If the most common way to patch a Red Hat system is by downloading patches through the Internet, how can someone get a RH system up and running without it being compromised in the process?
To address your modification concerns, do an MD5 hash on it and chisel the hashcode into the floor of the Library of Congress. Sell the DVD to the public at cost; there probably would be thousands of takers. There would almost certainly be a few disks still around 200 years from now. (They might need to be special gold DVDs due to reports of old aluminum CDs rotting already).
Will MD5 hashing be able to stand up to quantum computers?
This isn't a problem with Outlook, it's a problem with idiot users clicking on every damn thing they're emailed.
Outlook Express, at least, has a horrible user interface for attachments. First, *any* attachment with *any* extension will trigger the dialog, which means users will ignore the dialog after seeing it several times. Second, it conveys the possible threat from the file type only by displaying the extension, and many users haven't memorized what extensions are safe and which aren't. Third, it only asks that you "be certain that [the] file is from a trustworthy source", which doesn't help much if the "trustworthy source" is infected by the same attachment.
People who don't know what ".exe" and ".vbs" mean are idiots? I've seen several slashdotters say that before, but I can't imagine why anyone would think that. Not everyone knows everything about their computers, and you shouldn't expect them to.
Most people with sleep-deprivation problems (well, at least most students at my college with sleep-deprivation problems) are aware that they don't get enough sleep. They just feel like they have too much work, and so they have trouble falling asleep until they're very tired, or they frequently pull all-nighters. Telling them to "get plenty of sleep" won't help. Telling them not to drive won't do much good if they commute.
Ever tried to browse the web with IE set to the max security level? Lots of stuff stops working!
Not only do things stop working, but IE continuously reminds you that you've made them stop working. All I did was disable ActiveX, and every time I visit a page with Flash, I get a window-modal dialog saying "Your current security settings prohibit running ActiveX controls on this page. As a result, the page may not display correctly."
if they were really smart/crooked they would make the "close window" button actually a link to their site - "oops, i guess we made a mistake in programming"
And due to a security flaw in Internet Explorer, you actually can make a window without a real title bar. The exploit is to open a "full screen" window (which a web page shouldn't be able to do in the first place) and then resize it using additional javascript. I haven't seen any advertisers use this hole, but I have seen them make full-screen windows, so I won't be surprised if I see them create a "chromeless window" and make me read the ad to find the real "close" button.
M$ is probably pushing things to ActiveX,.NET, ASP
Java: cross-platform. Loading a Java applet from a web page doesn't require granting any privileges to the web page. A Java applet can draw in the space it's given, take keyboard input when it has focus, and open new windows, just like a web page can, but it can't do much else.
ActiveX: Windows-only, and installing an ActiveX applet is equivalent security-wise to installing and running a native program, and then allowing the web page to interact with that program.
ASP: server-side, so it doesn't even try to do the same thing that Java did.
I guess that leaves us with.NET. Can.NET run a program such as an applet without giving that program full control over the user's system?
(My original suggestion could be implemented in a browser-neutral way, or at least in a way that you could use a web-based version of the password generator when you're using a different browser.)
The main problem I have with maintaining memberships on multiple sites is not that I have to enter my personal information each time I sign up for a site, but that I have to remeber zillions of passwords. One of the entries in this year's 5K contest, PassPal, tries to solve this problem by giving you a new password for each site based on an MD4 hash of your SSN, your birthday month, a master password, and the name of the site you need a password for. Does that approach work -- is it secure? Should something like PassPal be built into web browsers?
Those who appealed to the Bernoulli principle - decreased pressure exerted by air in motion - the same physics that allows airplanes to fly and causes two sheets of paper to stick together when you blow between them (try it!). This hypothesis also seemed a bit shaky since (a) the air in a shower never seems to move that fast...
Since a shower curtain is considerably lighter than an airplane, I don't see why the water would need to move that fast in order to bring the shower curtain in. I still think the Bernoulli principle could be sufficient to explain the shower curtain problem.
There is the continual feeling that the next click might yield what we am looking for. But it could be dozens of clicks away. For some reason, probably because of conditioning, we choose to gamble time rather than money.
