The problem is the mouse goes to sleep very quickly (only a few minutes) and then misses movements for quite a time (perhaps 1/4 second) when waking. It tries to compensate by getting the first movement it recognizes and multiplying it up, so your first movement when the mouse wakes is usually a huge jump in one direction.
Also, they don't seem to use terribly good optical sensors in their Bluetooth mice, they have more trouble with surfaces than any other logitech made in the last two years.
The only Bluetooth mice that don't have this problem are Apple's, but they don't have real buttons on them.
I still use a Logitech Bluetooth mouse on my Mac Mini, but I keep wishing for something better.
The makers say this is a proof of concept. But it isn't. Networking protocols are incredibly flexible, on purpose. This device cannot know how to answer on a given socket unless the code I've written to answer is running on this device. Which isn't going to happen since my code is running in a different address space, on a different processor architecture on a different OS.
'(Verizon CEO) Seidenberg added that Apple never "seriously considered making a CDMA version of the iPhone because it didn't have as wide a distribution opportunity," the article said.'
How difficult is it for the truth to be repeated as often as rumor?
Then the system isn't secure. If the data required to sign code to run on your machine is on your machine, then once they exploit your current OS they can get their code signed and change the boot code.
You cannot run just any code you want on it, it only runs code that was signed by TiVo.
So code injection is difficult.
This system could be applied to PCs, but the problem then is who is authorized to sign code to run on your machine? If just anyone can do it, then it's still easy to inject code. If only MS can do it, you can't run any code MS doesn't want you to run (say Linux) on your PC.
To me, the downside is not worth the advantages. I want to run what I want to run, not was MS wants me to run.
I did not do well. You need to look closer at how movies are made and sold. The cost of production may have been covered, but the marketing, distribution and promotion costs of big movies can rival the production costs (which according to Box Office Mojo are $150M for Watchmen, not $100M). And $55M was a big disappointment. 300 did better out of the gate, and it was also R and debuted on the same weekend of the year.
But honestly, that's all just nibbling around the edges.
Fast and Furious made more out of the gate, it made much more overall (in less than half the time!), and it costs a lot less to make. That's it, end of story. Hollywood will follow the money. PG-13, simple story, lots of car crashes and sequels until you cry. In short, the Michael Bay formula.
No producer is going to be as happy just about breaking even (as you say) when they could have instead made a pile of money.
Honestly, they never should have made the movie. Zack Snyder (I hate to say it) did about as good a job as anyone could have expected. And he still couldn't overcome the problem that the story does not resonate with the crowd who actually sees movies. People who are 25 were 7 when the Berlin Wall fell, they just don't remember the Cold War. They sure don't remember Nixon.
Add in the fact that watching the movie requires some thinking (especially given how much it had to be shortened from the comic) and you've got a big problem.
To Hollywood, Watchmen was an expensive experiment that failed. And it will affect everything the produce in the near future.
If you think accessing a machine through a browser is the same as having physical access "for all intents and purposes", then you aren't actually considering nearly enough intents and purposes.
You cannot disconnect a drive or even insert a USB key (during boot) with RDP. It's not the same at all.
For your "old programmer", you took my words out of context and twisted them. The poster was trying to "drop knowledge" on me from his assumed superior position of knowing what SYN cookies are for. I was merely responding to that. Your insult comes out of left field.
You can substitute any word you want for mainstream if you have trouble figuring out the meaning of it. Since we're adding up the total market penetration anyway, it doesn't really matter if the distro you pick isn't mainstream, since that means it'll just have an immeasurably low market penetration.
The stupid old hat thing has taken on a life of its own. My point (and why this came up) about whether ASLR is old hat or not is merely to try to measure the relative value of Vista having ASLR. If ASLR is commonplace, then Vista's ASLR isn't anything special, it just means it is keeping pace with other OSes. But, if ASLR is not commonplace, then Vista SP1 having ASLR means it has an additional layer of security that most people don't have working for them right now, and it bolsters MS' claim that perhaps Vista should be considered a pretty secure OS (I don't get into this "most secure OS" thing, as I've said many times, the most secure OS in the world likely doesn't do the things I need to do, although, I'm sure it is excellent for the uses it is designed for). Somehow my argument about this got turned into the idea of when ASLR was invented, which isn't at all the point.
