Slashdot Mirror


User: iluvcapra

iluvcapra's activity in the archive.

Stories
0
Comments
3,680
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 3,680

  1. Re:Yes, it's legal on MySQL Ends Enterprise Server Source Tarballs · · Score: 1

    You just can't restrict what they in turn do with the source code

    That's not exactly accurate, as a matter of fact it kinda misses the point: You can restrict recipients from distributing compiled copies of your source code without including your source, or compiling their own modified versions into a binary and distributing it without also distributing their modifications. The License places no restrictions on "what you do" with the source itself, but if you star handing out copies of the code to others (by free-beer or sale) your improvements have to be included so that the recipients have the same level of freedom to "do what they would do" with the source code as you did.

    The compulsory release of source code with distribution has all kinds of implications on software commerce -- it makes it really hard to charge money for a binary on an instance-by-instance case -- but the GPL is not ultimately commerce-minded, its main concern is with guarding an end-users right to understand and modify the operations a program may perform on his system.

  2. Re:I'm not sure I see the problem on Human Origins Theory Tested By Recent Findings · · Score: 1

    After reading the article, I'm not sold on if man evolved from an aquatic ape, but we seem to have a ton of adaptations that should be really useful when the time comes ;)

  3. Re:Eeeeeeek on Diebold Voting Machines Audited by California · · Score: 1

    Let people vote whenever they feel like, within about a month of the normal voting date, and see real-time results.

    Ebay effect would take over -- people would watch how the early people were voting and then mob the machines in the last hour.

    Also, the effect of having a polling place in a public area under constant supervision has its benefits, as it can (can) positively prevent electioneering and vote tampering, as the entire process is mediated by responsible individual persons. If the process is computerized, it's almost impossible to assign blame when something goes wrong. When it's all manual, you can positively throw people in jail if they screw up, and people who volunteer for election poll work are generally receptive to the disincentive of jail time (unlike computers or Diebold executives).

  4. Re:Just use paper counting on Diebold Voting Machines Audited by California · · Score: 2, Informative
    • Today and today only! 1230 AM is offering $2 for every election receipt you give us with "Bob" on it!
    • Come on in to mattress warehouse for our election day special! Get a free comforter with your mattress if you have a receipt for "Bob"!
    • Boss: Everybody vote today? Let's see your receipts! Uh... I wanna make sure you're all participating.

    If you put a voter's choice on the walk-away receipt, you commoditize the election completely, since the receipts become a call on a vote. You can print the choices on a sheet of paper, but it must be private to the voter and have no personal IDs or other data on it between the voter and the ballot box. No information associating a voter with a vote must leave the polling place.

  5. Re:Copy and Paste from linked article - karma whor on Apple iPhone v1.0.1 Update Now Available · · Score: 1

    Oooh, I'm taking a hit for that one :P

  6. Re:Copy and Paste from linked article - karma whor on Apple iPhone v1.0.1 Update Now Available · · Score: 1

    Yes, but you can't argue with success ;)

    It's nice just to have it on the page to look at. Besides, how many people are going to actually read it anyways?

  7. A Description of the Patches from Apple: on Apple iPhone v1.0.1 Update Now Available · · Score: 5, Informative



    iPhone v1.0.1 Update

    Safari

    CVE-ID: CVE-2007-2400

    Available for: iPhone v1.0

    Impact: Visiting a malicious website may allow cross-site scripting

    Description: Safari's security model prevents JavaScript in remote web pages from modifying pages outside of their domain. A race condition in page updating combined with HTTP redirection may allow JavaScript from one page to modify a redirected page. This could allow cookies and pages to be read or arbitrarily modified. This update addresses the issue by correcting access control to window properties. Credit to Lawrence Lai, Stan Switzer, and Ed Rowe of Adobe Systems, Inc. for reporting this issue.

    Safari

    CVE-ID: CVE-2007-3944

    Available for: iPhone v1.0

    Impact: Viewing a maliciously crafted web page may lead to arbitrary code execution

    Description: Heap buffer overflows exist in the Perl Compatible Regular Expressions (PCRE) library used by the JavaScript engine in Safari. By enticing a user to visit a maliciously crafted web page, an attacker may trigger the issue, which may lead to arbitrary code execution. This update addresses the issue by performing additional validation of JavaScript regular expressions. Credit to Charlie Miller and Jake Honoroff of Independent Security Evaluators for reporting these issues.

