the problem isn't skin-tone. The problem is physique. Keanu needs to put on a good 30-50 pounds to do this bit - he looked a little on the anorexic side in Matrix.
Wat is the deal - George Reeves, Chistopher Reeve, Keanu Reeves - is hollywood so lame they think the name has to match?
this turnaround time usually doesn't include what a responsible commercial outfit would call QA.
Given the horror stories regarding a certain outfit's service packs, and the general slipshod nature of commercial software, I'm not sure I percieve the lack of which you speak.
... Linux is apparently beneath their contempt. Do they know something we don't know?
From section 3 of the linked article:
"Several systems, such as Linux, use the same, satisfactory ISN generator as the one used a year ago, and because of that, are not covered here in any more detail. "
To try to control layout definitively is to miss the point of the web.
So true. The real solution to the multi-browser cluster-fuck: When in doubt, simplify.
It's hard, when you get it in your head how something is 'supposed' to look, to not get into the infinite tweaking mode. It's probably a lot harder when a lot of PHBs are looking at the site and bitching.
windows... but hard-crashes and hard-rebooting them wouldn't damage them as badly as the horror stories I've heard about *nix systems.
I think Windows is just quieter about what it does in recovering from hard crashes than *NIX systems, which give you options during recovery that most folks have no use for. In any event, the journaling filesystems under Linux (and the Soft Updates for BSDs) largely addresses this. Unscheduled powerdowns are usually not much of an issue with ext3.
people are eventually just going to quit buying music and stick to listening to what they already own. I have already started to do this
By any chance, are you in your in your mid- to late- twenties? Many people stop getting into new music in that timeframe, and have been for 25-30 years.
Re:Executing untrusted code
on
Shattering Windows
·
· Score: 3, Insightful
then Dotnet will be in place and the party will be well and truly over.
yes and no. MS will (probably) eventually bring down the number of security bugs (though with their insistence on features,features,features and their gratuitous changes to APIs and protocols used to foil competition, it will never be 0 or even real low), but the real problem with Microsoft is not the stuff they do accidentally, it's the stuff they do with full knowledge and intention.
For example, if your files are in some proprietary format and you lose the right to run the software that reads that format, who owns your data? Before you scoff, remember that MS was one of the drafters and promotors of UCITA, which would/will permit software manufacturers to turn off software that they believe is not licensed correctly. (aka "electronic self help" - there are numerous ways to accomplish this even if you're behind a firewall.)
Actually, I found a URL at Linuxtoday that lists many articles by Middleton. Although there are some doozies there, there are also some that show significantly more balance than the 3 we've discussed here. I'm at a loss to understand the radically varying quality of his work.
Both of these stories are availability via linuxtoday.com, BTW. If you go to vnunet.com, please use a browser with image-loading turned off (mozilla, galeon, lynx, links, w3m). No point giving the advertisers of these morons any hits.
An 'anonymous coward' said: care to back that up at all? I don't know the guy from a hole in the head, but those are some pretty nasty allegations to throw around w/no evidence behind them...
There have been 2 other cases where articles by this guy on VNUNET were clearly wrong, too far wrong for casual error. One of them sprang from the (ill-considered) statistics posted at securityfoucs.com that compared the counts of windows and linux vulnerabilities. But the linux vulnerabilities included applications and the windows numbers did not. securityfocus.com clearly stated that fact. Also, each linux vulnerability was counted each time it occurred in any distribution, causing multiple counting of many of them. Middleton did not mention either of these facts, simply using the raw numbers to imply that windows security is better than linux.
The other case was equally egregious. Its headline was "Hackers turn on open source", with a lead paragraph saying the same, but with no clear data backing it up. In fact, the article referenced an increase in website defacements, then noted that 'virtual websites' where many sites are on one machine, were involved, thereby rendering the statistic fairly useless.
This guy is hack, or worse. He's already had too much benefit of the doubt.
This is another article by James Middleton, who is not a trustworthy source on this issue.
I went there just long enough to see his byline (being careful not to download images, hence no ad revenues), then came back here.
I've never seen Middleton write anything about Open Source that wasn't complete bullshit. This guy is either totally bought and paid for by Micorsoft, or is seriously stupd.
people rag on windows for needing a reboot when you install new hardware.
No. People rag on windows because you have to reboot after intalling APPLICATIONS, a requirement wholly unknown in *nix. If you put new hardware in a machine, you genrally turn the machine off. That requires a reboot.
I think predicting ISNs also lets you hijack a connection...
I think this is far more dificult than if a machine is using rhosts. You need to know that the user is looged in. You need to guess the ISN, then guess how many other bytes haved floed to get the current SN. Seems much more dificult to me.
Now SSH does prevent this,... but you can't fake the encryption without knowing the password (and if you knew that, you'd just log in normally.)
Actually, the encryption is not based on the password. IANAE, (I Am Not An Expert), but I think SSH uses a public key exchange to encrypt an exchange where a session key is selected, the session key is then used in symmetric encryption. So you'd need the user's private key, AND to be able to see the traffic from the target back to the user (which is encrypted using the user's public key) at least to hijack the session. Since we're talking ISN predictability issues here, this is usually an issue when you can't see the traffic from the target - otherwise, you'd know the ISN and predictability would not be an issue.
