back in the day i read a "tfile" by Sunspot IIRC that explained how to break into those boxes attached the stop lights at intersections and make every light stay green all the time.
Did it involve disconnecting the other lights and wiring the green light straight up to the power source?;)
While I was angry at Microsofts silent installation of this component in Firefox and there is part of me that is ready to cheer on Mozilla for disabling it, I also feel disappointed by the reaction to this.
Not only are they vulnerable versions of Microsoft's add-on disabled, but also all versions indiscriminately, including the patched version that Microsoft rolled out last this Tuesday. Just as some people may have been impacted by Microsoft's original silent installation, how does Mozilla know whether an end user actually uses sites that depend on that add-on or not?
Imagine what would have happened if Mozilla remotely disabled everyone's Flash plug-in each time a new vulnerability was discovered in it? There have been 0-day exploits in the wild for Flash and just think about it's install base. Or the Adobe Reader plug-in? Lord knows it's a more deserving candidate given its history.
In this case there may be some justification in that the unrequested component might pose yet unknown risks, but now I have to wonder what Microsoft's strategy will be during their next update cycle - to re-enable it given that they've fixed the hole in question? Did Mozilla just give Microsoft precedent that would support it disabling Chrome Frame in future?
As a customer of both parties I feel that I've been dragged into someone else's war, which is being waged with my computer as the battle field.
It's a terrible service that provides little merit outside of a unified friends list.
.. and the ability to log into the client anywhere and have it download all your licensed games and updates to them automatically. Although I do remember some prior/. story about license problems across territories.
Longer term, I'll be surprised if companies are only sued for copyright infringement relating to Green Dam. If I distributed software knowing that its intent was to block recipients reaching the web properties of world+dog then world+dog could possibly argue that I've harmed them by doing so.
No use dragging around excess batteries all the time.
Isn't it faster to charge a larger battery to partial capacity than a smaller one to full? Could make a difference to your routine, especially if you opt for a small battery and therefore end up charging it more often.
However, most regular software (funnily enough excepting security software trying to avoid detection by malware!) does not need to do this, so such code should probably be blocked and reported by default.
Lots of software does, though. Usually it's due to executable packers/code-obfuscators/anti-reversing runtime protection.
A) This isn't a new idea and I'm pretty sure that some AV packages already automatically submit questionable files for analysis, all it takes on top of that is for a vendor to track trends. I've had anti-virus software ask me to opt-in to such schemes before. B) Self-encrypting viruses that choose to infect non-common running process images (i.e. avoid Windows system files) might have different signatures everywhere and still require manual analysis. C) Once a virus is running on a host surely it can circumvent reporting agents, or even intercept them and report clean results, delaying or preventing this type of detection?
The police don't know what evidence is there with certainty until they can access it. If they are given the power to break open a physical lock because they have satisfied a judge (or any other requirement) that they are likely to discover evidence by doing so, that's one thing. However, they can get to that evidence with or without your help.
If they believe that decrypting a drive or file will provide evidence and they can get to that evidence without your help fine. If they can only get to the evidence with your help then they have no evidence. And this law is basically saying that with no evidence they can send you to jail.. because you won't help them prosecute you. Which is kind of contrary to the whole concept of legal trials: how can it be mandatory for you to do the work of the prosecution when you are the defendant?
Elsewhere in the discussion others mention the right to remain silent, and when you ask "isn't this more like police demanding you unlock a door? You can't hide evidence behind a physical lock, so why should a digital lock be different?" then there are a whole bunch of slippery slope questions. Isn't this like the police demanding you tell them where you were at the time of the crime? You can't stop them finding out (but they may never unless you tell them). Who were your accessories? You can't prevent forensics from determining that so you should have to tell them!
But really, let's simplify it:
"You can't hide evidence behind a physical lock, so why should a digital lock be different?"
Because it is different? You can hide evidence behind a digital lock, and you do have the right to remain silent. Sometimes. Apparently.
BTW I am from the UK and I grow more ashamed of the people who govern it almost every day.
