This news isn't news. What's news is this news is in the news!
So then it is news. Otherwise the news that it's in the news couldn't be news.
Yeah, but the news still is that this news is in the news instead of just being that the news is simply news by itself. The news that it's in the news is still news even though it's not the kind of news I'd want to read about in the news. I want to read about solid news that are news by themselves in the news, not news about news being in the news!
In this case I guess no news really are good news.
I guess as one who doesn't try to write malware, just the very idea of these overflow explanations seems so unlikely that even if I were wanting to write such programs, I wouldn't consider buffer or stack overflow as an idea.
Dude, you're making it sound like it's a matter of faith whether stack/heap overflows can be done at all.:-)
Noone said it's easy and quickly done to write a working exploit. It takes time to find the vulnerabilities, and still much more time to write code exploiting them.
Add to all this, most OSes dynamically allocate memory to processes, so even if you could overlay code with data and manage to get it executed, getting it to overlay in the right place and on the right byte boundardy without causing a fault would seem pretty unlikely.
Not at all unlikely if you take advantage of offsets that already exist within the program. As soon as you've successfully determined where in memory the program data resides, you can use it as an offset simply put. You bring up a good point though, because this is one common misconception about exploits. A good portable exploit has to take use of memory offsets to work properly.
Please don't tell me, not even as some karma raising "funny" joke, that Microsoft doesn't even use the hardware modes which I would presume would prevent buffer overflow from ever occuring?
This isn't limited to Windows. AFAIK all common OS:es share these problems. Now I haven't checked up on these CPU features you're talking about but it's nothing I've ever heard of...
For further reading I recommend "The Shellcoder's Handbook" by Jack Koziol and a bunch of others. It explains the basics on finding security holes and exploiting/securing them, and delves a bit deeper in a bunch of areas as well. Excellent read.
in the Control Center, under KDE Components, there's a "Component Chooser" panel that's been there since 3.3 that allows you to set your default browser, email, text editor, IM client and terminal app.
Yeah, I was very happy about this improvement. But then I discovered how it works - and that's not very well.
I prefer Firefox so when I click on URLs in KMail that's the browser I want to be started. But what happens is it grabs the content and puts it in a local temporary, THEN opens up Firefox with the tmpfile as argument. So if the page contains relative URLs, as is good practice, I'll have to fire up Firefox and put in the URL manually if I want to use any links on the page. Not exactly how I want it to be done...
The most uncooperative company is Intel, which has started a sham 'open source' BIOS project. The software consists of all the unimportant parts of of a BIOS, minus the hard parts. It won't run, and doesn't bring us any closer to a BIOS that does. It is just a distraction.
It might just be me being naïve, but would Intel really go to such lengths to create a "distraction"? I find it a bit paranoid to think they'd start a project with the sole intention of just slowing down the progress for an open sourced BIOS.
Three weeks ago I would've agreed with you. I've been running debian stable on a very (VERY) remote box of mine, putting up with 4 year old versions of programs because, well, it's stable and I don't have to worry about the box crashing on me. I really wouldn't want that because the box is located roughly 800km from me.
...but then, about three weeks ago I was just doing the regular apt-get update, apt-get dist-upgrade and the box just suddenly stops responding. I can still ping it and everything but all services are just gone. Since it crashed while installing a new glibc I guess that must've messed things up. And I'm so mad because it's not SUPPOSED to do that. It's debian STABLE damnit. I could've accepted it if I would have been messing around with non-standard stuff on the box but I haven't.
So well, I dunno what's supposed to be the Right Distro(tm) to use - it's still a question about what suits one best. There isn't just one distro that's "best". I agree with the guy saying whole story should be marked as flamebait.
By the way, does anyone know how easy/difficult it is nowadays to get WiFi hardware that lets you choose your own MAC address?
I haven't got around to buying wifi equipment for my apartment yet. Living in a flat with a bunch of neighbours though, I just checked to see if there was any wifi network nearby. Tried it, found one, set ethereal to sniff packets for perhaps 5 minutes. Most of these packets contained relevant MAC addresses for me to use.
After that, ifconfig ath0 hw ether [mac-addr] and voilà. I'm in. Really, restricting access to a certain mac address doesn't do squat. Most nics will support changing the mac address without any problems whatsoever.
Now if I can only find what neighbour's net I've been using. I took myself and my laptop for a walk today to see where the signal strength increased, but had to go back inside because people were staring at me.:)
A few weeks ago I went to a presentation by Michael "Monty" Widenius from MySQL. Among many interesting things he talked about, he mentioned that MySQL really never have had to advertise in a regular fashion, because most of the time their customers had actually already been using their product for a good while before putting it to use in a commercial project. Some guy in the company would need just any database for use in his small private project, then tried the same database when things started getting bigger...the rest is history.
This model is obviously not applicable everywhere, but it has a great deal of advantages over regular advertising really - the main thing being that the customers actually know what they're getting, by using the product themselves instead of listening to how some marketing guy somewhere decided to describe the product. This is a great advantage for open source projects in general IMHO.
If I needed 8 different tools to keep my computer free of spyware I would start thinking that maybe, just maybe, I should be a little conscious myself of checking what stuff I'm downloading. You obviously care enough to keep track of 8 different tools with their pros and cons, I'm pretty impressed that you care so little about what you can do with just common sense.
Unfortunately, the TV-B-Gone website seems to have already been swamped by the Wired coverage...
Yeah, so let's help them out by posting the URL on/.
