Or use the/other/ network, telewest/ntl blueyonder *woot* their accounts dept sucks, but other than that they're million times better than going through BT.
Look, you can't just keep dumping your own private jokes on this slashdot, it can't support them, and results in situations where it can take me 5 days to get the joke.
Checksumming pages would be another idea, although on todays machines with todays huge amounts of memory, i'd rather keep certain things locked into memory, and just deny huge memory allocations (as on my systems these tend to more likely be runaway processes).
They do get targetted, off the top of my head I recall at least one porn site taking action for cached images etc, and there was the thing with them scanning books in too. Google's argument goes along the lines of checking for things like a robots.txt file, or certain META tags in documents, and excluding anything requested. This does make them more opt-out than opt-in, but I think everybody realises how useless an opt-in search engine would be in comparison to a spidering one.
The "idea" (I don't know how far vista goes towards this) is that you have a 'trusted' ring, where everything yes, does have to be signed. You may still have an unstrusted ring, for running unsigned code, but it will not be able to access anything protected within the trusted ring.
It's basically like two seperate sandboxes, both kept seperate, and one of them highly controlled so you can trust (as much as you trust the key issuer) that it's safe and secure. The other... use at your own risk.
Sure if you have access to this "general purpose hardware" you can boot it off a cd or whatever to get around security checks, but that's not what this is about. This is about Vista supposedly not allowing you to load unsigned code into ring0, which is TOTALLY possible on general purpose hardware, because of a little thing called "protected mode", which allowes software in ring0 to control things that software in the lower rings does, by catching any attempts to directly access hardware or memory, and either allowing or disallowing it based on certain rules. These rules can include checking that which you're trying to access to see if it has been signed by a trusted key. If it isn't, it refuses to load the code, and ring0 remains untouched.
Idiot.
If, however, the code has been signed, it can allow it to load and run in ring0 (or ring1 as some OS's load their drivers).
"Are you really so stupid you cannot see the difference between bypassing a security feature on a iPod versus a general purpose computer?"
Are you really so stupid that you can't see what they, in this case, have in common?
"How is this any different from sitting down at a Linux system with root access and running amok?"
Because linux (without something like selinux) isn't designed to not let you run unsigned code in ring0. Vista is. Yet by using this security hole, you can push unsigned code into ring0. Therefore, it is only as secure as linux; their extra security requiring cryptographically signed binaries to run in ring0 didn't work.
"You are probably thinking of the AMD hypervisor she discussed for designing Vista rootkits"
Yeah... cuz the article said "blue pill", which was exactly that. Does her blue pill also encompass this pagefile bug, or has the article just linked the two together unwittingly when they're not?
No. This just means that this hack will run from any account, as long as the user authenticates (as they did with any other piece of software they installed... oh well, one more won't hurt).
This hack then moves the entire operating system into a virtual machine to control it, undetectably, from the outside, allowing you to sidestep a truck load of drm checks. Pretty sweet if you ask me.
What if your administrator account isn't supposed to let you run unsigned code? What if they've put an entire system of cryptographic keys and encrypted binaries in place and called it something like, "trusted computing", and somebody managed to get round that?
This is like saying that somebody who got round the DRM on an ipod did nothing, as they "had physical access to the ipod". Hello? Locks that were put in place were sidestepped. This is a security failure.
No, this is more like "target was running as root, on a device with the 'noexec' bit set to disable execution. This "hack" managed to sidestep that check". This was a compromise to their DRM system, not their account/privelidge system.
Obviously you haven't read what this thing is supposed to get past, because it's nothing to do with account privelidge escalation, it's more to do with DRM, it gets past their 'trusted computer' checks for cryptographically signed code by using virtual machine extensions in newer AMD processors to move the entire OS into a virtual machine, and so control it undetectably from the 'outside'.
This isn't like getting someone to run your script as root, it's like getting someone to run your script as root from a device that has the 'noexec' bit set specifically to stop you running stuff as root.
"When it comes to science, thou shalt ban the verb 'to believe' out of thy vocabulary"
And replace it with what?
"I guess"? Doesn't inspire much confidence, like "I guess the moon goes around the earth" sounds very uncertain.
"I know"? Well this is definitely not scientific, as it ignores that there are possibly alternatives; sounds too certain.
