there is no link here to any article that claims Microsoft has no plans to patch the flaw.
To be fair the summary states
it has no plans to patch the flaw right now
Which is in the 2nd link actually.
Microsoft said it is investigating the flaw and looking at possible solutions, however there was no clear indication that the company intends to patch the flaw in the near future.
Well, from that quote to the summary, there is quite a stretch, but what did you expect ?
For any given sample, 1/10th of them will be necessary.
I'm sorry but you're wrong. That's not how stats are working.
Let's play heads or tails. Each toss has a 50% chance of being heads. According to you, for any number of tosses, 50% of them will be heads. In other words, you're saying that there is a 100% chance that half of them will be heads.
For a sample of two tosses, that would mean a 100% probability of one head(s) and one tail(s). I hope that you see how this is wrong. You would actually have 50% probability of one head and one tail, 25% probability of two heads, 25% probability of two tails.
For a sample of size n, 10% probability for a piece of data to be necessary, the correct formula says that the probability for at least one element of the sample to be necessary is 1-(0.9^n), which quickly approches 1 (100%) as n increases.
Now, a MUCH more useful set of data is probability over time. 1/10 within 10 years? 5 years? 1 week?
It depends of what you mean by probability over time. What I can tell you is that as more time elpases, the probability of an element to be necessary (more correctly, to having been necessary) increases. The 90% never read is supposedly for an infinity of time (that's what "never" means, right ?).
If each piece of data has 90% probability of not beaing read again...
You discard only 10 pieces out of 100, or out of 1 billion, whatever...
The probability that none of these 10 pieces of data would have ever been needed again is 0.9^10 = 0.348 = 34.8%
Which means that you keep all of your data.
Caveats :
This assumes that all pieces have equal interest (but maybe you store a field that the interface doesn't allow you to retrieve).
Assuming a random access on the 10% used, if you remove 10 out of 100, you have a much more important retrieve failure than if you remove 10 out of a billion. Some retrieve failure rate could be acceptable.
Also got an Apple II joystick from bulky waste (cheaper than eBay, but you need some luck;) )
You can apparently make a DE-9 -> game port adapter relatively easily. That link isn't about an adapter, but a cable replacement. It might still be useful because the resistors are likely still needed when doing an adapter.
That's where I will stop (as I have plenty of hardware with game ports), but you can find off-the-shelf game port -> USB converters for an easy solution.
Good luck programming the PIC, I've heard that doing a proper USB interface implementation is quite challenging:)
It is an update to a previous story from a little less than two months ago. The piece of news here is that Stanford University also does that. It is a story because of the "what could possibly go wrong" aspect.
DMCA is about copyright, not patents, so they shouldn't take down your application for presumed patent infringement. Tetris shouldn't be patentable anyway, but I wouldn't bet on what the USPTO would actually patent, whatever their policies are stating.
AFAIK, takedown notices are preemptive strikes that you can object to.
Write to Google that you own the copyright on your application and that The Tetris Company, LLC claims are illegitimate.
From the wikipedia:
Takedown notices targeting a competing business made up over half (57%) of the notices Google has received, the company said, and more than one-third (37%), "were not valid copyright claims."
The Tetris Company, LLC seems to simply abuse the DMCA.
You can simply remove your.gconf directory after the installation (of course, you will need to use the text console, or another window manager that handles updates more gracefully).
I personnally remove.gconf*.gnome*.gtk*, just to be sure.
Little Johny Normalization is a great example in that department, too.
It's Little Bobby Tables, actually.
Fun fact (for some values of fun):
Searching for "Little Johny Normalization xkcd" without quotes on google points to this thread for the first result (congratulations !), and the correct xkcd page as the second result, which contains only xkcd (and little, but as an image): These search terms are highlighted: xkcd These terms only appear in links pointing to this page: little johny normalization.
Searching for the same on bing points to the same first result, but the xkcd page is nowhere to be seen.
the real choice is "write for iPhone, or write for every other platform". I hope developers are bright enough to see where this is going.
Well, that's for the smartphone world. In the PC desktop world, the real choice is "write for MS-Windows, or write for every other platform".
And software companies (have developers actually a choice in choosing the technology ?) are bright enough to go where the dominant market player (money) is, which is MS-Windows.
