SSL is "broken" not by any flaw in the protocol itself but by the flawed trust model used.
Go through mozilla's list of trusted root certificates and realise that every organisation on that list has the power to MITM you without generating a certificate warning (and the power to delegate that power to "intermediate certs" owned by third parties) . Then ask youself whether you really trust every organisation on that list not to MITM you and not to delegate signing powers to an organisation you do not trust.
You can probablly trust SSL to keep most low level criminals out but if something really needs to be kept secret you should be managing keys yourself, ideally through face to face interactions.
My understanding is that it not generally the case.
The key thing to remember is that the GPL is a license to copy a copyrighted work. If a copier fails to comply with the GPL they have no valid license to copy and have therefore committed copyright infringement. They are liable for damages for that infringement and they can be served with an injunction to stop the infringing copying (and in theory I beleive criminal penalties could also apply in some jurisdictions) but afaict they cannot be forced to release the source.
Of course generally it's in everyones interests to settle and releasing the source code is likely to be part of that settlement
Depends, with anything like this you have to ask a few questions.
What is the cost of fixing the leak? What is the cost of the product that leaks per year at current prices? Is there any other cost to you for the leakage? What is the remaining lifetime on the pipe before it comes up for scheduled replacement anyway?
Based on these questions and various financial figures for the utility (what is their cost of funds? does the rate calculation algorithm consider the utility's spending and if so in what way? what is the inflation in natural gas prices?) you can then calculate if it's worth fixing the leak or not.
Actually to electrocute someone under normal conditions* you need both a sufficiently high open circuit voltage and a sufficiently high available current. If either of those is too low then you won't get sufficient current through the body to do significant damage.
That is why you can touch both terminals of your car battery at once, the short circuit current is huge (hundreds of amps) but the voltage is not sufficient to drive that current through the body under normal conditions.
In general things like electric fences are designed with a high open circuit voltage but a low short circuit current. This means that the current delivered to the body remains relatively constant (and hence can be designed to be high enough to be painful and yet low enough to be reasonablly safe) regardless of the skin resistance involved (which varies quite considerablly).
* That is external contact with the skin, if the skin is penatrated it takes far less voltage to push a deadly current.
One problem I see is the US doesn't have any border controls between states. So if some states are strict on scrap metal sales while others don't give a fuck what is stopping the theives simply driving to a state that doesn't give a fuck and selling it there?
IMO a balance has to be struck. there is a middle ground between no records at all and expecting people to account for every little peice of pipe/cable they strip out.
I haven't kept a close eye on ubuntu but debian armel and armhf are at about 98% while debian i386 and amd64 are at about 99.5%. Since ubuntu is based on debian i'd expect their figures to be similar.
Don't let the fact that the next unit of computing is marketed as having an i3 while the chip in his ITX build is marketed as a celeron fool you, look at the actual specs of the processor. A little extra cache and a slight core revision are not going to make up for a nearly 50% clockspeed difference.
I can't believe any sane fuel delivery company would sign a contract as simplistic as that. I'd at the very least expect a real contract to have "Force majeure" clauses and a set price for each day of downtime.
I can see how that makes sense mathematically, however using that strategy also makes you come across as a greedy asshole to your subordinates. If you believe the only way to save the company is to get the employees to accept a paycut is acting in a way that makes your subordinates think you are a greedy asshole really the best idea?
1. Game rental is still in its infancy online, and games are expensive. Get known for renting those.
Probablly not a bad idea right now for an existing buisness looking to extend it's life but be aware that this may be a short lived strategy. The technology exists to require online activation (with limited activation counts and/or fixed link to an account), all it requires is the console vendors to choose to do so and your game rental buisness is screwed.
Unlocking the bootloader lets you download ("flash") new software to your phone.
AIUI it lets you do other things too like boot images transferred from the host machine and boot the installed image with special boot options.
This provides a way of inserting the "rooting tool" and giving it the appropriate permissions without having to either exploit security holes or reflash the firmware.
But I agee it's strange that there is no official "rooting tool".....
To do that effectively means that the urls used for requesting adverts and providing tracking links need to be make in such a way that it's not reasonable* to match it as an advert without also blocking significant legitimate content.