No mainstream OS besides Vista SP1 has more than a weak form of ASLR. And thus very few people who are using any OS besides Vista have ASLR working for them. So this means Vista is a step above those other OSes in at least one way. It also means for virtually everyone out there, if they switched to Vista they would gain some security measures that they don't currently have. This, for the sake of the actual argument (and not some word game about old hat), it DOES matter if the proles aren't using it.
As to your comment 'A system cannot be considered secure if insecure code running as an unprivileged user on the system causes it to be compromised.', Vista SP1 does not come with Flash (the source of the 2008 pwn2own exploit) or Java (the source of the 2009 pwn2own exploit) installed. So saying these exploits show problems with Vista SP1 is a bit of a stretch. Just as when you make your linux machine secure you don't insert stuff on it that would add no functionality you need, only more bugs, if you wanted to secure a Vista SP1 machine, you wouldn't install Java or Flash. Additionally, I'm not sure you understand that these two exploits only get you to regular user status, not privileged user status. Of course, as on UNIX, once you get in, all you need to know is a privilege escalation exploit.
Thanks for the helpful presentation, I appreciate info (instead of slap fights) in all forms. I wonder why there was no.NET exploit at pwn2own 2009?
After all the "sky is falling" responses to the presentation you linked, there was an actual thoughtful interview.
He has a lot of nice things to say about Vista SP1 in this recap, seems he's more impressed than the parent poster. He also mentions the exploit he demoed was actually closed a long time ago, he did exploit on a Vista SP1 machine, but with an exploit which is not present in IE anymore, he had a gaffed machine.
I wonder what Vista SP2 has in store? The original article has the MS person bragging about Vista SP2. Of course, Vista SP2 has a very low market penetration right now since it isn't out. As such, to me it's not valid to brag about how secure it is, since it (like all the minor linux configs with full ASLR/DEP you talk about) is not really out in the real world where it can protect machines.
Just because ASLR was mentioned in 1999 doesn't mean it's old hat today.
Less than 1/3rd of the machines out there on the internet are using ASLR. And of those, most are running Vista.
I had an internet email address in 1988. Does that mean that when people got them in 1997 the internet was already "old hat"? I saw a demo of Sony's HDVS (HDTV) system in 1989. Does that mean that it was "old hat" when people bought HDTVs in 2004?
Just because I say something isn't old hat doesn't mean I think it's new. Something can be know for a while but not widely adopted yet.
I do agree there are limitations to security contests. This contest shows it itself, by giving insufficient reason to attack Linux machines or the T-Mobile G1, there were no serious attempts on them. Instead of meaning they are more secure than the rest of the machines in the contest, it just means that contest generated no useful data for those machines. Note I am not saying Linux is less secure than Vista, merely that you can't tell anything about Linux security by looking at this contest.
This man has some experience, and he is speaking about what directly relates to what he did. That's good enough for me. It sure carries more weight than some random dude (such as yourself) on the internet who apparently knows little enough about Vista security to blow his attempt at research (see below).
As to your research with a Symantec paper, if you read it, it said that it is about Vista RTM (first release), not about SP1. If you can respond to a post that says:
Vista had NX and ASLR before SP1, but it was a weak form (much like Linux has a weak form by default).
then link to a bit of research about Vista pre-SP1 and say you have shown my premise wrong, I cannot understand. If you want to say how the ASLR and NX in Vista SP1 means nothing, you should use research that is about Vista SP1 or later.
As to your comment about the contest, in 2008 Vista SP1 was hacked (flaw in Flash). The people hacking it had more trouble than they expected because the machine was running SP1 which was new and the NX and ASLR made it a lot tougher, they had to rework their hacks they had prepared on Vista RTM before the contest. Also, in 2009 Vista SP1 was hacked. In the latter case, it was hacked through a vulnerability in Java. They never were able to inject code onto the platform, but they didn't need to to hack in.