I wrote my previous post under the misunderstanding that governmental agencies could get a copy of the original certificate private key, not that they could get a different private key with the same certification information.
That second case of course mean that "trusted" certificates are neither better nor worse than self-signed certificate. This is a MITM attack that only works well in the case of a first connection (as you should be wary of a certificate change as long as the preexisting certificate didn't expire).
In the first case, however, it would mean than the government could impersonate the certificate owner at any time, which is not possible with a self-signed certificate, as you're only ever giving the public key.
This is of course overlooking the fact that you're not giving your private key to the certification organism either, but a certificate signing request.
Ah, New Math. Nobody seems to have posted the old joke yet, so here it is for your enjoyment.
The Classic Math Pro
In 1960 "A logger sells a truckload of lumber for $100. His cost of production is 4/5 of this price. What is his profit?"
In 1970 (traditional math): "A logger sells a truckload of lumber for $100. His cost of production is 4/5 of this price; in other words $80. What is his profit?
In 1970 (new math): "A logger exchanged a set L of lumber for a set M of money. The cardinality of set M is 100, and each element is worth $1. Make one hundred dots representing the elements of the set M. The set C of the costs of production contains 20 fewer points than set M. Represent the set C as a subset of M, and answer the following question: 'What is the cardinality of the set P of profits?'"
In 1980: "A logger sells a truckload of wood for $100. His cost of production is $80, and his profit is $20. Your assignment: underline the number 20."
In 1990 (outcome based education): "By cutting down beautiful forest trees, a logger makes $20. What do you think of this way of making a living? (Topic for class participation: How did the forest birds and squirrels feel?)"
- Extracted from "21st Century Science and Technology," Winter, 1993-4, p.12
Instead of looking for known patterns -- whether of instructions and data, or of actions -- wouldn't it be great if we could look for anything that is malicious? That may sound like a pipe dream.
Not to me.
[...]
This tells us a few interesting things. We can guarantee detection of malware. And that includes zero-day attacks and rootkits.
Even with your interpretation:
We can even guarantee that we will detect malware that infected a device before we installed our detection program.
You can't detect known malware that way if it virtualizes the computer, because you will only scan for the memory the malware is willing to show you.
By the way, the following assumption is unworkable:
Assume now that we have a detection algorithm that runs in kernel mode, and that swaps out everything in RAM. Everything except itself.
You can't swap out many parts of the kernel. And I'm pretty sure kernel space parts of a rootkit won't let themselves swap out. Which does not mean uncooperative kernel modules are malware. If you're swapping out the disk driver, how will you get it back ? But maybe this exact disk driver is infected by the rootkit ?
You've been modded funny, but this is exactly what this "article" is all about.
If there is no malware in RAM, the results will be the expected result. [...] Or there could be malware in RAM, and the checksum will be wrong. [...] Or malware could divert the read requests [...] . That would result in the right checksum... but a delay.
Or, there could be malware in RAM, not diverting read requests, and the checksum will be the expected result, and without a delay.
The only problem with Markus Jakobsson grand theory is that all malware are of that last kind. Well, all malware since the memory protection era. I suppose his "product" could work for DOSes (but there is no multitasking there) Windows 3, MacOS9, AmigaOS and some embedded OSes. And if the malware does virtualization, he is located in a memory area that his product won't be able to scan anyway.
Slashdot Mirror
there is no link here to any article that claims Microsoft has no plans to patch the flaw.
To be fair the summary states
it has no plans to patch the flaw right now
Which is in the 2nd link actually.
Microsoft said it is investigating the flaw and looking at possible solutions, however there was no clear indication that the company intends to patch the flaw in the near future.
Well, from that quote to the summary, there is quite a stretch, but what did you expect ?
Well, if you RTFA...
1. Starcraft
2. WoW
3. Diablo
4. Blizzard's "secret new MMO"
5. Bungie‘s unnannounced new IP <- You missed that one
6. Guitar Hero
7. Call of Duty
For any given sample, 1/10th of them will be necessary.
I'm sorry but you're wrong. That's not how stats are working.
Let's play heads or tails.
Each toss has a 50% chance of being heads.
According to you, for any number of tosses, 50% of them will be heads. In other words, you're saying that there is a 100% chance that half of them will be heads.
