The post alludes to a flaw in xml-rpc, but it seems to me this is a Wordpress-exclusive vulnerability being reported on today. Drupal uses xml-rpc for example, and all is quiet for those folks it seems.
I know a fair amount of work has been spent beefing up Drupal's xml-rpc implementation, so maybe that's working now, whereas the implementation used by Wordpress is vulnerable and failing. TFA is a little light on details as to the technical source being manipulated and abused.
I don't know that Drupal is necessarily immune, to does have send pingback in the XMLRPC API. Unless it has something to secure this against unauthorised callers then it could be vulnerable too.
Wait, this is Wikipedia. How could they not be confronted, when anyone can do the confronting, even the writers at Wikipediocracy.
Perhaps they were well sourced neutral contributions, and no confrontation was needed. You are right, its a non story. Hell the people writing TFA could have gone and confronted the people themselves!
I remember reading somewhere that middle eastern women are better at Maths than middle eastern men, but who cares, just because someone is good at something it doesn't mean they want to pursue it as a career. Maybe women have other priorities than men, who would have guessed?
but the middle eastern men are better at assembling IEDs.
I can out dishwasher-pack my wife and get the stuff clean! While there may be some difference in the way we deal mentally with the challenge of fitting everything in that space, I think the bigger issue is that I am much more determined to not have to hand wash anything that I can't fit in there.
I expect that as you pack things in you are thinking about the angle of the jets, water flow, type of dirt, etc. I do this all the time (this sauce will wash off from the flow down from the top jets while this baking tray needs a direct spray), whereas my wife uses general rules (better not put these plates too close because when I put that pan close it didn't get clean). This is not a male/female thing however, my mother was a scientist and used to think about dishwasher packing the same way that I do... in fact she taught me the considerations!
The government officials have forwarded the information to the appropriate security people.
Information like that is obviously not for the general public.
No - security through obscurity does not work. You are better off fixing security holes and making it public, preferably with open source so that everyone can see that its fixed and look for other weaknesses.
What I want to know is who's bringing out the obligatory "rival format", just to add confusion to the market and make people wary of adopting. Ideally this should have slightly less powerful backers but some slight technical advantage - just to make sure its not a foregone confusion which one is adopted.
knee-jerk reactions are the norm not the exception to security disclosure, and I doubt he has some leeto 0-day to destroy the world with.
Agree. If it were a temporary "we want to close this hole first" thing then I wouldn't have an issue, but silencing disclosure seems to be seen as an alternative to securing systems, which is not only wrong but bad security.
I suppose there is always a place for more bandwidth, but the limiting factor is going to be spectrum space here. 5G is most likely going to increase bandwidth performance, but at what cost? Using 4G you can stream HD video now, what more do we actually need? For mobile devices, I'm not so sure there is much more necessary.
As always, the issue really is spectrum space. Where will it come from *this* time? Cell spectrum is generally well used (at least in urban areas) so there will be a huge push to find something else. Problem is that all the available spectrum is way up there, where solid state devices start having serious design issues and the power required is huge. You thought your 4G phone battery died quick...
Research is great, I'm just not thinking there is much practical that will come of this.
Well with 4G you can use your monthly data cap in five minutes. Many people look forward to the time when it will only take seconds.
I watched a documentary about Flight 447 (the Airbus flight that was lost off Brazil) and they mentioned that modern planes send tons of position and other data per flight. Seems the current system is called ACARS.
Anyway, from a probability perspective it seems highly unlikely that a plane would disappear from radar precisely at the time that a data transponder stopped sending position fixes, unless, you know, the plane crashed right there.
I mean, the media makes it sound like the search radius is "flight speed * remaining potential flight time at current fuel burn rate".
I'm pretty sure we'll find that this is the "religion of peace" again.
I've been a Microsoft user myself, since about age 4 (now 30) - so I know Windows backward and forward, and knew DOS pretty well for a time. I'd like to branch out, and a top-notch training course in Linux for free seems appealing. I'm sure I could self-educate if needed, but having a more organized study laid out - for free! - sounds great.
This is the brilliant thing about free courses. Give it a go and if you decided its not for you all you have wasted is a few hours of your time.
