Agree on the widescreen. I've got a Witstech A81H+ with lots of features for about the same price. Pretty fast with 1-gig core, nice capactive touch screen, microsd slot, gps, working accels, removable battery and a normal aspect ratio. My only possible complaints are a lack of support for a few specific programs like netflix and clockworkmod recovery, and the screen is only detects 2 points so some games that require hitting 3 things at once are limited..
It makes a really nice portable SNES emulator too.
Oh definitely NTFS permissions kick butt. The fine granularity, inheritance, etc are pretty nice. No added security vulnerabilities like setuid/setguid.:}
why is anything related to X running on a server used for source control and such things?
especially because the X server executable is usually setuid root. seems to me that is asking for trouble.
and - why would anybody run experimental software on such an important server.
I guess you didn't bother to read the article.
"Trojan initially discovered due to the Xnest/dev/mem error message w/o Xnest installed; have been seen on other systems. It is unclear if systems that exhibit this message are susceptible, compromised or not. If developers see this, and you don't have Xnest installed, please investigate."
Hey buddy, 1995 called, they wanted their antiquated filesystems back. NTFS has supported seperate "execute" permissions since its inception, I believe. In fact, call me when ext3 seperates its "write" permission from its "change permissions / take ownership" permission.
True, the NTFS filesystem supports finer grained permissions and some features that are simply not used or exposed in windows. Generally read/execute are grouped together and trying to set them differently often breaks things. The usual case for windows is that if you can read the file, you can execute it.
Linux has a great mounting option called noexec, which is very handy to apply to the home partition. Ext3 has some extensions to provide finer grained permissions and features (eg chattr), but it's not implemented consistently across all the flavors and rarely used in my experience. Most systems I see are still dorking around with the simplistic user-group-world permissions.
Files can have a Zone Identifier applied to them via NTFS alternate data streams.
The Zone Identifier can restrict execution, causing a popup to confirm if the user really wants to execute it.
Wouldn't be that hard to extend that so that it outright blocks execution without asking the user.
The zone identifier is only added in some instances, and it only give a general idea of where the file came from . It is a poor security mechanism at best. It requires having an NTFS file system. It requires the program running it to read and honor that information. There are ways of getting around this.
If the package signing key gets out in the wild, that is a problem. Aside from that, you cannot really have an issue where someone creates a fake package and gets it past a check, because they simply cannot generate the correct signature. SSL has a flaw that a browser will see "*.google.com" and trust it, even if it was not issued by the actual CA that Google uses. That issue does not exist with signed packages.
Who knows, maybe the intruder has the private signing key and the intrusion was simply to place altered packages? It's also not impossible, although extremely mathematically unfeasible to generate a package that has the same SHA-1.
Certainly, you can see how China would love to insert backdoor into the kernel.
This doesn't have much of a practical application. Available solar power is still the limit in the process and you'll never produce enough hydrogen this way to have a significant contribution to this countries energy needs. This technology just improves the conversion efficiency if hydrogen is your intended final product. You're still better off converting the sunlight to straight electricity using standard grade solar-electric cells instead of converting it to hydrogen which is far less efficient to convert back into mechanical energy.
As I read it, teachers would not only be unable to email their own children, they would be unable to be a member of an email service. Well, one that uses a web client. Using a Facebook application on their iPhone is fine, because the law specifies webpages.
Yes and no. The statute defines exclusive access as "the information on the website is available only to the owner (teacher) and user (student) by mutual explicit consent and where third parties have no access to the information on the website absent an explicit consent agreement with the owner(teacher)".
But, the statute as written requires the schools to have a policy governing "Appropriate use of electronic media such as text messaging and internet sites for both instructional and personal purposes, with an element concerning use of social networking sites". This is far reaching and covers much more than just websites. Facebook is a website no matter how you access it.
It's entirely understandable that teachers object to this law, because it give school admins the authority to regulate their private communications outside of work. It opens them up to administrative action or prosecution for legitimate communications. A perfect example is teachers would be unable to friend their own children on facebook.