Predictable ISNs are only a problem against a machine which has been configured to allow another machine privileges based solely on that second's machine IP address. Then pedictable ISNs allow a third machine to 'spoof' it's address, claiming to be the seond machine by using it's IP address, even though the third machine can't see the responses from the first machine, because the third machine doesn't have the IP address it's claiming.
If you don't configure this 'trust' relationship based on IP address alone, this is not an issue.
Example: SSH allows one machine to trust another, but requires that the trusted machine be at the right IP addresss AND posess the correct private key or keys - so no issue.
Any one who, in this time, configures a machine to trust another, based solely on the IP address in the frames received, is crazy. It's a very unwise practice.
Closing their service to outsiders increases the security of their system overall and "prevents hackers from scaling beyond one machine," the company claims. "Xbox Live has military grade security to ensure no cheaters, no hackers, and no viruses."
So they couldn't make their OS with mititary grade security, but their game console is good to go? Yeah, right.
"And you have to ask yourself who will have a Web server running with this small amount of services activated? Nobody."
Nice try, but from outside the firewall, that's exactly how many servers will look. Segregating different unctions to different places is definiely part of a strategy.
I am not sure I agree with the Open Source vs Microsoft paradigm that everyone seems so caught up in.
One of the parties caught up in that pardigm is Microsoft. We would ignore that at our peril.
I think that people pick on Microsoft because they are big and visible, but no one picks on Adobe,
People pick on Microsoft because they are slimy, lying scumbags and their products suck. Just in case you hadn't noticed, lots of folks think that Adobe is in the same class since they (ab)used DMCA to imprison Dmitry Skylarov for breaking their eBook "encryption"
Isn't this what Suse does now? My recollection is there's no way to download, for no money, a Suse ISO, at least no way that Suse sanctions. Since I don't want to tray and download 8 zillion tarballs and compile them all (many dependent on other things being compiled/installed first), if I wanted to run this version, I'd buy the box set.
Of course, I just download Redhat, so your basic point may be right on, after all.
Slashdot Mirror
that you can exert 10 Gs just plopping into a chair,
Sure but that's for a really short period, nothing like a second.
the problem isn't skin-tone. The problem is physique. Keanu needs to put on a good 30-50 pounds to do this bit - he looked a little on the anorexic side in Matrix.
Wat is the deal - George Reeves, Chistopher Reeve, Keanu Reeves - is hollywood so lame they think the name has to match?
this turnaround time usually doesn't include what a responsible commercial outfit would call QA.
Given the horror stories regarding a certain outfit's service packs, and the general slipshod nature of commercial software, I'm not sure I percieve the lack of which you speak.
... Linux is apparently beneath their contempt. Do they know something we don't know?
From section 3 of the linked article:
"Several systems, such as Linux, use the same, satisfactory ISN generator as the one used a year ago, and because of that, are
not covered here in any more detail.
"
To try to control layout definitively is to miss the point of the web.
So true. The real solution to the multi-browser cluster-fuck: When in doubt, simplify.
It's hard, when you get it in your head how something is 'supposed' to look, to not get into the infinite tweaking mode. It's probably a lot harder when a lot of PHBs are looking at the site and bitching.
works just fine w/ target of winNT 4 w/ SP 6.0a - instant BSOD.
So why don't other encoders boost the volume if that makes it sound better?
Because other encoders (meaninng other than wma) are written by organizations with ethics.
Are those European ducks or African ducks?
windows ... but hard-crashes and hard-rebooting them wouldn't damage them as badly as the horror stories I've heard about *nix systems.
I think Windows is just quieter about what it does in recovering from hard crashes than *NIX systems, which give you options during recovery that most folks have no use for. In any event, the journaling filesystems under Linux (and the Soft Updates for BSDs) largely addresses this. Unscheduled powerdowns are usually not much of an issue with ext3.
people are eventually just going to quit buying music and stick to listening to what they already own. I have already started to do this
By any chance, are you in your in your mid- to late- twenties? Many people stop getting into new music in that timeframe, and have been for 25-30 years.
then Dotnet will be in place and the party will be well and truly over.
yes and no. MS will (probably) eventually bring down the number of security bugs (though with their insistence on features,features,features and their gratuitous changes to APIs and protocols used to foil competition, it will never be 0 or even real low), but the real problem with Microsoft is not the stuff they do accidentally, it's the stuff they do with full knowledge and intention.
For example, if your files are in some proprietary format and you lose the right to run the software that reads that format, who owns your data? Before you scoff, remember that MS was one of the drafters and promotors of UCITA, which would/will permit software manufacturers to turn off software that they believe is not licensed correctly. (aka "electronic self help" - there are numerous ways to accomplish this even if you're behind a firewall.)
Actually, I found a URL at Linuxtoday that lists many articles by Middleton. Although there are some doozies there, there are also some that show significantly more balance than the 3 we've discussed here. I'm at a loss to understand the radically varying quality of his work.