Re:he is actually Swedish...
on
Linus Interviewed
·
· Score: 3, Informative
Err, no, he isn't. Swedish is one of the two official languages in Finland. Saying Linus is from Sweden just because he happens to speak Swedish is like like saying all english speaking Americans are actually British.
I'm not saying the iPod sounds bad. I own a 4G iPod myself and I'm very happy with it. Compared to an iRiver HD120 though, the HD120 came out as winner for me.
So why am I owning an iPod? Well, for the reasons I stated above. The iPod is a very impressive unit indeed.
Slashdot Mirror
LOL, mod parent up! :-)
Try PriceRunner, a new price comparison site in the USA but successful since long in Europe.
...RIAA was concerned about that Internet2 wasn't used for research only, and 'decided to help'. How kind of them...
The guy goes to /. and actually READS TFA damnit!!
/. has been doing this for ages. For the given times t0 and t1 it's impossible to say WHEN the dupe gets posted, only that it WILL be.
So then it is news. Otherwise the news that it's in the news couldn't be news.
Yeah, but the news still is that this news is in the news instead of just being that the news is simply news by itself. The news that it's in the news is still news even though it's not the kind of news I'd want to read about in the news. I want to read about solid news that are news by themselves in the news, not news about news being in the news!
In this case I guess no news really are good news.
Dude, you're making it sound like it's a matter of faith whether stack/heap overflows can be done at all. :-)
Noone said it's easy and quickly done to write a working exploit. It takes time to find the vulnerabilities, and still much more time to write code exploiting them.
Add to all this, most OSes dynamically allocate memory to processes, so even if you could overlay code with data and manage to get it executed, getting it to overlay in the right place and on the right byte boundardy without causing a fault would seem pretty unlikely.
Not at all unlikely if you take advantage of offsets that already exist within the program. As soon as you've successfully determined where in memory the program data resides, you can use it as an offset simply put. You bring up a good point though, because this is one common misconception about exploits. A good portable exploit has to take use of memory offsets to work properly.
Please don't tell me, not even as some karma raising "funny" joke, that Microsoft doesn't even use the hardware modes which I would presume would prevent buffer overflow from ever occuring?
This isn't limited to Windows. AFAIK all common OS:es share these problems. Now I haven't checked up on these CPU features you're talking about but it's nothing I've ever heard of...
For further reading I recommend "The Shellcoder's Handbook" by Jack Koziol and a bunch of others. It explains the basics on finding security holes and exploiting/securing them, and delves a bit deeper in a bunch of areas as well. Excellent read.
Yeah, I was very happy about this improvement. But then I discovered how it works - and that's not very well.
I prefer Firefox so when I click on URLs in KMail that's the browser I want to be started. But what happens is it grabs the content and puts it in a local temporary, THEN opens up Firefox with the tmpfile as argument. So if the page contains relative URLs, as is good practice, I'll have to fire up Firefox and put in the URL manually if I want to use any links on the page. Not exactly how I want it to be done...
It might just be me being naïve, but would Intel really go to such lengths to create a "distraction"? I find it a bit paranoid to think they'd start a project with the sole intention of just slowing down the progress for an open sourced BIOS.
So well, I dunno what's supposed to be the Right Distro(tm) to use - it's still a question about what suits one best. There isn't just one distro that's "best". I agree with the guy saying whole story should be marked as flamebait.
Rather it depends on you doing updatedb (or locate.updatedb).
I haven't got around to buying wifi equipment for my apartment yet. Living in a flat with a bunch of neighbours though, I just checked to see if there was any wifi network nearby. Tried it, found one, set ethereal to sniff packets for perhaps 5 minutes. Most of these packets contained relevant MAC addresses for me to use.
After that, ifconfig ath0 hw ether [mac-addr] and voilà. I'm in. Really, restricting access to a certain mac address doesn't do squat. Most nics will support changing the mac address without any problems whatsoever.
Now if I can only find what neighbour's net I've been using. I took myself and my laptop for a walk today to see where the signal strength increased, but had to go back inside because people were staring at me. :)
"A one - a one zero - a one, one zero, one one, one zero zero!"
This model is obviously not applicable everywhere, but it has a great deal of advantages over regular advertising really - the main thing being that the customers actually know what they're getting, by using the product themselves instead of listening to how some marketing guy somewhere decided to describe the product. This is a great advantage for open source projects in general IMHO.
If I needed 8 different tools to keep my computer free of spyware I would start thinking that maybe, just maybe, I should be a little conscious myself of checking what stuff I'm downloading. You obviously care enough to keep track of 8 different tools with their pros and cons, I'm pretty impressed that you care so little about what you can do with just common sense.
Ah, yes. Wireless indeed.
Yeah, so let's help them out by posting the URL on /.
Err, no, he isn't. Swedish is one of the two official languages in Finland. Saying Linus is from Sweden just because he happens to speak Swedish is like like saying all english speaking Americans are actually British.
They don't need good PR, because they're focusing on other solutions instead.
His name wouldn't be Harvey the Wonder Hamster, would it? In that case, I'm all for it!
In todays world, I cannot imagine how restrictive travel must have been, in tomorrows, they will pity us with our cars and segways!
So, uh, how is this attitude towards Segways different from now?
...or Arena?
I'm not saying the iPod sounds bad. I own a 4G iPod myself and I'm very happy with it. Compared to an iRiver HD120 though, the HD120 came out as winner for me.
So why am I owning an iPod? Well, for the reasons I stated above. The iPod is a very impressive unit indeed.
They since replaced the army of lawyers with an evil-looking army of gnomes. Arr.
OGG?