    WebCore

    CVE-ID: CVE-2007-2401

    Available for: iPhone v1.0

    Impact: Visiting a malicious website may allow cross-site requests

    Description: An HTTP injection issue exists in XMLHttpRequest when serializing headers into an HTTP request. By enticing a user to visit a maliciously crafted web page, an attacker could trigger a cross-site scripting issue. This update addresses the issue by performing additional validation of header parameters. Credit to Richard Moore of Westpoint Ltd. for reporting this issue.

    WebKit

    CVE-ID: CVE-2007-3742

    Available for: iPhone v1.0

    Impact: Look-alike characters in a URL could be used to masquerade a website

    Description: The International Domain Name (IDN) support and Unicode fonts embedded in Safari could be used to create a URL which contains look-alike characters. These could be used in a malicious web site to direct the user to a spoofed site that visually appears to be a legitimate domain. This update addresses the issue by through an improved domain name validity check.

    WebKit

    CVE-ID: CVE-2007-2399

    Available for: iPhone v1.0

    Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

    Description: An invalid type conversion when rendering frame sets could lead to memory corruption. Visiting a maliciously crafted web page may lead to an unexpected application termination or arbitrary code execution. Credit to Rhys Kidd of Westnet for reporting this issue.

  8. Re:hmm on AT&T Deal With eMusic Excludes iPhones · · Score: 1

    That'd be nice, but MobileSafari doesn't download files; even if it did, the iPhones file system isn't browsable.

    That said, it seems like a much better value to just use eMusic on your home host and not on yer cellphone. This is probably a gimme by ATT to Nokia and Samsung, so they don't get the feeling that their handsets are being neglected.

    Posted from my iPhone.

  9. Re:So? on AT&T Deal With eMusic Excludes iPhones · · Score: 4, Insightful

    just another reason why the iPhone sucks

    What's the opposite of a fanboy? Just as rabid and uninformed and loud, just a detractor? We need a word...

    I imagine Apple DEMANDED that any such deals not include the iPhone, to steer iPhone users at iTMS.

  10. Re:How is $750 per song unconstitutional? on US Dept. of Justice May Intervene To Help RIAA · · Score: 1

    The $750 isn't a criminal fine imposed by the government, it's the RIAA's claim of damages. They can sue you for a billion dollars for talking smack about Moby if they want, and if you ignore the summons, they'd win.

    RIAA is not the government (yet). The Constitution of the United States defines the powers of the US federal government, and defines the freedoms of individuals in terms of what the government can't do. It has nothing to do with plaintiffs in civil suits. If you can find some theory that says amendment VII applies to individuals, then it might be different, but I don't think that's the case.

  11. Re:How is $750 per song unconstitutional? on US Dept. of Justice May Intervene To Help RIAA · · Score: 2, Informative

    The federal government can't cruelly or unusually punish you, this doesn't apply to civil situations between individuals.

    The language is:

    Excessive bail shall not be required, nor excessive fines imposed, nor cruel and unusual punishments inflicted.

    Of course, the sentence is in the passive voice, so it relies on interpretation, but its in the middle of a bunch of laws that spell out limitations of federal power, so this is probably how it gets interpreted. Amendment VII, which guarantees just about every civil respondent a right to a trial by jury, might be more appropriate.

  12. Re:Fraud on Researchers Crack Every Certified CA Voting Machine · · Score: 1

    I fail to see the benefit of an insecure computer system compared to hand voting.

    The big problem (or blessing) in the United States is there are at least a dozen issues to vote on, even in by-election years. It would be easy if the only issue was "which party," as it is in PR-type parliamentary democracies, but in the US you vote for people, and lots of them for lots of different offices, and bond referenda, and (in many states) ballot propositions, judgeships, etc. Counting a single issue on a ballot would be easy to do with witnesses, but there's just such a magnitude of issues in an average election that computation is the only way to get a quick answer within a single number of days of the voting.

    This is considered "more democratic," though I think it approaches the Scott Adams definition of a Confusopoly.

  13. Re:not a good direction for Linux on Etoile Project Releases Mac-Like Environment · · Score: 1

    We are talking about different things, but I think we can digress on this with some profit.

    I think you're saying "safe" languages are better for application programming, which is fair. However, I would say that safe languages, in the end, have the effect of keeping you, the developer, away from the hardware. If you code in a safe language, you are denying yourself access to the CPU instructions, registers and memory of your hardware platform, which is a good thing if you're ignorant of such things, but in the end can keep you from writing the most optimal or fastest code on the platform.

