A very common misconception here. Simply plugging the leaking riser pipe will accomplish nothing as the riser pipe will burst shortly after you plug it. The main purpose of the BOP valve at the top of the well head is to regulate the pressure going up the relatively thin walled riser pipe. The riser has to be fairly thin otherwise its too heavy to hang from a surface ship. It can not sustain the full well pressure. This MUST be shut off at or below the well head valve.
You really want the Army.Marine Corp handling this? Guys with absolutely zero experience with oil drilling? The same guys that couldn't figure out how to kill the oil well fires in Iraq and had to contract it out to the industry experts?
Best practices are not being followed. A science based, data driven approach would mean, at the very least, doing what has worked in the past, and not doing what hasn't worked.
The use of a more dangerous, less effective dispersant in an untried, untested underwater application is also far from science based. But that was the dispersant BPs sister company had on hand to sell them, and with multiple board members sitting on both companies, I think we can say profits trumped science once again. As a liberal, I am very, very upset with the man I voted for right now. At least Bush was just an idiot with Katrina. Obama seems to be deliberately pandering to Big Oil.
Actually that is the dispersant of choice, simply because its available in sufficient quantities and has been successfully used in the past (although not is such large quantities at a single spill). US Polychemical Corporation has reportedly received an order from BP for Dispersit SPC 1000. They can only produce 60,000 gallons a day. Close to 500,000 of Corexit have already been used. The problem was do you wait for industry to make the alternative or do you use what you have on hand?
Just what are you expecting Obama to do? Fly down there and act like a pompous ass and pretend its a situation that he really has any control over? Everyone claims he didn't act right away, but the truth is that the EPA and Coast Guard are charged with the emergency response, reacted the same day, and don't require explicit presidential direction to act in an emergency. Declaring a state of emergency doesn't affect the response that was already underway. The fact is that most of the oversight and regulatory issues that created a higher risk of these accidents was Bush's fault (speaking of big oil controlled).
All of the true experts in this field are on this problem already. Most of the arm-chair quarterbacks and media pundits don't know what they are talking about, with BS ideas like dropping a nuke on it or burying the well head under concrete.
Boom and capture is not as easy as it sounds. The oil is being released a mile below the surface and getting carried great distances before coming to the surface. The booms are better used to protect areas further away.
God forbid, a user that doesn't know how to configure a properly secured wifi network?
It should be up to the ISP to secure it. If your water utility springs a leak the water utility sends someone to fix it.
Not if the leak is on your side of the water meter. Or are you saying its the water companies fault when you leave the hose on and people stop by and have a drink.
Okay, I missed the Richard Stallman 'Free Software' reference. Do you honestly think there are more than a handful of users who care that the source is closed? Can you point to more than a few folks who have attempted to branch or modify Firefox, or even had the devs accept their inputs?
Oh please oh please can we PLEASE stop spreading this nonsense that FF ever innovated anything? Just what are you claiming Mozilla innovated? Whatever you *think* they innovated, Compare with this
I'll be completely honest, I don't care. It isn't Free Software. Until that changes, I'd rather use w3m than touch it.
Does Firefox still crash if proxy.pac returns a null, which is perfectly valid per the netscape spec and even noted as such in the code? I haven't tried it since the bugzilla entry I started with lots of example code was closed and not fixed. The reason it was closed? It wasn't a priority as it didn't trigger a buffer overflow (my original concern), and the customer could simply fix their proxy.pac file.
So saying, 'spend time trying to improve the code' is laughable.
This might also explain people seeing angels and gods during violent storms? Or maybe they're just hallucinating because they are gullible? Seems quite hypocritical when a Christian claims that ball lightning does exist because no one can prove it's existence.
If it's just pixles glowing in the presence of incident IR, it would be worthless. You lose the whole concept of what direction the IR came from and end up with the equivalent of major glare on a smeary windsheild.