You are right - the summary should say "the law bans educators from using any tool not provided by the State for communications" as anything that doesn't allow parents to have access to all electronic communications between teachers and students is forbidden by the new statue. And being there are no exceptions, it makes it kind of hard to use any social networking site, now doesn't it?
SECTION 162.069 - By January 1, 2012, every school district must develop a written policy concerning teacher-student communication and employee-student communications. Each policy must include appropriate oral and nonverbal personal communication, which may be combined with sexual harassment policies, and appropriate use of electronic media as described in the act, including social networking sites. Teachers cannot establish, maintain, or use a work-related website unless it is available to school administrators and the child's legal custodian, physical custodian, or legal guardian. Teachers also cannot have a nonwork-related website that allows exclusive access with a current or former student. Former student is defined as any person who was at one time a student at the school at which the teacher is employed and who is eighteen years of age or less and who has not graduated.
Taken literally, the bolded wording precludes a teacher from using facebook, twitter, gmail, and a whole host of other sites. This would be regardless of whether they interacted with a student on a work on non-work level because those sites ALLOW private communications. It didn't ban private communications, it banned the use of sites that could permit it. They couldn't even email their own kids unless they gave the school admins access to their email account. The law is poorly worded to address the issue they tried to correct (inappropriate private communcations between teachers and kids). The injunction was simply to stave off the enforcement of this section until a court could rule on the 1st amendment issues.
Wait, this was about freedom from paying, not the "real" definition of free... dammit.
Europe's second largest migration to an open source office suite? Not even close - http://wiki.services.openoffice.org/wiki/Major_OpenOffice.org_Deployments. Of course, you should also consider how many large scale migrations have never been completed, reversed mid-course, or just been considered dismal failures due to poor planning. Hopefully they will have a solid plan _before_ they proceed instead of blindly charging forward with an OpenSource-is-better closed mindset. Oh and hopefully they choose a produce that will have support and existing down the road.
LCDs use polarization, in that they align and dis-align polarity to make a pixel turn on and off.
But there will only be waste in large areas of black screen. In an image with a more even distribution of pixel states the light will bounce around until it finds a pixel that's on, and come out there.
Incorrect. For LCDs the polarization filtering absorbs the light and doesn't reflect it. Now if it could reflect it backwards then you could potentially use a solar cell to recapture the light and recover some of that energy. Incident light on the screen could still pass through the layers and be absorbed as well. It's a novel idea, but a technology that gets rid of the need for a bright backlight in bright ambient conditions makes more sense.
You sir are an idiot. I paid for my phone service to deny my that service is a breach of contract. As long as I have paid for my phone service I have a RIGHT to use it providing i use it within the terms outlined in the contract with my provider. To deny me that right is the same as stealing something I paid for and is a breach of contract.
No I think you are the idiot. BART simply shutdown a feature that they normally provide their passengers. You're acting like BART is actively preventing the telco from providing you service. You don't have a contract with BART to use their cell repeaters.
You have a contract with the telco provider, who obviously is failing to provide coverage underground. Read your contract and you'll notice there is absolutely no guarantee of service at all.
This! I hadn't considered that in a while... OS X is the only mainstream OS that makes changes subtle
That's because Apple recognizes that the average consumer wants consistency and stability, not new bling and features every few months. The consistency and reliability is also the main reason IOS apps are generally perceived to be of higher quality than Android apps
Well, yes. I just went through this a couple of weeks ago on a hiking trip. We hiked on snowed-over unmarked trails. Without a GPS it would have been impossible. OTOH we had compasses and maps to back up the GPS and constantly referred back to the printed maps and got a bearing by compass so we knew at all times which way to bail if the GPS died.
But the USFS was busy recovering people from the same area who went in with a GPS and no maps, and then got totally lost when the GPS died. From what I gathered, 2 rescues / day.... These were unhurt parties who lost their way. No business being out there in the first place.
Well, a backup GPS and extra certainly helps.:} But yes, you're absolutely right that being able to read a topo map and use a compass is invaluable if all else fails.
And the propagation speed of the radio waves is 671 million compared to that 15,000mph. Of course Doppler correction isn't necessary if you're looking at it sideways and not in front of or behind the moving object.
OK, I'll throw in a software comparison for you: Windows: $$, Android: free.