    You say there's no mandate of safe languages on platforms, or rather that you wouldn't argue for it, though I can't help but see such a thing as the end of the safe language argument. Microsoft already has people keywording blocks as "unsafe" in Managed C++, with the goal of requiring either a user authentication and/or code signing to allow these blocks to execute. If you can't write a program that can peek outside of its own allocation, how do you pick the lock on MS's private APIs, or write a debugger that actually tells you the state of your actual MACHINE, and not the virtual one the OS vendor has you running in? The answer is, you don't.

    "Safe languages" are about conferring the right of writing for the hardware to the runtime vendor, and restricting the application vendor to a walled garden of services. This is acceptable if your runtime is OSS, like Python or Mono (we'll just see how the legal stuff all pans out on that one), but not if you're writing for the other 98%.

    Those programmers who would trade a little bit of freedom for a little bit of safety deserve neither.

  14. Re:not a good direction for Linux on Etoile Project Releases Mac-Like Environment · · Score: 1

    I find this matter tedious, but I feel compelled to defend the honor of the old girl Objective-C:

    • Objective-C will never be strictly typed, and while this lets people get into trouble at runtime, it allows you to build generics, like containers and arrays, as plain objects and avoids the C++ solution of using templates and macros. You can even load collection objects like arrays with objects of different classes.
    • I have walked past the end of an array/string in C, but never in Objective-C, since arrays and strings are objects and you are able to store things (like, say, the length) as ivars and you can use encapsulation to guard against de-referencing illegal subscripts. You occasionally still have to use old C-style arrays and strings, but rarely.
    • The problems we often cite with C and ObjC are really ergonomic; the language lets you do stupid things without waving a flag at you. Python, Ruby, Java will always be easier to program, but their "management" of the developer's experience (which is really all it is) will always cost cycles. As the CPUs get faster it matters less and less, though I doubt an embedded device like, say, an iPhone could efficiently use GUI apps written in Python.
    • Ditto any process that's watching the clock, like, say, audio. If you built an OS that mandated third party devs used Python or Java, that OS would never be able to support realtime audio processes written by third party devs (aside from what the OS vendor provides you, and why are THEY so much better at writing C than YOU?). This issue would go away if someone wrote an interpreted language that was realtime-savvy, but I've never seen it.

    For context: Mac OS X 10.5 will not feature a managed or "safe" ObjC, but XCode will support bindings into Cocoa for Python and Ruby. You can already develop using these using PyObjC and RubyCocoa. I personally think this whole "safe language" business is some sort of connector conspiracy to give the OS/runtime vendors ascendency over the CPU vendors ("Don't write for Wintel, write for CLR!"). Why don't we all just go back to LISP?

  15. Re:External HDDs foil that plan on Cross-OS File System That Sucks Less? · · Score: 1

    ...and doesn't have to be turned on by Vista users.

    They'd wrap it into SP1, or a critical security update, and/or put up a nag screen whenever you boot your computer that doesn't have the upgrade. They've argued successfully in the past that they can't be forced to make every little bit of Windows optional if making it all-in-one isn't more convenient, which it often is, even if this increases the lockin.

    You can't ever hope to chase a closed implementation this way; the best thing to do would be to call your project "LAND" (as in "LAND Ain't an NTFS Driver") and simply make the claims that the LAME people make about their encoder: it makes files that MP3 players will play, but our files should in no way be confused with MP3s, as those have patent magic sprinkled on them, and ours is merely a superior implementation of something that many client software would confuse with an MP3.

  16. Re:Didn't anyone think on Intern Loses 800,000 Social Security Numbers · · Score: 1

    I do like that story. Which company was it offering the monitoring? There are only three that do credit reports. A lot more do "monitoring," but I don't believe the relevant identity theft legislation requires that a victim gets free "monitoring."

  17. Re:Scapegoat? Maybe, but he's still a moron. on Intern Loses 800,000 Social Security Numbers · · Score: 1

    A blank LTO is like $50, I'd steal it for a fast $$$, if I had a crack monkey on my back.

    When I worked at a sound house in North Hollywood (a pretty run-down burg), crackheads would go through our dumpsters at night and look for media, mainly 3/4" tapes, because they knew that a place like ours, if we threw out tapes, they'd generally contain editorial reels of shows we'd worked on, and they knew shady video duplicators in town that would pay them some two-digit pittance for them so they could run off a buncha DVD dupes to sell on the grey market -- they look ALOT better than camcorders in a movie theater. Even if the tapes had nothing on them, blank 3/4" U-Matic is like $10 a unit.

