Oh, but they all are derived from YOUR circle. They infringe on your rights to the shape you invented. Sorry, but taking current approach to copyright - when Milka-purple color is copyrighted, when silence is copyrighted, when single-click is patented, when 'rotary transportation device' patent has been granted, when guitar tabulatures, lip-syncs, subtitle translations and thumbnail miniatures are infringing, in the above example you could sue God for making the Sun round.
OTOH if property rights exist it's legal to draw a circle and live off lawsuits against everyone who tries to create a car, a clockwork or any of thousands of things that use a wheel. And while you do nothing with your drawing of a circle, nobody else is allowed to do anything with it either.
And if you didn't manage to sell your table for 50 years, you're doing something wrong. If you did sell it, you don't have it. You may start making a copy. Why can't I, then?
Nintendo execs have acknowledged media reports of uncoordinated gamers causing damage to televisions, furniture and even fellow players.
But NOT to the wiimote which goes flying at high speed -every- time this happens and causes the whole damage to hardware and wetware mentioned! Now that's some bulletproof device!
Nope, latter is more likely. Say, 10% of vista will go to corporations that make it custom-made. About 40% will go through pirate sites to random users, with spyware bundled.
Same like the WMF format. The use for its intended purpose (vector graphics) is marginal. Use for spreading viruses through the exploit is mainstream.
Re:Not an alternative...
on
DIY Iris Scanning?
·
· Score: 4, Interesting
"That person is me anywhere they do an iris scan." is true. Except they get "Sorry, you don't have a clearance" as a reply, just like you do. If a building security is based on iris scan, sure they won't be able to enter after your iris pattern is revoked, but so won't you. Meaning no entry to the building, sorry sir, you must look for a job elsewhere, at least till we update our security system.
As for 2), the basic feature of biometrics is that it's simple. You touch a surface or look into a lens, and that's all, no typing passwords, no entering codes or searching your wallet for magnetic card. Take it away and you take away half of the charm of biometrics. You only leave the scare "they will knock you out and take your eye out in a dark backstreet to break in" plus vague and unreliable info about high security, which is neither verifiable nor unhackable and definitely doesn't appeal to management.
actually, writing in nice red bold letters "You don't have to agree to these terms to use this software" under the license block would create an interesting "WTF" situation where people would get interested in "what kind of license is that?" and possibly create some positive publicity.
Click-wrap of GPL is one thing. Forcing you to click "agree" to install is another. Display the license, fine. Don't write "by using this software you agree..." just "this software is distributed under the following conditions". And allow clicking "forward" without any prerequisites.
nope, it's not it. "continue script" would be for scripts like "while(1){}" or for what happens on slashdot - thousands upon thousands of operations to be performed - displaying or hiding every single comment below or above the treshold. Slow on not-cutting-edge hardware plus slow on Firefox/Linux (unfortunately Linux port of Firefox is way slower than Windows one).
The problem is the "alert" pauses the script, so you won't ever see the dialog "stop script" and nothing short of nuking the browser will help.
Daggerfall was a quantum leap with enormous world and huge freedom.
Morrowind was a quantum leap with enormous highly detailed world and even more freedom.
Oblivion was just a sequel with better graphics, some freedom added in a few places and lots of it removed in others. And role-playing elements cut more than by half, comparing to Morrowind.
Note even slashdot moderation is vulnerable. I once made a troll account, with solemn purpose to max out its karma using only false information. Comments that sounded very confident and reliable and "revealing" information that is not contradictory to common knowledge, just hidden facts that don't exist. The account was quite successful till someone detected it and slashdot admins bitchslapped it into oblivion.
there are only as many points in each game to be gained. If you love Oblivion but hate Madden, hand over the account to someone to earn you the points originating from Madden.
still, a stealthy nest for your rootkit is always welcome. A system should remain transparent enough to make the intrusion obvious, this trick allows to install stealthy backdoor.
Sandboxing the whole thing will help against system takeovers, but not against frauds within the browser - cross site scripting etc.
Running a sandboxed version of a scripting language within a browser should be pretty harmless if the language was available only in the sandbox and couldn't touch anything outside. Creating separate sandboxes for each website would prevent cross site scripting too.
