The tides would probably turn quite a bit if the 360 would play games with a keyboard/mouse setup. I would plant a 360 on my desk and kick it on for gaming, no problem. Install Ubuntu and be done with windows.
I've even heard the argument made that they wont ever support kb/mouse for FPS because it would put the regular controller users at such a disadvantage. I think that's complete crap.
Microsoft would slap together a MS XBOX360 branded kb/mouse combo and sell it for $150, and you can buy it or suck, show them the money or go home with your broke ass no halo playing self.
When a scientist attempting to make a self-reproducing organism is "winging it" I'm a little concerned. This is exactly the type of thing where they make a super virus on accident and kill everyone right?
A little off topic, but what I'm most worried about is when they figure out enough to make a bio-weapon that targets specific genetic traits..say a Persian lineage. They "accidentally" drop some in a well in Iran... Then of course it mutates and everyone dies globally. Far fetched, I know, but these type of scientists are just smart enough to be dangerous. Here's hoping they fail.
Always figured it would be the Russians that started the next mass extinction. Turns out it's either going to be a Chevrolet or an Italian scientist. Antarctica FTW.
I can take out a cisco WLAN controller with thin APs and aironet APs with an arp flood for a non-existent IP. Are they even in the same subnet? Is the whole wifi network from one building to another layer2? Or is the problem arising because it is actually layer3 from building to building and the APN name doesn't change.
Judging by the statement that they can exhibit the behavior after being handed from one access point to another kind of nullifies the theory that they may be trying to re associate with the users home network. They're trying to get back to the old AP, which arping wont do because it's on a different VLAN.
Mystery solved, now what can cisco do about it. I don't really care that it's an iPhone bug. I just think its one more DoS vector to patch up. Maybe de-associate the phone and drop traffic until it acts right? Set a threshold or something? You might still have a source of noise, hopefully it would realize it was dropped though. No link layer, no arp right?
You mean Microsoft misrepresented the facts? I just wont believe it.
Seriously though. If not actually providing security, I'm glad that they're at least worried about it. There should be about 500 posts to follow arguing the virtues and failures of Vista related to security and performance. Microsoft, Joe Average, and Grandma will read 0 of these. They'll still have the computing world by the balls tomorrow because they're the status quo and have the (second?) best marketing, a near lock on hardware vendors, and all the PC games.
Joe Average got the fake stats without hearing any dissenting opinion, because he doesn't really care and it gave him warm fuzzies over that wad of cash he dropped. Also "Linux is hard/You get what you pay for" and "Macs are for sissies/Ignore that get what you pay for thing." Meanwhile his social security number just got a new loan and he's the spam king of the neighborhood by accident...but damn that was a good porn site.
Nothing short of Microsoft's own (in?)actions will bring that beast down in the near term. Luckily they're doing a decent job of it. It seems like a few are trying to apply the brakes, and it may pay off. Hopefully the consumer can stop getting reamed sometime soon.
Are people seriously going to pay $500-600 for a non-3G phone? Sure you get a video iPod in the deal....with 4GB or 8GB. An 80GB Video iPod you can hook up to a TV to watch costs ~$350.
Back to the only point that matters. Why would anyone buy a $600 phone with no GPS and an EDGE data connection? Give it a few months when they release the 3G version already and somebody go to the store and round up these losers camped out in front and sterilize them.
If you're company comes out and tells you that you have no expectation of privacy while using their systems and you agree to that, especially if it is every time you login, you're hosed. Probably works equally well if it's buried in a document you haven't seen, but have access to if you go looking for it. Either way anything you do with company property has no expectation of privacy.
Totally irrelevant to the topic at hand: can the feds wiretap you without a warrant? Answer: No. Thankfully the court upheld this seemingly obvious fact. The communication was intended to be one to one or one to many, but not broadcast or posted in a public forum. SMTP was designed to deliver messages to one or many people but nobody that wasn't specified in the recipient list. Just like snail mail. Unless they wield the almighty Patriot Act, in which case they've just wiped their ass with the constitution and you're probably already screwed...assuming you can't prove your innocence...because you're assumed guilty.