For a sample of two tosses, that would mean a 100% probability of one head(s) and one tail(s).
I hope that you see how this is wrong. You would actually have 50% probability of one head and one tail, 25% probability of two heads, 25% probability of two tails.
For a sample of size n, 10% probability for a piece of data to be necessary, the correct formula says that the probability for at least one element of the sample to be necessary is 1-(0.9^n), which quickly approches 1 (100%) as n increases.
Now, a MUCH more useful set of data is probability over time. 1/10 within 10 years? 5 years? 1 week?
It depends of what you mean by probability over time. What I can tell you is that as more time elpases, the probability of an element to be necessary (more correctly, to having been necessary) increases. The 90% never read is supposedly for an infinity of time (that's what "never" means, right ?).
If each piece of data has 90% probability of not beaing read again...
You discard only 10 pieces out of 100, or out of 1 billion, whatever...
The probability that none of these 10 pieces of data would have ever been needed again is 0.9^10 = 0.348 = 34.8%
Which means that you keep all of your data.
Caveats :
Well there definitely is a low-tech version ;)
Also got an Apple II joystick from bulky waste (cheaper than eBay, but you need some luck ;) )
You can apparently make a DE-9 -> game port adapter relatively easily. That link isn't about an adapter, but a cable replacement. It might still be useful because the resistors are likely still needed when doing an adapter.
That's where I will stop (as I have plenty of hardware with game ports), but you can find off-the-shelf game port -> USB converters for an easy solution.
Good luck programming the PIC, I've heard that doing a proper USB interface implementation is quite challenging :)
> Seems like a non-story to me
It is an update to a previous story from a little less than two months ago.
The piece of news here is that Stanford University also does that.
It is a story because of the "what could possibly go wrong" aspect.
Funny, but sadly you swapped min and max (and forgot closing parenthesis) :
max(5, log(signal_strengh_dB)) >= 5
therefore
min(0, max(5, log(signal_strengh_dB))) == 0
min(3, max(5, log(signal_strengh_dB))) == 3
Swapping min and max :
min(5, log(signal_strengh_dB)) <= 5
0 <= max(0, min(5, log(signal_strengh_dB))) <= 5
3 <= max(3, min(5, log(signal_strengh_dB))) <= 5
Damn, my mod points just expired.
Mod parent informative, it doesn't deserve a funny (I suppose it is due to a misclick).
Am I the only...person who doesn't find the noise annoying? (Just curious.)
No, you're not, I'm in the same position. I'm not watching BTW ;)
Talk about cultural intolerance...
Oh, but starting your answer in the title, however, IS definitely annoying ;)
Well, it's the closest prime UID to 1337, but it's still not 1337. Lame.
DMCA is about copyright, not patents, so they shouldn't take down your application for presumed patent infringement. Tetris shouldn't be patentable anyway, but I wouldn't bet on what the USPTO would actually patent, whatever their policies are stating.
AFAIK, takedown notices are preemptive strikes that you can object to.
Write to Google that you own the copyright on your application and that The Tetris Company, LLC claims are illegitimate.
From the wikipedia :
Takedown notices targeting a competing business made up over half (57%) of the notices Google has received, the company said, and more than one-third (37%), "were not valid copyright claims."
The Tetris Company, LLC seems to simply abuse the DMCA.
You don't need to go that far.
You can simply remove your .gconf directory after the installation (of course, you will need to use the text console, or another window manager that handles updates more gracefully).
I personnally remove .gconf* .gnome* .gtk*, just to be sure.
You just have to compromise one of the people working for the government
You don't even need to do that.
Economic espionnage, someone ?
Little Johny Normalization is a great example in that department, too.
It's Little Bobby Tables, actually.
Fun fact (for some values of fun):
Searching for "Little Johny Normalization xkcd" without quotes on google points to this thread for the first result (congratulations !), and the correct xkcd page as the second result, which contains only xkcd (and little, but as an image): These search terms are highlighted: xkcd These terms only appear in links pointing to this page: little johny normalization.
Searching for the same on bing points to the same first result, but the xkcd page is nowhere to be seen.
but fortunately, there are no Flash fans!
You bet!
the real choice is "write for iPhone, or write for every other platform". I hope developers are bright enough to see where this is going.