The problem is it's impossible with Firefox. It's a very old design decision that is so deep all over the place that nothing short of redesigning and rewriting everything from scratch could help.
Essentially, Firefox is written in javascript.
There are underlying frameworks written in C++ and others, the renderer engine etc etc. But the glue that binds all these functions together is Javascript on steroids. XUL files-databases that define the looks of the UI, XUL renderer, which displays them, and thousands of lines of javascript bound to every single gadget, button, field, box, dialog. This javascript performs all the basic processing and the whole high-level work of the browser program. And it calls system/framework functions to perform the low-level work - which is strictly forbidden for a sandboxed language.
Developers of Mozilla try to prevent access to all this low-level heavyweight stuff from javascript originating from webpages while allowing it from the system files. Sandbox javascript from one source, run javascript from the other source at full privledges all the time. Can you smell how fragile this is? I'm afraid these exploits will keep popping up. There's no natural barrier of "contained sandbox environment + scripting language" vs "low-level system layer", with no trace of bindings to the system layer within the sandbox, no hook, no crack to exploit by interfacing with the outside. There's an artificial wall which limits "javascript from webpages" and allows "extended javascript from interface", where both sides are essentially the same thing.
This is the old firewalling problem - policy of "deny all, allow essential" vs "allow all, block dangerous". Except currently there is no easy way to switch from one to the other.
The problem is "strengthening myself" doesn't help - it increases my survivablity which is more than satisfactory (I spent nearly half a hour in a futile battle and neither of us managed to seriously hurt the other), but doesn't really increase my attack power/speed (instead, it decreases it - it takes longer to refill a spot and take another bite off the boss). For a good while I considered the suicidal strategy of going right from the start to the boss, simply because the beginning "empty" state would make wounding the boss so much faster.
Maybe if there were clear rules, say, how to improve speed...
I got to the second boss (yellow-brown world, you play as a sphere) but I can't beat it. Never got it below 4 dots, and we've been exchanging attacks for last half a hour or so. Anything beyond the 4th dot (the one with 2 spikes) is easy, but getting anything closer to the head is nearly impossible, results in being bitten and losing any advantage as the enemy regenerates.
I deeply hate it. I write structured code following the structure - not like a text, left to right and top to bottom, but open parenthesis of a loop, fill it in with all possible variants of the parameters (if, else if, else if...) then write contents of each variant, tuning the parameters, observing where the code is non-optimal (repeated calculations - eject them outside the loop, etc) and correcting it then, etc. I don't care about the compiler here, but I need a text editor.
And one more thing, if there are two ways to do something, and only one is right, it's usually faster to compile and try which one works than to try to identify the right one.:)
Interestingly, in my studies I stumbled upon 2 or 3 subjects which were plain impossible to pass without cheating. And not that "I failed", simply anybody not cheating would fail, and most of the cheaters still wouldn't make it through. The subject was too difficult for my group, for the group year before, two years before, three years before and that's where known records end. From groups of 30-50 students 2-10 most proficient at cheating would pass at the first try, the rest would get a clue and re-try while cheating (passing another 10-20 students or so), and whoever tried the honest approach, would simply fail. Interestingly, these were informatics-related subjects.
Say, 10% of passwords contained on a site was obtained using a dictionary attack. Then perform analysis on these password. Conclusion that basing on statistically significant number of passwords (10%, >10000) almost 100% of passwords on the site are vulnerable to dictionary attack is simply wrong - the sample was biased. Similar about phishing-originated passwords. Phishing is a result of bad practices on user side, and usually clicking attachments in spam, using insecure browser and no antivirus is connected with using poor quality passwords. The results WILL show worse quality of user passwords than real simply because the passwords originate from subset of users who know less of security in general (and as result, got hacked.)
Slashdot Mirror
Oh, but they all are derived from YOUR circle. They infringe on your rights to the shape you invented.
Sorry, but taking current approach to copyright - when Milka-purple color is copyrighted, when silence is copyrighted, when single-click is patented, when 'rotary transportation device' patent has been granted, when guitar tabulatures, lip-syncs, subtitle translations and thumbnail miniatures are infringing, in the above example you could sue God for making the Sun round.