Both of these stories are availability via linuxtoday.com, BTW. If you go to vnunet.com, please use a browser with image-loading turned off (mozilla, galeon, lynx, links, w3m). No point giving the advertisers of these morons any hits.
An 'anonymous coward' said: care to back that up at all? I don't know the guy from a hole in the head, but those are some pretty nasty allegations to throw around w/no evidence behind them...
There have been 2 other cases where articles by this guy on VNUNET were clearly wrong, too far wrong for casual error. One of them sprang from the (ill-considered) statistics posted at securityfoucs.com that compared the counts of windows and linux vulnerabilities. But the linux vulnerabilities included applications and the windows numbers did not. securityfocus.com clearly stated that fact. Also, each linux vulnerability was counted each time it occurred in any distribution, causing multiple counting of many of them. Middleton did not mention either of these facts, simply using the raw numbers to imply that windows security is better than linux.
The other case was equally egregious. Its headline was "Hackers turn on open source", with a lead paragraph saying the same, but with no clear data backing it up. In fact, the article referenced an increase in website defacements, then noted that 'virtual websites' where many sites are on one machine, were involved, thereby rendering the statistic fairly useless.
This guy is hack, or worse. He's already had too much benefit of the doubt.
This is another article by James Middleton, who is not a trustworthy source on this issue.
I went there just long enough to see his byline (being careful not to download images, hence no ad revenues), then came back here.
I've never seen Middleton write anything about Open Source that wasn't complete bullshit. This guy is either totally bought and paid for by Micorsoft, or is seriously stupd.
people rag on windows for needing a reboot when you install new hardware.
No. People rag on windows because you have to reboot after intalling APPLICATIONS, a requirement wholly unknown in *nix. If you put new hardware in a machine, you genrally turn the machine off. That requires a reboot.
If you are directing this at me, yes I know
no, this was to Q2Serpent.
From the post to which you're replying: DNS has its problems, yes...But they have nothing to do with ISNs.
You are missing the point altogether. DNS is completely outside the scope of this issue.
I think predicting ISNs also lets you hijack a connection...
... but you can't fake the encryption without knowing the password (and if you knew that, you'd just log in normally.)
I think this is far more dificult than if a machine is using rhosts. You need to know that the user is looged in. You need to guess the ISN, then guess how many other bytes haved floed to get the current SN. Seems much more dificult to me.
Now SSH does prevent this,
Actually, the encryption is not based on the password. IANAE, (I Am Not An Expert), but I think SSH uses a public key exchange to encrypt an exchange where a session key is selected, the session key is then used in symmetric encryption. So you'd need the user's private key, AND to be able to see the traffic from the target back to the user (which is encrypted using the user's public key) at least to hijack the session. Since we're talking ISN predictability issues here, this is usually an issue when you can't see the traffic from the target - otherwise, you'd know the ISN and predictability would not be an issue.
Predictable ISNs are only a problem against a machine which has been configured to allow another machine privileges based solely on that second's machine IP address. Then pedictable ISNs allow a third machine to 'spoof' it's address, claiming to be the seond machine by using it's IP address, even though the third machine can't see the responses from the first machine, because the third machine doesn't have the IP address it's claiming.
If you don't configure this 'trust' relationship based on IP address alone, this is not an issue.
Example: SSH allows one machine to trust another, but requires that the trusted machine be at the right IP addresss AND posess the correct private key or keys - so no issue.
Any one who, in this time, configures a machine to trust another, based solely on the IP address in the frames received, is crazy. It's a very unwise practice.
Your list was totally cool except for this omission.
From the linked article:
Closing their service to outsiders increases the security of their system overall and "prevents hackers from scaling beyond one machine," the company claims. "Xbox Live has military grade security to ensure no cheaters, no hackers, and no viruses."
So they couldn't make their OS with mititary grade security, but their game console is good to go? Yeah, right.
"And you have to ask yourself who will have a Web server running with this small amount of services activated? Nobody."
Nice try, but from outside the firewall, that's exactly how many servers will look. Segregating different unctions to different places is definiely part of a strategy.
I am not sure I agree with the Open Source vs Microsoft paradigm that everyone seems so caught up in.
One of the parties caught up in that pardigm is Microsoft. We would ignore that at our peril.
I think that people pick on Microsoft because they are big and visible, but no one picks on Adobe,
People pick on Microsoft because they are slimy, lying scumbags and their products suck. Just in case you hadn't noticed, lots of folks think that Adobe is in the same class since they (ab)used DMCA to imprison Dmitry Skylarov for breaking their eBook "encryption"
Doesn't their business model fall apart
Isn't this what Suse does now? My recollection is there's no way to download, for no money, a Suse ISO, at least no way that Suse sanctions. Since I don't want to tray and download 8 zillion tarballs and compile them all (many dependent on other things being compiled/installed first), if I wanted to run this version, I'd buy the box set.
Of course, I just download Redhat, so your basic point may be right on, after all.