Seriously?
How about refusing to give up the encryption key - would that count as tampering with physical evidence? They're effectively the same thing.
Am I the only one here who actually tried to read the article? The summary points to the wrong article: "Tech companies in the crosshairs on white supremacy and free speech".
I bought a Dell Latitude e7450, and quite happy with it. It does not come with Linux pre-installed, unfortunately, but other than that, it works great.
(The only problem I've had was: the touchpad was detected as a mouse and therefore things like tap-to-click were not configurable. I'm now running a patched kernel - but looks like the patches went into 4.9, so it won't be a problem anymore.)
Why does my geographical location determine whether or not I'm allowed to access the content I paid for? If I buy a physical book or a DVD, am I not allowed to read or watch it if I travel to another country? Of course I am. Why is streaming video different?
As for licensing deals: as a consumer, I don't need to know any of that; that's not my problem. And if different countries have different laws, that's fine - but it's not Netflix' job to enforce them.
I received the email - but I've never had a Ubisoft account. They sent me a password reset link for some other user's account. No wonder they got hacked...
Looks scary, right? Wrong. Because the solution is as simple as changing the default policy. Make it so that the
default behavior is to notify only. On every system update the user should be told: "Go start the updater via the system menu. By the way, if you
EVER see an "updater" you didn't start yourself, you are being pwned." Make sure that the system menu is strictly read-only, and even the dimmest user will be safe.
This will make it more difficult to trick the user, but not impossible. As long as the system menu is running with the user's privileges, it can be modified to launch a different program. And even if you find a way to prevent the user from messing with it - e.g., run it as a different user - the user won't be able to make any legitimate changes, either.
It's even easier for command-line tools: add a line to.bashrc that creates aliases or modifies $PATH so "sudo" and "su" point to malicious programs. How many users would actually check their $PATH or aliases before running sudo?
Finally, here's a way to create an almost undetectable malware. Add the line "LD_PRELOAD=~/.malware.so" to.bashrc where ~/.malware.so does the following:
- Removes the LD_PRELOAD variable from the environment, so it's undetectable.
- Modifies "exec..." functions so they add LD_PRELOAD back (and also replace "su", "sudo", etc. with a different program).
- Modifies "open" and "read" functions so the line in.bashrc is invisible to the user.
- Modifies "opendir" and "readdir" to make ~/.malware.so invisible to the user.
- etc.
(This would work for any application - not just command-line ones.)
4. Run embedded flash objects in the context of the page they are embedded in, rather than that of the origin server. (Flash objects accessed directly, like javascript run through the javascript: uri handler, have no permissions)
I'd call that the proper solution. JavaScript files are executable, too. Why don't they have the same vulnerabilities as SWFs? Because they run in the context of the page they're embedded in.
The primary problem is that eclipse is not being actively maintained upstream in Debian. It is in some ways rather hard to package which has to be actively maintained much like firefox, and nobody has stepped up to take it over. If nothing changes, I would not be surprised to see eclipse eventually dropped in Debian and by extension in Ubuntu.
And yet, people keep arguing that centralized repositories are the way to go, and there's no need for projects like autopackage. Do we expect Eclipse developers to maintain a Debian package for it? As well as packages for RedHat, Suse, and all the other distros while they're at it?
In addition, it was also recently demonstrated [springerlink.com] that regardless of the encryption algorithm used, it's possible to get a silhouette of high contrast encrypted images.
Provided your image is a plain bitmap. If you use any kind of compressed format - JPG, PNG, etc. - you don't need to worry about this.
How about we also solve the "debit or credit" problem I have to deal with each time I visit the mini-mart?
Let me guess: I'll have to put a "credit" sticker on my credit cards, and a "debit" one on my debit cards.
If only there was a way to store this bit of data electronically, and somehow attach it to the card itself...
So only the legitimate user gets inconvenienced, anyone who steals the radio will have a lot less problem with the "anti theft" mechanism than i have. I don't think that's a good example. While the code may inconvenience you, the goal here is to stop others from stealing your radio - which should be in your best interest.
You could say the same about a lock on your door - it inconveniences you, but won't necessarily stop the thieves. But you still choose to use the lock, right?
DMCA, maybe? The content is not theirs and if their deal with the music mill is such that they must DRM, then such a program would be a full-fledged open violation of the DMCA [...]
That's right. Since they can't violate the DMCA, the obvious solution is... tell the users to do it instead!
Her: "And where are you going?"
Him: "I'm going to San Francisco to a UNIX convention."
Her: "Eunuchs convention? I didn't know there were that many of you."
It does, however, prompt when you move files that are in the common desktop or in the common start menu folders.
common desktop? common start menu folders?
You mean, if I want to delete an icon that some program put on my desktop, it's not actually my desktop, but a common one? And I can't delete anything from the Start menu either, without affecting other users?
That kind of defeats the point of having my own account.
Don't worry, it happens every so often. Just stay out of the area in a direct line between Berkley and Redmond, and Berkley and Europe, and you should be safe.
1) I live in Berkeley, you insensitive clod!
2) It's Berkeley, not Berkley.
3) What does Berkeley have to do with anything??
Slashdot Mirror
Seriously? How about refusing to give up the encryption key - would that count as tampering with physical evidence? They're effectively the same thing.
These are idiot developers.
Am I the only one here who actually tried to read the article? The summary points to the wrong article: "Tech companies in the crosshairs on white supremacy and free speech".