I see the Nikon is going to use an LED projector, but one other interesting solution is laser-based projectors, which this website claims are always in focus:
The best minds in the world work on cracking them and come up with theoretical proofs of a weakness which ultimately prove to everyone, beyond the shadow of a doubt, the security of the algorithm.
It only proves beyond a shadow of a doubt the maximum security of the algorithm while the actual security remains in question.
How many people plan for when exactly they will drive?
Look at it another way: I'm at home during the day and I have an electric car. I have two choices: use my appliances at peak rate or tell my car to serve up some of the power it stored last night off-peak. Which do I do? It *always* makes economical sense to take that power back from my car before dipping into the grid. Doing so means there is less on-peak demand for everyone else, so prices should come down. If it saves lots of money people will find a nice way to do it, and car manufacturers will sell high-capacity cars boasting their money saving capabilities for your home. It could be as simple as a display in my home that says "Your car has 100 miles worth of energy stored, select how many miles to spend on peak power saving instead". If you foolishly use too much energy and suddenly need to use the car you buy it back at peak rate and learn your lesson for next time.
I know I will select a hybrid car (gas generator with electric drive) for two reasons: range and not having to rely on having a power outlet everywhere I go.
Sure, and hybrids will be around for a long time for those reasons. But a plus is that this could cause power points wherever you go to become a reality.
This gets really complicated to do in practice.
Agreed based on current battery technology, but if we see a big rise in capacity and reduced charge time that could change. It also depends if you serve your own home, in which case the financial benefits are clear, or the grid generally, in which case they are more muddy.
As a single guy (rare for Slashdot, I know..) I don't use much energy at home during the day because surprise surprise I'm out at work. On the other hand, I'm sure there are many people who have families where one adult is home part of the day and probably takes care of cleaning, laundry, etc. during that time, probably watches TV and/or uses the computer, has kids to entertain, needs air conditioning in the summer, heating in the winter, etc. It doesn't seem like smart electronics are going to substantially change these behaviors. Great, the dryer wants to wait until off-peak to dry my clothes, but I have 3 loads of laundry to get done..
What may change things is something that we've discussed here several times: Electric cars that have the ability to return electricity to the grid during times of high demand. Hopefully this or other means of localized power storage will reduce the need for "peak" pricing in future. Hopefully devices will also consume less power in future. For example, if you're spending time online with your notebook you aren't drawing anywhere near the 100-200w you would if you were using a desktop system (my Eee 1000HE netbook draws 9-12 watts).
I would rather see us find ways to better match power availability to demand instead of a short-lived period of doing the inverse. Electric cars are a great way to do so because it's a natural leverage of developments in our lives that are already taking place with widespread support.
Running three separate VMs is not only a sign of paranoia but also a delusion that as a person functioning in todays world you can realistically have so much control over information that with enough effort you can control your own security in all regards, or even that you can control it to the extent necessary to protect yourself from common threats.
Put aside for a moment that she's a security researcher and that probably invites more attacks than the rest of us face. There are a number of flaws readily apparent with this approach to security:
1 - Knowledge is power, and you just told the world critical elements of your defenses. There's a reason banks don't disclose such things. It doesn't make your system any less secure, but it raises the bar for attackers.
2 - You maintain your own VMs. In your mind nobody is better equipped to protect your systems than you are. In reality if you made a security blooper on one system you probably replicated it on all three VMs, if not the host also.
3 - I guess you assume that if you're running an app in the VM and someone decides to attack a vulnerability in your network stack that it won't actually the host system, and since the VM leverages the network stack of the host system that's not necessarily true.
4 - You may secure connections between entities like your bank by allowing only HTTPS through a browser in the VM. Reality is that in the last year major payment processors have been breached resulting in millions of people's card details being stolen. RBS WorldPay and Heartland Data Systems are two known breaches, there is one other yet unidentified from what I have read.
5 - As others have pointed out, anti-virus *will* protect you against nearly all *common* attacks. Today's anti-virus products even scan mail and http traffic for threats before your applications can process the data themselves (usually not in free versions of the AV apps). To say it adds no value at all is sending a very bad message to the majority of readers who would like to think they're better equipped to handle their own security than they really are.