There can't possibly be that many job openings in this field. This is about as silly as Unv Florida cranking out tons of degrees in marine biology when the reality is that there are less than 1000 of these specialty jobs in the US.
Or maybe 1 out of every 10,000 hits to the site got a slightly different page that did send the info. Who would know? Nice that firefox won't even let me see the page source. I guess it thinks I'm an idiot or something.
It's been available on several NSA and DISA websites for at least a few years. It's being freely given away to Federal agencies as a tool to help secure their networks (something NSA and DISA are suppoed to be doing). Not exactly much of a leak, eh?
It's not hard to gin up your own version of this with a little wmi scripting.
In order for the USB device to do anything, the host OS has to load the appropriate driver. Until it does so, you aren't getting anything other than 100ma at 5V(higher amperages quite possible, depending on the situation).
You've never dealt with some motherboard that don't regulate the current at all, eh? I've had a few, including some Dells that just fed 5-volts with a 1-amp limit to all the usb ports regardless.
Getting the OS to load a driver without noticing that it has loaded a driver(and without the benefit of exploit code, since you don't get to access that until the drive is mounted) would be quite a trick. Assuming this monitoring software isn't completely braindead, the fact that a USB mass storage device has been inserted, along with any interesting ID strings, will have already be sent to a monitoring server before your filesystem is even mounted. Any tampering you do at that point will just introduce suspicious discrepancies.
This tool isn't a monitor. You run it and it queries computers, enumerating the drivers/devices that it know about. It produces a list of computers, the vendor-ids/make/model of the usb devices that computer has seen, and if they are currently mounted.
Or plug it in before booting... since it detects drives as they are plugged in and unplugged.
Wrong. I've used the tool and its nothing special. It just queries a range of computers and queries the registry keys for usb devices that the OS knows about, and whether they are currently plugged in. So as soon as windows says "detected new device" then its been found. It happens to detect SATA drives plugged as well if they show up under "unplugged devices".
One trick for evading this tool is changing the registry permission on that key, but the tool will flag it as access denied. Still it was nice to know who's had an ipod plugged in so I could remind them of appropriate use of our computers. I usually knew who anyway because they also had itunes installed.
I find fans with ball or "fluid" bearings to be noisier than sleeve/bushing bearings with more noticeable tonals than broadband noise. They are only preferred because they outlive the cheap sleeve type fans. If you compare fans across a given size, you'll find that the noise level is proportional to the cfm/rpm irregardless of the brand.
So the important thing for a quiet fan is go big and go slow. Or for silent, go fanless. Use a heat pipe to channel the heat out to a heatsink on the back of the chassis. There are standard PC power supplies out there that do just this. There are passive cases which pull the heat from the CPU into the chassis. I don't see where this setup is anything special, myself.
Those apps ARE signed. If you look in the java control panel you'll see that there is a certificate for Sun installed. Remove that certificate and those apps behave just like all the other unsigned apps, and you'll get prompted first.
But you would have to get that DLL or SO there in the first place no?
There are methods of ensuring a given file is in the temp/cache directory. This just provides a method of executing it. The file name can be specified as a UNC? Which means it can download it from \\server\share\exploit.jar if you don't have netbios blocked at the firewall.
I tried to run their simple exploit demo, but it failed to load.
I just tested 1.6.0_18 and 1.6.0_19. Under IE8, both popped up an error that it couldn't download the exploit file. Firefox loaded Java, but nothing happened and no error was posted. So I would say, yes they are still vulnerable. It's just that the demo exploit file was not reachable.
Afaict it is possible to set up a "private" jvm and use it for just one app. Doing this for any apps that need it and either having no jvm installed where the browser can find it at all or keeping the one used by the browser up to date is probablly a sensible approach to reducing exposure.
From the perspective of someone who does security scanning and updates, these 'private' instances of java, mozilla, apache, etc are a pain in the arse. They simply never get any security updates. While it's debatable whether that represents a real vulnerability, it still gets red flagged by most security scanning software and has to get updated manually which often breaks that app.