Also, I suppose netbooks are sold without any Q&A, so you might have a point there: A device with no moving parts and much fewer buttons and internal connectors is certainly going to have a higher Q&A cost.
If you think that everything above $200 is not margin, YOU are part of the reason why these things still cost too much.
Spend any time at all comparing apps on Apple versus Android apps and you'll understand his comment about software Q&A. Apple apps get Q&A before published, stick to a gui convention, and almost always work. Android apps on the other hand are generally of a lower quality. Read the Android market reviews on a dozen apps and at least half will have lots of users complaining about force-closes, poor screen layout, cpu hogging, etc. The only reason I own an Android tablet is because I don't mind debugging apps or having to dig into the OS to get things running. If Apple had a 7" iPad with GPS for $250 I would sell the Android and get that instead.
Plus Apple still has far more apps than Android, even counting all the Android apps that are listed in the market multiple times under slightly different names (is that app spamming?)
1) Yes certificates can validate your identity, provided the roots and intermediates are kept secure.
Which you cannot guarantee, therefore you cannot use them to validate identity.
The entire industry -- from scamming fees out of site owners to fooling the consumer and coercing and co-opting the browser authors -- is predicated upon the single critical idea that certs imbue a transaction with safety because you know who you're talking to. But the fact is, you don't have any idea who you're talking to; and furthermore, you cannot, and furtherestmore, the cert couldn't tell the user or the browser or the source site if the folks at both ends were the "right ones" even if it was true. All the cert does is implement intermediate communications line security -- as far as we know, presuming the NSA hasn't done what we all know it would most like to do and is either in the process of doing or has already done.
.
Paranoid much? Your arguments have not pointed out any fundamental technical problems with using SSL to verify the server-side. It all boils down to the commercial CAs and browser makers failing to hold up their part of the web of trust. They issue certs without verifying who is applying and browser are apt to include the public certs for CAs you might want to trust.
Have you even looked a the private and DOD implementations? Nearly 1 million CAC smartcards issued using PKI certificates? Those are examples where the implementation is done according to best practice and works just fine to authenticate servers and users.
Despite the shenanigans of the commercial CAs, SSL validation does have one benefit still - when your browser says the site has been hijacked, there usually is a problem though usually not malicious. Granted most people ignore the warning and continue anyway (I don't think the browser should let you, btw) but that problem will exist even with dnssec.
So given all your negativity, what do you propose for a solution?
1) Yes certificates can validate your identity, provided the roots and intermediates are kept secure. You should never be issuing client certs from the local server cert, which many people do. Only an idiot keeps the root cert on an online server . Smartcards can provide security for the end user's private certs. It all boils down to a secure implementation. The flaws you describe result from an insecure implementation.
2) Yes, encryption is one use of SSL. The question was about SSL validation.
3) Again, we're talking about crappy implementation here - aka Verisign and other CAs that give out certs like candy and don't bother to verify identity properly. It also doesn't help that browsers and OSs are setup to trust less than reputable CAs (ie Firefox trusting certain Chinese CAs).
Actually the whole point is that you CAN manufacture things you could not before. For example the internal structures of the wings. It's possible for instance with traditional mold&glue techniques to create a complex honeycomb pattern inside the wings, etc. Sure you could press out a zillion little internal pieces and build it up, but that's not practical and the result would be weaker and heavier.
Slashdot Mirror
Agree on the widescreen. I've got a Witstech A81H+ with lots of features for about the same price. Pretty fast with 1-gig core, nice capactive touch screen, microsd slot, gps, working accels, removable battery and a normal aspect ratio. My only possible complaints are a lack of support for a few specific programs like netflix and clockworkmod recovery, and the screen is only detects 2 points so some games that require hitting 3 things at once are limited..
It makes a really nice portable SNES emulator too.
Front page still hacked, but fairly harmlessly.
The amusing thing is that had it been malicious with some unknown zero-day, that all of the slashdot lemmings would have hit the page.