"I postulate"? "I hypothesize"? Well they basically are the same as "I believe", and am sure you must be complaining about the meaning of the word rather than something as empty as the sound of the word.
"I set things on fire"? Well that's just never gonna be taken seriously.
"Everything EXCEPT skepticism itself that is. That is not subject to challenge now is it?"
Was that not a challenge?
Well the results of using skepticism can be addressed scientifically actually.
Theory: skepticism leads to rise in understanding of nature.
Support: Our challenging eg, newton's theories have lead to general relativity, quantum physics et al, that have increased our understanding of nature, and lead to technological advancements.
Tests: If futher analysis shows that evidance supporting newer theories over older is incorrect, this would show that skepticism has caused delays to progress. Many experiments are being carried out that test this (such as satalites measuring gravitational waves, google for it if required) by testing the newer theories. Any indication that progress would have been less delayed without skepticism would lend doubt to whether skepticism is a good route to take.
Not only is it simple enough, but tests to demonstrate failure in the method are carried out as we speak, purely as a side effect of said method!
"For even if you came up with something to help your dfaily tasks then someone else copuld file it and prevent you from using it via man made laws"
I don't believe so... you can make anything in your house or garden *entirely* from patented information, and use it. What you can't do is make loads or make money from it, but I don't think anything can stop you from using it yourself, unless the parts needed to make it are controlled.
"it's only origional if you've never been outside their garage"
I think you misunderstand what the term "reinventing the wheel" means... it most definitely doesn't mean there's anything original (that would be plain "inventing", not "reinventing").
Reminds me of the end of the walmart southpark episode, where the town set out to destroy a monopoly, by all shopping at the "small" shop, creating a new one.
Business is business, and people who think Apple are saints are completely naive, they're not, they're just smaller. They've done just as many anti-innovation things as anyone, dating right back to when they held and enforced a patent on allowing windows to *overlap*.
Slashdot Mirror
Or use the /other/ network, telewest/ntl blueyonder *woot* their accounts dept sucks, but other than that they're million times better than going through BT.
"Is this a good time not to say anything about that"
No it's not a good time to not say... erm... no... yes, it is a good time... damn all these negatives!
yeah but it might still take you 5 days to get it.
Look, you can't just keep dumping your own private jokes on this slashdot, it can't support them, and results in situations where it can take me 5 days to get the joke.
Checksumming pages would be another idea, although on todays machines with todays huge amounts of memory, i'd rather keep certain things locked into memory, and just deny huge memory allocations (as on my systems these tend to more likely be runaway processes).
They do get targetted, off the top of my head I recall at least one porn site taking action for cached images etc, and there was the thing with them scanning books in too. Google's argument goes along the lines of checking for things like a robots.txt file, or certain META tags in documents, and excluding anything requested. This does make them more opt-out than opt-in, but I think everybody realises how useless an opt-in search engine would be in comparison to a spidering one.
The "idea" (I don't know how far vista goes towards this) is that you have a 'trusted' ring, where everything yes, does have to be signed. You may still have an unstrusted ring, for running unsigned code, but it will not be able to access anything protected within the trusted ring.
It's basically like two seperate sandboxes, both kept seperate, and one of them highly controlled so you can trust (as much as you trust the key issuer) that it's safe and secure. The other... use at your own risk.
Sure if you have access to this "general purpose hardware" you can boot it off a cd or whatever to get around security checks, but that's not what this is about. This is about Vista supposedly not allowing you to load unsigned code into ring0, which is TOTALLY possible on general purpose hardware, because of a little thing called "protected mode", which allowes software in ring0 to control things that software in the lower rings does, by catching any attempts to directly access hardware or memory, and either allowing or disallowing it based on certain rules. These rules can include checking that which you're trying to access to see if it has been signed by a trusted key. If it isn't, it refuses to load the code, and ring0 remains untouched.
Idiot.
If, however, the code has been signed, it can allow it to load and run in ring0 (or ring1 as some OS's load their drivers).
"Are you really so stupid you cannot see the difference between bypassing a security feature on a iPod versus a general purpose computer?"
Are you really so stupid that you can't see what they, in this case, have in common?
Only if you need your free software to run in ring0, or access/change files owned by the admin user. Sounds about right to me.
"How is this any different from sitting down at a Linux system with root access and running amok?"