    Very few people ever threw out their old 3/4" that way, they'd at least degauss the tape first. Of course, most people don't know how to use a degausser, they'd just wipe the tape across the surface of the thing once, and think they were done, basically doing nothing. Even degaussed, we'd never throw old tapes into the trash until we were sure our clients were never going to call us back to do work on the film (which was either "never" on big-budget films, or 5 years or so on the low-budget DTV stuff.

    Even so, we'd occasionally throw out old media we had no use for, like old DATs. Some of the characters who drifted around our loading dock at night seemed to think we did in music, and so they were probably expecting we'd occasionally toss a 2" tape ($150 blank).

    This is Los Angeles, though, and a lot of the crackheads generally have a good background in media.

  18. Re:Problem is.... on Steve Jobs Hates Buttons · · Score: 1

    A 1 dB transition is not such a bad thing, if they're decibels sound pressure level. Decibels SPL are calibrated to thresholds of human hearing. In blind studies, if you play a sound for a listener, and then play it again for them at a different level, if the difference is less than 1 dB SPL, the listener will report the sounds were played at the same level.

    That said, a rotary encoder would be better, but it probably adds too many manufacturing steps. A cheap touch-sensitve strip would probably be better, if they can get the costs down (since there are no moving parts, it'd probably be easier to manufacture and keep clean, which is another issue with rotary encoders.

    Posted from my iPhone (over EDGE)

  19. Re:How is it? on The Unforking of KDE's KHTML and Webkit Begins · · Score: 2, Funny

    The phrase "GCC fork" is a well-known fnord.

  20. Re:Zune problems on Next Generation Zune Coming for Holiday Season · · Score: 1

    Thanks for replying.

  21. Re:Update Deployment on Security Flaw Found That Allows Control of iPhone · · Score: 1

    When they do them.

  22. Re:The Difference is Responsibility... on Security Flaw Found That Allows Control of iPhone · · Score: 1

    Explain the intrinsic unsafeness of Objective-C, as opposed to C or C++, and watch us laugh at you. Why doesn't Linus find all the vulnerabilities in the Linux kernel, after all, or the Apache guys in Apache, or the NT guys in NT kernel, or...

    Explain the intrinsic unsafeness of the C dialects as opposed to Java, and watch us fall asleep while waiting for the Conway's Life game embedded on your home page to load up.

    Explain the intrinsic unsafeness of the C dialects as opposed to C#, and watch us run screaming :D.

  23. Re:The technical paper is the article on Security Flaw Found That Allows Control of iPhone · · Score: 4, Interesting

    Most interesting pieces of information from the article:

    Additionally, no address randomization was used in by the operating system.

    the filesystem accessible to iTunes is chroot'ed such that only a small set of the filesystem is visible over this [USB] connection.

    it is possible to modify the iPhone in such a way that the applications will dump core files when they crash. This is accomplished by adding the file /etc/lauchd.conf containing the line limit core unlimited to the iPhone using iPhoneInterface. Core files can be retrieved off the iPhone from the /cores directory, again using iPhoneInterface.

    Under their suggestions:

    Install applications such that they run as an unprivileged user. This would result in a successful attacker only gaining the rights of this unprivileged user.

    I don't see how that'd help on a single-user computer., tho (another of their suggestions) chrooting all the running apps would be a step in the right direction. The researchers are politicians, too:

    This limited access to the filesystem doesn't particu- larly serve a security role from the perspec- tive of a remote attacker. Instead, this serves as an example of design intended to protect the exclusivity of the iPhone to AT&T. If more thought had gone into protecting the applica- tions from remote attack and less on prevent- ing the unlocking of the device, the overall security of the device might have improved.

    Translation: Running iTunes in a chroot jail makes the iPhone insecure, because my unicorn says anything done for the sake of AT&T is insecure.

  24. Re:Zune problems on Next Generation Zune Coming for Holiday Season · · Score: 1

    Daniel,

    I must admit I do enjoy reading your articles, they're fun. But I've always wondered:

    • Your volume of production is really quite remarkable for someone with a day job. Does anyone pay you to produce these articles?
    • Though I've said they're "fun," your arguments have this inexorable, thorough-in-depth quality, like I'm reading the head computing reporter for the World Socialist Website talking about how UDP is Pabloist (not to say I don't find their style "fun" either). Do you ever wonder you're kinda beating the horse dead?
  25. Re:Lack of Caring on University of Kansas Adopts 'One Strike' Copyright Infringement Policy · · Score: 1

    Everybody who buys a "class notes" book from the bookstore should write down the publisher of every work copied in the books, and confirm that the school indeed obtained permission from the publisher to make the copies, as well as noting how many people are in the class to see how many copies were made. Ditto all class handouts.