Name one mainstream linux distro that has NX and ASLR on (not the weak forms) and is widely used please. Then we'll check its market penetration and add it to Vista's and see if we reach 1/3rd of all machines out there. If so, then I guess ASLR is old hat.
If I were running a server, I'd run OpenBSD too. A fat lot of good that does me on my machines that aren't servers and I do want to run commonly-available apps on. I am typing this on a Mac right now, but I have to have a PC because I can't get many apps (like games) for it. This situation is far worse for Linux or OpenBSD. The most secure OS in the world isn't useful if it can't run the software I need to run, so we all have to make compromises.
Now, you can either continue to insist on misunderstanding what some security guy you don't know wrote, or listen to someone who was a part of the security community when ASLR was new. It's old hat.
Don't be a chump. When you stop advertising your misunderstandings about Vista security (see above) on the net, then maybe I'll start to listen to you over a guy who seems to know it inside and out.
But that's okay, if you hang around long enough you'll find out that people often find really old stuff (say, the reasons for using SYN cookies) and think they've discovered something brand new. It happens all the time in the security community. That, too, is old hat.
Don't try to screw with me, okay? I remember with SYN floods were new. I was already working with machines (in "IT" as you call it now) when the Morris Wo
I didn't give credit to MS for inventing this. I cannot see where you got the idea that you did. I can't see where you get that that not being first means your system is somehow less effective or valueable.
As to your comments that MS NX and ASLR in Vista SP1 mean nothing, the back to back winner of pwn2own seems to disagree.
I also disagree that ASLR was old hat before MS announced support for it. ASLR isn't old hat even today. There is only one mainstream OS that ships with it on, so it's not old hat yet.
My link does not say that the implementation is new. In fact, it says that at pwn2own 2008, Vista SP1 already had NX and ALSR. It was explored that year and this year too.
NX is turned off for almost all apps by default on Vista. It's on by default on Windows Server 2008. Note that it is on for IE in all cases, no matter what you set your settings to be. Which is the most important part.
But you can turn it on by default for apps and I have done so.
Charlie (the winner) says due to ASLR and NX, no one knows how to inject code into a Vista SP1 machine. That seems pretty good to me.
If you take his comment "safest OS" (not most secure) as an absolute, he's surely wrong. But the most secure OS is also probably not nearly as useful for getting actual work done as many other OSes that present a compromise, like various forms of Linux or Vista.
Well, Vista SP1 was owned during pwn2own 2008, they exploited a bug in Java. They didn't get to inject any native code on the machine, but given enough bugs in already running code you don't need to.
As mentioned in the article, without adding stuff to the kernel that is not in the default on distros, you aren't getting the same protection as Vista has.
Vista had NX and ASLR before SP1, but it was a weak form (much like Linux has a weak form by default).
You don't believe me? I provided a link from a security expert. He seems to be somewhat impressed.
Before you try to throw it in my face, I think Linux survived pwn2own unscathed, but Charlie says that's because the equipment you get if you pwn Linux (remember, it's pwn to own) wasn't worth the effort.
'The NX bit is very powerful.When used properly, it ensures that user-supplied code cannot be executed in the process during exploitation. Researchers (and hackers) have struggled with ways around this protection. ASLR is also very tough to defeat. This is the way the process randomizes the location of code in a process. Between these two hurdles, no one knows how to execute arbitrary code in Firefox or IE 8 in Vista right now. For the record, Leopard has neither of these features, at least implemented effectively. In the exploit I won Pwn2Own with, I knew right where my shellcode was located and I knew it would execute on the heap for me.'
And this was with Vista SP1. No one knows how to exploit Firefox or IE on Vista due to NX and ASLR.
This seems to be a pretty powerful statement, from someone who would stand a chance of knowing.
My only question is, where is Vista SP2? Last I checked, it was not yet released.
erm, I said that in my post. But again, as I said, that still means the 99.9% efficiency is not real.
Additionally, these machines have 3.5" HDDs in them, and those use 12V and 5V, those need to be regulated outside the PS when normally they would be regulated inside the PS. Like I said, the regulation was just moved to another place.
The Mac Mini is a laptop sans display, keyboard and UPS in a desktop case. It uses the laptop processor (Merom) and everything. It is the same design as their MacBook (previously iBook) but in a desktop case.