Congrats on the justice system this time. Can't believe it was appealed in the first place. Sucks that it is protecting a loser. Should've got a warrant the first time.
I agree with what you said. I don't 100% practice what I preach. If it's a quick and dirty 400 lines of code to get something done fast then it defeats RAD to go over the top with planning. I was just trying to emhpasize that planning is required before you start. I've an aquaintence that had a hand in a govt. software project. The old system was lacking. They recirculated some requirements document into an encyclopedia of redundant or conflicting requirements and nothing got done. That is the bad end of planning/beurocracy and a blank, perpetual check. Private sector would invariably snuff that kind of thing, most likely in the direction of no planning with no consideration for those poor code maintenance guys.
No planning on-the-fly coding works great as long as you 1) are as good as you think you are and 2) follow up with documentation later. If both are true you're in the 99th percentile, congrats you are nearly alone and should be paid accordingly. Hopefully you at least did 2 for when you eventually die.
On lack of planning: The recent debauchery on the federal criminal database is another shining example of modification on the fly with sparse initial planning, a haphazard bloat-on-the-fly approach, and way too many cooks in the kitchen. It turned into a scrapped multimillion project with a bunch of probably smart people cutting each other's throats and a big story in the news.
I get where you were coming from, everyone hates planning, they want to DO. A lot of the time it ends up being no big deal. From a company's standpoint having a lone genius guiding their future is very risky and often expensive to retain. On the flipside having drones make mediocre overplanned and bloated half-assed code is a terrible waste of energy. Also if you're a drone, I hear they have drones in India. It's a hard nut to crack I guess.
Just to echo a previous poster, the solution here is human. Even if you can create the transfer batch identically to the method used by the victim. The bank should sit on their hands until they call an authorized person and verify the amount of the transaction. If your payroll suddenly doubles, you might want to check into it. From the detail-sparse article it sounded like an unscheduled transfer anyway. It looks like they have no human interaction between bank and city. Freakin Kalamazoo was a nice touch though, hilarious.
The real problem would've been if they were smart enough to create a payroll entry for a non-existant employee and have it direct deposit somewhere. Hopefully this would be caught when a check stub for "John Smith" sat in a desk in the fake employees department and anyone with a clue noitced they hadn't handed it out...and for that matter didn't know John Smith.
Regardless the $90K should've been a red flag if they were actually getting confirmation calls from the bank.
To work around the confirmation call you'd need a mole high enough in the hierarchy to confirm the call or someone at the bank. Said person better flee quickly because they've put their name all over it.
There are probably only a few ways to invite a can of geek whoopass more than to write a flawed introductory coding article and post it to slashdot.
1) Claim evolution is false and/or use the oxymoron "christian science" seriously 2) Say, imply, or imply by omission that linux sux. 3) Get a portion of a formula wrong 4) Diss an MMORPG 5) Misunderstand something and write about it. 6)... you know the list.
The biggest flaw in this guys discussion of C++ code was that it was a C discussion, and partially incorrect or misleading. C++ should follow some format of OO software engineering principles. Use case narratives, swim lanes, class diagrams, etc before the first line of code is written. Make everything autonomous, make it accept fuzzy inputs, make it do what it does and do it well even if widget A is v 2.0 and widget B is 1.8. Use stubs etc etc. Treat each class like a separate piece of software you may use later and plan on it being (hopefully attemptedly) misused by some dumbass 3,000 miles away you've never met.
I think the biggest revelation for me as a beginning programmer was that before you code, you plan the code. It seems like a really simple idea. However, it seems that most people start with a loosely defined handfull of use case scenarios and just hammer that crap into existence. Then they're bought out by conglomerate X and vanish, money in hand.
I get at least 2 average 3 attempts to root my system from all over the world. One odd thing is that Romanian reverse DNS lookups are just actively refused for this zombie 217.156.110.24. http://www.dnsstuff.com/tools/ptr.ch?%26ip%3D217.1 56.110.24
I know its either a compromised box of little importance, or some script kid. Best option along with denyhosts is uncommenting "PermitRootLogin no" in sshd_config.