The reality is that you can very easily do many simple things to help protect yourself. Install all your application updates promptly, be careful where you download software from, don't run attachments from spam e-mail, don't follow links sent to you in email without checking where they really go first, be careful where you enter your card details, run AV software, etc. etc.
However, beyond a certain point you have to spend exponentially more effort, beyond what the majority of people would consider reasonable, for very small gains in security. Chances are that you will still suffer fraud etc. during your lifetime, and it will be due to some vector completely beyond your control.
Items #1&2 are a one time inconvenience when you get a new phone number. #3 adds 5 seconds to your call only when you use a different phone to check your voicemail. #4 just makes sense, and in the case that someone is getting DOS'd there could be a flag on the account customer service could set to use longer PINs that don't auto-lock.
You:
That would be annoying as hell.
Which part would be "annoying" - i.e. something you would have to do more than once ever (like setting your PIN), or something you would have to do anyway (i.e. entering it from another number)?
People like you are why we have stupid laws prohibiting things that most of us can handle responsibly blocked or prohibited for the sake of the retarded few.
To the contrary, it is people like you who make a poorly considered knee-jerk reaction to well considered discussions , speaking very loudly and making stupid accusations while doing so, that cause the very laws you're speaking of.
The overall impact of everything I suggested? For 99.9% of people all it would mean that after buying a new phone you were forced to set a PIN.
Ideally you have two thresholds, first may trigger a temporary lockout as you mention, but the second should still lock the voice mail. There are only 10K possible combinations for voicemail, and I bet many fewer common combinations based on patters or number/character equivalent sequences. Another enhancement would be to automatically send someone a text message after either threshold is met. At least it promotes awareness.
To clarify #3 users who are dialing in from their own phone number should still be told their last login time and if there were failed attempts from other numbers, again for the sake of awareness. Targetted users could at least change their PIN more regularly this way.
I speak from the perspective of being a RoadRunner user rather than a Comcast user, but RR implements a similar service. They have a link in the lower right of their results page where you can click to set your preferences and disable the "feature". Except just the other week that preference broke for me, and I was stuck with DNS hijacking. I phoned their customer service line, the person on the other end of the line had absolutely no idea what I was talking about.
DNS hijacking is a bit like Phorm without profiling really. Well, assuming there is no profiling. If there was profiling they'd make more money from the ads they'll inevitably insert there to "support" the service (Edit: oh look, they already have!). Personally I put this issue, along with Phorm in a whole category of problems related to the fact that we still don't secure and authenticate most of our activities on the internet (http, dns, yadayada). ISPs can do what they like and it's hard to stop them. Third-party DNS services seem to be the way to go recently. Of course without security/authentication your ISP can put a stop to that quite easily too.
This is all before you get in to the technical details of clients that may implement specific behavior for when bad DNS queries are expected to fail but don't.
The carriers voicemail system should do four things:
1.When you first get a phone, auto-dial you once a day during business hours and prompt you to set a PIN until you do so
2.Do not allow you to retrieve any queued voice mail until a PIN has been set, require that PINs can only be set from the number they are attached to (without the aid of customer service)
3. Require PIN entry when dialed from other numbers. When you enter your PIN successfully it should say, "Thanks! You last logged in x ago", and if appropriate "Since then there have been x unsuccesful attempts to log in".
4. If too many bad PINs are entered by default lock voicemail and redirect to customer service.
Items #1&2 are a one time inconvenience when you get a new phone number. #3 adds 5 seconds to your call only when you use a different phone to check your voicemail. #4 just makes sense, and in the case that someone is getting DOS'd there could be a flag on the account customer service could set to use longer PINs that don't auto-lock.
I don't buy into the "there is not much you can do about it line" since by this time anyone competent enough to design a voice-mail system for use by a large carrier ought to have enough experience with computers to understand fundamental guidelines for basic security. I came up with the above list in under 30 seconds.
I'd be surprised if it was ever modified to read something that couldn't be identified as IE, but perhaps it's modified just enough to monkey with the analytics in this case.
The reason that FAT is still around has more to do with compatibility than any kind of technical merit.
I suspect there are technical merits.
