I have two PCs at home that run Windows XP. Everything I use them for works flawlessly. They are totally stable and usually have an uptime measured in weeks. A large part of this is probably because I do must of my stuff in the cloud.
Why should I pay $50,$100,$150 to upgrade to Windows 7? What is in it for me?
Now substitute "me' with those other 61% of people. Why should someone upgrade if XP is doing everything they need?
Whoa! A company stored lists of patients with a medical condition and contact information on a computer connected to an *UNSECURED and UNENCRYPTED* wireless network, and we are supposed to believe that Google is the "bad guy"?
Unless you are some intern making $5 / hour or something, the amount of time you will spend assembling these things will far outstrip the cost savings.
IE - say you save $200 / machine. How many hours will it take you to build that? Three? Four? Now figure in how much you make per hour. Your "savings" are out the window.
Surprised this article and/. summary is so poorly researched. (Then again this is/. what can I expect?)
Microsoft is very heavily invested in Facebook.
They put 240 million dollars into it years ago, they own a substantial stake in the company.
They very likely have one or more key members on the board, and of course would be heavily against any involvement by Google, who is their top competitor.
My Samsung BD-C5500 Blu-Ray player can do all this. It plays Netflix, Blockbuster, YouTube, a host of other sites. It can play media from any DLNA media server in my house, which my little wireless router seems to do perfectly. It can play DivX, MKV, XVid, nearly anything.
Oh, and did I mention it is also a BluRay player?
Oh and it cost me exactly $130.
And this is far from the only BluRay player with capabilities like this.
Boxee and Apple TV et. al. have missed the boat, all the blu-ray players are coming with this stuff built in nowadays. Why should I buy another box that does the same thing as one I already own?
The "whole point of patents" was to enable someone to come up with an idea and have a brief exclusivity period so that they could get the idea to market.
The whole premise of patents was that it ACTUALLY TOOK time to get ideas to market, and that an average person COULD GET THEM TO MARKET. Thus they would encourage INNOVATION by allowing small players a way to compete with already entrenched players, via innovation.
Patents were not created so that giant mega-corporations could use them to gain further market share, they were SUPPOSED to be there for the little guy.
The "whole point of patents" is totally meaningless in today's business world. Patents do not serve to encourage innovation, the limit it, because everyone and every company who has an idea has to spend enormous amounts of money just to see if their idea is already patented, and the only ones who can really afford it are the players who are already entrenched. It is not just software and IP patents that have this problem either. With facilities like mini-fabs and Alibaba.com, anyone who has an idea for a product can have it prototyped and have mini runs done of it overseas for very minimal cost. For many inventions It actually will cost more for you to get your patent investigated and filed, than it will for you to make your first 10,000 units and start selling them. How is this supposed to encourage rapid innovation again?
We just had an election here, and I can't help but think that if people would have been able to vote online, turn out would be much much greater.
Yes there are security issues. But these can be overcome. If I can bank and file my taxes online, I should be able to vote online. Yes, I know there are issues surrounding anonymity of votes - but I have confidence these can be overcome.
I do not think people in the industry should be needlessly attacking internet voting - someday sooner or later IT WILL HAPPEN. We should instead be helping government craft solutions to the hurdles of implementation.
Last I checked, the number of Android handsets that will ship this year absolutely dwarfed the number of iOS handsets. Meanwhile, Flash is huge on Android.
I see more for Microsoft to gain from this arrangement than Adobe.
As a follow up - if anything I am just pointing out the patent is 100% valid, which just goes to show how pointless software method patents are. Between the time of filing and the time of approval an entire industry had already been created with many competitors, before Facebook even got around to implementing the thing the applied for a patent on.
The patent system moves too slowly to be useful for software patents. It's only possible purpose is litigation, it does not provide any incentive to innovate.
Before everyone goes off a wall here, it should be noted Facebook applied for this February 2007.
Foursquare didn't even exist until 2009.
Dodgeball (which Google bought and created Latitude from) was started in 2005, but at the time it was based on TXT messages, not GPS, so not sure it applies.
It doesn't matter how "secure" your network is. If your inbound pipe starts getting flooded with garbage data and fills your pipe, your service is now unavailable. Your local firewall may be super secure and drop all the packets so your server runs along swimmingly - totally irrelevant if your pipe is overloaded. This is the kind of damage that is TRIVIAL for a botnet.
If TXT was free, or something reasonable like 1 cent / message, I would use it more. Currently, my carrier (Bell Canada) charges 10 cents / message both outbound AND inbound. At that cost, it is way too expensive for me to use TXT casually. And I don't have a need for it to justify a $5 / month 100 TXT add on to my bill.
TXT costs carriers $0 since it uses unused space in the protocol, so I don't see how they feel justified in 10 cents / message. From my understanding TXT is much cheaper in Europe.