So you were a few years late with your idea of making a desktop from a laptop.
I don't get your idea of moving the battery out of the laptop, nor do I get your idea that laptops are somehow cheaper than desktops.
I also don't think that high-end desktops make sense as laptop designs. It'd be good for low-end machines, but maybe those should just be all in ones like an iMac (which also used to use the laptop Merom chip) instead.
A lead-acid battery is nominally 12V. In reality it varies too much to be used as a 12V supply directly.
This doesn't use an ATX header because it runs 12V only to the board. The board then reregulates the power down to the voltages it needs.
However, this reregulation cannot be done with 99.9% efficiency.
So they can claim 99.9% efficiency in one part of the power supply but only because they've moved the regulators out of that spot to another place.
I'm not crapping on the idea of 12V to the mobo. It makes a lot of sense. It adds cost to the mobo, but if have the machine on 24/7 it'll pay back in under a year. So it makes sense for google. However, the stated 99.9% efficiency is misleading since they've moved the regulators (i.e. losses) out of the power supply housing into other places.
They're likely just saying that it produces almost no additional loss. Since you're already converting to 12V anyway, this doesn't reduce the system efficiency further.
However, I think 99.9% is still a little optimistic, because with the battery on there you have an unregulated voltage on there, so you have to re-regulate the supply. This could be 98% efficient, but being 99.9% efficient seems like it'll be hard to do.
So you have to regulate it before the battery so you don't blow up the battery and regulate it after the battery so you don't blow up the computer.
Still, it's more efficient than an AC->DC->AC UPS.
My ASUS mobo (A8N-SLI) would reduce the memory timings if I put 4 memory modules in automatically. I hated that so I used the BIOS to undo it. I ran MemTest to make sure it was okay.
Oddly, the only RAM I've ever really had problems with was some bad-ass Corsair memory I bought for my 800 FSB P4 early on. The timings in the SPD would prevent the system from booting, even if it was the only RAM in the system. I override this in the BIOS (on one of the rare occasions that it booted) and it was okay unless I cleared CMOS. After a few months I removed that RAM to send it back and put in the cheapest PC3200 RAM I could find at Fry's. That fixed it, and I altered the settings in the CMOS over time, I could overclock this RAM to the same speed as the Corsair stuff. And it would work. And if I cleared CMOS it would just slow back down instead of failing.
To Corsair's credit, they replaced my RAM, although the replacement was in the same series, it did not have the same timings as the original RAM. But at least it worked.
It's funny, if you look up DDR SRAM on wikipedia, it has pictures of essentially the Corsair RAM I used. The version number is the same as the later RAM I got that worked, the earlier stuff was v1.1 or something but otherwise looked the same. The C2 in the name is supposed to mean it is CAS latency 2 RAM, but as I mentioned, the replacement RAM I received was not actually as fast, it was CL3.
Yes, I know. That's what I said it had to take special measures to work as opposed to saying it doesn't work.
There are inward-bound services that are precluded by the lack of incoming access. No, none of these are on the PVRs right now, because there is no such incoming access.
As an example, when you remote book, why don't you get any confirmation? Why does it just make you select "record if possible" (instead of priority record) and then you just go home and hope it recorded? Why can't it contact your box with the request, get a response saying "yes, it will record" or "this won't record, which conflict would you like to cancel?" The reason is because it cannot contact your box as there is no incoming access.
The current feature set is partially determined by what can be done under the current system. With IPv6, the feature set could be expanded.
Slashdot Mirror
I've used 3 mice in their range.
The problem is the mouse goes to sleep very quickly (only a few minutes) and then misses movements for quite a time (perhaps 1/4 second) when waking. It tries to compensate by getting the first movement it recognizes and multiplying it up, so your first movement when the mouse wakes is usually a huge jump in one direction.
Also, they don't seem to use terribly good optical sensors in their Bluetooth mice, they have more trouble with surfaces than any other logitech made in the last two years.
The only Bluetooth mice that don't have this problem are Apple's, but they don't have real buttons on them.