Technically if you do that, you don't have to pay any tax, but the tax authorities would immediate judge this as an attempt to bypass taxes and you would be ordered to pay the tax doubled. This applies to practically all laws and the ways that courts interpret them. Most Americans probably think this is stupid, since they see possible abuse. However, this hasn't materialized in Finland.
In the US, the scenario you described would be called tax evasion and you would be charged by the IRS. Even in Finland, I am sure there are illegal ways to do things and legal ways to do things. Surely, every time you buy something from the store you aren't charged for larceny because it is illegal to steal and you circumvented that law!
Technically, what BP is doing is legal under the law. The correct solution, if the US doesn't like it, is to change the law.
In the UK it would be "tax avoidance" if it did not break any law. members of parliament would wring their hands and call "shame" - then do the same things themselves. -- ~~~~
"Pirker operated the aircraft within about 50 feet of numerous individuals, about 20 feet of a crowded street, and within approximately 100 feet of an active heliport at UVA, the FAA alleged. One person had to take "evasive measures" to avoid being struck by the aircraft, the agency said."
This must have been very frightening. How were the people present to know that the operator wasn't a muslim and the plane about to explode?
..... a new format that doesn't seem like it will ever be feature-complete.
What features do you see WebP lacking. It uses the RIFF container format that allows XMP metadata, which itself can include EXIF data. It includes lossless and lossy modes, animation and alpha channel (transparency). What do you think is missing?
Slashdot Mirror
Why do they need a GUI toolkit at all? Why don't they build the Chrome UI in HTML/JS/CSS?
I wish I had funny mod points!
Yeah.
Really funny
Of all the whoooshhhes I've seen ... this is the biggest.
Why do they need a GUI toolkit at all? Why don't they build the Chrome UI in HTML/JS/CSS?
I wish I had funny mod points!
The post alludes to a flaw in xml-rpc, but it seems to me this is a Wordpress-exclusive vulnerability being reported on today. Drupal uses xml-rpc for example, and all is quiet for those folks it seems.
I know a fair amount of work has been spent beefing up Drupal's xml-rpc implementation, so maybe that's working now, whereas the implementation used by Wordpress is vulnerable and failing. TFA is a little light on details as to the technical source being manipulated and abused.
I don't know that Drupal is necessarily immune, to does have send pingback in the XMLRPC API. Unless it has something to secure this against unauthorised callers then it could be vulnerable too.
I conclude that he must be the Architect from the nonexistent Matrix sequels, living with his mother. And he is a lonely, lonely man.
How dare you begin a sentence with "And".
At last something that can keep up with my online porn feed
Wait, this is Wikipedia. How could they not be confronted, when anyone can do the confronting, even the writers at Wikipediocracy.
Perhaps they were well sourced neutral contributions, and no confrontation was needed. You are right, its a non story. Hell the people writing TFA could have gone and confronted the people themselves!
Ideally they should document a conflict of interest, but that's not very clear how it should be done.
Like this
I remember reading somewhere that middle eastern women are better at Maths than middle eastern men, but who cares, just because someone is good at something it doesn't mean they want to pursue it as a career. Maybe women have other priorities than men, who would have guessed?
but the middle eastern men are better at assembling IEDs.
I can out dishwasher-pack my wife and get the stuff clean! While there may be some difference in the way we deal mentally with the challenge of fitting everything in that space, I think the bigger issue is that I am much more determined to not have to hand wash anything that I can't fit in there.
I expect that as you pack things in you are thinking about the angle of the jets, water flow, type of dirt, etc. I do this all the time (this sauce will wash off from the flow down from the top jets while this baking tray needs a direct spray), whereas my wife uses general rules (better not put these plates too close because when I put that pan close it didn't get clean). This is not a male/female thing however, my mother was a scientist and used to think about dishwasher packing the same way that I do ... in fact she taught me the considerations!
What a shame that "ability at maths" is seen by TFA as the ability to "add up sets of two-digit numbers in a 4-minute math sprint".
The government officials have forwarded the information to the appropriate security people.
Information like that is obviously not for the general public.
No - security through obscurity does not work. You are better off fixing security holes and making it public, preferably with open source so that everyone can see that its fixed and look for other weaknesses.
