Also, regex queries would be very difficult to implement on search engines (if not impossible), coz the nature of search is different. In every regex query, the pattern is the one which is pre-processed, while in search engines, the text is pre-processed. Because of the different nature of pre-processing involved, regex on search engines might not be possible.
As if interference from nearby wireless networks was not enough !! They're using 802.11b network. Do they realize that a 802.11g network gets very badly affected if there's a 11b network nearby ?
Couldn't it have been done through wires, or bluetooth, or custom radio, or whatever....
Your point is well taken. However, this does not take away the fact that they are facilitating a crime.
In fact, in 99% of the cases, this would be meant only for these unscrupulous OEMs (1% to take the theoretical possiblity of someone trying to fool their friends that he's got a high end machine)
IANAL but facilitating a crime (very obviously here), is itself a crime in most of the countries, AFAIK.
I'm surprised at their audacity to openly claim all this, and to top it all, justify it. Lets not confuse audacity with honesty here. They are not honest guys and should be taken to task for this.
This may not be your answer, but most of the times, a part of the chip is disabled for a reason.
A lot of people think that manufacturers just enable/disable functionality and sell them as premium/standard offerings. This is a wrong thought.
Caches take a decent amount of silicon. Very often the silicon yeild is not good, in which case caches are not 100% reliable, which is why they are instead marked as disabled, and the chip sold at a lower rate.
Even if you manage to enable these caches, they may not work for you reliably.
No, that's not the issue. The good old PSTN is public and insecure
Just coz it wasn't done doesn't mean it shouldn't have been done. That is why its a good thing that this is happening now. People are taking security more seriously.
Whether it makes money for them is not the issue. The issue is that anything that is transmitted over a public channel is open for analysis, and hence private information need to be secure.
Its very encouraging to see that they are taking a methodical approach to securing this. It is a hint that people are starting to take security in every public channel very seriously.
I would very readily give money to someone who makes me more secure about my communications.
However, google does seem to have contracts with certain libraries to scan their books, so they are not just randomly grabbing copyrighted material and scanning it.
IANAL, but do the libraries have the right to transfer the copyright to another entity ? I guess the absence of this right is the main reason why photocopies of books are not allwed by libraries.
I don't know about the range and all. What I can tell is that I used to keep my company ID card (RFID based) in my wallet.
I never really needed to bring my card out for swiping. I just brought my wallet in front of the scanner (at least 2 cms distance), and it worked.
I wonder if in a subway, a guy could bring a scanner close enough to my pocket and sniff our my CC info.
Worse, if the info is static, all he needs to do is replicate the same signals using any damn device. He doesn't even need to build another card, or decode the info.
True, partly.....You can still write programs on Windows which can be secure.
IE is insecure coz it tries to do much more than what it should (ActiveX etc). It tries to go beyond being a browser and tries to give a "whole user experience", which is why its tied a bit deeply into the OS (possible to remove though, as another poster said)
A basic design policy of programs should be that they should stick strictly to what they are supposed to do. If they try to be oversmart, they end up like this.
PS: I do agree with the vulnerability of Windows though. However, IE's bugs are not always related to it.
You are absolutely correct. But in the history of windows, actually it has been rather easy to elevate the priveleges (Ever came across LSA in list of exploits for windows ?)
In this particular case, it was a dll injection mechanism AFAIK.
While I agree with your "securing a million dollar tank with a clothesline peg" statement, the actual discard of the older algos might make a lot of sense from a decision making perspective.
This is going to be a major (debatable) release for Microsoft after a long long time. Typically the time gap between major releases is huge for microsoft. In this time gap, all kinds of new attacks against crypto algos are discovered (http://it.slashdot.org/article.pl?sid=05/08/18/22 47245&tid=93&tid=172).
If they don't drop the old algos, they are basically promising support for them for that major gap of time, in which it can become quite vulnerable. By choosing the latest (plus highly verified world over) algos, they are at least trying to be in a safe position (which of course can be compromised by other ways, but thats not the point i'm making here).
From a management perspective, it makes good sense to discard the old algos.