I still use a Logitech Bluetooth mouse on my Mac Mini, but I keep wishing for something better.
The makers say this is a proof of concept. But it isn't. Networking protocols are incredibly flexible, on purpose. This device cannot know how to answer on a given socket unless the code I've written to answer is running on this device. Which isn't going to happen since my code is running in a different address space, on a different processor architecture on a different OS.
http://news.cnet.com/8301-1035_3-10222486-94.html
'(Verizon CEO) Seidenberg added that Apple never "seriously considered making a CDMA version of the iPhone because it didn't have as wide a distribution opportunity," the article said.'
How difficult is it for the truth to be repeated as often as rumor?
Then the system isn't secure. If the data required to sign code to run on your machine is on your machine, then once they exploit your current OS they can get their code signed and change the boot code.
TiVo is a secured system.
You cannot run just any code you want on it, it only runs code that was signed by TiVo.
So code injection is difficult.
This system could be applied to PCs, but the problem then is who is authorized to sign code to run on your machine? If just anyone can do it, then it's still easy to inject code. If only MS can do it, you can't run any code MS doesn't want you to run (say Linux) on your PC.
To me, the downside is not worth the advantages. I want to run what I want to run, not was MS wants me to run.
The movie did well and I'm sure it was worth it.
I did not do well. You need to look closer at how movies are made and sold. The cost of production may have been covered, but the marketing, distribution and promotion costs of big movies can rival the production costs (which according to Box Office Mojo are $150M for Watchmen, not $100M). And $55M was a big disappointment. 300 did better out of the gate, and it was also R and debuted on the same weekend of the year.
But honestly, that's all just nibbling around the edges.
Here's the short version:
http://boxofficemojo.com/movies/?id=watchmen.htm
http://boxofficemojo.com/movies/?id=fastandthefurious4.htm
Fast and Furious made more out of the gate, it made much more overall (in less than half the time!), and it costs a lot less to make. That's it, end of story. Hollywood will follow the money. PG-13, simple story, lots of car crashes and sequels until you cry. In short, the Michael Bay formula.
No producer is going to be as happy just about breaking even (as you say) when they could have instead made a pile of money.
Honestly, they never should have made the movie. Zack Snyder (I hate to say it) did about as good a job as anyone could have expected. And he still couldn't overcome the problem that the story does not resonate with the crowd who actually sees movies. People who are 25 were 7 when the Berlin Wall fell, they just don't remember the Cold War. They sure don't remember Nixon.
Add in the fact that watching the movie requires some thinking (especially given how much it had to be shortened from the comic) and you've got a big problem.
To Hollywood, Watchmen was an expensive experiment that failed. And it will affect everything the produce in the near future.
If you think accessing a machine through a browser is the same as having physical access "for all intents and purposes", then you aren't actually considering nearly enough intents and purposes.
You cannot disconnect a drive or even insert a USB key (during boot) with RDP. It's not the same at all.
For your "old programmer", you took my words out of context and twisted them. The poster was trying to "drop knowledge" on me from his assumed superior position of knowing what SYN cookies are for. I was merely responding to that. Your insult comes out of left field.
You can substitute any word you want for mainstream if you have trouble figuring out the meaning of it. Since we're adding up the total market penetration anyway, it doesn't really matter if the distro you pick isn't mainstream, since that means it'll just have an immeasurably low market penetration.
The stupid old hat thing has taken on a life of its own. My point (and why this came up) about whether ASLR is old hat or not is merely to try to measure the relative value of Vista having ASLR. If ASLR is commonplace, then Vista's ASLR isn't anything special, it just means it is keeping pace with other OSes. But, if ASLR is not commonplace, then Vista SP1 having ASLR means it has an additional layer of security that most people don't have working for them right now, and it bolsters MS' claim that perhaps Vista should be considered a pretty secure OS (I don't get into this "most secure OS" thing, as I've said many times, the most secure OS in the world likely doesn't do the things I need to do, although, I'm sure it is excellent for the uses it is designed for). Somehow my argument about this got turned into the idea of when ASLR was invented, which isn't at all the point.