OTOH if property rights exist it's legal to draw a circle and live off lawsuits against everyone who tries to create a car, a clockwork or any of thousands of things that use a wheel. And while you do nothing with your drawing of a circle, nobody else is allowed to do anything with it either.
And if you didn't manage to sell your table for 50 years, you're doing something wrong. If you did sell it, you don't have it. You may start making a copy. Why can't I, then?
OTOH
Nintendo execs have acknowledged media reports of uncoordinated gamers causing damage to televisions, furniture and even fellow players.
But NOT to the wiimote which goes flying at high speed -every- time this happens and causes the whole damage to hardware and wetware mentioned! Now that's some bulletproof device!
Nope, latter is more likely.
Say, 10% of vista will go to corporations that make it custom-made.
About 40% will go through pirate sites to random users, with spyware bundled.
Same like the WMF format. The use for its intended purpose (vector graphics) is marginal. Use for spreading viruses through the exploit is mainstream.
"That person is me anywhere they do an iris scan." is true. Except they get "Sorry, you don't have a clearance" as a reply, just like you do. If a building security is based on iris scan, sure they won't be able to enter after your iris pattern is revoked, but so won't you. Meaning no entry to the building, sorry sir, you must look for a job elsewhere, at least till we update our security system.
As for 2), the basic feature of biometrics is that it's simple. You touch a surface or look into a lens, and that's all, no typing passwords, no entering codes or searching your wallet for magnetic card. Take it away and you take away half of the charm of biometrics. You only leave the scare "they will knock you out and take your eye out in a dark backstreet to break in" plus vague and unreliable info about high security, which is neither verifiable nor unhackable and definitely doesn't appeal to management.
It's a bumpy road ahead of biometrics.
actually, writing in nice red bold letters "You don't have to agree to these terms to use this software" under the license block would create an interesting "WTF" situation where people would get interested in "what kind of license is that?" and possibly create some positive publicity.
Click-wrap of GPL is one thing. Forcing you to click "agree" to install is another.
Display the license, fine. Don't write "by using this software you agree..." just "this software is distributed under the following conditions". And allow clicking "forward" without any prerequisites.
nope, it's not it. "continue script" would be for scripts like "while(1){}" or for what happens on slashdot - thousands upon thousands of operations to be performed - displaying or hiding every single comment below or above the treshold. Slow on not-cutting-edge hardware plus slow on Firefox/Linux (unfortunately Linux port of Firefox is way slower than Windows one).
The problem is the "alert" pauses the script, so you won't ever see the dialog "stop script" and nothing short of nuking the browser will help.
Besides, Firefox is perfectly vulnerable to alert-popup-loop DoS.
while(1){ alert("you suck!"); }
Modal windows freeze the main app making even turning javascript off impossible. You have to kill the app.
jet engine control to... uh, xgalaga?
Daggerfall was a quantum leap with enormous world and huge freedom.
Morrowind was a quantum leap with enormous highly detailed world and even more freedom.
Oblivion was just a sequel with better graphics, some freedom added in a few places and lots of it removed in others. And role-playing elements cut more than by half, comparing to Morrowind.
Note even slashdot moderation is vulnerable. I once made a troll account, with solemn purpose to max out its karma using only false information. Comments that sounded very confident and reliable and "revealing" information that is not contradictory to common knowledge, just hidden facts that don't exist. The account was quite successful till someone detected it and slashdot admins bitchslapped it into oblivion.
there are only as many points in each game to be gained. If you love Oblivion but hate Madden, hand over the account to someone to earn you the points originating from Madden.
still, a stealthy nest for your rootkit is always welcome. A system should remain transparent enough to make the intrusion obvious, this trick allows to install stealthy backdoor.
the result is that privledge propagation exploits are uncovered weekly.
Yes, and the result is...?
Sandboxing the whole thing will help against system takeovers, but not against frauds within the browser - cross site scripting etc.
Running a sandboxed version of a scripting language within a browser should be pretty harmless if the language was available only in the sandbox and couldn't touch anything outside. Creating separate sandboxes for each website would prevent cross site scripting too.