Anyway, what is the motivation for tag.starnets.ro to refuse reverse lookup? No need to answer american queries? Firewalled off the evil americans? Hiding something?
Could conjecture all day on that. The bot that hit me next was from California 68.183.62.151. Apparently a DSL Extreme customer running an SSH server open to the public no less. Probably rooted by that very means. They really wanted the user "test" to work apparently.
Why isn't this kind of tresspass prosecutable, at least inside the US.
Hate replying to my own posts, but what the hell. Emphasis here is on good, really good, entropy sources for OTP. Like microphones in 3 locations listening to good noise sources, with high resolution, etc etc ad. nauseum. Plus a photo sensor next to something that ocillates light randomly. Probably something decaying. Add in a photon emitter with a 50% quantom filter. Throw in something else I haven't thought of... the price of copper commodities or something.
Also you have 3x the bandwidth consumed. Extremely inefficient...for shame. The problem space is still pretty jacked up and as far as I know not computable.
The emphasis is on security of the OTPs during their brief existence only at source and target nodes.
To further complicate matters, AES/etc is used on the data in the first place, so you're completely boned.
Halfway down UbuntuDupe says: "No. If I needed to give someone in China the new encryption key, I'd simply put my own lock -- which only I have the key to -- on the suitcase. Then I'd ship it to him. Then he'd put his own lock on it (i.e., now it has my and his lock), and ship it back. Then I'd remove my lock and ship it to him. Then he'd remove his lock and open it."
Replace "new encryption key" with data. Replace later references to key and lock with OTP.
Yeah, I realize already that was very snide. I would really like to ask how, in 3 months, only 27,000 users responded. Is that even marginally representative of the user base?
To assuage the knee jerks, I'm a penguin lover myself. I'm typing this currently in Firefox 1.5x because FC6 won't make that leap until 3.x. I don't have a view either way on the distro battles...except that gentoo is for people more patient than myself who might also have less chromosomes(I keed, I keed). Also I enjoy the taste of foot enough to request seconds...that's right... in my mouth.
With the dollar hanging precariously in the balance, off-shoring of many technical jobs, off-shoring of many labor jobs, low end labor going to illegal labor, China paying for war efforts by propping up a worthless dollar, education system is crap, and a myriad of other bad news. How does it feel to be an American looking over that first drop on the roller coaster for the second great depression? BTW the tracks might be a little loose at the bottom.
Will Bush 2 go down in history as the worst leader ever? I sure hope so. Sure he didn't really do anything, but he didn't do much to slow down his minions.
Damn... I really need to invest in foreign markets but I'm locked into a domestically invested retirement plan...have to see if they're exxon heavy. I hear there's beautiful weather in Dubai.
Why aren't financial analysts mentioning any of this? It's not like america will work in a vacuum...not even close. Hell we're turning shipping containers into low cost housing because there just isn't enough stuff going outbound.
The effect in question and the shape required to make it work don't really lend themselves to stealth 's sharp edges. Unless that super broad spectrum black paint posted here a while ago works out I guess.
Maybe it doesn't matter for surveillance drones in a backpack field deployment type situation. Possibly more useful than those RC planes they use currently.
It becomes criminal when it phones home with all of your pertinent keystrokes name, email, credit card + secret number, account #s, social, DOB, passwords, etc which are then sold on the black market. Where have you been?
I assume you're thinking adware which is in rare cases only annoying, most cases privacy invading, and many cases illegal anyway.
Slashdot Mirror
Games!
The tides would probably turn quite a bit if the 360 would play games with a keyboard/mouse setup. I would plant a 360 on my desk and kick it on for gaming, no problem. Install Ubuntu and be done with windows.
I just can't stand aiming with my thumbs!
No keyboard/mouse combo yet for real FPS players?
Oh, and this thing sucks.
http://gear.ign.com/articles/753/753779p2.html
I've even heard the argument made that they wont ever support kb/mouse for FPS because it would put the regular controller users at such a disadvantage. I think that's complete crap.
Microsoft would slap together a MS XBOX360 branded kb/mouse combo and sell it for $150, and you can buy it or suck, show them the money or go home with your broke ass no halo playing self.