He doesn't even make sense in his own fantasy land. I think he means statutory sexual assault--if kids are having sex with kids, then they're being victimized if they're underaged. However, statutory rape doesn't apply when both parties have consented, but are both underaged. It's called the Romeo and Juliet rule. Methinks this prosecutor should read the laws again before making grandiose pronouncements; after all, it's his FUCKING JOB to do so.
Speaking of making grandiose pronouncements without reading the law... Perhaps you should go look at the Wisconsin law, as it DOES NOT HAVE A ROMEO & JULIET clause, unless they are married. Or just start at http://www.ageofconsent.com/wisconsin.htm. Just because the attorney generally doesn't prosecute those cases, doesn't mean its legal.
Sounds more like releasing it for free means no income from MS to pay the insurance and server operating costs. Maybe the notion of a free game doesn't work if no-one pays for the server end of it?
Sure the company like to quote reduced gunshot detections, but the fact is that the murder and crime rates were unchanged. So either the system because less able to detect the shots or less shots were actually fired in the covered region. Maybe the criminals switched to smaller fireams, suppressors, or knives. Or maybe the gun range on the south side of town shutdown.
Besides, responding to a gunshot several minutes later is pointless once the criminals figure out not to stick around. I'm sure they know where the cameras are as well. Personally, putting up cameras (working or fake) is probably a better crime deterrent.
Slashdot Mirror
A very common misconception here. Simply plugging the leaking riser pipe will accomplish nothing as the riser pipe will burst shortly after you plug it. The main purpose of the BOP valve at the top of the well head is to regulate the pressure going up the relatively thin walled riser pipe. The riser has to be fairly thin otherwise its too heavy to hang from a surface ship. It can not sustain the full well pressure. This MUST be shut off at or below the well head valve.
You really want the Army.Marine Corp handling this? Guys with absolutely zero experience with oil drilling? The same guys that couldn't figure out how to kill the oil well fires in Iraq and had to contract it out to the industry experts?
Best practices are not being followed. A science based, data driven approach would mean, at the very least, doing what has worked in the past, and not doing what hasn't worked.
The use of a more dangerous, less effective dispersant in an untried, untested underwater application is also far from science based. But that was the dispersant BPs sister company had on hand to sell them, and with multiple board members sitting on both companies, I think we can say profits trumped science once again. As a liberal, I am very, very upset with the man I voted for right now. At least Bush was just an idiot with Katrina. Obama seems to be deliberately pandering to Big Oil.
Actually that is the dispersant of choice, simply because its available in sufficient quantities and has been successfully used in the past (although not is such large quantities at a single spill). US Polychemical Corporation has reportedly received an order from BP for Dispersit SPC 1000. They can only produce 60,000 gallons a day. Close to 500,000 of Corexit have already been used. The problem was do you wait for industry to make the alternative or do you use what you have on hand?
Just what are you expecting Obama to do? Fly down there and act like a pompous ass and pretend its a situation that he really has any control over? Everyone claims he didn't act right away, but the truth is that the EPA and Coast Guard are charged with the emergency response, reacted the same day, and don't require explicit presidential direction to act in an emergency. Declaring a state of emergency doesn't affect the response that was already underway. The fact is that most of the oversight and regulatory issues that created a higher risk of these accidents was Bush's fault (speaking of big oil controlled).
All of the true experts in this field are on this problem already. Most of the arm-chair quarterbacks and media pundits don't know what they are talking about, with BS ideas like dropping a nuke on it or burying the well head under concrete.
Boom and capture is not as easy as it sounds. The oil is being released a mile below the surface and getting carried great distances before coming to the surface. The booms are better used to protect areas further away.
Are you sure? Einstein thought it was possible, see wikipedia for the Einstein–Podolsky–Rosen paradox.
God forbid, a user that doesn't know how to configure a properly secured wifi network?