No mainstream OS besides Vista SP1 has more than a weak form of ASLR. And thus very few people who are using any OS besides Vista have ASLR working for them. So this means Vista is a step above those other OSes in at least one way. It also means for virtually everyone out there, if they switched to Vista they would gain some security measures that they don't currently have. This, for the sake of the actual argument (and not some word game about old hat), it DOES matter if the proles aren't using it.
As to your comment 'A system cannot be considered secure if insecure code running as an unprivileged user on the system causes it to be compromised.', Vista SP1 does not come with Flash (the source of the 2008 pwn2own exploit) or Java (the source of the 2009 pwn2own exploit) installed. So saying these exploits show problems with Vista SP1 is a bit of a stretch. Just as when you make your linux machine secure you don't insert stuff on it that would add no functionality you need, only more bugs, if you wanted to secure a Vista SP1 machine, you wouldn't install Java or Flash. Additionally, I'm not sure you understand that these two exploits only get you to regular user status, not privileged user status. Of course, as on UNIX, once you get in, all you need to know is a privilege escalation exploit.
Thanks for the helpful presentation, I appreciate info (instead of slap fights) in all forms. I wonder why there was no .NET exploit at pwn2own 2009?
After all the "sky is falling" responses to the presentation you linked, there was an actual thoughtful interview.
http://blogs.zdnet.com/Bott/?p=513
He has a lot of nice things to say about Vista SP1 in this recap, seems he's more impressed than the parent poster. He also mentions the exploit he demoed was actually closed a long time ago, he did exploit on a Vista SP1 machine, but with an exploit which is not present in IE anymore, he had a gaffed machine.
I wonder what Vista SP2 has in store? The original article has the MS person bragging about Vista SP2. Of course, Vista SP2 has a very low market penetration right now since it isn't out. As such, to me it's not valid to brag about how secure it is, since it (like all the minor linux configs with full ASLR/DEP you talk about) is not really out in the real world where it can protect machines.
Just because ASLR was mentioned in 1999 doesn't mean it's old hat today.
Less than 1/3rd of the machines out there on the internet are using ASLR. And of those, most are running Vista.
I had an internet email address in 1988. Does that mean that when people got them in 1997 the internet was already "old hat"? I saw a demo of Sony's HDVS (HDTV) system in 1989. Does that mean that it was "old hat" when people bought HDTVs in 2004?
Just because I say something isn't old hat doesn't mean I think it's new. Something can be know for a while but not widely adopted yet.
I do agree there are limitations to security contests. This contest shows it itself, by giving insufficient reason to attack Linux machines or the T-Mobile G1, there were no serious attempts on them. Instead of meaning they are more secure than the rest of the machines in the contest, it just means that contest generated no useful data for those machines. Note I am not saying Linux is less secure than Vista, merely that you can't tell anything about Linux security by looking at this contest.
This man has some experience, and he is speaking about what directly relates to what he did. That's good enough for me. It sure carries more weight than some random dude (such as yourself) on the internet who apparently knows little enough about Vista security to blow his attempt at research (see below).
As to your research with a Symantec paper, if you read it, it said that it is about Vista RTM (first release), not about SP1. If you can respond to a post that says:
Vista had NX and ASLR before SP1, but it was a weak form (much like Linux has a weak form by default).
then link to a bit of research about Vista pre-SP1 and say you have shown my premise wrong, I cannot understand. If you want to say how the ASLR and NX in Vista SP1 means nothing, you should use research that is about Vista SP1 or later.
As to your comment about the contest, in 2008 Vista SP1 was hacked (flaw in Flash). The people hacking it had more trouble than they expected because the machine was running SP1 which was new and the NX and ASLR made it a lot tougher, they had to rework their hacks they had prepared on Vista RTM before the contest. Also, in 2009 Vista SP1 was hacked. In the latter case, it was hacked through a vulnerability in Java. They never were able to inject code onto the platform, but they didn't need to to hack in.
Name one mainstream linux distro that has NX and ASLR on (not the weak forms) and is widely used please. Then we'll check its market penetration and add it to Vista's and see if we reach 1/3rd of all machines out there. If so, then I guess ASLR is old hat.