The problem is it's impossible with Firefox. It's a very old design decision that is so deep all over the place that nothing short of redesigning and rewriting everything from scratch could help.
Essentially, Firefox is written in javascript.
There are underlying frameworks written in C++ and others, the renderer engine etc etc. But the glue that binds all these functions together is Javascript on steroids. XUL files-databases that define the looks of the UI, XUL renderer, which displays them, and thousands of lines of javascript bound to every single gadget, button, field, box, dialog. This javascript performs all the basic processing and the whole high-level work of the browser program. And it calls system/framework functions to perform the low-level work - which is strictly forbidden for a sandboxed language.
Developers of Mozilla try to prevent access to all this low-level heavyweight stuff from javascript originating from webpages while allowing it from the system files. Sandbox javascript from one source, run javascript from the other source at full privledges all the time. Can you smell how fragile this is? I'm afraid these exploits will keep popping up. There's no natural barrier of "contained sandbox environment + scripting language" vs "low-level system layer", with no trace of bindings to the system layer within the sandbox, no hook, no crack to exploit by interfacing with the outside. There's an artificial wall which limits "javascript from webpages" and allows "extended javascript from interface", where both sides are essentially the same thing.
This is the old firewalling problem - policy of "deny all, allow essential" vs "allow all, block dangerous". Except currently there is no easy way to switch from one to the other.
so... can we drop this cumbersome unsupported PNG format at last, and get back to using GIF without being told it's wrong?
;)
so?
The problem is "strengthening myself" doesn't help - it increases my survivablity which is more than satisfactory (I spent nearly half a hour in a futile battle and neither of us managed to seriously hurt the other), but doesn't really increase my attack power/speed (instead, it decreases it - it takes longer to refill a spot and take another bite off the boss). For a good while I considered the suicidal strategy of going right from the start to the boss, simply because the beginning "empty" state would make wounding the boss so much faster.
Maybe if there were clear rules, say, how to improve speed...
I got to the second boss (yellow-brown world, you play as a sphere) but I can't beat it. Never got it below 4 dots, and we've been exchanging attacks for last half a hour or so. Anything beyond the 4th dot (the one with 2 spikes) is easy, but getting anything closer to the head is nearly impossible, results in being bitten and losing any advantage as the enemy regenerates.
Any solution?
I deeply hate it. I write structured code following the structure - not like a text, left to right and top to bottom, but open parenthesis of a loop, fill it in with all possible variants of the parameters (if, else if, else if...) then write contents of each variant, tuning the parameters, observing where the code is non-optimal (repeated calculations - eject them outside the loop, etc) and correcting it then, etc. I don't care about the compiler here, but I need a text editor.
:)
And one more thing, if there are two ways to do something, and only one is right, it's usually faster to compile and try which one works than to try to identify the right one.
Interestingly, in my studies I stumbled upon 2 or 3 subjects which were plain impossible to pass without cheating. And not that "I failed", simply anybody not cheating would fail, and most of the cheaters still wouldn't make it through. The subject was too difficult for my group, for the group year before, two years before, three years before and that's where known records end. From groups of 30-50 students 2-10 most proficient at cheating would pass at the first try, the rest would get a clue and re-try while cheating (passing another 10-20 students or so), and whoever tried the honest approach, would simply fail.
Interestingly, these were informatics-related subjects.
never mind, found it.
kerosene, propylene glycol, sulphuric acid, artificial sweeteners, red dye no2, rum, acetone, battery acid, scumm, axle grease and/or pepperoni.
What was the recipe for grog given by the three pirates in Monkey Island?
Say, 10% of passwords contained on a site was obtained using a dictionary attack. Then perform analysis on these password. Conclusion that basing on statistically significant number of passwords (10%, >10000) almost 100% of passwords on the site are vulnerable to dictionary attack is simply wrong - the sample was biased.
Similar about phishing-originated passwords. Phishing is a result of bad practices on user side, and usually clicking attachments in spam, using insecure browser and no antivirus is connected with using poor quality passwords. The results WILL show worse quality of user passwords than real simply because the passwords originate from subset of users who know less of security in general (and as result, got hacked.)