Because linux (without something like selinux) isn't designed to not let you run unsigned code in ring0. Vista is. Yet by using this security hole, you can push unsigned code into ring0. Therefore, it is only as secure as linux; their extra security requiring cryptographically signed binaries to run in ring0 didn't work.
"You are probably thinking of the AMD hypervisor she discussed for designing Vista rootkits"
Yeah... cuz the article said "blue pill", which was exactly that. Does her blue pill also encompass this pagefile bug, or has the article just linked the two together unwittingly when they're not?
Red pill
Used to detect if it's being run in a virtual machine.
No. This just means that this hack will run from any account, as long as the user authenticates (as they did with any other piece of software they installed... oh well, one more won't hurt).
This hack then moves the entire operating system into a virtual machine to control it, undetectably, from the outside, allowing you to sidestep a truck load of drm checks. Pretty sweet if you ask me.
What if your administrator account isn't supposed to let you run unsigned code? What if they've put an entire system of cryptographic keys and encrypted binaries in place and called it something like, "trusted computing", and somebody managed to get round that?
This is like saying that somebody who got round the DRM on an ipod did nothing, as they "had physical access to the ipod". Hello? Locks that were put in place were sidestepped. This is a security failure.
No, this is more like "target was running as root, on a device with the 'noexec' bit set to disable execution. This "hack" managed to sidestep that check". This was a compromise to their DRM system, not their account/privelidge system.
Obviously you haven't read what this thing is supposed to get past, because it's nothing to do with account privelidge escalation, it's more to do with DRM, it gets past their 'trusted computer' checks for cryptographically signed code by using virtual machine extensions in newer AMD processors to move the entire OS into a virtual machine, and so control it undetectably from the 'outside'.
This isn't like getting someone to run your script as root, it's like getting someone to run your script as root from a device that has the 'noexec' bit set specifically to stop you running stuff as root.
"But... why would he try to deceive us like this?"
One word: man bear pig!
"(i.e. shagging one) may reveal more interesting qualities about them as a whole"
;-)
haha, you don't even know how to spell "hole"!!!
"When it comes to science, thou shalt ban the verb 'to believe' out of thy vocabulary"
And replace it with what?
"I guess"? Doesn't inspire much confidence, like "I guess the moon goes around the earth" sounds very uncertain.
"I know"? Well this is definitely not scientific, as it ignores that there are possibly alternatives; sounds too certain.
"I postulate"? "I hypothesize"? Well they basically are the same as "I believe", and am sure you must be complaining about the meaning of the word rather than something as empty as the sound of the word.
"I set things on fire"? Well that's just never gonna be taken seriously.
So, which am I missing, that's better?
"Everything EXCEPT skepticism itself that is. That is not subject to challenge now is it?"
Was that not a challenge?
Well the results of using skepticism can be addressed scientifically actually.
Theory: skepticism leads to rise in understanding of nature.
Support: Our challenging eg, newton's theories have lead to general relativity, quantum physics et al, that have increased our understanding of nature, and lead to technological advancements.
Tests: If futher analysis shows that evidance supporting newer theories over older is incorrect, this would show that skepticism has caused delays to progress. Many experiments are being carried out that test this (such as satalites measuring gravitational waves, google for it if required) by testing the newer theories. Any indication that progress would have been less delayed without skepticism would lend doubt to whether skepticism is a good route to take.
Not only is it simple enough, but tests to demonstrate failure in the method are carried out as we speak, purely as a side effect of said method!
don't be so quick to anthropomorphasise
I'm gonna patent patent reforms :-D
"For even if you came up with something to help your dfaily tasks then someone else copuld file it and prevent you from using it via man made laws"
I don't believe so... you can make anything in your house or garden *entirely* from patented information, and use it. What you can't do is make loads or make money from it, but I don't think anything can stop you from using it yourself, unless the parts needed to make it are controlled.
"it's only origional if you've never been outside their garage"
I think you misunderstand what the term "reinventing the wheel" means... it most definitely doesn't mean there's anything original (that would be plain "inventing", not "reinventing").
Reminds me of the end of the walmart southpark episode, where the town set out to destroy a monopoly, by all shopping at the "small" shop, creating a new one.
Business is business, and people who think Apple are saints are completely naive, they're not, they're just smaller. They've done just as many anti-innovation things as anyone, dating right back to when they held and enforced a patent on allowing windows to *overlap*.