Oh definitely NTFS permissions kick butt. The fine granularity, inheritance, etc are pretty nice. No added security vulnerabilities like setuid/setguid. :}
http://slackware.osuosl.org/slackware-13.37/slackware/x/xorg-server-xnest-1.9.5-i486-1.txt
Xnest is an experimental nested server for X
why is anything related to X running on a server used for source control and such things?
especially because the X server executable is usually setuid root. seems to me that is asking for trouble.
and - why would anybody run experimental software on such an important server.
I guess you didn't bother to read the article.
"Trojan initially discovered due to the Xnest /dev/mem error message w/o Xnest installed; have been seen on other systems. It is unclear if systems that exhibit this message are susceptible, compromised or not. If developers see this, and you don't have Xnest installed, please investigate."
Hey buddy, 1995 called, they wanted their antiquated filesystems back. NTFS has supported seperate "execute" permissions since its inception, I believe. In fact, call me when ext3 seperates its "write" permission from its "change permissions / take ownership" permission.
True, the NTFS filesystem supports finer grained permissions and some features that are simply not used or exposed in windows. Generally read/execute are grouped together and trying to set them differently often breaks things. The usual case for windows is that if you can read the file, you can execute it.
Linux has a great mounting option called noexec, which is very handy to apply to the home partition. Ext3 has some extensions to provide finer grained permissions and features (eg chattr), but it's not implemented consistently across all the flavors and rarely used in my experience. Most systems I see are still dorking around with the simplistic user-group-world permissions.
Has existed since Windows XP SP2.
Files can have a Zone Identifier applied to them via NTFS alternate data streams.
The Zone Identifier can restrict execution, causing a popup to confirm if the user really wants to execute it.
Wouldn't be that hard to extend that so that it outright blocks execution without asking the user.
The zone identifier is only added in some instances, and it only give a general idea of where the file came from . It is a poor security mechanism at best. It requires having an NTFS file system. It requires the program running it to read and honor that information. There are ways of getting around this.
If the package signing key gets out in the wild, that is a problem. Aside from that, you cannot really have an issue where someone creates a fake package and gets it past a check, because they simply cannot generate the correct signature. SSL has a flaw that a browser will see "*.google.com" and trust it, even if it was not issued by the actual CA that Google uses. That issue does not exist with signed packages.
Who knows, maybe the intruder has the private signing key and the intrusion was simply to place altered packages? It's also not impossible, although extremely mathematically unfeasible to generate a package that has the same SHA-1.
Certainly, you can see how China would love to insert backdoor into the kernel.
This doesn't have much of a practical application. Available solar power is still the limit in the process and you'll never produce enough hydrogen this way to have a significant contribution to this countries energy needs. This technology just improves the conversion efficiency if hydrogen is your intended final product. You're still better off converting the sunlight to straight electricity using standard grade solar-electric cells instead of converting it to hydrogen which is far less efficient to convert back into mechanical energy.
As I read it, teachers would not only be unable to email their own children, they would be unable to be a member of an email service. Well, one that uses a web client. Using a Facebook application on their iPhone is fine, because the law specifies webpages.
Yes and no. The statute defines exclusive access as "the information on the website is available only to the owner (teacher) and user (student) by mutual explicit consent and where third parties have no access to the information on the website absent an explicit consent agreement with the owner(teacher)".
But, the statute as written requires the schools to have a policy governing "Appropriate use of electronic media such as text messaging and internet sites for both instructional and personal purposes, with an element concerning use of social networking sites". This is far reaching and covers much more than just websites. Facebook is a website no matter how you access it.
It's entirely understandable that teachers object to this law, because it give school admins the authority to regulate their private communications outside of work. It opens them up to administrative action or prosecution for legitimate communications. A perfect example is teachers would be unable to friend their own children on facebook.
You are right - the summary should say "the law bans educators from using any tool not provided by the State for communications" as anything that doesn't allow parents to have access to all electronic communications between teachers and students is forbidden by the new statue. And being there are no exceptions, it makes it kind of hard to use any social networking site, now doesn't it?
Your idea for a summary is just as inaccurate. Go read the actual law http://www.senate.mo.gov/11info/BTS_Web/Bill.aspx?SessionType=R&BillID=4066479. Here, I'll help you since you're obviously too lazy to check your facts before posting up your uninformed opinion.