It should be up to the ISP to secure it. If your water utility springs a leak the water utility sends someone to fix it.
Not if the leak is on your side of the water meter. Or are you saying its the water companies fault when you leave the hose on and people stop by and have a drink.
Okay, I missed the Richard Stallman 'Free Software' reference. Do you honestly think there are more than a handful of users who care that the source is closed? Can you point to more than a few folks who have attempted to branch or modify Firefox, or even had the devs accept their inputs?
Oh please oh please can we PLEASE stop spreading this nonsense that FF ever innovated anything?
Just what are you claiming Mozilla innovated? Whatever you *think* they innovated,
Compare with this
I'll be completely honest, I don't care. It isn't Free Software. Until that changes, I'd rather use w3m than touch it.
Where the fuck have you been for the past 5 years? Of course Opera is free.
http://www.opera.com/press/releases/2005/09/20/
Does Firefox still crash if proxy.pac returns a null, which is perfectly valid per the netscape spec and even noted as such in the code? I haven't tried it since the bugzilla entry I started with lots of example code was closed and not fixed. The reason it was closed? It wasn't a priority as it didn't trigger a buffer overflow (my original concern), and the customer could simply fix their proxy.pac file.
So saying, 'spend time trying to improve the code' is laughable.
This might also explain people seeing angels and gods during violent storms? Or maybe they're just hallucinating because they are gullible? Seems quite hypocritical when a Christian claims that ball lightning does exist because no one can prove it's existence.
If it's just pixles glowing in the presence of incident IR, it would be worthless. You lose the whole concept of what direction the IR came from and end up with the equivalent of major glare on a smeary windsheild.
To take that analogy a step further. If the boss fires the forklift guy, he expects to get the keys to the forklift back.
There can't possibly be that many job openings in this field. This is about as silly as Unv Florida cranking out tons of degrees in marine biology when the reality is that there are less than 1000 of these specialty jobs in the US.
Or maybe IP address. If it's an AOL dialup user, they have already proven themselves gullible. :}
Or maybe 1 out of every 10,000 hits to the site got a slightly different page that did send the info. Who would know?
Nice that firefox won't even let me see the page source. I guess it thinks I'm an idiot or something.
They aren't. Someone leaked it.
It's been available on several NSA and DISA websites for at least a few years. It's being freely given away to Federal agencies as a tool to help secure their networks (something NSA and DISA are suppoed to be doing). Not exactly much of a leak, eh?
It's not hard to gin up your own version of this with a little wmi scripting.
In order for the USB device to do anything, the host OS has to load the appropriate driver. Until it does so, you aren't getting anything other than 100ma at 5V(higher amperages quite possible, depending on the situation).
You've never dealt with some motherboard that don't regulate the current at all, eh? I've had a few, including some Dells that just fed 5-volts with a 1-amp limit to all the usb ports regardless.
Getting the OS to load a driver without noticing that it has loaded a driver(and without the benefit of exploit code, since you don't get to access that until the drive is mounted) would be quite a trick. Assuming this monitoring software isn't completely braindead, the fact that a USB mass storage device has been inserted, along with any interesting ID strings, will have already be sent to a monitoring server before your filesystem is even mounted. Any tampering you do at that point will just introduce suspicious discrepancies.
This tool isn't a monitor. You run it and it queries computers, enumerating the drivers/devices that it know about. It produces a list of computers, the vendor-ids/make/model of the usb devices that computer has seen, and if they are currently mounted.
Or plug it in before booting ... since it detects drives as they are plugged in and unplugged.
Wrong. I've used the tool and its nothing special. It just queries a range of computers and queries the registry keys for usb devices that the OS knows about, and whether they are currently plugged in. So as soon as windows says "detected new device" then its been found. It happens to detect SATA drives plugged as well if they show up under "unplugged devices".