My guess is, as soon as the judges know that wikipedia is a volunteer based service (which in fact faces defacement of pages often), it would stop being accepted as a source.
In law you need to be sure beyond any doubt. As much as I would've wished otherwise (at times), it remains that way, and would remain that way.
Not that apple shouldn't have done checks at home, but given the fact that most employees are aware that they can be easily monitored under company premises (especially when working on a secretive stuff), most of such sources would typically NOT use company resources, so it doesn't make much sense to search them.
Instead ask the "journalist" himself.
Again, Apple SHOULD have done checks at home, just to be on the safe side of law at least.
old style logging. why not just log the exception to a file (as its usually done), and mail it to the programmers at a regular interval. why waste so much of bandwidth, especially in the case where things go horribly wrong and exceptions are thrown just about everywhere.
also, is this mechanism asynchronous ? coz synchronous would mean a lot of latency added to that particular thread, since things are now getting reported to some remote portal.
IMHO, its just another wasteful use of web services. just coz its the fashionable term these days doesn't mean it should be used for all purposes.
web services for exception reporting.....aarrgghhhh !!!
Slashdot Mirror
Nice
At the risk of sounding redundant/irrelevant, thats called stemming. It brings any word into its "root" form. See http://www.comp.lancs.ac.uk/computing/research/ste mming/general/
Also, regex queries would be very difficult to implement on search engines (if not impossible), coz the nature of search is different. In every regex query, the pattern is the one which is pre-processed, while in search engines, the text is pre-processed. Because of the different nature of pre-processing involved, regex on search engines might not be possible.
As if interference from nearby wireless networks was not enough !! They're using 802.11b network. Do they realize that a 802.11g network gets very badly affected if there's a 11b network nearby ?
Couldn't it have been done through wires, or bluetooth, or custom radio, or whatever....
Your point is well taken. However, this does not take away the fact that they are facilitating a crime.
In fact, in 99% of the cases, this would be meant only for these unscrupulous OEMs (1% to take the theoretical possiblity of someone trying to fool their friends that he's got a high end machine)
IANAL but facilitating a crime (very obviously here), is itself a crime in most of the countries, AFAIK.
I'm surprised at their audacity to openly claim all this, and to top it all, justify it. Lets not confuse audacity with honesty here. They are not honest guys and should be taken to task for this.
This may not be your answer, but most of the times, a part of the chip is disabled for a reason.
A lot of people think that manufacturers just enable/disable functionality and sell them as premium/standard offerings. This is a wrong thought.
Caches take a decent amount of silicon. Very often the silicon yeild is not good, in which case caches are not 100% reliable, which is why they are instead marked as disabled, and the chip sold at a lower rate.
Even if you manage to enable these caches, they may not work for you reliably.
Zhan defended Chuanghui's sale of remarked chips, saying the company makes no attempt to hide what was done to the chips
I wonder why they're offering the masking software then ?
On another note, how do they plan to mask it on non-Windows OSs.
No, that's not the issue. The good old PSTN is public and insecure
Just coz it wasn't done doesn't mean it shouldn't have been done. That is why its a good thing that this is happening now. People are taking security more seriously.
Whether it makes money for them is not the issue. The issue is that anything that is transmitted over a public channel is open for analysis, and hence private information need to be secure.
Its very encouraging to see that they are taking a methodical approach to securing this. It is a hint that people are starting to take security in every public channel very seriously.
I would very readily give money to someone who makes me more secure about my communications.
pardon me if i might sound redundant or ignorant, but why shouldn't md5 be considered a free algorithm ?
I wonder how does this affect the file integrity checkers. A lot of these softwares store hashes and use them to verify if a file has changed.
So the next time someone installs a root kit, he just needs to do it in a way TFA points out.
However, google does seem to have contracts with certain libraries to scan their books, so they are not just randomly grabbing copyrighted material and scanning it.
IANAL, but do the libraries have the right to transfer the copyright to another entity ? I guess the absence of this right is the main reason why photocopies of books are not allwed by libraries.
I don't know about the range and all. What I can tell is that I used to keep my company ID card (RFID based) in my wallet.
I never really needed to bring my card out for swiping. I just brought my wallet in front of the scanner (at least 2 cms distance), and it worked.
