"average Joe" doesn't have to know what any of these words means
When the Software Update box pops up, click the blinking blue "Install" button
Don't touch anything in the "Sharing" System Preferences (ports closed by default)
Still don't touch anything in the "Sharing" System Preferences (firewall on by default)
When you receive a file that claims to be pictures (or movies, or music), and when you try to open it a box pops up saying "You are about to open this application for the first time, do you really want to?", click Cancel
A better version of #4 would be appreciated, but it must be accurate and specific. "Don't be an idiot" is too vague and difficult to accomplish.
Yes, OSX Server ships with some remote admin ports open. Apple assumes that anyone who shells out the extra cash for Server should at least poke around Server Admin.app (or Terminal if you prefer) for a few minutes. sshd and ipfw are easily controlled by either method.
...is that the OLD mini G4 had damn poor graphics of its own. Remember, we're comparing to a 32MB (yes, 32) ATI 9200.
For example, MacWorld's game benchmark results. In UT 2004 (at default quality settings) the new mini gets a pathetic 10-12fps... whereas the old mini got 14fps, gee so much better.
Also, the new mini will get FASTER in the months ahead. For starters, upgrading to paired DIMMs will use the dual-channel bus, which is always a boost for shared-memory IGPs. Secondly, the Intel compilers for Mac are on the way.
Sure, a mini with GF 6200 or Radeon X200 would be better, but GMA950 is not the apocalypse some have been claiming.
Yes, if you paste OSS code into your software project, you will need to follow their license. As opposed to copying proprietary source code... which will merely LAND YOU IN COURT for piracy, hacking &/or theft of trade secrets. See, isn't that a much better option?
As a fellow old-school RPGer (mid-1970s) I have to ask, what do you say is wrong with DND3 relative to its ancestors?
Personally I think DND in general has some major problems(*), but D20/DND3 is a gazillion times better thought-out than any of DND, BDND, ADND, XDND, or ADND2.
(*) = AC & HP are wrong in their entirety, spell memorization by level is annoying, class feature progression is too rigid, etc.
Hell yes. My organization has a WORLDWIDE license for Symantec AV (including FREE use on all personal PCs) and most of our Mac User Group uninstalled it (or at least the resident part) after the latest vulnerabilities.
...I'm seeing at least one major misperception here. These possibly-fraudulent votes were cast in Florida's 2004 election, which was not significantly disputed. The big Palm Beach voting debacle was the 2000 election, using decrepit punch card machines and a foolish staggered two-column layout. Terry bought these paperless electronic machines in 2002 as a response to the chad backlash. She was then voted out of office in 2004 due to her demonstrated and repeated incompetence.
Auto-open prevents zero-click execution (or perhaps one-click, depending on how you enumerate), but a substantial two-click problem remains:
You have a downloaded zip file. Extract it, OS X is invulnerable to zip files.
You have an extracted media file. View it, OS X is invulnerable to media files.
Oops, that media was actually a shell script in disguise. PWN3D!!!
The actual vulnerability is NOT the auto-open, it is the concealment of zipped metadata. Apple needs to fix the problem by default disallow of downloaded or archived "Open With" settings.
Quick point of order: the bug doesn't execute automatically if you turned off the "Open Safe Downloads" preference. However, it's still really Really REALLY bad.
Explanation: Apple recognizes a particular folder within a zip archive as resource forks. This way you can correctly upload/download old-style apps and/or OSX metadata. The latter feature is where the problem occurs.
If you take a shell script, rename it to a "safe" file extension (such as mov, jpg, etc), then change its metadata (aka the "Open With..." setting) to Terminal.app instead of the expected default application, you now have a shell script that looks like an ordinary media file.
If you then use OSX built-in BOMarchive command, you have a zipped shell script that looks like a "safe" download.
End result: arbitrary shell script execution (under OSX default settings) upon visiting a malicious URL.
Conclusion: remote metadata should not be trusted. This bug would not occur if downloaded files could only belong to their default app.
The whole issue of verified voting has been mired in stupid partisan squabbling for over 4 years. The entire Demoblican duopoly deserves large shares of scorn, blame, and (in a much better universe than this one) defeat at the polls.
Shortly after the Florida chad fiasco of 2000, our elections administrator Linda Lamone decided to buy DRE machines from Diebold. Voter advocacy groups weren't loud enough ($$$) to block it.
TrueVote eventually started building momentum & influence, but neither Lamone (D) nor Erlich (R) were interested.
Once the voting population finally made themselves heard, the state legislature (both sides) voted in favor of fixing the machines.
Diebold then laughed at Maryland for failing to request paper trails previously.
