The companies that were producing these disks just dropped the logo, going under the assumtion that if is was the same size as a CD and had a shiny bottom, that people would put it in thier CD players, and people did just that.
To most people a CD is defined as "something that is about 5 inches across and has a shiny bottom. If I put it in my computer something happens."
As a matter of fact, that pretty much is the definition of a Compact Disc(c). Compact Disk does include such things as discs with SecuROM and other DRM. But for the most part the standard is only what the disc is physically, not what's on it. The main reason people stopped with the Compact Disc(c) logo, is they had to shovel off a couple pennies to Sony each time they printed it, and that wasn't worth it.
Terrorism is only solved when you solve the underlying problem, e.g., typically a bad relationship between two cultures or groups. If we actually worked productively on our relationship with the middle east instead of being hypocrites and supporting terrorism ourselves we are practically begging to be struck again.
To throw out a few hypothetical questions... but what if you're right? What if the ETA is wrong in it's fighting? What if the (P)IRA is wrong in it's fighting? What if Al Qaeda is wrong? Why would you appease someone who is wrong? To quote Winston Churchill "There is no greater mistake than to suppose that platitudes, smooth words, and timid policies offer a path to safety."
To be honest, I only consider Al-Qaeda a terrorist group from that list. A terrorist group strikes fear into all people, not just governments. And does this by targeting civilians, Al-Qaeda is the only one that fits this from my list. Terrorism in this form is ALWAYS wrong. You cannot appease it, you cannot ration with it, it IS a wrong ideology. And it IS WRONG to submit yourself to a wrong ideology, which you inherently do when you by appeasement, you put yourself on their level. This kind of war can only be one by one of two things, you must either convince them they are wrong, or you must get rid of them. The first is hard, and sometimes impossible, the second is sometimes as hard as the first. Although I agree that National ID cards are not the way to go, I think your philosophy to deal with the situation to be flawed at best.
What's more, this is not new [wikipedia.org]. All that's new is that it's both in the wild (Blue Pill does the same thing), and that it's a rootkit (MBR Viruses have been around for a very long time now). If someone was trying to apply for a patent, you'd be jumping all over them with prior art...
Actually Blue Pill is much more interesting then this. Blue Pill can actually trap a running instance of an OS inside a rootkit. The one from the article requires a reboot, and hoping you didn't detect it before then. Blue Pill can also be used to attack any operating system, the one from the article only works with systems that use NTLDR.
I can't stand having a TON of codecs in a million installers on my computer. I'm very happy with VLC:D
Well.... you still have a bunch of codecs(codec stands for Compressor-Decompressor) on your computer, but they can only be used with VLC. I'd rather take K-Lite where i can use them with some other players as well.
I'm surprised the bluetooth cracking didn't make this list. There's just something about being able to hijack bluetooth devices, or even say sniff out bluetooth keyboards for remote keylogging that just seems cool to me.
You might note that only a couple browsers completely pass it. Officially released web browsers that pass there is only Konqueror, Safari 2.02; firefox does not make the list. So ~97% of all browsers don't pass it.
Your analogy is flawed. This is more like having to tell where the spare key is. The safe by law can be cracked. Cracking the encryption is the same thing as cracking the safe. If you had an uncrackable safe, it would follow the same thing.
It also paves the way for replacing JavaScript with a secure programming language. No security would be obtained if an insecure language can be mixed with a secure language...
No more document.write. No more in-page event handlers. No more javascript: urls. First off, why don't you have the browser sandbox things if it wants to? Creating a new language doesn't seems like a good approach to me. Second, no more in-page event handlers? Seriously, they're the quickest and easiest way to handle some things, why would you get rid of them?(Let the browser sandbox if you want, you can always modify your js settings if you want to as well)
The only character encoding permitted in HTML 5 is UTF-8. Yet again, i see no reason as to why to not let the browser do what it wants and keep UTF-8 as default, and the others deprecated.
That's just my opinion, of course I'm also a fan of an interpreted binary file for web pages. I also think that most of the security should be done at a browser level, sand boxing the developer isn't the way to go for security. All in all i really don't see too much interesting in his proposition, modules are maybe the only thing of value in his proposal, but that kind of behavior can already be emulated by javascript with DIV blocks or parent/child windows.
failed to work properly against Internet Explorer 6/7 or Safari 3 Beta
Interestingly enough it seems that MetaSploit has already found a way to break IE6/7 and Safari 3 Beta. A little bit of the comments in their source:
# Calling Quicktime via URL kicks in an Extra Exception Handler,
# of which we have no control over.
# By making the buffer larger than the original exploit, we can overwrite
# the last exception handler, and regain control over execution.
# This is indeed an evil exploit - muhaha.
IE will crash? And Firefox won't, but quicktime will? I think that's what I would prefer. It's not Firefox's responsibility to secure all external programs on the computer.
