What if my magic box just said anyone other than me was
Your magic box is infringing upon some number of our patents. Please report to court on Tuesday - you are permitted to supply some amount of lube as you deem necessary.
The only better advice I could offer than the above is: never follow legal advice on Slashdot
I agree completely.
IANAL, but my foolproof Slashdot legal advice for today:
Always take the opposite of any action suggested in legal advice on Slashdot. If you aren't careful, you might inadvertently mirror a Slashdot legal suggestion. Behavior in the case of multiple conflicting suggestions (though this will probably never, ever happen) is implementation dependent.
People that can calmly explain that they no longer feel like living, have held that stance for some adequate length of time, etc. are clearly not irrational and don't need 'help'. And yet euthanasia remains illegal most everywhere, and in any place that it is (that I'm aware of) it's limited to the terminally ill. Go take a look at some stats for botched suicides (as in the ones intended to actually work) - it's unfortunate (and messy).
Who knows? Maybe one day it will even make sense for me. But it certainly would not be the emotional, sissy-tears, wrist slashing bullshit. Suicide isn't some kind of mental disorder. Some of us can rationally say "Not an option yet since X, Y, and Z close relations would be harmed", or later, "Okay, the will is done - now for DBAN in each computer."
As for the webcam bit... Yeah - that's EXACTLY what the world needs right now. Another media crusade.
A few years ago...I never thought I'd use GNOME, what with its child-proofing mentality. But now its the only choice that's both functional and actually supported.
(Functional is a relative term. The release that shipped with Intrepid has entirely broken session management, which is a regression from even the ancient releases)
The world is so fucked up right now as far as censorship and snooping. We need encryption, everywhere, right now.
Tier 1: "httpe" that acts similar to SSH - big warning on key changes. Known key can be included in html links even from untrusted sites (such as from a google search results page) for a cautionary warning with no loss of security. No prompt for a new site. Prompt if it changes. Prompt if a link gives a 'known' key different from the given one.
Very easy to gradually deploy.
Tier 2: Well-known certs for the root nameservers. Stick self-signed cert in DNS records. Sign DNS responses. Imposes a chain of trust type requirement on lesser nameservers.
Tier 3: The fancier certs being passed around these days which are supposedly hyper deluxe verified. Actual monetary cost involved here. Determine a magic solution to make at least a few of the CAs trustworthy.
Apparently, many think it's okay to show 95 percent of a female's breast as long as her spawn is attached to it. If you show the same amount of skin with no kid, it's said to be indecent. If you happen to whip yours out during, say Superbowl halftime (while covering that five percent with some decoration), concerned mothers everywhere (with kidlets sucking on their tits no doubt) bitch to the FCC for the shocking and unholy exposure of most of a breast in public. Mmmk...
People need to crawl out from behind their crosses for a moment and consider what ridiculous and contradictory standards they're promoting. If Facebook says "no titties," then quit posting pics of them and acting surprised when the banhammer comes down. That's their decision. If you don't like this policy, then sure, protest. But protest to allow breasts in full view, with no qualifiers. Male breasts, female breasts, kid or no kid. Facebook's policy (and many others) are currently set to 'sexist,' and these dipshits think it's a good idea to change that to 'sexist with an exception for my baby, because he's so CUTE!!1'
Some of these groups are just so fucking LOUD. Damn. Maybe Slashdot users should start taking hormone injections, perhaps this special post-baby balance would be conductive to USEFUL change. I'm sure DRM would be banned via constitutional amendment by the end of the week.
Disclaimer: I happen to like breasts - a lot, in fact.
Let's not forget that, if a big important router was compromised (such as the one in charge of the carrier pigeon link between Downunderland and the rest of the world), the same things could be done.
These aren't new problems introduced purely by a porno filter. These are problems introduced by lack of encryption and made easier by insecure porno filters.
If they try to MITM a TLS connection, certificate warnings will pop up. As is supposed to be guaranteed. All the bullshit lately should go a long way to convince people that YES, we need widespread encryption NOW.