This week, after Erlich realized that this issue could help his reelection bid, he came out in favor of fixing the machines too. So here we are.
if companies such as id or Bioware can release Linux clients for their games
... except for two significant details:
John Carmack is a programming god who loves OpenGL for philosophical reasons, and therefore intentionally writes highly portable code. Most other companies do not have anyone who even vaguely approaches that description.
Bioware committed to writing ONE triple-compatible game (NWN) before they even started coding, however the Mac & Linux clients came out LONG after the Windows release, and the toolset remains Windows-only. Furthermore, none of their followup titles are *nix-compatible. If Bioware could release Linux clients for their games (plural), then perhaps we should consider why is it that they DON'T?
Re:anti-competitive bundling (OS-PC)
on
OSx86 Cracked Again
·
· Score: 3, Insightful
If Apple had 90%, 80%, or even just approaching 50% of PC marketshare, we could start talking about antitrust concerns. Until then, go away.
Whoops, should have RTFAed. They intentionally used unpatched browser versions to maximize infections. That's really sucktacular of them. They should have at least included a fully updated XP SP2 IE in its default "secured by Microsoft" state, as an experimental control.
Exactly what tricks are those sites using, that they still infect a supposedly locked-down and updated IE6? Or conversely, what vulnerable IE setting did the researchers fail to fix?
Seriously, what is really going on there at the html level?
Since I don't see any replies with hard science yet, guess I'll give it a go. This "method of altering silicon" appears to be just a combination of multiple already-extant technologies:
65nm. IBM, Intel, AMD, et al, already use this fab.
Strained Silicon. IBM already uses this on the G5, probably others as well.
Then my statement is probably true, because that was exactly the case. A few of the past 400 millennia had temperatures 2-3 C higher than the latest one, and during those times CO2 levels were around 300 ppm (compared to about 275 ppm from 1000-1800 AD).
Thanks to man-made emissions, CO2 is now 380 ppm and rising fast. The parameters of normal variation no longer apply.
You ignore that the industrial age has pushed CO2 levels way Way WAY beyond anything seen in the past 400000+ years, and that CO2 correlates very well with temperature over the same timeframe. Natural variation is one thing, but these huge man-made changes worry the $#!+ out of folks like me.
...except that the vast majority of swing voters in America are uninformed consumers who pick whichever candidate has the better smile, slogan, and/or smear campaign. The number of voters who rationally compare the viewpoints of each candidate, and select the one most likely to help the country, is most likely smaller than the number of active posters on Slashdot.
Think about the disturbingly large percentage of "undecided" voters who thought that Bush supported gun control, or Kerry wanted lower taxes, or many many other examples.
Would it be fair if I chopped off your head for making a bad analogy? Signs point to yes.
If a company wants to have an internet presence it has to be searchable by Google
Guess what? The standard Google search (web pages) and Google News are two separate systems, with independent opt-out mechanisms. So your site can remain searchable without participating in Google News.
If you are actually whining "I want my articles to get links in Google News, but I don't want them to use any specific words or phrases from my site" then you're being a psychotic dork.
Why is this so difficult for so many people to figure out? Microsoft doesn't want to play favorites in the x86 war. They don't want to say either "x86-64" or "EMT64" and offend the other chipmaker, so they just call it generic "x64". It's obvious.
Freescale's e600 dualcore G4 has been "in the pipeline" for the past 2 years with no sign of pouring out. On paper it should compare quite favorably to Yonah... if it ever ships. Yonah has a slight advantage in that department.
Slashdot Mirror
"average Joe" doesn't have to know what any of these words means
A better version of #4 would be appreciated, but it must be accurate and specific. "Don't be an idiot" is too vague and difficult to accomplish.
Yes, OSX Server ships with some remote admin ports open. Apple assumes that anyone who shells out the extra cash for Server should at least poke around Server Admin.app (or Terminal if you prefer) for a few minutes. sshd and ipfw are easily controlled by either method.
...is that the OLD mini G4 had damn poor graphics of its own. Remember, we're comparing to a 32MB (yes, 32) ATI 9200.
... whereas the old mini got 14fps, gee so much better.
For example, MacWorld's game benchmark results. In UT 2004 (at default quality settings) the new mini gets a pathetic 10-12fps
Also, the new mini will get FASTER in the months ahead. For starters, upgrading to paired DIMMs will use the dual-channel bus, which is always a boost for shared-memory IGPs. Secondly, the Intel compilers for Mac are on the way.
Sure, a mini with GF 6200 or Radeon X200 would be better, but GMA950 is not the apocalypse some have been claiming.
...just add an extension! The Nightly Tester Tool does exactly what you ask.
Yes, if you paste OSS code into your software project, you will need to follow their license. As opposed to copying proprietary source code ... which will merely LAND YOU IN COURT for piracy, hacking &/or theft of trade secrets. See, isn't that a much better option?