That's pretty much their attitude.
Regex for your mail filter of choice.
https?://\d*\.\d*\.\d*\.\d*.*
CNET's take on it in the form of a top 10 list. (Bush's white house is on there 2 times)
http://news.com.com/8301-13578_3-9773538-38.html
When a scientist attempting to make a self-reproducing organism is "winging it" I'm a little concerned. This is exactly the type of thing where they make a super virus on accident and kill everyone right?
A little off topic, but what I'm most worried about is when they figure out enough to make a bio-weapon that targets specific genetic traits..say a Persian lineage. They "accidentally" drop some in a well in Iran... Then of course it mutates and everyone dies globally. Far fetched, I know, but these type of scientists are just smart enough to be dangerous. Here's hoping they fail.
Always figured it would be the Russians that started the next mass extinction. Turns out it's either going to be a Chevrolet or an Italian scientist. Antarctica FTW.
Well crap, now we've found the Prime's location. We should probably get on with flying to it and unlocking them from their prison.
(Peter F. Hamilton, Pandora's star series, What I though of when I saw dysonsphere).
Well said. Pretty much what I was getting at. Also I meant SSID, not APN name. Got my wireless technologies crossed up.
I can take out a cisco WLAN controller with thin APs and aironet APs with an arp flood for a non-existent IP. Are they even in the same subnet? Is the whole wifi network from one building to another layer2? Or is the problem arising because it is actually layer3 from building to building and the APN name doesn't change.
Judging by the statement that they can exhibit the behavior after being handed from one access point to another kind of nullifies the theory that they may be trying to re associate with the users home network. They're trying to get back to the old AP, which arping wont do because it's on a different VLAN.
Mystery solved, now what can cisco do about it. I don't really care that it's an iPhone bug. I just think its one more DoS vector to patch up. Maybe de-associate the phone and drop traffic until it acts right? Set a threshold or something? You might still have a source of noise, hopefully it would realize it was dropped though. No link layer, no arp right?
You mean Microsoft misrepresented the facts? I just wont believe it.
Seriously though. If not actually providing security, I'm glad that they're at least worried about it. There should be about 500 posts to follow arguing the virtues and failures of Vista related to security and performance. Microsoft, Joe Average, and Grandma will read 0 of these. They'll still have the computing world by the balls tomorrow because they're the status quo and have the (second?) best marketing, a near lock on hardware vendors, and all the PC games.
Joe Average got the fake stats without hearing any dissenting opinion, because he doesn't really care and it gave him warm fuzzies over that wad of cash he dropped. Also "Linux is hard/You get what you pay for" and "Macs are for sissies/Ignore that get what you pay for thing." Meanwhile his social security number just got a new loan and he's the spam king of the neighborhood by accident...but damn that was a good porn site.
Nothing short of Microsoft's own (in?)actions will bring that beast down in the near term. Luckily they're doing a decent job of it. It seems like a few are trying to apply the brakes, and it may pay off. Hopefully the consumer can stop getting reamed sometime soon.
Are people seriously going to pay $500-600 for a non-3G phone? Sure you get a video iPod in the deal....with 4GB or 8GB. An 80GB Video iPod you can hook up to a TV to watch costs ~$350.
Back to the only point that matters. Why would anyone buy a $600 phone with no GPS and an EDGE data connection? Give it a few months when they release the 3G version already and somebody go to the store and round up these losers camped out in front and sterilize them.
Aspersions, etc.
If you're company comes out and tells you that you have no expectation of privacy while using their systems and you agree to that, especially if it is every time you login, you're hosed. Probably works equally well if it's buried in a document you haven't seen, but have access to if you go looking for it. Either way anything you do with company property has no expectation of privacy.
Totally irrelevant to the topic at hand: can the feds wiretap you without a warrant? Answer: No. Thankfully the court upheld this seemingly obvious fact. The communication was intended to be one to one or one to many, but not broadcast or posted in a public forum. SMTP was designed to deliver messages to one or many people but nobody that wasn't specified in the recipient list. Just like snail mail. Unless they wield the almighty Patriot Act, in which case they've just wiped their ass with the constitution and you're probably already screwed...assuming you can't prove your innocence...because you're assumed guilty.