Windows (XP) prevents you formatting removable drives as NTFS unless you change the "Write caching and Safe Removal" policy for the device (via its property page in the Device Manager) to "Optimize for performance" rather than "Optimize for quick removal". One of the key things this dialog calls out when write caching is enabled (and thus NTFS is available as a format option) is that you have to follow the safe removal procedure. This leads me to believe that NTFS either doesn't perform as well without write caching or it's more prone to damage when writes aren't completed.
After some Google'ing on the matter I also see people pointing out that one benefit to FAT, particularly for removable storage that you may use on many devices, is that it's not encumbered with SIDs/permissions that may be known to one system but not another.
I wouldn't use FAT/FAT32 on a large hard drive for sure, but perhaps it has its uses.
Why not spray a sealant around the surrounding materials, lay in an extraction nozzle attached to a pump, pour a mold around it then use a chemical to dissolve the metal, at least the edges of the metal, enough to remove it? No vibrations, no pressure, no crazy coolant or heating solutions. You can pick a site to work on that is least risk, such as the area in contact with the glass (assuming the glass isn't affected by the chemicals dissolving the metal).
News *is* free, the gathering and dissemination of news may or may not be.
Random thoughts:
Conventional news sources ought to reflect on the recent coverage of Iran, which came to us almost exclusively by YouTube and Twitter. In fact, you would have been better off reading twitter's #iranelection topic than watching TV this past week. CNN was late to the game with their coverage. FOX News provided coverage that mainly involved talking heads and the same YouTube clips you could find easily on your own, but out of all networks (and I cringe when I say this) they provided the most extensive coverage of the protests this weekend. MSNBC re-ran docudramas all weekend.
I don't read computing news from printed magazines any more, yet there are a lot of computing-news websites that seem to do alright as web-based mediums. Some made a successful transition to the online world, others faltered. Some still run print editions for those who prefer them. Print, and "old media" in general shouldn't get a free pass. If I was going to have to pay taxes on my internet access (which is ridiculous) I'd rather they supplemented the web-based media I do use anyway. Maybe we'd see less ads that way. (Okay, probably not).
Web based "community"-organized news isn't ready to entirely supplant consolidated professional journalism, but the technologies and communities are evolving, and print-based publishers better realize that their value is in their content and not in their medium.
The only thing you're depriving the IP owner of when you copy their IP is the chance that you'll purchase their product. Even then, if you purchase the product because you pirated it and liked it, then the IP owner actually gets additional revenue from your piracy (although it's unlikely that this quite adds up to the lost revenue).
Copyright holder. But overall your point is good.
I wanted to add that the fact "the cost of piracy" often gets factored into things like bloated DVD prices is therefore sheer stupidity: It encourages more people to rationalize piracy ("Hey, I want to buy it but I don't want to be ripped off"), and it also acts as a barrier to people who have already pirated it and liked it from purchasing a legit copy ("I'd like to buy a legit copy, but I don't want to pay that much for it").
Maybe some of it is encrypted. But perhaps with some pilfered credentials a database or other internal system will happily respond to your queries and pass back the results as plaintext. After all, somebody somewhere has to be able to decrypt the customer/billing information or it's useless.
Encryption isn't the be-all and end-all of security. For example, using TrueCrypt on your laptop is a great idea to reduce your risk in case of theft, but when you've mounted an encrypted partition and someone is rooting your box over the network it's not going to help you.
They are changing the way DirectShow's intelligent connect works so that "preferred" filters, Microsoft's preferred filters that is (which happen to be Microsoft filters), are used for certain formats before the established DirectShow merit-based system is even consulted.
I believe the same is true of Media Foundation, in that for either architecture you now need to implement custom code to avoid this default behavior.
Slashdot Mirror
back in the day i read a "tfile" by Sunspot IIRC that explained how to break into those boxes attached the stop lights at intersections and make every light stay green all the time.
Did it involve disconnecting the other lights and wiring the green light straight up to the power source? ;)
From that article:
(Sometimes you might hear someone refer to "Shockwave Flash", but these are actually two different multimedia players.)