I stand by previous statements that Firefox's multi-click certificate override is the Right Thing. But more and more, I'm beginning to think we need an 'httpe' as some people suggested which operates on SSH's "ohhh shits teh key changed!!" model. Push it out in the new Firefox and WebKit. Have a nice, plain-language warning on first visit and a big scary multi-click override when the key changes. And here's something new... Define a means by which a link, such as from a secure Google search results page, can include the expected key. No need for a warning - you now have a key for that domain if expected agrees with what you get. The reason is simple - big brother can't see your conversation with Google or some other secure/pseudo-trusted authority, but they CAN try to MITM you with a key other than the expected one. Google can lie about the expected key, but you'd get a different one (either the real one or one from aussieland's gov). If either party could do BOTH you'd be screwed anyway, because Google's certs would at that point mean jack shit.
Yeah. That's right. Who gives a flying fuck if files get deleted? Because everyone backups nightly to tape and properly labels them before permanent storage. Or not.
You can argue that there's significant overlap between the people with malware and the people that lose stuff to hard drive failure. But when's the last time that a widespread virus _deleted everything_ for the hell of it? It's a business now! The last intentionally destructive one I heard of held documents _for ransom_ instead. The goal is to hide or at least blend in, for as long as possible, to make a profit by some means.
I should have said 'read/write access'. The tricky bit is when information gets _leaked_, you see. Then the attacker has _important_ passwords (think firefox profile) and confidential information. Your bank account is compromised and you just wiped your ass with whatever accountability requirements your organization is held to.
You don't need superuser to send spam, either.
If that's still too much for you, then in short, non-root compromises are a BIG FUCKING DEAL.
Security as it stands is total bullshit because any "unprivileged" executable can easily take you from behind _without you ever knowing_. Privilege escalation is merely a means to do the SAME THING but sneakier, or across more accounts. Remote exploits aim to do the SAME THING. Rub some braincells together and think about this. The current security model protects users from users. You (the user) can and will get fucked over, but things have been designed so that doesn't affect anyone else. This was adequate - at the time.
Apps are not their users. Apps should not run under the user's account. Opening a document is to be done via a privileged (as in "running as the user") daemon which displays a file-open dialog and maps the selected file(s) into the app's sandbox.
You _do_ realize that this grants write access to all your priceless documents in ~ The UNIX security model (as with Windows) doesn't give a shit about protecting _users_, just the system. A terribly dated and broken concept.
I love my G1. I thankfully got one that shipped with the earlier mega-bugged software revision and have held on to root access.
Only certain people are trying to lock you out. Set a few build parameters, extract a few blobs from the handset, and you suddenly have a Dream-compatible Android build. For those that have root, modified recovery partitions are readily available which allow you to flash your own modified update packages. However, I compiled my own with a few changes - I don't like the idea of everyone having the private key (the test keys) that are trusted by my phone.
We don't want an arms race of phone lock down here. People need to quit bitching about code signing - it's a _good_ thing. People _want_ their updates to be signed by t-mobile as opposed to provided with a wink by...whoever is running the wifi network / tower they're using...
There should be a low level means to reflash these things over USB. Recovery partition and app still needed - the update packages contain scripts and deltas and all sorts. I want a well-defined means to throw an image at the device and in the process change the allowed keys to something other than the carrier.
Yes, that's a phone specific, non android thing. But don't be surprised if it's there anyway. It's not terribly uncommon to manufacture a device with (mostly) blank chips and flash them through some interface on the device, external or otherwise. It's cheaper. Easier to roll out new revisions. Etc.
Methinks some work should be done ripping apart the proprietary bootloaders as these things roll out. It's probably the best way to safe root access on (some) devices.
Slashdot Mirror
Apparently the semantic meaning of eleventeen levels of nested div tags is lost on you.
Uhuh. Linux users are essentially the paraplegics of the OS world. Nice try, troll!
A Linux user might need a wheelchair, but it's probably because he sawed his legs off due to patent concerns over the relevant genes.
What if my magic box just said anyone other than me was
Your magic box is infringing upon some number of our patents. Please report to court on Tuesday - you are permitted to supply some amount of lube as you deem necessary.
Signed,
The RIAA
The only better advice I could offer than the above is: never follow legal advice on Slashdot
I agree completely.
IANAL, but my foolproof Slashdot legal advice for today:
Always take the opposite of any action suggested in legal advice on Slashdot. If you aren't careful, you might inadvertently mirror a Slashdot legal suggestion. Behavior in the case of multiple conflicting suggestions (though this will probably never, ever happen) is implementation dependent.
It's the borderline people that need help.