Congrats on the justice system this time. Can't believe it was appealed in the first place. Sucks that it is protecting a loser. Should've got a warrant the first time.
I agree with what you said. I don't 100% practice what I preach. If it's a quick and dirty 400 lines of code to get something done fast then it defeats RAD to go over the top with planning. I was just trying to emhpasize that planning is required before you start. I've an aquaintence that had a hand in a govt. software project. The old system was lacking. They recirculated some requirements document into an encyclopedia of redundant or conflicting requirements and nothing got done. That is the bad end of planning/beurocracy and a blank, perpetual check. Private sector would invariably snuff that kind of thing, most likely in the direction of no planning with no consideration for those poor code maintenance guys.
No planning on-the-fly coding works great as long as you 1) are as good as you think you are and 2) follow up with documentation later. If both are true you're in the 99th percentile, congrats you are nearly alone and should be paid accordingly. Hopefully you at least did 2 for when you eventually die.
On lack of planning: The recent debauchery on the federal criminal database is another shining example of modification on the fly with sparse initial planning, a haphazard bloat-on-the-fly approach, and way too many cooks in the kitchen. It turned into a scrapped multimillion project with a bunch of probably smart people cutting each other's throats and a big story in the news.
I get where you were coming from, everyone hates planning, they want to DO. A lot of the time it ends up being no big deal. From a company's standpoint having a lone genius guiding their future is very risky and often expensive to retain. On the flipside having drones make mediocre overplanned and bloated half-assed code is a terrible waste of energy. Also if you're a drone, I hear they have drones in India. It's a hard nut to crack I guess.
Just to echo a previous poster, the solution here is human. Even if you can create the transfer batch identically to the method used by the victim. The bank should sit on their hands until they call an authorized person and verify the amount of the transaction. If your payroll suddenly doubles, you might want to check into it. From the detail-sparse article it sounded like an unscheduled transfer anyway. It looks like they have no human interaction between bank and city. Freakin Kalamazoo was a nice touch though, hilarious.
The real problem would've been if they were smart enough to create a payroll entry for a non-existant employee and have it direct deposit somewhere. Hopefully this would be caught when a check stub for "John Smith" sat in a desk in the fake employees department and anyone with a clue noitced they hadn't handed it out...and for that matter didn't know John Smith.
Regardless the $90K should've been a red flag if they were actually getting confirmation calls from the bank.
To work around the confirmation call you'd need a mole high enough in the hierarchy to confirm the call or someone at the bank. Said person better flee quickly because they've put their name all over it.
There are probably only a few ways to invite a can of geek whoopass more than to write a flawed introductory coding article and post it to slashdot.
... you know the list.
1) Claim evolution is false and/or use the oxymoron "christian science" seriously
2) Say, imply, or imply by omission that linux sux.
3) Get a portion of a formula wrong
4) Diss an MMORPG
5) Misunderstand something and write about it.
6)
The biggest flaw in this guys discussion of C++ code was that it was a C discussion, and partially incorrect or misleading. C++ should follow some format of OO software engineering principles. Use case narratives, swim lanes, class diagrams, etc before the first line of code is written. Make everything autonomous, make it accept fuzzy inputs, make it do what it does and do it well even if widget A is v 2.0 and widget B is 1.8. Use stubs etc etc. Treat each class like a separate piece of software you may use later and plan on it being (hopefully attemptedly) misused by some dumbass 3,000 miles away you've never met.
I think the biggest revelation for me as a beginning programmer was that before you code, you plan the code. It seems like a really simple idea. However, it seems that most people start with a loosely defined handfull of use case scenarios and just hammer that crap into existence. Then they're bought out by conglomerate X and vanish, money in hand.
I get at least 2 average 3 attempts to root my system from all over the world. One odd thing is that Romanian reverse DNS lookups are just actively refused for this zombie 217.156.110.24. http://www.dnsstuff.com/tools/ptr.ch?%26ip%3D217.1 56.110.24
I know its either a compromised box of little importance, or some script kid. Best option along with denyhosts is uncommenting "PermitRootLogin no" in sshd_config.