Now go look in the Firefox plugins list (Tools->Add-ons). Yeah... I wonder why people get confused..
While I was angry at Microsofts silent installation of this component in Firefox and there is part of me that is ready to cheer on Mozilla for disabling it, I also feel disappointed by the reaction to this.
Not only are they vulnerable versions of Microsoft's add-on disabled, but also all versions indiscriminately, including the patched version that Microsoft rolled out last this Tuesday. Just as some people may have been impacted by Microsoft's original silent installation, how does Mozilla know whether an end user actually uses sites that depend on that add-on or not?
Imagine what would have happened if Mozilla remotely disabled everyone's Flash plug-in each time a new vulnerability was discovered in it? There have been 0-day exploits in the wild for Flash and just think about it's install base. Or the Adobe Reader plug-in? Lord knows it's a more deserving candidate given its history.
In this case there may be some justification in that the unrequested component might pose yet unknown risks, but now I have to wonder what Microsoft's strategy will be during their next update cycle - to re-enable it given that they've fixed the hole in question? Did Mozilla just give Microsoft precedent that would support it disabling Chrome Frame in future?
As a customer of both parties I feel that I've been dragged into someone else's war, which is being waged with my computer as the battle field.
It's a terrible service that provides little merit outside of a unified friends list.
.. and the ability to log into the client anywhere and have it download all your licensed games and updates to them automatically. Although I do remember some prior /. story about license problems across territories.
Longer term, I'll be surprised if companies are only sued for copyright infringement relating to Green Dam. If I distributed software knowing that its intent was to block recipients reaching the web properties of world+dog then world+dog could possibly argue that I've harmed them by doing so.
No use dragging around excess batteries all the time.
Isn't it faster to charge a larger battery to partial capacity than a smaller one to full? Could make a difference to your routine, especially if you opt for a small battery and therefore end up charging it more often.
However, most regular software (funnily enough excepting security software trying to avoid detection by malware!) does not need to do this, so such code should probably be blocked and reported by default.
Lots of software does, though. Usually it's due to executable packers/code-obfuscators/anti-reversing runtime protection.
Some thoughts:
A) This isn't a new idea and I'm pretty sure that some AV packages already automatically submit questionable files for analysis, all it takes on top of that is for a vendor to track trends. I've had anti-virus software ask me to opt-in to such schemes before.
B) Self-encrypting viruses that choose to infect non-common running process images (i.e. avoid Windows system files) might have different signatures everywhere and still require manual analysis.
C) Once a virus is running on a host surely it can circumvent reporting agents, or even intercept them and report clean results, delaying or preventing this type of detection?
The police don't know what evidence is there with certainty until they can access it. If they are given the power to break open a physical lock because they have satisfied a judge (or any other requirement) that they are likely to discover evidence by doing so, that's one thing. However, they can get to that evidence with or without your help.
If they believe that decrypting a drive or file will provide evidence and they can get to that evidence without your help fine. If they can only get to the evidence with your help then they have no evidence. And this law is basically saying that with no evidence they can send you to jail.. because you won't help them prosecute you. Which is kind of contrary to the whole concept of legal trials: how can it be mandatory for you to do the work of the prosecution when you are the defendant?
Elsewhere in the discussion others mention the right to remain silent, and when you ask "isn't this more like police demanding you unlock a door? You can't hide evidence behind a physical lock, so why should a digital lock be different?" then there are a whole bunch of slippery slope questions. Isn't this like the police demanding you tell them where you were at the time of the crime? You can't stop them finding out (but they may never unless you tell them). Who were your accessories? You can't prevent forensics from determining that so you should have to tell them!
But really, let's simplify it:
"You can't hide evidence behind a physical lock, so why should a digital lock be different?"
Because it is different? You can hide evidence behind a digital lock, and you do have the right to remain silent. Sometimes. Apparently.
BTW I am from the UK and I grow more ashamed of the people who govern it almost every day.
I see the Nikon is going to use an LED projector, but one other interesting solution is laser-based projectors, which this website claims are always in focus:
http://www.microvision.com/showwx/experience.html
I would expect them to have better contrast too.
