easy way to get a summary.
Because Chrome actually allows you to view PDFs within the browser rather than insisting on downloading them to disk and making you mess around to manually open them with an external app?
Chromium is decidedly inferior to Chrome, unfortunately. In particular it lacks Chrome's (proprietary) integrated PDF reader and is from what I can tell entirely incapable of launching an external one; you have to download PDFs and manually open them in an external reader. This is unbelievably annoying if you encounter as many PDFs as I do.
(Oh, and I'm hearing that the new NaCl native code stuff they're pushing both relies on non-open-source code and is so closely tied to Google Chrome and the particular implementation that it's probably impossible to implement elsewhere.)
Have you had any security vulnerabilities in Net-SNMP? What proportion of vendor hardware and software shipping with it in actually received patches for them and how easy was it for users of the rest of the hardware to build their own patched version, while being sure that it wouldn't unexpectedly remove vendor-specific features? That's one of the things the GPL is designed to prevent.
From what I recall, the same thing happened with the Macsyma symbolic algebra package, and in fact that was probably part of the inspiration for creating the GPL in the first place.
Most of CIA is comprised of analysts, communications and support staff, and researchers/scientists.
AKA liars, thieves and criminals. By all accounts, the CIA's analysts have a habit of either telling politicians what they want to hear or what the CIA wants them to hear, and even when they're not intentionally lying they tend to get a lot of important things badly wrong.
There are definitely women out there that were offered exactly that choice and chose prostitution though. Apparently the hours and pay are better and you have the ability to reject assholish customers.
Without SOPA-style BS, you're free to put your funny cat videos up on your own server, and Google can't take them down.
Until UMG start pressuring hosting and bandwidth providers to sign similar contracts anyway. Pretty much the entire Internet infrastructure is privately owned by companies whose interests aren't aligned with yours.
Conspiring to fraudulently claim copyright over other people's work, perhaps?
On the other hand, a whole bunch of data that could really have used encryption instead got send across the net in the clear because it wasn't worth the cost of a certificate and I've no doubt that some of that could've been used for fraud...
Then people wanted certs cheap and now, not something high levels of integrity checking really allow for
For a lot of applications that's all that's really needed. In fact, for many of them even just SSH-style remembering of the last certificate seen would provide enough security - but unfortunately web browsers don't support that, so if you've got a website with anything you don't want transmitted over the internet in the clear then you need a certificate from a CA.
Yah, how *dare* they not let you take their property (a domain name they pay for) and use it for free?!?
It seems scummy because they managed to lure a whole bunch of people in by offering service for free and then changing the rules, using the fact that users can't move their subdomains to anywhere else to force them to pay for an overpriced service. It's not actually terribly hard to run your own dynamic DNS, it's just that there wasn't any reason to and it didn't work as well because most consumer routers only supported DynDNS.
What's really disturbing is the sense of entitlement on the internet
Not really. DynDNS was a good-enough free option for so long that a lot of home routers don't support sending IP update to anything else. There are alternatives out there and ways of running your own, but that doesn't matter because due to DynDNS providing a free service most people are locked in to using them even if they now have to pay. Their free service harmed competition and now they're reaping the rewards.
Then buy the service or run your own DNS why don't you?
I tried this actually. If you run your own dynamic DNS service most consumer routers won't update it - they're hardcoded to only support DynDNS. That's why this is such a big deal. Because the free DynDNS option was "good enough" for so long nearly all hardware manufacturers didn't bother to support anything else.