Well, that's for the smartphone world. In the PC desktop world, the real choice is "write for MS-Windows, or write for every other platform".
And software companies (have developers actually a choice in choosing the technology ?) are bright enough to go where the dominant market player (money) is, which is MS-Windows.
I can't see much more growth potential.
Check your e-mail, I'm sure you haven't tried all pills yet.
I wrote my previous post under the misunderstanding that governmental agencies could get a copy of the original certificate private key, not that they could get a different private key with the same certification information.
That second case of course mean that "trusted" certificates are neither better nor worse than self-signed certificate. This is a MITM attack that only works well in the case of a first connection (as you should be wary of a certificate change as long as the preexisting certificate didn't expire).
In the first case, however, it would mean than the government could impersonate the certificate owner at any time, which is not possible with a self-signed certificate, as you're only ever giving the public key.
This is of course overlooking the fact that you're not giving your private key to the certification organism either, but a certificate signing request.
Does that mean that self-signed certificates are now more secure ? :)
Ah, New Math. Nobody seems to have posted the old joke yet, so here it is for your enjoyment.
The Classic Math Pro
In 1960 "A logger sells a truckload of lumber for $100. His cost of production is 4/5 of this price. What is his profit?"
In 1970 (traditional math): "A logger sells a truckload of lumber for $100. His cost of production is 4/5 of this price; in other words $80. What is his profit?
In 1970 (new math): "A logger exchanged a set L of lumber for a set M of money. The cardinality of set M is 100, and each element is worth $1. Make one hundred dots representing the elements of the set M. The set C of the costs of production contains 20 fewer points than set M. Represent the set C as a subset of M, and answer the following question: 'What is the cardinality of the set P of profits?'"
In 1980: "A logger sells a truckload of wood for $100. His cost of production is $80, and his profit is $20. Your assignment: underline the number 20."
In 1990 (outcome based education): "By cutting down beautiful forest trees, a logger makes $20. What do you think of this way of making a living? (Topic for class participation: How did the forest birds and squirrels feel?)"
- Extracted from "21st Century Science and Technology," Winter, 1993-4, p.12
FTA: "Users don't need to click on anything to get infected; a computer becomes infected after the ad is loaded by the browser."
Which probably actually means :
Users don't need to click on anything to get infected; a Microsoft Windows OS becomes infected after the ad is loaded by Microsoft Internet Explorer.
Well, maybe inbetweening is done in China now ? (it has already been done in South Korea)
In which case, maybe are YOU a few seasons behind ;)
I think you missed the following parts :
Instead of looking for known patterns -- whether of instructions and data, or of actions -- wouldn't it be great if we could look for anything that is malicious? That may sound like a pipe dream.
Not to me.
[...]
This tells us a few interesting things. We can guarantee detection of malware. And that includes zero-day attacks and rootkits.
Even with your interpretation :
We can even guarantee that we will detect malware that infected a device before we installed our detection program.
You can't detect known malware that way if it virtualizes the computer, because you will only scan for the memory the malware is willing to show you.
By the way, the following assumption is unworkable:
Assume now that we have a detection algorithm that runs in kernel mode, and that swaps out everything in RAM. Everything except itself.
You can't swap out many parts of the kernel.
And I'm pretty sure kernel space parts of a rootkit won't let themselves swap out. Which does not mean uncooperative kernel modules are malware. If you're swapping out the disk driver, how will you get it back ? But maybe this exact disk driver is infected by the rootkit ?
You've been modded funny, but this is exactly what this "article" is all about.
If there is no malware in RAM, the results will be the expected result. [...] Or there could be malware in RAM, and the checksum will be wrong. [...] Or malware could divert the read requests [...] . That would result in the right checksum... but a delay.
Or, there could be malware in RAM, not diverting read requests, and the checksum will be the expected result, and without a delay.
The only problem with Markus Jakobsson grand theory is that all malware are of that last kind.
Well, all malware since the memory protection era. I suppose his "product" could work for DOSes (but there is no multitasking there) Windows 3, MacOS9, AmigaOS and some embedded OSes.
And if the malware does virtualization, he is located in a memory area that his product won't be able to scan anyway.
So, simply put, it is a scam.