The best minds in the world work on cracking them and come up with theoretical proofs of a weakness which ultimately prove to everyone, beyond the shadow of a doubt, the security of the algorithm.
It only proves beyond a shadow of a doubt the maximum security of the algorithm while the actual security remains in question.
How many people plan for when exactly they will drive?
Look at it another way: I'm at home during the day and I have an electric car. I have two choices: use my appliances at peak rate or tell my car to serve up some of the power it stored last night off-peak. Which do I do? It *always* makes economical sense to take that power back from my car before dipping into the grid. Doing so means there is less on-peak demand for everyone else, so prices should come down. If it saves lots of money people will find a nice way to do it, and car manufacturers will sell high-capacity cars boasting their money saving capabilities for your home. It could be as simple as a display in my home that says "Your car has 100 miles worth of energy stored, select how many miles to spend on peak power saving instead". If you foolishly use too much energy and suddenly need to use the car you buy it back at peak rate and learn your lesson for next time.
I know I will select a hybrid car (gas generator with electric drive) for two reasons: range and not having to rely on having a power outlet everywhere I go.
Sure, and hybrids will be around for a long time for those reasons. But a plus is that this could cause power points wherever you go to become a reality.
This gets really complicated to do in practice.
Agreed based on current battery technology, but if we see a big rise in capacity and reduced charge time that could change. It also depends if you serve your own home, in which case the financial benefits are clear, or the grid generally, in which case they are more muddy.
As a single guy (rare for Slashdot, I know..) I don't use much energy at home during the day because surprise surprise I'm out at work. On the other hand, I'm sure there are many people who have families where one adult is home part of the day and probably takes care of cleaning, laundry, etc. during that time, probably watches TV and/or uses the computer, has kids to entertain, needs air conditioning in the summer, heating in the winter, etc. It doesn't seem like smart electronics are going to substantially change these behaviors. Great, the dryer wants to wait until off-peak to dry my clothes, but I have 3 loads of laundry to get done..
What may change things is something that we've discussed here several times: Electric cars that have the ability to return electricity to the grid during times of high demand. Hopefully this or other means of localized power storage will reduce the need for "peak" pricing in future. Hopefully devices will also consume less power in future. For example, if you're spending time online with your notebook you aren't drawing anywhere near the 100-200w you would if you were using a desktop system (my Eee 1000HE netbook draws 9-12 watts).
I would rather see us find ways to better match power availability to demand instead of a short-lived period of doing the inverse. Electric cars are a great way to do so because it's a natural leverage of developments in our lives that are already taking place with widespread support.
Running three separate VMs is not only a sign of paranoia but also a delusion that as a person functioning in todays world you can realistically have so much control over information that with enough effort you can control your own security in all regards, or even that you can control it to the extent necessary to protect yourself from common threats.
Put aside for a moment that she's a security researcher and that probably invites more attacks than the rest of us face. There are a number of flaws readily apparent with this approach to security:
1 - Knowledge is power, and you just told the world critical elements of your defenses. There's a reason banks don't disclose such things. It doesn't make your system any less secure, but it raises the bar for attackers.
2 - You maintain your own VMs. In your mind nobody is better equipped to protect your systems than you are. In reality if you made a security blooper on one system you probably replicated it on all three VMs, if not the host also.
3 - I guess you assume that if you're running an app in the VM and someone decides to attack a vulnerability in your network stack that it won't actually the host system, and since the VM leverages the network stack of the host system that's not necessarily true.
4 - You may secure connections between entities like your bank by allowing only HTTPS through a browser in the VM. Reality is that in the last year major payment processors have been breached resulting in millions of people's card details being stolen. RBS WorldPay and Heartland Data Systems are two known breaches, there is one other yet unidentified from what I have read.
5 - As others have pointed out, anti-virus *will* protect you against nearly all *common* attacks. Today's anti-virus products even scan mail and http traffic for threats before your applications can process the data themselves (usually not in free versions of the AV apps). To say it adds no value at all is sending a very bad message to the majority of readers who would like to think they're better equipped to handle their own security than they really are.