If I were running a server, I'd run OpenBSD too. A fat lot of good that does me on my machines that aren't servers and I do want to run commonly-available apps on. I am typing this on a Mac right now, but I have to have a PC because I can't get many apps (like games) for it. This situation is far worse for Linux or OpenBSD. The most secure OS in the world isn't useful if it can't run the software I need to run, so we all have to make compromises.
Now, you can either continue to insist on misunderstanding what some security guy you don't know wrote, or listen to someone who was a part of the security community when ASLR was new. It's old hat.
Don't be a chump. When you stop advertising your misunderstandings about Vista security (see above) on the net, then maybe I'll start to listen to you over a guy who seems to know it inside and out.
But that's okay, if you hang around long enough you'll find out that people often find really old stuff (say, the reasons for using SYN cookies) and think they've discovered something brand new. It happens all the time in the security community. That, too, is old hat.
Don't try to screw with me, okay? I remember with SYN floods were new. I was already working with machines (in "IT" as you call it now) when the Morris Wo
I didn't give credit to MS for inventing this. I cannot see where you got the idea that you did. I can't see where you get that that not being first means your system is somehow less effective or valueable.
As to your comments that MS NX and ASLR in Vista SP1 mean nothing, the back to back winner of pwn2own seems to disagree.
I also disagree that ASLR was old hat before MS announced support for it. ASLR isn't old hat even today. There is only one mainstream OS that ships with it on, so it's not old hat yet.
My link does not say that the implementation is new. In fact, it says that at pwn2own 2008, Vista SP1 already had NX and ALSR. It was explored that year and this year too.
NX is turned off for almost all apps by default on Vista. It's on by default on Windows Server 2008. Note that it is on for IE in all cases, no matter what you set your settings to be. Which is the most important part.
But you can turn it on by default for apps and I have done so.
How about you read the link and then post again?
Charlie (the winner) says due to ASLR and NX, no one knows how to inject code into a Vista SP1 machine. That seems pretty good to me.
If you take his comment "safest OS" (not most secure) as an absolute, he's surely wrong. But the most secure OS is also probably not nearly as useful for getting actual work done as many other OSes that present a compromise, like various forms of Linux or Vista.
Well, Vista SP1 was owned during pwn2own 2008, they exploited a bug in Java. They didn't get to inject any native code on the machine, but given enough bugs in already running code you don't need to.
Maybe he is saying SP2 because of info like this?
NX alone doesn't do it. Ask Linus.
As mentioned in the article, without adding stuff to the kernel that is not in the default on distros, you aren't getting the same protection as Vista has.
Vista had NX and ASLR before SP1, but it was a weak form (much like Linux has a weak form by default).
http://en.wikipedia.org/wiki/Address_space_layout_randomization
You don't believe me? I provided a link from a security expert. He seems to be somewhat impressed.
Before you try to throw it in my face, I think Linux survived pwn2own unscathed, but Charlie says that's because the equipment you get if you pwn Linux (remember, it's pwn to own) wasn't worth the effort.
http://www.tomshardware.com/reviews/pwn2own-mac-hack,2254-4.html
'The NX bit is very powerful.When used properly, it ensures that user-supplied code cannot be executed in the process during exploitation. Researchers (and hackers) have struggled with ways around this protection. ASLR is also very tough to defeat. This is the way the process randomizes the location of code in a process. Between these two hurdles, no one knows how to execute arbitrary code in Firefox or IE 8 in Vista right now. For the record, Leopard has neither of these features, at least implemented effectively. In the exploit I won Pwn2Own with, I knew right where my shellcode was located and I knew it would execute on the heap for me.'
And this was with Vista SP1. No one knows how to exploit Firefox or IE on Vista due to NX and ASLR.
This seems to be a pretty powerful statement, from someone who would stand a chance of knowing.
My only question is, where is Vista SP2? Last I checked, it was not yet released.
Cause the Quebec French apparently don't think just localizing into French French is good enough.
http://www.nationalpost.com/news/story.html?id=d645a02a-9a24-4172-a92f-46cf1941cdb1
I have a dream and it's called crossbar switch.
erm, I said that in my post. But again, as I said, that still means the 99.9% efficiency is not real.