What I want to know is who's bringing out the obligatory "rival format", just to add confusion to the market and make people wary of adopting. Ideally this should have slightly less powerful backers but some slight technical advantage - just to make sure its not a foregone confusion which one is adopted.
knee-jerk reactions are the norm not the exception to security disclosure, and I doubt he has some leeto 0-day to destroy the world with.
Agree. If it were a temporary "we want to close this hole first" thing then I wouldn't have an issue, but silencing disclosure seems to be seen as an alternative to securing systems, which is not only wrong but bad security.
- it would be inane for one country to host missiles whose controls are based in another,
... It has been done before.
I'm growing tired of the term crypto
You must be crypto-surfeited
I suppose there is always a place for more bandwidth, but the limiting factor is going to be spectrum space here. 5G is most likely going to increase bandwidth performance, but at what cost? Using 4G you can stream HD video now, what more do we actually need? For mobile devices, I'm not so sure there is much more necessary.
As always, the issue really is spectrum space. Where will it come from *this* time? Cell spectrum is generally well used (at least in urban areas) so there will be a huge push to find something else. Problem is that all the available spectrum is way up there, where solid state devices start having serious design issues and the power required is huge. You thought your 4G phone battery died quick...
Research is great, I'm just not thinking there is much practical that will come of this.
Well with 4G you can use your monthly data cap in five minutes. Many people look forward to the time when it will only take seconds.
Muslims:
They're bad
I admire your art of understatement.
I watched a documentary about Flight 447 (the Airbus flight that was lost off Brazil) and they mentioned that modern planes send tons of position and other data per flight. Seems the current system is called ACARS.
Anyway, from a probability perspective it seems highly unlikely that a plane would disappear from radar precisely at the time that a data transponder stopped sending position fixes, unless, you know, the plane crashed right there.
I mean, the media makes it sound like the search radius is "flight speed * remaining potential flight time at current fuel burn rate".
I'm pretty sure we'll find that this is the "religion of peace" again.
I've been a Microsoft user myself, since about age 4 (now 30) - so I know Windows backward and forward, and knew DOS pretty well for a time. I'd like to branch out, and a top-notch training course in Linux for free seems appealing. I'm sure I could self-educate if needed, but having a more organized study laid out - for free! - sounds great.
This is the brilliant thing about free courses. Give it a go and if you decided its not for you all you have wasted is a few hours of your time.
As long as I never see or need to use the command line, it doesn't matter what operating system I use.
To a great extent with things like cygwin it doesn't matter if you do use the command line either
What features do you see WebP lacking
Ability to be displayed on most browsers?
Not really a limitation of WebP any more than "ability to be owned by most adults" would be a limitation of a Ferrari
Technically if you do that, you don't have to pay any tax, but the tax authorities would immediate judge this as an attempt to bypass taxes and you would be ordered to pay the tax doubled. This applies to practically all laws and the ways that courts interpret them. Most Americans probably think this is stupid, since they see possible abuse. However, this hasn't materialized in Finland.
In the US, the scenario you described would be called tax evasion and you would be charged by the IRS. Even in Finland, I am sure there are illegal ways to do things and legal ways to do things. Surely, every time you buy something from the store you aren't charged for larceny because it is illegal to steal and you circumvented that law!
Technically, what BP is doing is legal under the law. The correct solution, if the US doesn't like it, is to change the law.
In the UK it would be "tax avoidance" if it did not break any law. members of parliament would wring their hands and call "shame" - then do the same things themselves. -- ~~~~
He had big stickers all over it that says "MERICA!" terrorists would never do that.
Not with out the "Death to" prefix anyway
"Pirker operated the aircraft within about 50 feet of numerous individuals, about 20 feet of a crowded street, and within approximately 100 feet of an active heliport at UVA, the FAA alleged. One person had to take "evasive measures" to avoid being struck by the aircraft, the agency said."
This must have been very frightening. How were the people present to know that the operator wasn't a muslim and the plane about to explode?
..... a new format that doesn't seem like it will ever be feature-complete.
What features do you see WebP lacking. It uses the RIFF container format that allows XMP metadata, which itself can include EXIF data. It includes lossless and lossy modes, animation and alpha channel (transparency). What do you think is missing?