The reality is that you can very easily do many simple things to help protect yourself. Install all your application updates promptly, be careful where you download software from, don't run attachments from spam e-mail, don't follow links sent to you in email without checking where they really go first, be careful where you enter your card details, run AV software, etc. etc.
However, beyond a certain point you have to spend exponentially more effort, beyond what the majority of people would consider reasonable, for very small gains in security. Chances are that you will still suffer fraud etc. during your lifetime, and it will be due to some vector completely beyond your control.
No, I didn't RTFA. 9 pages? gtfo.
Me:
Items #1&2 are a one time inconvenience when you get a new phone number. #3 adds 5 seconds to your call only when you use a different phone to check your voicemail. #4 just makes sense, and in the case that someone is getting DOS'd there could be a flag on the account customer service could set to use longer PINs that don't auto-lock.
You:
That would be annoying as hell.
Which part would be "annoying" - i.e. something you would have to do more than once ever (like setting your PIN), or something you would have to do anyway (i.e. entering it from another number)?
People like you are why we have stupid laws prohibiting things that most of us can handle responsibly blocked or prohibited for the sake of the retarded few.
To the contrary, it is people like you who make a poorly considered knee-jerk reaction to well considered discussions , speaking very loudly and making stupid accusations while doing so, that cause the very laws you're speaking of.
The overall impact of everything I suggested? For 99.9% of people all it would mean that after buying a new phone you were forced to set a PIN.
Feeding the trolls, I know..
Ideally you have two thresholds, first may trigger a temporary lockout as you mention, but the second should still lock the voice mail. There are only 10K possible combinations for voicemail, and I bet many fewer common combinations based on patters or number/character equivalent sequences. Another enhancement would be to automatically send someone a text message after either threshold is met. At least it promotes awareness.
To clarify #3 users who are dialing in from their own phone number should still be told their last login time and if there were failed attempts from other numbers, again for the sake of awareness. Targetted users could at least change their PIN more regularly this way.
Thanks for your reply btw :)
I speak from the perspective of being a RoadRunner user rather than a Comcast user, but RR implements a similar service. They have a link in the lower right of their results page where you can click to set your preferences and disable the "feature". Except just the other week that preference broke for me, and I was stuck with DNS hijacking. I phoned their customer service line, the person on the other end of the line had absolutely no idea what I was talking about.
DNS hijacking is a bit like Phorm without profiling really. Well, assuming there is no profiling. If there was profiling they'd make more money from the ads they'll inevitably insert there to "support" the service (Edit: oh look, they already have!). Personally I put this issue, along with Phorm in a whole category of problems related to the fact that we still don't secure and authenticate most of our activities on the internet (http, dns, yadayada). ISPs can do what they like and it's hard to stop them. Third-party DNS services seem to be the way to go recently. Of course without security/authentication your ISP can put a stop to that quite easily too.
This is all before you get in to the technical details of clients that may implement specific behavior for when bad DNS queries are expected to fail but don't.
The carriers voicemail system should do four things:
1.When you first get a phone, auto-dial you once a day during business hours and prompt you to set a PIN until you do so
2.Do not allow you to retrieve any queued voice mail until a PIN has been set, require that PINs can only be set from the number they are attached to (without the aid of customer service)
3. Require PIN entry when dialed from other numbers. When you enter your PIN successfully it should say, "Thanks! You last logged in x ago", and if appropriate "Since then there have been x unsuccesful attempts to log in".
4. If too many bad PINs are entered by default lock voicemail and redirect to customer service.
Items #1&2 are a one time inconvenience when you get a new phone number. #3 adds 5 seconds to your call only when you use a different phone to check your voicemail. #4 just makes sense, and in the case that someone is getting DOS'd there could be a flag on the account customer service could set to use longer PINs that don't auto-lock.
I don't buy into the "there is not much you can do about it line" since by this time anyone competent enough to design a voice-mail system for use by a large carrier ought to have enough experience with computers to understand fundamental guidelines for basic security. I came up with the above list in under 30 seconds.
Another thing that potentially could explain this is IE8's "Compatibility View" feature, where in some cases the user-agent string can be modified.
