What are you talking about? This exploit doesn't force any code to run, it *allows* a user, of their own intention, to get root. If you've got a user who's willing to install anything you want then the system is already screwed.
If you already have the ability to access a user account on a target machine, it has always been trivial to get root if that is the goal. ALWAYS. Even moreso with Windows. You glossed over "the infected document's code downloads further exploits", but that would actually be the exploit that matters. This is not that.
Also if you've got regular users in your physical environment that are determined to hack permissions then you're screwed anyway.
Per TFA, this exploit is dumb and unconcerning. It just lets a standard user perform admin operations, no remote exploit of any kind. There have always been many ways for a standard user to get admin on any OS, the most trivial being physical access.
While I grew up on Wing Commander and I love all that Chris Roberts has done, what is he going to bring to the table for a mature genre like this that hasn't already been done, thought of, or suggested?
If there were a desire or market for private servers/instancing, I am certain that VO would or will do it.
There's no complaints about VO graphics, they will be continually updated with the rest of the game as it has been all along. If there is a desire for anything it will be implemented. It's not realistic to say the only thing VO is missing vs SC is that the latest textures were drawn in 2010 or whenever vs 2013, and again if that were an issue it's easily fixed.
As far as top of the line... I think the truth is that SC, even with all the money, is going to have a hell of a time even getting up to the level of VO which has been in continuous development and online gameplay for 10+ years.
It really REALLY bothers me that this game has gotten $25 million when this AMAZING PERFECT GAME already exists, and it's called Vendetta Online. This is reinventing the wheel and marketing nonsense, and if people actually cared/desired to play such a game they would be already.
Have any of you that are so excited to "work with/around Stephen Hawking" considered that aside from name-dropping value, you probably won't get anything out of it unless you are somewhere near his intellectual level and are up to speed on his current work? That's assuming he's willing to take time to share/discuss his work with you (he won't be) besides just saying "fix it and gtfo". For what this rather weighty, highly skilled/experienced, multi-talented, round-the-world on-call job actually entails the money is pathetic. If you have the former qualifications wouldn't you already be working with him or doing your own research? And with the latter qualifications I'd expect you to be making a ton of money maintaining some crazy important systems.
Haha I knew someone was going to say that... you know that's not what I meant.
However... I haven't found chess interesting since about middle school. Programming my brain to be a chess computer seems pretty boring, and it was obvious that a computer would ultimately be better at it.
Avast requires you to register with your email address once a year, purely for tracking purposes; you don't get spammed (or emailt at all actually) and it is no hassle.
There are no hints or any such to "buy" anything, but it's such a good product that you can be sure I recommend the free home version to everyone I talk to and the licensed business version to anyone who could use it.
The *simple* registration does stymie some people, but I have to admit that even when it's my friends it's just because they are stupid. At least their stupidity in that case isn't leading to Norton or McAfee being installed.
That's exactly what I wanted too, and this program is exactly that. My home network has a massive amount of data but I like to keep things as simple as possible, so it's all JBODs and this for backup.
I feel like there needs to be more information about the "test". Did the Ameritrade-unique addresses *only* get stock spam, or spam in general (including stocks)? The former would of course be highly suspicious, but the latter would indicate all possibilities should be fairly examined.
Another example, this logic seems flawed...
he got a response saying that even if he was getting spammed by an address that he only gave to AmeriTrade, that could be the result of hackers "implanting 'bots' that have the ability to extract e-mail addresses from your computer, even when you have protective spy software engaged". But of course this makes no sense -- if this were the source of the problem, it would affect everyone's e-mail addresses equally, and would not explain why a disproportionate number of complaints were coming from people who created addresses that they gave to AmeriTrade specifically.
How would anyone know if or how much other email was affected? Most likely it would be trashed by a spam filter anyway, and even if it wasn't how could they compare "everyone's" email spam to see who gets what?! And obviously the "explanation" of the Ameritrade complaints being prominent is because those people were specifically looking for spam on those accounts to complain about. That says nothing else about which other email addresses also got spam or even the same spam.
Furthermore why is a large company like Ameritrade any more suspect of selling out (or having a leak) than any given email provider? Was there a control group of email addresses created and not being given out to at all?
I'm not saying TFA is wrong, but if they wanted to publicly prove guilt they need to provide more thorough evidence.
I've been reading books on my cell phone for about a year. I love it, so do my friends. We download them by the thousands off bit torrent.
I can't see any reason why that isn't the future for books just like the currently more popular methods for video.
IMO the only delays in ebook reading are ignorance and anachronism, which are both guaranteed to fade.
Not that anyone asked me, but the only real solution to media->profit is for the original work to be a cheap and high quality download on the owner's website. If songs and books cost $0.25 it wouldn't be worth anyone's time to pirate, and the authors would make more money than they do now.
When you Direct Connect (IM Images) in AIM, doesn't that cause all communication to go directly between clients and bypass the AOL server?
Seems like an easy solution if you need to send something private.
I'm often DC'ed anyway for sending pics and large amounts of text, with no rate limit.
Re:Oh my god, it is April Fool's Day!
on
Ask mc chris
·
· Score: 1
This is one of the most useful and thought out comments I've seen since I've read slashdot... not just being a fanboy, but you bothered to explain it properly to someone who hasn't seen it.
Slashdot Mirror
Sure, Apple owners have the most money to blow?
What are you talking about? This exploit doesn't force any code to run, it *allows* a user, of their own intention, to get root. If you've got a user who's willing to install anything you want then the system is already screwed.