As a fellow old-school RPGer (mid-1970s) I have to ask, what do you say is wrong with DND3 relative to its ancestors?
Personally I think DND in general has some major problems(*), but D20/DND3 is a gazillion times better thought-out than any of DND, BDND, ADND, XDND, or ADND2.
(*) = AC & HP are wrong in their entirety, spell memorization by level is annoying, class feature progression is too rigid, etc.
Hell yes. My organization has a WORLDWIDE license for Symantec AV (including FREE use on all personal PCs) and most of our Mac User Group uninstalled it (or at least the resident part) after the latest vulnerabilities.
Wow, that's flat-out wrong in so many ways, I am in awe.
Of course, why should silly inconvenient facts stand in the way of a truthy intellect like yours?
...I'm seeing at least one major misperception here. These possibly-fraudulent votes were cast in Florida's 2004 election, which was not significantly disputed. The big Palm Beach voting debacle was the 2000 election, using decrepit punch card machines and a foolish staggered two-column layout. Terry bought these paperless electronic machines in 2002 as a response to the chad backlash. She was then voted out of office in 2004 due to her demonstrated and repeated incompetence.
The actual vulnerability is NOT the auto-open, it is the concealment of zipped metadata. Apple needs to fix the problem by default disallow of downloaded or archived "Open With" settings.
Quick point of order: the bug doesn't execute automatically if you turned off the "Open Safe Downloads" preference. However, it's still really Really REALLY bad.
Explanation: Apple recognizes a particular folder within a zip archive as resource forks. This way you can correctly upload/download old-style apps and/or OSX metadata. The latter feature is where the problem occurs.
If you take a shell script, rename it to a "safe" file extension (such as mov, jpg, etc), then change its metadata (aka the "Open With..." setting) to Terminal.app instead of the expected default application, you now have a shell script that looks like an ordinary media file.
If you then use OSX built-in BOMarchive command, you have a zipped shell script that looks like a "safe" download.
End result: arbitrary shell script execution (under OSX default settings) upon visiting a malicious URL.
Conclusion: remote metadata should not be trusted. This bug would not occur if downloaded files could only belong to their default app.
Apparently neither the parent poster nor several moderators have any freaking clue what the words Voter Verified Paper Trail actually mean.
The whole issue of verified voting has been mired in stupid partisan squabbling for over 4 years. The entire Demoblican duopoly deserves large shares of scorn, blame, and (in a much better universe than this one) defeat at the polls.
... except for two significant details:
If Apple had 90%, 80%, or even just approaching 50% of PC marketshare, we could start talking about antitrust concerns. Until then, go away.
Whoops, should have RTFAed. They intentionally used unpatched browser versions to maximize infections. That's really sucktacular of them. They should have at least included a fully updated XP SP2 IE in its default "secured by Microsoft" state, as an experimental control.
Exactly what tricks are those sites using, that they still infect a supposedly locked-down and updated IE6? Or conversely, what vulnerable IE setting did the researchers fail to fix?
Seriously, what is really going on there at the html level?
Since I don't see any replies with hard science yet, guess I'll give it a go. This "method of altering silicon" appears to be just a combination of multiple already-extant technologies:
Then my statement is probably true, because that was exactly the case. A few of the past 400 millennia had temperatures 2-3 C higher than the latest one, and during those times CO2 levels were around 300 ppm (compared to about 275 ppm from 1000-1800 AD).
Thanks to man-made emissions, CO2 is now 380 ppm and rising fast. The parameters of normal variation no longer apply.
You ignore that the industrial age has pushed CO2 levels way Way WAY beyond anything seen in the past 400000+ years, and that CO2 correlates very well with temperature over the same timeframe. Natural variation is one thing, but these huge man-made changes worry the $#!+ out of folks like me.
Think about the disturbingly large percentage of "undecided" voters who thought that Bush supported gun control, or Kerry wanted lower taxes, or many many other examples.
Would it be fair if I chopped off your head for making a bad analogy? Signs point to yes.
If a company wants to have an internet presence it has to be searchable by GoogleGuess what? The standard Google search (web pages) and Google News are two separate systems, with independent opt-out mechanisms. So your site can remain searchable without participating in Google News.
If you are actually whining "I want my articles to get links in Google News, but I don't want them to use any specific words or phrases from my site" then you're being a psychotic dork.
Why is this so difficult for so many people to figure out? Microsoft doesn't want to play favorites in the x86 war. They don't want to say either "x86-64" or "EMT64" and offend the other chipmaker, so they just call it generic "x64". It's obvious.
Freescale's e600 dualcore G4 has been "in the pipeline" for the past 2 years with no sign of pouring out. On paper it should compare quite favorably to Yonah ... if it ever ships. Yonah has a slight advantage in that department.