See here:
http://blogs.msdn.com/ie/archive/2008/08/27/introducing-compatibility-view.aspx
I'd be surprised if it was ever modified to read something that couldn't be identified as IE, but perhaps it's modified just enough to monkey with the analytics in this case.
The reason that FAT is still around has more to do with compatibility than any kind of technical merit.
I suspect there are technical merits.
Windows (XP) prevents you formatting removable drives as NTFS unless you change the "Write caching and Safe Removal" policy for the device (via its property page in the Device Manager) to "Optimize for performance" rather than "Optimize for quick removal". One of the key things this dialog calls out when write caching is enabled (and thus NTFS is available as a format option) is that you have to follow the safe removal procedure. This leads me to believe that NTFS either doesn't perform as well without write caching or it's more prone to damage when writes aren't completed.
After some Google'ing on the matter I also see people pointing out that one benefit to FAT, particularly for removable storage that you may use on many devices, is that it's not encumbered with SIDs/permissions that may be known to one system but not another.
I wouldn't use FAT/FAT32 on a large hard drive for sure, but perhaps it has its uses.
Why not spray a sealant around the surrounding materials, lay in an extraction nozzle attached to a pump, pour a mold around it then use a chemical to dissolve the metal, at least the edges of the metal, enough to remove it? No vibrations, no pressure, no crazy coolant or heating solutions. You can pick a site to work on that is least risk, such as the area in contact with the glass (assuming the glass isn't affected by the chemicals dissolving the metal).
News *is* free, the gathering and dissemination of news may or may not be.
Random thoughts:
Conventional news sources ought to reflect on the recent coverage of Iran, which came to us almost exclusively by YouTube and Twitter. In fact, you would have been better off reading twitter's #iranelection topic than watching TV this past week. CNN was late to the game with their coverage. FOX News provided coverage that mainly involved talking heads and the same YouTube clips you could find easily on your own, but out of all networks (and I cringe when I say this) they provided the most extensive coverage of the protests this weekend. MSNBC re-ran docudramas all weekend.
I don't read computing news from printed magazines any more, yet there are a lot of computing-news websites that seem to do alright as web-based mediums. Some made a successful transition to the online world, others faltered. Some still run print editions for those who prefer them. Print, and "old media" in general shouldn't get a free pass. If I was going to have to pay taxes on my internet access (which is ridiculous) I'd rather they supplemented the web-based media I do use anyway. Maybe we'd see less ads that way. (Okay, probably not).
Web based "community"-organized news isn't ready to entirely supplant consolidated professional journalism, but the technologies and communities are evolving, and print-based publishers better realize that their value is in their content and not in their medium.
The only thing you're depriving the IP owner of when you copy their IP is the chance that you'll purchase their product. Even then, if you purchase the product because you pirated it and liked it, then the IP owner actually gets additional revenue from your piracy (although it's unlikely that this quite adds up to the lost revenue).
Copyright holder. But overall your point is good.
I wanted to add that the fact "the cost of piracy" often gets factored into things like bloated DVD prices is therefore sheer stupidity: It encourages more people to rationalize piracy ("Hey, I want to buy it but I don't want to be ripped off"), and it also acts as a barrier to people who have already pirated it and liked it from purchasing a legit copy ("I'd like to buy a legit copy, but I don't want to pay that much for it").
The media industries need to stop such practices.
Maybe some of it is encrypted. But perhaps with some pilfered credentials a database or other internal system will happily respond to your queries and pass back the results as plaintext. After all, somebody somewhere has to be able to decrypt the customer/billing information or it's useless.
Encryption isn't the be-all and end-all of security. For example, using TrueCrypt on your laptop is a great idea to reduce your risk in case of theft, but when you've mounted an encrypted partition and someone is rooting your box over the network it's not going to help you.
You are wrong.
They are changing the way DirectShow's intelligent connect works so that "preferred" filters, Microsoft's preferred filters that is (which happen to be Microsoft filters), are used for certain formats before the established DirectShow merit-based system is even consulted.
I believe the same is true of Media Foundation, in that for either architecture you now need to implement custom code to avoid this default behavior.