I wonder if in a subway, a guy could bring a scanner close enough to my pocket and sniff our my CC info.
Worse, if the info is static, all he needs to do is replicate the same signals using any damn device. He doesn't even need to build another card, or decode the info.
True, partly.....You can still write programs on Windows which can be secure.
IE is insecure coz it tries to do much more than what it should (ActiveX etc). It tries to go beyond being a browser and tries to give a "whole user experience", which is why its tied a bit deeply into the OS (possible to remove though, as another poster said)
A basic design policy of programs should be that they should stick strictly to what they are supposed to do. If they try to be oversmart, they end up like this.
PS: I do agree with the vulnerability of Windows though. However, IE's bugs are not always related to it.
You are absolutely correct. But in the history of windows, actually it has been rather easy to elevate the priveleges (Ever came across LSA in list of exploits for windows ?)
In this particular case, it was a dll injection mechanism AFAIK.
But along with Win2k, doesn't that break connectivity with WinXP too ? AFAIK WinXP also uses NTLM (v2 I guess).
9 5).
Microsoft has been a company which actually puts extra code in their kernel to keep buggy software compatible with its new releases (http://www.kuro5hin.org/story/2004/2/15/71552/77
Its hard to believe microsoft would actually go to this extent. On the other hand, they might be taking a very fresh approach to their new OS
While I agree with your "securing a million dollar tank with a clothesline peg" statement, the actual discard of the older algos might make a lot of sense from a decision making perspective.
2 47245&tid=93&tid=172).
This is going to be a major (debatable) release for Microsoft after a long long time. Typically the time gap between major releases is huge for microsoft. In this time gap, all kinds of new attacks against crypto algos are discovered (http://it.slashdot.org/article.pl?sid=05/08/18/2
If they don't drop the old algos, they are basically promising support for them for that major gap of time, in which it can become quite vulnerable. By choosing the latest (plus highly verified world over) algos, they are at least trying to be in a safe position (which of course can be compromised by other ways, but thats not the point i'm making here).
From a management perspective, it makes good sense to discard the old algos.
Add to it the fact that they didn't use to clear off the clear text passwd (as entered by user) from the memory.
As a result of this, people could easily do a memory scan of lsass.exe to get the passwds of last few users who had logged on.
See http://www.cr0.net:8040/misc/cachedump.html
wasn't NTLM slightly based on/uses DES ? If thats the case, then does it mean that they are changing the algo used in SAM too ?
that investment firms and R&D don't go together well......
I know that not everyone in R&D is a brilliant scientist, but in the long run, its the R&D that helps the industry move forward
On a side note however, anything worthwhile coming out of Novell's R&D these days ?
My guess is, as soon as the judges know that wikipedia is a volunteer based service (which in fact faces defacement of pages often), it would stop being accepted as a source.
In law you need to be sure beyond any doubt. As much as I would've wished otherwise (at times), it remains that way, and would remain that way.
that they were using Wikipedia and Google to prove the references. They are good for us people, but in a court.......no way !!
Not that apple shouldn't have done checks at home, but given the fact that most employees are aware that they can be easily monitored under company premises (especially when working on a secretive stuff), most of such sources would typically NOT use company resources, so it doesn't make much sense to search them.
Instead ask the "journalist" himself.
Again, Apple SHOULD have done checks at home, just to be on the safe side of law at least.
actually, a blog's pubic settings really should be matter of grave privacy concern....
not to nitpick, but the context was so good that couldn't help....sorry
governments use this to figure out which bloggers of their country are violating regulations ?
PS: Not referring to singapore case in particular.
old style logging. why not just log the exception to a file (as its usually done), and mail it to the programmers at a regular interval. why waste so much of bandwidth, especially in the case where things go horribly wrong and exceptions are thrown just about everywhere.
also, is this mechanism asynchronous ? coz synchronous would mean a lot of latency added to that particular thread, since things are now getting reported to some remote portal.
IMHO, its just another wasteful use of web services. just coz its the fashionable term these days doesn't mean it should be used for all purposes.
web services for exception reporting.....aarrgghhhh !!!