If you gamble with time, and you click the first five free hits in your favorite search engine, you may have wasted some time, but the less useful sites you clicked to haven't gained much (perhaps an ad view). If you gamble with money by giving 5 cents to a source you've heard of but don't really trust, and you lose, then not only have you wasted 5 cents, but the owner of the unuseful web site just gained 5 of your cents. You feel like you're a victim, you feel like you've been nickeled-and-dimed (even though you were only nickeled), and you feel like you might be supporting a scam purposely set up to take 5 cents from a large number of people.
Tipping might work better if it was initiated by the tipper (ie the web site didn't ask for the money, but just provided an e-mail address, and the visitor decided to send some money after reading the site).
No, you're not the only one. I can't stand emacs's user interface and I don't particularly like vi. I usually use pico when I'm doing homework on the Solaris machine at school, and I use notepad for most of my editing. I'll try the ones you mentioned when I go back to school.
Perhaps guns were a bad example. Let's go to the extreme, and take, say, a nuclear weapon. Not many people explode nuclear weapons in their backyard for fun. They are clearly designed for only one purpose - to decimate large amounts of people and property at once, and are extremely dangerous. There is no ambiguity here. Should It be legal for me to have one in my closet and leave the assessment of intent until after I use it on downtown Manhattan? Probably not. at least in my humble opinion.
But, like guns, nuclear weapons can have a strong deterring power. In fact, that has been their only use for over 50 years.
Slashdot Mirror
If the most common way to patch a Red Hat system is by downloading patches through the Internet, how can someone get a RH system up and running without it being compromised in the process?
To address your modification concerns, do an MD5 hash on it and chisel the hashcode into the floor of the Library of Congress. Sell the DVD to the public at cost; there probably would be thousands of takers. There would almost certainly be a few disks still around 200 years from now. (They might need to be special gold DVDs due to reports of old aluminum CDs rotting already).
Will MD5 hashing be able to stand up to quantum computers?
um i only get it for *.vbs *.exe and
so on..
never ahd it for *.rts *.txt and so on
Maybe I'm using an old version, but Windows Update hasn't offered a "critical update" to make the dialog come up less often.
This isn't a problem with Outlook, it's a problem with idiot users clicking on every damn thing they're emailed.
Outlook Express, at least, has a horrible user interface for attachments. First, *any* attachment with *any* extension will trigger the dialog, which means users will ignore the dialog after seeing it several times. Second, it conveys the possible threat from the file type only by displaying the extension, and many users haven't memorized what extensions are safe and which aren't. Third, it only asks that you "be certain that [the] file is from a trustworthy source", which doesn't help much if the "trustworthy source" is infected by the same attachment.
I'm even more self-centered and stupid (and lazy), so I assume that wherever I am, I'll be able to find someone to drive me around :)
People who don't know what ".exe" and ".vbs" mean are idiots? I've seen several slashdotters say that before, but I can't imagine why anyone would think that. Not everyone knows everything about their computers, and you shouldn't expect them to.
Most people with sleep-deprivation problems (well, at least most students at my college with sleep-deprivation problems) are aware that they don't get enough sleep. They just feel like they have too much work, and so they have trouble falling asleep until they're very tired, or they frequently pull all-nighters. Telling them to "get plenty of sleep" won't help. Telling them not to drive won't do much good if they commute.
Ever tried to browse the web with IE set to the max security level? Lots of stuff stops working!
Not only do things stop working, but IE continuously reminds you that you've made them stop working. All I did was disable ActiveX, and every time I visit a page with Flash, I get a window-modal dialog saying "Your current security settings prohibit running ActiveX controls on this page. As a result, the page may not display correctly."
I didn't know you could have two adjacent hyphens in a .com domain name. But the link worked, so I guess you can.
if they were really smart/crooked they would make the "close window" button actually a link to their site - "oops, i guess we made a mistake in programming"
And due to a security flaw in Internet Explorer, you actually can make a window without a real title bar. The exploit is to open a "full screen" window (which a web page shouldn't be able to do in the first place) and then resize it using additional javascript. I haven't seen any advertisers use this hole, but I have seen them make full-screen windows, so I won't be surprised if I see them create a "chromeless window" and make me read the ad to find the real "close" button.