Additionally, these machines have 3.5" HDDs in them, and those use 12V and 5V, those need to be regulated outside the PS when normally they would be regulated inside the PS. Like I said, the regulation was just moved to another place.
The Mac Mini is a laptop sans display, keyboard and UPS in a desktop case. It uses the laptop processor (Merom) and everything. It is the same design as their MacBook (previously iBook) but in a desktop case.
So you were a few years late with your idea of making a desktop from a laptop.
I don't get your idea of moving the battery out of the laptop, nor do I get your idea that laptops are somehow cheaper than desktops.
I also don't think that high-end desktops make sense as laptop designs. It'd be good for low-end machines, but maybe those should just be all in ones like an iMac (which also used to use the laptop Merom chip) instead.
A lead-acid battery is nominally 12V. In reality it varies too much to be used as a 12V supply directly.
This doesn't use an ATX header because it runs 12V only to the board. The board then reregulates the power down to the voltages it needs.
However, this reregulation cannot be done with 99.9% efficiency.
So they can claim 99.9% efficiency in one part of the power supply but only because they've moved the regulators out of that spot to another place.
I'm not crapping on the idea of 12V to the mobo. It makes a lot of sense. It adds cost to the mobo, but if have the machine on 24/7 it'll pay back in under a year. So it makes sense for google. However, the stated 99.9% efficiency is misleading since they've moved the regulators (i.e. losses) out of the power supply housing into other places.
They're likely just saying that it produces almost no additional loss. Since you're already converting to 12V anyway, this doesn't reduce the system efficiency further.
However, I think 99.9% is still a little optimistic, because with the battery on there you have an unregulated voltage on there, so you have to re-regulate the supply. This could be 98% efficient, but being 99.9% efficient seems like it'll be hard to do.
So you have to regulate it before the battery so you don't blow up the battery and regulate it after the battery so you don't blow up the computer.
Still, it's more efficient than an AC->DC->AC UPS.
Unlike the iPhone, there is more than one market for the Android platform. Developers can sell their apps directly on their own websites.
Perhaps the app will remain on the developer's site for purchase.
My ASUS mobo (A8N-SLI) would reduce the memory timings if I put 4 memory modules in automatically. I hated that so I used the BIOS to undo it. I ran MemTest to make sure it was okay.
Oddly, the only RAM I've ever really had problems with was some bad-ass Corsair memory I bought for my 800 FSB P4 early on. The timings in the SPD would prevent the system from booting, even if it was the only RAM in the system. I override this in the BIOS (on one of the rare occasions that it booted) and it was okay unless I cleared CMOS. After a few months I removed that RAM to send it back and put in the cheapest PC3200 RAM I could find at Fry's. That fixed it, and I altered the settings in the CMOS over time, I could overclock this RAM to the same speed as the Corsair stuff. And it would work. And if I cleared CMOS it would just slow back down instead of failing.
To Corsair's credit, they replaced my RAM, although the replacement was in the same series, it did not have the same timings as the original RAM. But at least it worked.
It's funny, if you look up DDR SRAM on wikipedia, it has pictures of essentially the Corsair RAM I used. The version number is the same as the later RAM I got that worked, the earlier stuff was v1.1 or something but otherwise looked the same. The C2 in the name is supposed to mean it is CAS latency 2 RAM, but as I mentioned, the replacement RAM I received was not actually as fast, it was CL3.
What do you mean the iPhone bypasses carriers all together? I cannot think of a way in this is true.
Yes, I know. That's what I said it had to take special measures to work as opposed to saying it doesn't work.
There are inward-bound services that are precluded by the lack of incoming access. No, none of these are on the PVRs right now, because there is no such incoming access.
As an example, when you remote book, why don't you get any confirmation? Why does it just make you select "record if possible" (instead of priority record) and then you just go home and hope it recorded? Why can't it contact your box with the request, get a response saying "yes, it will record" or "this won't record, which conflict would you like to cancel?" The reason is because it cannot contact your box as there is no incoming access.
The current feature set is partially determined by what can be done under the current system. With IPv6, the feature set could be expanded.