Final point - with nearly everyone I know having a smart phone, TXT is not even very useful. It is just as simple and fast to send an email or Twitter DM as a TXT message, and costs me nothing.
If you weren't encrypting data into cookies and using that to store stuff then you would not be vulnerable to this exploit, at all.
Session cookies should always be totally random. If your web app wants to "remember me" then store that random cookie in the database with the user ID affiliated. There is never any reason to store anything about the user on the client side, at all, encrypted or not.
For one, IIS does not run as Administrator, unless you for some reason change it to do that.
For two, this attack has nothing to do with that, at all. This attack basically involves a way to crack COOKIES on a client machine that are supposedly encrypted.
For three, anyone who stores sensitive data in an "encrypted user cookie" is retarded. I don't care if it is encrypted or not, rule #1 is never trust the client with anything. Quote from the article:
"The attack allows someone to decrypt sniffed cookies, which could contain valuable data such as bank balances, Social Security numbers or crypto keys. The attacker may also be able to create authentication tickets for a vulnerable Web app and abuse other processes that use the application's crypto API."
Why on earth anyone would put a bank balance or any other sensitive information in a cookie is totally beyond me. Also why on earth one's session cookie would be based on anything other than a totally random UUID is beyond me.
Basically this exploit takes advantage of people who poorly code ASP sites. The exact same exploit could affect a poorly coded PHP site, or poorly coded JSP site, or poorly coded CGI site.
People on here are misunderstanding the claim of redundancy.
What the guy is talking about is with the POTS, your telco has giant battery and generator warehouses that can run the entire city grid for 48+ hours in the event of power outage. Normally, this is not the case with fibre, especially at all of the junctions.
Slashdot Mirror
You are missing the point entirely.
If your PC is properly protected by a combination of an intelligent user, a firewall, and anti-virus, then security is not an issue.
The other arguments (performance usability) are moot points I addressed in my last comment. XP does everything I need. Why should I pay to upgrade it?
People need to get off the upgrade bandwagon.
This is why I use this Chrome extension - https://chrome.google.com/extensions/detail/flcpelgcagfhfoegekianiofphddckof
Basically for any site you go to it AUTOMATICALLY redirects you to the SSL version of that site if it exists. Including ssl.facebook.com.
Yes ssl.facebook.com should be the default, as should most sites, but until they are this extension is invaluable IMO.
Why fix what is not broken?
I have two PCs at home that run Windows XP. Everything I use them for works flawlessly. They are totally stable and usually have an uptime measured in weeks. A large part of this is probably because I do must of my stuff in the cloud.
Why should I pay $50,$100,$150 to upgrade to Windows 7? What is in it for me?
Now substitute "me' with those other 61% of people. Why should someone upgrade if XP is doing everything they need?
registraruser
October 19, 2010 8:07pm
Whoa! A company stored lists of patients with a medical condition and contact information on a computer connected to an *UNSECURED and UNENCRYPTED* wireless network, and we are supposed to believe that Google is the "bad guy"?
Unless you are some intern making $5 / hour or something, the amount of time you will spend assembling these things will far outstrip the cost savings.
IE - say you save $200 / machine. How many hours will it take you to build that? Three? Four? Now figure in how much you make per hour. Your "savings" are out the window.
Surprised this article and /. summary is so poorly researched. (Then again this is /. what can I expect?)
Microsoft is very heavily invested in Facebook.
They put 240 million dollars into it years ago, they own a substantial stake in the company.
They very likely have one or more key members on the board, and of course would be heavily against any involvement by Google, who is their top competitor.
Why should Google have to pay it's employees and spend it's resources to track down the RIAA's problems?
It is not Google doing the pirating I don't see why they should have to clean up the mess.
My Samsung BD-C5500 Blu-Ray player can do all this. It plays Netflix, Blockbuster, YouTube, a host of other sites. It can play media from any DLNA media server in my house, which my little wireless router seems to do perfectly. It can play DivX, MKV, XVid, nearly anything.
Oh, and did I mention it is also a BluRay player?
Oh and it cost me exactly $130.
And this is far from the only BluRay player with capabilities like this.
Boxee and Apple TV et. al. have missed the boat, all the blu-ray players are coming with this stuff built in nowadays. Why should I buy another box that does the same thing as one I already own?
The "whole point of patents" was to enable someone to come up with an idea and have a brief exclusivity period so that they could get the idea to market.
The whole premise of patents was that it ACTUALLY TOOK time to get ideas to market, and that an average person COULD GET THEM TO MARKET. Thus they would encourage INNOVATION by allowing small players a way to compete with already entrenched players, via innovation.
Patents were not created so that giant mega-corporations could use them to gain further market share, they were SUPPOSED to be there for the little guy.