People that can calmly explain that they no longer feel like living, have held that stance for some adequate length of time, etc. are clearly not irrational and don't need 'help'. And yet euthanasia remains illegal most everywhere, and in any place that it is (that I'm aware of) it's limited to the terminally ill. Go take a look at some stats for botched suicides (as in the ones intended to actually work) - it's unfortunate (and messy).
Who knows? Maybe one day it will even make sense for me. But it certainly would not be the emotional, sissy-tears, wrist slashing bullshit.
Suicide isn't some kind of mental disorder. Some of us can rationally say "Not an option yet since X, Y, and Z close relations would be harmed", or later, "Okay, the will is done - now for DBAN in each computer."
As for the webcam bit...
Yeah - that's EXACTLY what the world needs right now. Another media crusade.
Shaman's have Ancestral Spirit and Reincarnation actually.
If you're looking for Resurrection, it's Priest.
The priest spell has a reagent requirement too since patch 3.0.2 - KY and an altar boy IIRC.
If only the Romans had known how to spawn-camp properly...
I am shocked that I still have OEM knees at this point in my life.
I hear RMAs are a bitch with the guy upstairs
A few years ago...I never thought I'd use GNOME, what with its child-proofing mentality.
But now its the only choice that's both functional and actually supported.
(Functional is a relative term. The release that shipped with Intrepid has entirely broken session management, which is a regression from even the ancient releases)
Need a two tiered system.
The world is so fucked up right now as far as censorship and snooping. We need encryption, everywhere, right now.
Tier 1:
"httpe" that acts similar to SSH - big warning on key changes. Known key can be included in html links even from untrusted sites (such as from a google search results page) for a cautionary warning with no loss of security. No prompt for a new site. Prompt if it changes. Prompt if a link gives a 'known' key different from the given one.
Very easy to gradually deploy.
Tier 2:
Well-known certs for the root nameservers. Stick self-signed cert in DNS records. Sign DNS responses. Imposes a chain of trust type requirement on lesser nameservers.
Tier 3:
The fancier certs being passed around these days which are supposedly hyper deluxe verified. Actual monetary cost involved here. Determine a magic solution to make at least a few of the CAs trustworthy.
I believe StartCom and probably the other free providers do something like this. StartCom is in Firefox by default, by the way.
Apparently "CS Degree" has become keyword for "Tradeschool" these days. Fucking disgusting.
I see it as an all-or-nothing deal.
Apparently, many think it's okay to show 95 percent of a female's breast as long as her spawn is attached to it. If you show the same amount of skin with no kid, it's said to be indecent. If you happen to whip yours out during, say Superbowl halftime (while covering that five percent with some decoration), concerned mothers everywhere (with kidlets sucking on their tits no doubt) bitch to the FCC for the shocking and unholy exposure of most of a breast in public.
Mmmk...
People need to crawl out from behind their crosses for a moment and consider what ridiculous and contradictory standards they're promoting. If Facebook says "no titties," then quit posting pics of them and acting surprised when the banhammer comes down. That's their decision. If you don't like this policy, then sure, protest. But protest to allow breasts in full view, with no qualifiers. Male breasts, female breasts, kid or no kid. Facebook's policy (and many others) are currently set to 'sexist,' and these dipshits think it's a good idea to change that to 'sexist with an exception for my baby, because he's so CUTE!!1'
Some of these groups are just so fucking LOUD. Damn. Maybe Slashdot users should start taking hormone injections, perhaps this special post-baby balance would be conductive to USEFUL change. I'm sure DRM would be banned via constitutional amendment by the end of the week.
Disclaimer:
I happen to like breasts - a lot, in fact.
wink wink
59% minority
Wow! I knew US math education was bad, but...
Let's not forget that, if a big important router was compromised (such as the one in charge of the carrier pigeon link between Downunderland and the rest of the world), the same things could be done.
These aren't new problems introduced purely by a porno filter. These are problems introduced by lack of encryption and made easier by insecure porno filters.
If they try to MITM a TLS connection, certificate warnings will pop up. As is supposed to be guaranteed. All the bullshit lately should go a long way to convince people that YES, we need widespread encryption NOW.
I stand by previous statements that Firefox's multi-click certificate override is the Right Thing. But more and more, I'm beginning to think we need an 'httpe' as some people suggested which operates on SSH's "ohhh shits teh key changed!!" model. Push it out in the new Firefox and WebKit. Have a nice, plain-language warning on first visit and a big scary multi-click override when the key changes. And here's something new...