One trick for evading this tool is changing the registry permission on that key, but the tool will flag it as access denied. Still it was nice to know who's had an ipod plugged in so I could remind them of appropriate use of our computers. I usually knew who anyway because they also had itunes installed.
I find fans with ball or "fluid" bearings to be noisier than sleeve/bushing bearings with more noticeable tonals than broadband noise. They are only preferred because they outlive the cheap sleeve type fans. If you compare fans across a given size, you'll find that the noise level is proportional to the cfm/rpm irregardless of the brand.
So the important thing for a quiet fan is go big and go slow. Or for silent, go fanless. Use a heat pipe to channel the heat out to a heatsink on the back of the chassis. There are standard PC power supplies out there that do just this. There are passive cases which pull the heat from the CPU into the chassis. I don't see where this setup is anything special, myself.
IE8 opens the unsigned application right away without prompting. ;-((
http://java.sun.com/javase/technologies/desktop/javawebstart/demos.html
Those apps ARE signed. If you look in the java control panel you'll see that there is a certificate for Sun installed. Remove that certificate and those apps behave just like all the other unsigned apps, and you'll get prompted first.
Of course this is unrelated to the current flaw.
But you would have to get that DLL or SO there in the first place no?
There are methods of ensuring a given file is in the temp/cache directory. This just provides a method of executing it. The file name can be specified as a UNC? Which means it can download it from \\server\share\exploit.jar if you don't have netbios blocked at the firewall.
I tried to run their simple exploit demo, but it failed to load.
I just tested 1.6.0_18 and 1.6.0_19. Under IE8, both popped up an error that it couldn't download the exploit file. Firefox loaded Java, but nothing happened and no error was posted. So I would say, yes they are still vulnerable. It's just that the demo exploit file was not reachable.
Afaict it is possible to set up a "private" jvm and use it for just one app. Doing this for any apps that need it and either having no jvm installed where the browser can find it at all or keeping the one used by the browser up to date is probablly a sensible approach to reducing exposure.
From the perspective of someone who does security scanning and updates, these 'private' instances of java, mozilla, apache, etc are a pain in the arse. They simply never get any security updates. While it's debatable whether that represents a real vulnerability, it still gets red flagged by most security scanning software and has to get updated manually which often breaks that app.
He doesn't even make sense in his own fantasy land. I think he means statutory sexual assault--if kids are having sex with kids, then they're being victimized if they're underaged. However, statutory rape doesn't apply when both parties have consented, but are both underaged. It's called the Romeo and Juliet rule. Methinks this prosecutor should read the laws again before making grandiose pronouncements; after all, it's his FUCKING JOB to do so.
Speaking of making grandiose pronouncements without reading the law... Perhaps you should go look at the Wisconsin law, as it DOES NOT HAVE A ROMEO & JULIET clause, unless they are married. Or just start at http://www.ageofconsent.com/wisconsin.htm. Just because the attorney generally doesn't prosecute those cases, doesn't mean its legal.
why can't you just use cpp? It will work on all linuxes without much modification. And who gives a fuck about windows.
The approx 90% of computers that run Windows would care. Catering to an OS with only 1% of the market share like Linux is suicide. http://marketshare.hitslink.com/operating-system-market-share.aspx?qprid=8 http://www.statowl.com/operating_system_market_share_trend.php
Sounds more like releasing it for free means no income from MS to pay the insurance and server operating costs. Maybe the notion of a free game doesn't work if no-one pays for the server end of it?
Sure the company like to quote reduced gunshot detections, but the fact is that the murder and crime rates were unchanged. So either the system because less able to detect the shots or less shots were actually fired in the covered region. Maybe the criminals switched to smaller fireams, suppressors, or knives. Or maybe the gun range on the south side of town shutdown.
Besides, responding to a gunshot several minutes later is pointless once the criminals figure out not to stick around. I'm sure they know where the cameras are as well. Personally, putting up cameras (working or fake) is probably a better crime deterrent.