The "whole point of patents" is totally meaningless in today's business world. Patents do not serve to encourage innovation, the limit it, because everyone and every company who has an idea has to spend enormous amounts of money just to see if their idea is already patented, and the only ones who can really afford it are the players who are already entrenched. It is not just software and IP patents that have this problem either. With facilities like mini-fabs and Alibaba.com, anyone who has an idea for a product can have it prototyped and have mini runs done of it overseas for very minimal cost. For many inventions It actually will cost more for you to get your patent investigated and filed, than it will for you to make your first 10,000 units and start selling them. How is this supposed to encourage rapid innovation again?
We just had an election here, and I can't help but think that if people would have been able to vote online, turn out would be much much greater.
Yes there are security issues. But these can be overcome. If I can bank and file my taxes online, I should be able to vote online. Yes, I know there are issues surrounding anonymity of votes - but I have confidence these can be overcome.
I do not think people in the industry should be needlessly attacking internet voting - someday sooner or later IT WILL HAPPEN. We should instead be helping government craft solutions to the hurdles of implementation.
Last I checked, the number of Android handsets that will ship this year absolutely dwarfed the number of iOS handsets. Meanwhile, Flash is huge on Android.
I see more for Microsoft to gain from this arrangement than Adobe.
As a follow up - if anything I am just pointing out the patent is 100% valid, which just goes to show how pointless software method patents are. Between the time of filing and the time of approval an entire industry had already been created with many competitors, before Facebook even got around to implementing the thing the applied for a patent on.
The patent system moves too slowly to be useful for software patents. It's only possible purpose is litigation, it does not provide any incentive to innovate.
Before everyone goes off a wall here, it should be noted Facebook applied for this February 2007.
Foursquare didn't even exist until 2009.
Dodgeball (which Google bought and created Latitude from) was started in 2005, but at the time it was based on TXT messages, not GPS, so not sure it applies.
It doesn't matter how "secure" your network is. If your inbound pipe starts getting flooded with garbage data and fills your pipe, your service is now unavailable. Your local firewall may be super secure and drop all the packets so your server runs along swimmingly - totally irrelevant if your pipe is overloaded. This is the kind of damage that is TRIVIAL for a botnet.
I don't see why this is an "issue".
Congratulations, you just described how Android permissions already work.
Any other irrelevant posts to make based on not knowing the subject in question?
20 light years is millimeters of astrophysical distance.
It amazes me we have been observing space so long and yet we only now have detected this planet.
It just goes to show how incredibly likely it is to find planets like Earth everywhere in the galaxy.
If TXT was free, or something reasonable like 1 cent / message, I would use it more. Currently, my carrier (Bell Canada) charges 10 cents / message both outbound AND inbound. At that cost, it is way too expensive for me to use TXT casually. And I don't have a need for it to justify a $5 / month 100 TXT add on to my bill.
TXT costs carriers $0 since it uses unused space in the protocol, so I don't see how they feel justified in 10 cents / message. From my understanding TXT is much cheaper in Europe.
Final point - with nearly everyone I know having a smart phone, TXT is not even very useful. It is just as simple and fast to send an email or Twitter DM as a TXT message, and costs me nothing.
If you weren't encrypting data into cookies and using that to store stuff then you would not be vulnerable to this exploit, at all.
Session cookies should always be totally random. If your web app wants to "remember me" then store that random cookie in the database with the user ID affiliated. There is never any reason to store anything about the user on the client side, at all, encrypted or not.
For one, IIS does not run as Administrator, unless you for some reason change it to do that.
For two, this attack has nothing to do with that, at all. This attack basically involves a way to crack COOKIES on a client machine that are supposedly encrypted.
For three, anyone who stores sensitive data in an "encrypted user cookie" is retarded. I don't care if it is encrypted or not, rule #1 is never trust the client with anything. Quote from the article:
"The attack allows someone to decrypt sniffed cookies, which could contain valuable data such as bank balances, Social Security numbers or crypto keys. The attacker may also be able to create authentication tickets for a vulnerable Web app and abuse other processes that use the application's crypto API."
Why on earth anyone would put a bank balance or any other sensitive information in a cookie is totally beyond me. Also why on earth one's session cookie would be based on anything other than a totally random UUID is beyond me.
Basically this exploit takes advantage of people who poorly code ASP sites. The exact same exploit could affect a poorly coded PHP site, or poorly coded JSP site, or poorly coded CGI site.
Yeah screw Walmart... I am sticking with the little guy for my wireless service!
So I guess thats... AT&T??? Er no wait... must be Verizon. Wait...
People on here are misunderstanding the claim of redundancy.
What the guy is talking about is with the POTS, your telco has giant battery and generator warehouses that can run the entire city grid for 48+ hours in the event of power outage. Normally, this is not the case with fibre, especially at all of the junctions.
Shouldn't this be in idle?
eBay buys Skype for 2.6 billion, loses a ton of money on it over a span of 5 years, now offload sit to Cisco at a profit. Genius!