Simply put... NO. IE will not crash, the plug-in however will be unloaded for that instance. This isn't just about crashing the browser either, its a buffer overflow error and the article implies you can send some payload to the machine to be executed. But unless your running FF as root that really shouldn't be a big a problem.
And the fact it uses a BSD like kernel which is way more stable then any NT kernel, and it has true permissions that are horribly emulated in UAC of Vista, so misbehaving applications can't install tons of spyware and the like.
I'm assuming you've never even looked into the NT kernel. The original design is by far one of the best kernel designs I've ever looked at. NT was horribly crippled by Microsoft when it came to the desktop. NT has real permissions, but something else Microsoft decided to dumb down at is was shifted over to the desktop. No matter how you slice it, Mac IS more stable then windows BECAUSE the drivers are written in house. The BSD kernel is nice, but it alone doesn't make Mac inherently better then NT. I've had the kernel PANIC on a Mac before, they're not invulnerable. But I cannot think of a time which I have had either system PANIC/BSOD (Mac OSX and XP) for anything other then a third-party driver.
So back to the article... Since when are forum posts a legitimate article that should be posted on/. ? I'm sure if you scour the Mac forums long enough you'll run into a post where someone claims his Mac ate his cat because it was bothered by it playing with the mouse.
No load? Please do visit a european country on new years eve, basically all service is out between 23.30-01.00 Just because of the "no load" sms.
I would be very surprised if it was out because of texting alone. Just two seconds of thinking tells you that a plain text message, usually less then 255 characters is a much smaller payload then any voice conversation. If it is the SMS however, its not the payload of the messages that is hurting the system its the constant hammering of the tower by very small messages, much like how bittorrent can freak out routers, not because of a high payload, but because of excessive connections that the tower just plain cannot handle. A cell phone tower can only handle a certain number of simultaneous connections, if you just get enough people with powered on cell phones you can knock out a tower, I've seen this for events in small towns where the number of people is multiple times what it normally is.
Basically what it comes down to is how they are used. If you can't subdue someone any other way then it obviously isn't torture. If you believe it's the only way to subdue someone without causing serious harm to an officer, bystandards or themselves, then it doesn't constitute as torture. If someone is caught j-walking and the police immediately pull out a taser and zaps him, following it up with a few more zaps as he asks "what the hell was that for?" then you could consider that torture. But trying to say that all taser incidents are obvious forms of torture is crazy since they cause no significant/life-threatening/terminal harm to someone who is in good physical shape and if used in the correct instances. Just because something isn't a magical way of fixing a problem you have doesn't mean it isn't a better way to handle it. If used correctly tasers are some of the most useful tools at the disposal of law enforcement. Anything can be used incorrectly, and in a way that would constitute it as torture, for example; beating the shit out of someone with a nightstick when they had started to follow your orders after the first hit. Tasers are no more inherently a device of torture then anything else.
How do you know that the security auditors identified the vulnerability by looking at the source? I think it's completely possible this was done by fuzzing, just as a lot of the proprietary MP3 codec vulnerabilities have been found.
IMO this potential exploit is useless unless you're doing something with a JET database that you shouldn't be anyways. JET doesn't have database transactions, sure if you want to you can write them in at the application level but that's incredibly costly. If you're allowing people you don't trust to access a JET database something is wrong. JET will screw up if two users try to modify it at the same time, so why would someone you don't trust be using it, they could just as easily cost you enough damage by just modifying the DB while you are. SQL is used for that sort of thing, NOT JET.
When I try to explain the benefits of Nuclear power to some of my friends, many come back with the (rather cliché) horror stories of Three Mile Island and of course Chernobyl.
The thing I find interesting about using this as a reason is the question "well how would you do it then?" Obviously the current way isn't working. The death count related to coal burning plants alone, per year, in the US is higher then 3-Mile and Chernobyl combined, including the projected deaths related to the radiation that was leaked due to both problems.
Because of these wear-leveling techniques, and the fact that a modern NAND device can sustain up to one million write cycles, the overall lifetime of an SSD can be decades. So losing capacity due to flash write cycles is probably not an issue.
Anybody know how these really differ from the older counterparts that are in say my Sansa e280? I've already worn out a couple sectors on it in under a year, which annoys the hell out of me. Although that might have just been SanDisk creating a drive that will run out on average the day after the warranty expires.
If it's a windows vista security patch, then 48 days would be unrealistic.
Not to sound like a M$ fanboy or anything, but they're average time to fix is 48 hours. The other 46 days is just how long it takes them to cycle it out. I assume that if you're cooperate or some other important customer it is possible to get the patch faster, but I honestly have no idea.
Last I knew all that achieved was voiding the entire contract unless they initialed all the parts you crossed out. And I assume the old one would still be binding in that case.
I think I can live with that sound, 2600 this quarter has a great hack for goog411 to make free calls. (Technically so people can make free calls to you, but if you and some friends got together and did the hack you could call then from say a pay phone for free and not get a ridiculous collect charge.)