Define a means by which a link, such as from a secure Google search results page, can include the expected key. No need for a warning - you now have a key for that domain if expected agrees with what you get. The reason is simple - big brother can't see your conversation with Google or some other secure/pseudo-trusted authority, but they CAN try to MITM you with a key other than the expected one. Google can lie about the expected key, but you'd get a different one (either the real one or one from aussieland's gov). If either party could do BOTH you'd be screwed anyway, because Google's certs would at that point mean jack shit.
But that's _is_ what the story title says on my machine!
--Randy in Australia
Picture an I'm a Mac/I'm a PC commercial as they typically start!
Richard Stallman shouts from offstage, "I'm linux, and I'm freee free FREEEE"
He the proceeds to prance naked around stage throwing rose petals to the ground as the other two are stricken with a deep terror.
Freeeee! Free freeeeee!
Yeah. That's right. Who gives a flying fuck if files get deleted? Because everyone backups nightly to tape and properly labels them before permanent storage. Or not.
You can argue that there's significant overlap between the people with malware and the people that lose stuff to hard drive failure. But when's the last time that a widespread virus _deleted everything_ for the hell of it? It's a business now! The last intentionally destructive one I heard of held documents _for ransom_ instead. The goal is to hide or at least blend in, for as long as possible, to make a profit by some means.
I should have said 'read/write access'. The tricky bit is when information gets _leaked_, you see. Then the attacker has _important_ passwords (think firefox profile) and confidential information. Your bank account is compromised and you just wiped your ass with whatever accountability requirements your organization is held to.
You don't need superuser to send spam, either.
If that's still too much for you, then in short, non-root compromises are a BIG FUCKING DEAL.
Security as it stands is total bullshit because any "unprivileged" executable can easily take you from behind _without you ever knowing_. Privilege escalation is merely a means to do the SAME THING but sneakier, or across more accounts. Remote exploits aim to do the SAME THING. Rub some braincells together and think about this. The current security model protects users from users. You (the user) can and will get fucked over, but things have been designed so that doesn't affect anyone else. This was adequate - at the time.
Apps are not their users. Apps should not run under the user's account. Opening a document is to be done via a privileged (as in "running as the user") daemon which displays a file-open dialog and maps the selected file(s) into the app's sandbox.
Are you...running malware in WINE for fun?
You _do_ realize that this grants write access to all your priceless documents in ~
The UNIX security model (as with Windows) doesn't give a shit about protecting _users_, just the system. A terribly dated and broken concept.
I'd put a notice at the top of the file. "This naughty image is only compatible with the following versions of Windows: ..."
I'm sure many victims would kindly downgrade as needed to make my exploit work.
I'm beginning to see tangible benefits to these new requirements...
That'd be awesome
I say it and it is so.
HTC bootloader was dumped just the other day. Imagine that. I expect interesting news in the near future.
http://forum.xda-developers.com/showthread.php?t=454665
I love my G1. I thankfully got one that shipped with the earlier mega-bugged software revision and have held on to root access.
Only certain people are trying to lock you out. Set a few build parameters, extract a few blobs from the handset, and you suddenly have a Dream-compatible Android build. For those that have root, modified recovery partitions are readily available which allow you to flash your own modified update packages. However, I compiled my own with a few changes - I don't like the idea of everyone having the private key (the test keys) that are trusted by my phone.
We don't want an arms race of phone lock down here. People need to quit bitching about code signing - it's a _good_ thing. People _want_ their updates to be signed by t-mobile as opposed to provided with a wink by...whoever is running the wifi network / tower they're using...
There should be a low level means to reflash these things over USB. Recovery partition and app still needed - the update packages contain scripts and deltas and all sorts. I want a well-defined means to throw an image at the device and in the process change the allowed keys to something other than the carrier.
Yes, that's a phone specific, non android thing. But don't be surprised if it's there anyway. It's not terribly uncommon to manufacture a device with (mostly) blank chips and flash them through some interface on the device, external or otherwise. It's cheaper. Easier to roll out new revisions. Etc.
Methinks some work should be done ripping apart the proprietary bootloaders as these things roll out. It's probably the best way to safe root access on (some) devices.