Why do you need to remember the extra command-line option just to use tar'ed bz2 files? Isn't bz2 part of the filename (eg arcname.tar.bz2)?
M$ is probably pushing things to ActiveX, .NET, ASP
.NET. Can .NET run a program such as an applet without giving that program full control over the user's system?
Java: cross-platform. Loading a Java applet from a web page doesn't require granting any privileges to the web page. A Java applet can draw in the space it's given, take keyboard input when it has focus, and open new windows, just like a web page can, but it can't do much else.
ActiveX: Windows-only, and installing an ActiveX applet is equivalent security-wise to installing and running a native program, and then allowing the web page to interact with that program.
ASP: server-side, so it doesn't even try to do the same thing that Java did.
I guess that leaves us with
I dual boot, for instance, so I can't always use the same browser, even if I had a specific favorite
:)
So go vote for bug 58647
(My original suggestion could be implemented in a browser-neutral way, or at least in a way that you could use a web-based version of the password generator when you're using a different browser.)
The main problem I have with maintaining memberships on multiple sites is not that I have to enter my personal information each time I sign up for a site, but that I have to remeber zillions of passwords. One of the entries in this year's 5K contest, PassPal, tries to solve this problem by giving you a new password for each site based on an MD4 hash of your SSN, your birthday month, a master password, and the name of the site you need a password for. Does that approach work -- is it secure? Should something like PassPal be built into web browsers?
Those who appealed to the Bernoulli principle - decreased pressure exerted by air in motion - the same physics that allows airplanes to fly and causes two sheets of paper to stick together when you blow between them (try it!). This hypothesis also seemed a bit shaky since (a) the air in a shower never seems to move that fast...
Since a shower curtain is considerably lighter than an airplane, I don't see why the water would need to move that fast in order to bring the shower curtain in. I still think the Bernoulli principle could be sufficient to explain the shower curtain problem.
I thought they were talking about the flipping robot BioHazard at first. And that was before I saw the slashdot story on battlebots.
For one, I would want to know if the conversation I am having with you on the phone is being recorded or not.
Why?
An Athlon 1200 based system for ~$750 WITH a 17" monitor and 128 MB of RAM?
Where did you see that? I'd take one of those...
There is the continual feeling that the next click might yield what we am looking for. But it could be dozens of clicks away. For some reason, probably because of conditioning, we choose to gamble time rather than money.
If you gamble with time, and you click the first five free hits in your favorite search engine, you may have wasted some time, but the less useful sites you clicked to haven't gained much (perhaps an ad view). If you gamble with money by giving 5 cents to a source you've heard of but don't really trust, and you lose, then not only have you wasted 5 cents, but the owner of the unuseful web site just gained 5 of your cents. You feel like you're a victim, you feel like you've been nickeled-and-dimed (even though you were only nickeled), and you feel like you might be supporting a scam purposely set up to take 5 cents from a large number of people.
Sorry, I should have said "for the last 50 years" instead of "for over 50 years".
Tipping might work better if it was initiated by the tipper (ie the web site didn't ask for the money, but just provided an e-mail address, and the visitor decided to send some money after reading the site).
No, you're not the only one. I can't stand emacs's user interface and I don't particularly like vi. I usually use pico when I'm doing homework on the Solaris machine at school, and I use notepad for most of my editing. I'll try the ones you mentioned when I go back to school.
Does NAI labs have any connection to Bill Nye the Science Guy? If so, will we soon hear about The FreeBSD OS of Science on PBS?
Perhaps guns were a bad example. Let's go to the extreme, and take, say, a nuclear weapon. Not many people explode nuclear weapons in their backyard for fun. They are clearly designed for only one purpose - to decimate large amounts of people and property at once, and are extremely dangerous. There is no ambiguity here. Should It be legal for me to have one in my closet and leave the assessment of intent until after I use it on downtown Manhattan? Probably not. at least in my humble opinion.
But, like guns, nuclear weapons can have a strong deterring power. In fact, that has been their only use for over 50 years.
Bug 88932 Have to restart browser to apply themes