If you already have the ability to access a user account on a target machine, it has always been trivial to get root if that is the goal. ALWAYS. Even moreso with Windows. You glossed over "the infected document's code downloads further exploits", but that would actually be the exploit that matters. This is not that. Also if you've got regular users in your physical environment that are determined to hack permissions then you're screwed anyway.
Per TFA, this exploit is dumb and unconcerning. It just lets a standard user perform admin operations, no remote exploit of any kind. There have always been many ways for a standard user to get admin on any OS, the most trivial being physical access.
[nt]
Obviously I did before I replied, and saw zero difference other than being offline/single player.
How is that different from VO, other than being offline/single player?
While I grew up on Wing Commander and I love all that Chris Roberts has done, what is he going to bring to the table for a mature genre like this that hasn't already been done, thought of, or suggested? If there were a desire or market for private servers/instancing, I am certain that VO would or will do it. There's no complaints about VO graphics, they will be continually updated with the rest of the game as it has been all along. If there is a desire for anything it will be implemented. It's not realistic to say the only thing VO is missing vs SC is that the latest textures were drawn in 2010 or whenever vs 2013, and again if that were an issue it's easily fixed. As far as top of the line... I think the truth is that SC, even with all the money, is going to have a hell of a time even getting up to the level of VO which has been in continuous development and online gameplay for 10+ years.
It really REALLY bothers me that this game has gotten $25 million when this AMAZING PERFECT GAME already exists, and it's called Vendetta Online. This is reinventing the wheel and marketing nonsense, and if people actually cared/desired to play such a game they would be already.
His example makes no sense.
Have any of you that are so excited to "work with/around Stephen Hawking" considered that aside from name-dropping value, you probably won't get anything out of it unless you are somewhere near his intellectual level and are up to speed on his current work? That's assuming he's willing to take time to share/discuss his work with you (he won't be) besides just saying "fix it and gtfo". For what this rather weighty, highly skilled/experienced, multi-talented, round-the-world on-call job actually entails the money is pathetic. If you have the former qualifications wouldn't you already be working with him or doing your own research? And with the latter qualifications I'd expect you to be making a ton of money maintaining some crazy important systems.
Is that really worth $100?
Haha I knew someone was going to say that... you know that's not what I meant. However... I haven't found chess interesting since about middle school. Programming my brain to be a chess computer seems pretty boring, and it was obvious that a computer would ultimately be better at it.
If your game can be successfully "played" by a bot in this day and age, then it's a pretty bad game.
Back to the question of why do so many people want to play a game that effectively makes them a bot?
I know I'm not the only one who thinks Win2K was the peak of MS OS. All my computers... I even build a raid server recently with Win2K server.
nt
No, that isn't how it works.
Avast requires you to register with your email address once a year, purely for tracking purposes; you don't get spammed (or emailt at all actually) and it is no hassle.
There are no hints or any such to "buy" anything, but it's such a good product that you can be sure I recommend the free home version to everyone I talk to and the licensed business version to anyone who could use it.
The *simple* registration does stymie some people, but I have to admit that even when it's my friends it's just because they are stupid. At least their stupidity in that case isn't leading to Norton or McAfee being installed.
That's exactly what I wanted too, and this program is exactly that. My home network has a massive amount of data but I like to keep things as simple as possible, so it's all JBODs and this for backup.
http://www.rdcomp.net/ezbackitup/
I love it. The only thing missing is network support, you have to map network shares to drive letters to back them up, but I don't mind.
Um, couldn't you abuse this "feature" to screw your competitors?
Scan for + in email, replace after + with competitor name.
Sell for profit AND f your competitor.
Another example, this logic seems flawed...
he got a response saying that even if he was getting spammed by an address that he only gave to AmeriTrade, that could be the result of hackers "implanting 'bots' that have the ability to extract e-mail addresses from your computer, even when you have protective spy software engaged". But of course this makes no sense -- if this were the source of the problem, it would affect everyone's e-mail addresses equally, and would not explain why a disproportionate number of complaints were coming from people who created addresses that they gave to AmeriTrade specifically.
How would anyone know if or how much other email was affected? Most likely it would be trashed by a spam filter anyway, and even if it wasn't how could they compare "everyone's" email spam to see who gets what?! And obviously the "explanation" of the Ameritrade complaints being prominent is because those people were specifically looking for spam on those accounts to complain about. That says nothing else about which other email addresses also got spam or even the same spam.
Furthermore why is a large company like Ameritrade any more suspect of selling out (or having a leak) than any given email provider? Was there a control group of email addresses created and not being given out to at all?
I'm not saying TFA is wrong, but if they wanted to publicly prove guilt they need to provide more thorough evidence.
I've been reading books on my cell phone for about a year. I love it, so do my friends. We download them by the thousands off bit torrent. I can't see any reason why that isn't the future for books just like the currently more popular methods for video. IMO the only delays in ebook reading are ignorance and anachronism, which are both guaranteed to fade. Not that anyone asked me, but the only real solution to media->profit is for the original work to be a cheap and high quality download on the owner's website. If songs and books cost $0.25 it wouldn't be worth anyone's time to pirate, and the authors would make more money than they do now.
When you Direct Connect (IM Images) in AIM, doesn't that cause all communication to go directly between clients and bypass the AOL server? Seems like an easy solution if you need to send something private. I'm often DC'ed anyway for sending pics and large amounts of text, with no rate limit.
This is one of the most useful and thought out comments I've seen since I've read slashdot... not just being a fanboy, but you bothered to explain it properly to someone who hasn't seen it.