The LinkedIn article is here.
I bought a Dell Latitude e7450, and quite happy with it. It does not come with Linux pre-installed, unfortunately, but other than that, it works great. (The only problem I've had was: the touchpad was detected as a mouse and therefore things like tap-to-click were not configurable. I'm now running a patched kernel - but looks like the patches went into 4.9, so it won't be a problem anymore.)
Why does my geographical location determine whether or not I'm allowed to access the content I paid for? If I buy a physical book or a DVD, am I not allowed to read or watch it if I travel to another country? Of course I am. Why is streaming video different?
As for licensing deals: as a consumer, I don't need to know any of that; that's not my problem. And if different countries have different laws, that's fine - but it's not Netflix' job to enforce them.
I received the email - but I've never had a Ubisoft account. They sent me a password reset link for some other user's account. No wonder they got hacked...
Firefox allows you to fake your geolocation: http://pugio.net/2009/07/fake-your-geolocation-in-firef.html
Get the sources of glxgears (in mesa-utils), and look through the code. It's relatively simple, and will help you get started.
Also, when I was looking for an OpenGL example that uses just X11, without Qt/Glut/whatever, the best one I could find was this: http://msdn.microsoft.com/en-us/library/dd318252(VS.85).aspx (Yes, the irony is overwhelming...)
Looks scary, right? Wrong. Because the solution is as simple as changing the default policy. Make it so that the default behavior is to notify only. On every system update the user should be told: "Go start the updater via the system menu. By the way, if you EVER see an "updater" you didn't start yourself, you are being pwned." Make sure that the system menu is strictly read-only, and even the dimmest user will be safe.
This will make it more difficult to trick the user, but not impossible. As long as the system menu is running with the user's privileges, it can be modified to launch a different program. And even if you find a way to prevent the user from messing with it - e.g., run it as a different user - the user won't be able to make any legitimate changes, either.
It's even easier for command-line tools: add a line to .bashrc that creates aliases or modifies $PATH so "sudo" and "su" point to malicious programs. How many users would actually check their $PATH or aliases before running sudo?
Finally, here's a way to create an almost undetectable malware. Add the line "LD_PRELOAD=~/.malware.so" to .bashrc where ~/.malware.so does the following: .bashrc is invisible to the user.
- Removes the LD_PRELOAD variable from the environment, so it's undetectable.
- Modifies "exec..." functions so they add LD_PRELOAD back (and also replace "su", "sudo", etc. with a different program).
- Modifies "open" and "read" functions so the line in
- Modifies "opendir" and "readdir" to make ~/.malware.so invisible to the user.
- etc.
(This would work for any application - not just command-line ones.)
4. Run embedded flash objects in the context of the page they are embedded in, rather than that of the origin server. (Flash objects accessed directly, like javascript run through the javascript: uri handler, have no permissions)
I'd call that the proper solution. JavaScript files are executable, too. Why don't they have the same vulnerabilities as SWFs? Because they run in the context of the page they're embedded in.
The primary problem is that eclipse is not being actively maintained upstream in Debian. It is in some ways rather hard to package which has to be actively maintained much like firefox, and nobody has stepped up to take it over. If nothing changes, I would not be surprised to see eclipse eventually dropped in Debian and by extension in Ubuntu.
And yet, people keep arguing that centralized repositories are the way to go, and there's no need for projects like autopackage. Do we expect Eclipse developers to maintain a Debian package for it? As well as packages for RedHat, Suse, and all the other distros while they're at it?
A Firefox extension can modify the browser in almost regard.
And not just the browser. You can write a binary add-on that will execute arbitrary code. It's no different from running a regular executable.
Firefox add-ons aren't any more secure than ActiveX on IE.
Funny, I thought that all Mozilla (Firefox/Thunderbird/Sunbird/etc) add-ons are already, in effect, open source.
You can write binary add-ons, too. You just need to use Mozilla's API, and put the shared library into the "components" directory of the XPI.
But then, of course, you have to deal with different OS'es, architectures, and so on.
In addition, it was also recently demonstrated [springerlink.com] that regardless of the encryption algorithm used, it's possible to get a silhouette of high contrast encrypted images.
Provided your image is a plain bitmap. If you use any kind of compressed format - JPG, PNG, etc. - you don't need to worry about this.
How about we also solve the "debit or credit" problem I have to deal with each time I visit the mini-mart?
Let me guess: I'll have to put a "credit" sticker on my credit cards, and a "debit" one on my debit cards.
If only there was a way to store this bit of data electronically, and somehow attach it to the card itself...
You could say the same about a lock on your door - it inconveniences you, but won't necessarily stop the thieves. But you still choose to use the lock, right?
Ok, this is Slashdot, but still...
http://blog.anamazingmind.com/2008/03/real-reason-we-use-linux.html
Desktop switching is done by kwin, which is specific to X11. I don't think there is any way kwin could replace the native window manager in Windows.
I don't think you will be making much of a point, considering the number of people who are not buying movies and music for other reasons.
Jst tae ot the eyboad, and wash it sepaately.
:(
Bt caefl, thogh - the keys may fall ot, so it's easy to lose them.
common desktop? common start menu folders?
You mean, if I want to delete an icon that some program put on my desktop, it's not actually my desktop, but a common one? And I can't delete anything from the Start menu either, without affecting other users?
That kind of defeats the point of having my own account.
2) It's Berkeley, not Berkley.
3) What does Berkeley have to do with anything??