SECTION 162.069 - By January 1, 2012, every school district must develop a written policy concerning teacher-student communication and employee-student communications. Each policy must include appropriate oral and nonverbal personal communication, which may be combined with sexual harassment policies, and appropriate use of electronic media as described in the act, including social networking sites. Teachers cannot establish, maintain, or use a work-related website unless it is available to school administrators and the child's legal custodian, physical custodian, or legal guardian. Teachers also cannot have a nonwork-related website that allows exclusive access with a current or former student. Former student is defined as any person who was at one time a student at the school at which the teacher is employed and who is eighteen years of age or less and who has not graduated.
Taken literally, the bolded wording precludes a teacher from using facebook, twitter, gmail, and a whole host of other sites. This would be regardless of whether they interacted with a student on a work on non-work level because those sites ALLOW private communications. It didn't ban private communications, it banned the use of sites that could permit it. They couldn't even email their own kids unless they gave the school admins access to their email account. The law is poorly worded to address the issue they tried to correct (inappropriate private communcations between teachers and kids). The injunction was simply to stave off the enforcement of this section until a court could rule on the 1st amendment issues.
Stroking a blow for software freedom!
Wait, this was about freedom from paying, not the "real" definition of free... dammit.
Europe's second largest migration to an open source office suite? Not even close - http://wiki.services.openoffice.org/wiki/Major_OpenOffice.org_Deployments. Of course, you should also consider how many large scale migrations have never been completed, reversed mid-course, or just been considered dismal failures due to poor planning. Hopefully they will have a solid plan _before_ they proceed instead of blindly charging forward with an OpenSource-is-better closed mindset. Oh and hopefully they choose a produce that will have support and existing down the road.
Perhaps it could also diagnose ADD, autism, BPD, schizophrenia, and approaching episodes of road rage? Think of the savings!
And respond by triggering a hard right turn into the ditch? I'm not sure I want my car practicing eugenics.
LCDs use polarization, in that they align and dis-align polarity to make a pixel turn on and off.
But there will only be waste in large areas of black screen. In an image with a more even distribution of pixel states the light will bounce around until it finds a pixel that's on, and come out there.
Incorrect. For LCDs the polarization filtering absorbs the light and doesn't reflect it. Now if it could reflect it backwards then you could potentially use a solar cell to recapture the light and recover some of that energy. Incident light on the screen could still pass through the layers and be absorbed as well. It's a novel idea, but a technology that gets rid of the need for a bright backlight in bright ambient conditions makes more sense.
The system administrators of that web site can see exactly which version of the software is installed, and it is extremely important.
Don't worry, they'll soon drop any version info from the browser user agent string.
Of course "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:5.0.1) Gecko/20100101 Firefox/5.0.1" isn't all that helpful anyway.
For a little while there, a user could install Chrome but he couldn't remove it unless he was an admin.
You sir are an idiot. I paid for my phone service to deny my that service is a breach of contract. As long as I have paid for my phone service I have a RIGHT to use it providing i use it within the terms outlined in the contract with my provider. To deny me that right is the same as stealing something I paid for and is a breach of contract.
No I think you are the idiot. BART simply shutdown a feature that they normally provide their passengers. You're acting like BART is actively preventing the telco from providing you service. You don't have a contract with BART to use their cell repeaters.
You have a contract with the telco provider, who obviously is failing to provide coverage underground. Read your contract and you'll notice there is absolutely no guarantee of service at all.
This!
I hadn't considered that in a while... OS X is the only mainstream OS that makes changes subtle
That's because Apple recognizes that the average consumer wants consistency and stability, not new bling and features every few months. The consistency and reliability is also the main reason IOS apps are generally perceived to be of higher quality than Android apps
Doing a bit of rogaining was he best thing I ever did to improve my ability to navigate.
So how does growing hair help? http://en.wikipedia.org/wiki/Rogain :}}
Well, yes. I just went through this a couple of weeks ago on a hiking trip. We hiked on snowed-over unmarked trails. Without a GPS it would have been impossible. OTOH we had compasses and maps to back up the GPS and constantly referred back to the printed maps and got a bearing by compass so we knew at all times which way to bail if the GPS died.