Anyway, what is the motivation for tag.starnets.ro to refuse reverse lookup? No need to answer american queries? Firewalled off the evil americans? Hiding something?
Could conjecture all day on that. The bot that hit me next was from California 68.183.62.151. Apparently a DSL Extreme customer running an SSH server open to the public no less. Probably rooted by that very means. They really wanted the user "test" to work apparently.
Why isn't this kind of tresspass prosecutable, at least inside the US.
Hate replying to my own posts, but what the hell. Emphasis here is on good, really good, entropy sources for OTP. Like microphones in 3 locations listening to good noise sources, with high resolution, etc etc ad. nauseum. Plus a photo sensor next to something that ocillates light randomly. Probably something decaying. Add in a photon emitter with a 50% quantom filter. Throw in something else I haven't thought of... the price of copper commodities or something.
Also you have 3x the bandwidth consumed. Extremely inefficient...for shame. The problem space is still pretty jacked up and as far as I know not computable.
The emphasis is on security of the OTPs during their brief existence only at source and target nodes.
To further complicate matters, AES/etc is used on the data in the first place, so you're completely boned.
http://science.slashdot.org/article.pl?sid=07/02/0 8/1355255
Halfway down UbuntuDupe says:
"No. If I needed to give someone in China the new encryption key, I'd simply put my own lock -- which only I have the key to -- on the suitcase. Then I'd ship it to him. Then he'd put his own lock on it (i.e., now it has my and his lock), and ship it back. Then I'd remove my lock and ship it to him. Then he'd remove his lock and open it."
Replace "new encryption key" with data. Replace later references to key and lock with OTP.
Works No?
I think it sucks that parent's post is so obvious. What a wonderful world we live in. Hopefully, as it has been historically, it is only cyclical.
Then again maybe we're going to be seeing the downfall of an empire. That darned power coming from the governed thing.
Yeah, I realize already that was very snide. I would really like to ask how, in 3 months, only 27,000 users responded. Is that even marginally representative of the user base?
To assuage the knee jerks, I'm a penguin lover myself. I'm typing this currently in Firefox 1.5x because FC6 won't make that leap until 3.x. I don't have a view either way on the distro battles...except that gentoo is for people more patient than myself who might also have less chromosomes(I keed, I keed). Also I enjoy the taste of foot enough to request seconds...that's right... in my mouth.
So 27,000. That's like a lot huh?
With the dollar hanging precariously in the balance, off-shoring of many technical jobs, off-shoring of many labor jobs, low end labor going to illegal labor, China paying for war efforts by propping up a worthless dollar, education system is crap, and a myriad of other bad news. How does it feel to be an American looking over that first drop on the roller coaster for the second great depression? BTW the tracks might be a little loose at the bottom.
Will Bush 2 go down in history as the worst leader ever? I sure hope so. Sure he didn't really do anything, but he didn't do much to slow down his minions.
Damn... I really need to invest in foreign markets but I'm locked into a domestically invested retirement plan...have to see if they're exxon heavy. I hear there's beautiful weather in Dubai.
Why aren't financial analysts mentioning any of this? It's not like america will work in a vacuum...not even close. Hell we're turning shipping containers into low cost housing because there just isn't enough stuff going outbound.
Somebody PLEASE prove me wrong.
Why not let the calculator convert to RPN and back?
The effect in question and the shape required to make it work don't really lend themselves to stealth 's sharp edges. Unless that super broad spectrum black paint posted here a while ago works out I guess.
Maybe it doesn't matter for surveillance drones in a backpack field deployment type situation. Possibly more useful than those RC planes they use currently.
It becomes criminal when it phones home with all of your pertinent keystrokes name, email, credit card + secret number, account #s, social, DOB, passwords, etc which are then sold on the black market. Where have you been?
I assume you're thinking adware which is in rare cases only annoying, most cases privacy invading, and many cases illegal anyway.
"I wonder how much blood it would take to make you all beLIEve." - Godmachine, Acid Bath. Listen to it.