That doesn't fit too well with the current model of ad agencies who run their own servers to select the ads and track the clicks and want it to be as easy as possible for websites to drop the ads in. Sure they could provide scripts for the website owners to run on their own servers but it would make setup harder and click-fraud easier. Unless done carefully it can also increase the vulnerability to xss attacks (one way round this would be to put advert related images on the same hostname as user submitted images which you want to xss-isolate from your main site anyway)
Is it possible? sure. Is is worth it? probablly not unless a lot more users start using ad blockers.
* Like with captcha's the definition of reasonable depends a lot on the size of the site. Small sites just need to avoid using generic schemes that generic blockers know about. Larger sites have to assume an ad-blocker will be designed with specific rules targetting their site.
At the uni i'm at they banned the things in dorms, probablly partly for that reason and partly also they didn't want students letting just anyone onto the network.
BTW you can now get switches with port protection features that will protect against rogue DHCP servers like this.
The problem is how to do it while keeping things easy for the users. At least the WPA enterprise setups i've seen have looked like a pain to configure on the client end (though that may have just been the unversity being too cheap to pay for certificates) and have the problem that you have no way of giving instructions before the user is connected. VPNs often require considerable setup too. Yes you could distribute a preconfigured VPN client but how many of your guests will want to install your software just to get online.
Unsecured wifi with http hijacking based unlocks is insecure as heck but it's also easy to use, requires no special software on the clients and allows instructions to be given to the user (where to get login details if wifi is included, how to pay if not) and even payments to be processed before the users is logged in to the network. They may get the occasional freeloader using mac spoofing but I doubt it happens often enough for them to care and if secrets are stolen it is likely to be very difficult to trace the incident back to the hotel.
Very little electricity in the US comes from oil anyway so adding renewables or nuclear won't in itself really change their vulnerability to oil prices. Afaict the same applies in most of europe.
If we really want to diversify our portable situation we need to either move away from local and inflexible burning of fossil fuels towards more centralised soloutions or invest in technology for converting between different fossil fuels.
AMD processors all support ECC memory, while Intel usually only supports it in the Xeon processors (which can cost thousands of dollars).
While there are some very expensive xeon processors they aren't the ones that are relavent here. The relavent ones are those that have ECC support but are otherwise comparable to the desktop parts.
Intel does charge a bit more for xeon processors than equivalent desktop processors but the difference isn't massive as you imply. For example looking on newegg an "i7-3770K" is $319.99 while a "Xeon E3-1275 V2" is 356.99
The main downsides of going the xeon route ar lack of overclockability and needing a server board to take advantages of them. But IMO if you are the sort of person who needs ECC neither of those is likely to be a big issue for you.
I can't imagine what people with super expensive equipment couple to XP systems that are ready to fall over dead are planning to do when (not if) that happens.
It's not like expensive equipment ending up dependent on outdated computing hardware is a new problem. Whether it's VME based sparc systems or 486's running win3.1 with ISA based cards. In general it's possible to cobble together hardware to get them going again (using ebay if necessary) when a component fails but there is always the nagging worry that you eventually won't be able to find a component that works. Some places keep stockpiles of parts.
Though the brand new dell optiplex desktops we are using at uni can still run XP so for the next few years at least there will be machines that can run XP on the "demoted computers" piles round here. Realisically probablly longer than that as some computers get demoted more than once;).
We crack long alkanes because that makes more valuable shorter alkanes AND alkenes for plastic production but afaict there is flexibility in what we decide to crack (and if so how many times) vs what we decided to use directly
Generally oil is traded internationally and is relatively easy to ship arround the world so an impact of supply in one place will affect oil users across the world, even places that don't import much from the impacted source as the price settles at a level where demand balances the (now reduced) supply.
The US government could try and decouple the US oil market from the world oil market. For example it could subsidise oil imports and tax oil exports but since afaict the US is a net importer that would be very expensive for them and by very unpopular with US oil companies.
Slashdot Mirror
How did a banking company in my country get a certificate for a domain in a completely different country?
Same way they get a certificate for any other domain they legitimately own.
Just because a domain is in a foreign TLD doesn't mean they don't legitimately own it .
SSL is "broken" not by any flaw in the protocol itself but by the flawed trust model used.