But the USFS was busy recovering people from the same area who went in with a GPS and no maps, and then got totally lost when the GPS died. From what I gathered, 2 rescues / day.... These were unhurt parties who lost their way. No business being out there in the first place.
Well, a backup GPS and extra certainly helps. :} But yes, you're absolutely right that being able to read a topo map and use a compass is invaluable if all else fails.
And the propagation speed of the radio waves is 671 million compared to that 15,000mph. Of course Doppler correction isn't necessary if you're looking at it sideways and not in front of or behind the moving object.
OK, I'll throw in a software comparison for you: Windows: $$, Android: free.
Also, I suppose netbooks are sold without any Q&A, so you might have a point there: A device with no moving parts and much fewer buttons and internal connectors is certainly going to have a higher Q&A cost.
If you think that everything above $200 is not margin, YOU are part of the reason why these things still cost too much.
Spend any time at all comparing apps on Apple versus Android apps and you'll understand his comment about software Q&A. Apple apps get Q&A before published, stick to a gui convention, and almost always work. Android apps on the other hand are generally of a lower quality. Read the Android market reviews on a dozen apps and at least half will have lots of users complaining about force-closes, poor screen layout, cpu hogging, etc. The only reason I own an Android tablet is because I don't mind debugging apps or having to dig into the OS to get things running. If Apple had a 7" iPad with GPS for $250 I would sell the Android and get that instead.
Plus Apple still has far more apps than Android, even counting all the Android apps that are listed in the market multiple times under slightly different names (is that app spamming?)
The only 3rd party app I would really miss having on my Droid is Kindle.
It's planned. http://www.slashgear.com/amazon-kindle-for-webos-touchpad-confirmed-09132141/
1) Yes certificates can validate your identity, provided the roots and intermediates are kept secure.
Which you cannot guarantee, therefore you cannot use them to validate identity.
The entire industry -- from scamming fees out of site owners to fooling the consumer and coercing and co-opting the browser authors -- is predicated upon the single critical idea that certs imbue a transaction with safety because you know who you're talking to. But the fact is, you don't have any idea who you're talking to; and furthermore, you cannot, and furtherestmore, the cert couldn't tell the user or the browser or the source site if the folks at both ends were the "right ones" even if it was true. All the cert does is implement intermediate communications line security -- as far as we know, presuming the NSA hasn't done what we all know it would most like to do and is either in the process of doing or has already done.
.
Paranoid much? Your arguments have not pointed out any fundamental technical problems with using SSL to verify the server-side. It all boils down to the commercial CAs and browser makers failing to hold up their part of the web of trust. They issue certs without verifying who is applying and browser are apt to include the public certs for CAs you might want to trust.
Have you even looked a the private and DOD implementations? Nearly 1 million CAC smartcards issued using PKI certificates? Those are examples where the implementation is done according to best practice and works just fine to authenticate servers and users.
Despite the shenanigans of the commercial CAs, SSL validation does have one benefit still - when your browser says the site has been hijacked, there usually is a problem though usually not malicious. Granted most people ignore the warning and continue anyway (I don't think the browser should let you, btw) but that problem will exist even with dnssec.
So given all your negativity, what do you propose for a solution?
1) Yes certificates can validate your identity, provided the roots and intermediates are kept secure. You should never be issuing client certs from the local server cert, which many people do. Only an idiot keeps the root cert on an online server . Smartcards can provide security for the end user's private certs. It all boils down to a secure implementation. The flaws you describe result from an insecure implementation.
2) Yes, encryption is one use of SSL. The question was about SSL validation.
3) Again, we're talking about crappy implementation here - aka Verisign and other CAs that give out certs like candy and don't bother to verify identity properly. It also doesn't help that browsers and OSs are setup to trust less than reputable CAs (ie Firefox trusting certain Chinese CAs).
Actually the whole point is that you CAN manufacture things you could not before. For example the internal structures of the wings. It's possible for instance with traditional mold&glue techniques to create a complex honeycomb pattern inside the wings, etc. Sure you could press out a zillion little internal pieces and build it up, but that's not practical and the result would be weaker and heavier.