Go through mozilla's list of trusted root certificates and realise that every organisation on that list has the power to MITM you without generating a certificate warning (and the power to delegate that power to "intermediate certs" owned by third parties) . Then ask youself whether you really trust every organisation on that list not to MITM you and not to delegate signing powers to an organisation you do not trust.
You can probablly trust SSL to keep most low level criminals out but if something really needs to be kept secret you should be managing keys yourself, ideally through face to face interactions.
Heck there is a place in the UK where a public footpath crosses a runway.
My understanding is that it not generally the case.
The key thing to remember is that the GPL is a license to copy a copyrighted work. If a copier fails to comply with the GPL they have no valid license to copy and have therefore committed copyright infringement. They are liable for damages for that infringement and they can be served with an injunction to stop the infringing copying (and in theory I beleive criminal penalties could also apply in some jurisdictions) but afaict they cannot be forced to release the source.
Of course generally it's in everyones interests to settle and releasing the source code is likely to be part of that settlement
Depends, with anything like this you have to ask a few questions.
What is the cost of fixing the leak?
What is the cost of the product that leaks per year at current prices?
Is there any other cost to you for the leakage?
What is the remaining lifetime on the pipe before it comes up for scheduled replacement anyway?
Based on these questions and various financial figures for the utility (what is their cost of funds? does the rate calculation algorithm consider the utility's spending and if so in what way? what is the inflation in natural gas prices?) you can then calculate if it's worth fixing the leak or not.
Actually to electrocute someone under normal conditions* you need both a sufficiently high open circuit voltage and a sufficiently high available current. If either of those is too low then you won't get sufficient current through the body to do significant damage.
That is why you can touch both terminals of your car battery at once, the short circuit current is huge (hundreds of amps) but the voltage is not sufficient to drive that current through the body under normal conditions.
In general things like electric fences are designed with a high open circuit voltage but a low short circuit current. This means that the current delivered to the body remains relatively constant (and hence can be designed to be high enough to be painful and yet low enough to be reasonablly safe) regardless of the skin resistance involved (which varies quite considerablly).
* That is external contact with the skin, if the skin is penatrated it takes far less voltage to push a deadly current.
One problem I see is the US doesn't have any border controls between states. So if some states are strict on scrap metal sales while others don't give a fuck what is stopping the theives simply driving to a state that doesn't give a fuck and selling it there?
IMO a balance has to be struck. there is a middle ground between no records at all and expecting people to account for every little peice of pipe/cable they strip out.
I haven't kept a close eye on ubuntu but debian armel and armhf are at about 98% while debian i386 and amd64 are at about 99.5%. Since ubuntu is based on debian i'd expect their figures to be similar.
Does anyone actually make a thunderbolt to gigabit ethernet adaptor that has a second port for daisy chaining?
neither of those are comparably quick
Don't let the fact that the next unit of computing is marketed as having an i3 while the chip in his ITX build is marketed as a celeron fool you, look at the actual specs of the processor. A little extra cache and a slight core revision are not going to make up for a nearly 50% clockspeed difference.
I can't believe any sane fuel delivery company would sign a contract as simplistic as that. I'd at the very least expect a real contract to have "Force majeure" clauses and a set price for each day of downtime.
I can see how that makes sense mathematically, however using that strategy also makes you come across as a greedy asshole to your subordinates. If you believe the only way to save the company is to get the employees to accept a paycut is acting in a way that makes your subordinates think you are a greedy asshole really the best idea?
1. Game rental is still in its infancy online, and games are expensive. Get known for renting those.
Probablly not a bad idea right now for an existing buisness looking to extend it's life but be aware that this may be a short lived strategy. The technology exists to require online activation (with limited activation counts and/or fixed link to an account), all it requires is the console vendors to choose to do so and your game rental buisness is screwed.
Unlocking the bootloader lets you download ("flash") new software to your phone.
AIUI it lets you do other things too like boot images transferred from the host machine and boot the installed image with special boot options.
This provides a way of inserting the "rooting tool" and giving it the appropriate permissions without having to either exploit security holes or reflash the firmware.
But I agee it's strange that there is no official "rooting tool".....
To do that effectively means that the urls used for requesting adverts and providing tracking links need to be make in such a way that it's not reasonable* to match it as an advert without also blocking significant legitimate content.
That doesn't fit too well with the current model of ad agencies who run their own servers to select the ads and track the clicks and want it to be as easy as possible for websites to drop the ads in. Sure they could provide scripts for the website owners to run on their own servers but it would make setup harder and click-fraud easier. Unless done carefully it can also increase the vulnerability to xss attacks (one way round this would be to put advert related images on the same hostname as user submitted images which you want to xss-isolate from your main site anyway)
Is it possible? sure. Is is worth it? probablly not unless a lot more users start using ad blockers.
* Like with captcha's the definition of reasonable depends a lot on the size of the site. Small sites just need to avoid using generic schemes that generic blockers know about. Larger sites have to assume an ad-blocker will be designed with specific rules targetting their site.
At the uni i'm at they banned the things in dorms, probablly partly for that reason and partly also they didn't want students letting just anyone onto the network.
BTW you can now get switches with port protection features that will protect against rogue DHCP servers like this.
The problem is how to do it while keeping things easy for the users. At least the WPA enterprise setups i've seen have looked like a pain to configure on the client end (though that may have just been the unversity being too cheap to pay for certificates) and have the problem that you have no way of giving instructions before the user is connected. VPNs often require considerable setup too. Yes you could distribute a preconfigured VPN client but how many of your guests will want to install your software just to get online.
Unsecured wifi with http hijacking based unlocks is insecure as heck but it's also easy to use, requires no special software on the clients and allows instructions to be given to the user (where to get login details if wifi is included, how to pay if not) and even payments to be processed before the users is logged in to the network. They may get the occasional freeloader using mac spoofing but I doubt it happens often enough for them to care and if secrets are stolen it is likely to be very difficult to trace the incident back to the hotel.
Very little electricity in the US comes from oil anyway so adding renewables or nuclear won't in itself really change their vulnerability to oil prices. Afaict the same applies in most of europe.
If we really want to diversify our portable situation we need to either move away from local and inflexible burning of fossil fuels towards more centralised soloutions or invest in technology for converting between different fossil fuels.
AMD processors all support ECC memory, while Intel usually only supports it in the Xeon processors (which can cost thousands of dollars).
While there are some very expensive xeon processors they aren't the ones that are relavent here. The relavent ones are those that have ECC support but are otherwise comparable to the desktop parts.
Intel does charge a bit more for xeon processors than equivalent desktop processors but the difference isn't massive as you imply. For example looking on newegg an "i7-3770K" is $319.99 while a "Xeon E3-1275 V2" is 356.99
The main downsides of going the xeon route ar lack of overclockability and needing a server board to take advantages of them. But IMO if you are the sort of person who needs ECC neither of those is likely to be a big issue for you.
I can't imagine what people with super expensive equipment couple to XP systems that are ready to fall over dead are planning to do when (not if) that happens.
It's not like expensive equipment ending up dependent on outdated computing hardware is a new problem. Whether it's VME based sparc systems or 486's running win3.1 with ISA based cards. In general it's possible to cobble together hardware to get them going again (using ebay if necessary) when a component fails but there is always the nagging worry that you eventually won't be able to find a component that works. Some places keep stockpiles of parts.
Though the brand new dell optiplex desktops we are using at uni can still run XP so for the next few years at least there will be machines that can run XP on the "demoted computers" piles round here. Realisically probablly longer than that as some computers get demoted more than once ;).
We crack long alkanes because that makes more valuable shorter alkanes AND alkenes for plastic production but afaict there is flexibility in what we decide to crack (and if so how many times) vs what we decided to use directly
BTW wine can run 16-bit windows apps on 64-bit linux.
Presumablly that depends on just how many of those 140-char snippets are sent....
Generally oil is traded internationally and is relatively easy to ship arround the world so an impact of supply in one place will affect oil users across the world, even places that don't import much from the impacted source as the price settles at a level where demand balances the (now reduced) supply.
The US government could try and decouple the US oil market from the world oil market. For example it could subsidise oil imports and tax oil exports but since afaict the US is a net importer that would be very expensive for them and by very unpopular with US oil companies.