Slashdot Mirror
The companies that were producing these disks just dropped the logo, going under the assumtion that if is was the same size as a CD and had a shiny bottom, that people would put it in thier CD players, and people did just that.
To most people a CD is defined as "something that is about 5 inches across and has a shiny bottom. If I put it in my computer something happens."
As a matter of fact, that pretty much is the definition of a Compact Disc(c). Compact Disk does include such things as discs with SecuROM and other DRM. But for the most part the standard is only what the disc is physically, not what's on it. The main reason people stopped with the Compact Disc(c) logo, is they had to shovel off a couple pennies to Sony each time they printed it, and that wasn't worth it.
Terrorism is only solved when you solve the underlying problem, e.g., typically a bad relationship between two cultures or groups. If we actually worked productively on our relationship with the middle east instead of being hypocrites and supporting terrorism ourselves we are practically begging to be struck again.
To throw out a few hypothetical questions... but what if you're right? What if the ETA is wrong in it's fighting? What if the (P)IRA is wrong in it's fighting? What if Al Qaeda is wrong? Why would you appease someone who is wrong? To quote Winston Churchill "There is no greater mistake than to suppose that platitudes, smooth words, and timid policies offer a path to safety."
To be honest, I only consider Al-Qaeda a terrorist group from that list. A terrorist group strikes fear into all people, not just governments. And does this by targeting civilians, Al-Qaeda is the only one that fits this from my list. Terrorism in this form is ALWAYS wrong. You cannot appease it, you cannot ration with it, it IS a wrong ideology. And it IS WRONG to submit yourself to a wrong ideology, which you inherently do when you by appeasement, you put yourself on their level. This kind of war can only be one by one of two things, you must either convince them they are wrong, or you must get rid of them. The first is hard, and sometimes impossible, the second is sometimes as hard as the first. Although I agree that National ID cards are not the way to go, I think your philosophy to deal with the situation to be flawed at best.
What's more, this is not new [wikipedia.org]. All that's new is that it's both in the wild (Blue Pill does the same thing), and that it's a rootkit (MBR Viruses have been around for a very long time now). If someone was trying to apply for a patent, you'd be jumping all over them with prior art...
Actually Blue Pill is much more interesting then this. Blue Pill can actually trap a running instance of an OS inside a rootkit. The one from the article requires a reboot, and hoping you didn't detect it before then. Blue Pill can also be used to attack any operating system, the one from the article only works with systems that use NTLDR.
I can't stand having a TON of codecs in a million installers on my computer. I'm very happy with VLC :D
Well.... you still have a bunch of codecs(codec stands for Compressor-Decompressor) on your computer, but they can only be used with VLC. I'd rather take K-Lite where i can use them with some other players as well.
I'm surprised the bluetooth cracking didn't make this list. There's just something about being able to hijack bluetooth devices, or even say sniff out bluetooth keyboards for remote keylogging that just seems cool to me.
You might note that only a couple browsers completely pass it. Officially released web browsers that pass there is only Konqueror, Safari 2.02; firefox does not make the list. So ~97% of all browsers don't pass it.
Your analogy is flawed. This is more like having to tell where the spare key is. The safe by law can be cracked. Cracking the encryption is the same thing as cracking the safe. If you had an uncrackable safe, it would follow the same thing.
Well from my quick check Apple isnt even close to dominating the flash MP3 players on Amazon: http://www.amazon.com/gp/bestsellers/electronics/15752081/ref=pd_ts_e_nav
And M$ seems to be doing very well in the HDD based MP3 players on Amazon: http://www.amazon.com/gp/bestsellers/electronics/15752041/ref=pd_ts_e_nav
No more document.write. No more in-page event handlers. No more javascript: urls. First off, why don't you have the browser sandbox things if it wants to? Creating a new language doesn't seems like a good approach to me. Second, no more in-page event handlers? Seriously, they're the quickest and easiest way to handle some things, why would you get rid of them?(Let the browser sandbox if you want, you can always modify your js settings if you want to as well)
The only character encoding permitted in HTML 5 is UTF-8. Yet again, i see no reason as to why to not let the browser do what it wants and keep UTF-8 as default, and the others deprecated.
That's just my opinion, of course I'm also a fan of an interpreted binary file for web pages. I also think that most of the security should be done at a browser level, sand boxing the developer isn't the way to go for security. All in all i really don't see too much interesting in his proposition, modules are maybe the only thing of value in his proposal, but that kind of behavior can already be emulated by javascript with DIV blocks or parent/child windows.
Interestingly enough it seems that MetaSploit has already found a way to break IE6/7 and Safari 3 Beta. A little bit of the comments in their source:
IE will crash? And Firefox won't, but quicktime will? I think that's what I would prefer. It's not Firefox's responsibility to secure all external programs on the computer.
Simply put... NO. IE will not crash, the plug-in however will be unloaded for that instance. This isn't just about crashing the browser either, its a buffer overflow error and the article implies you can send some payload to the machine to be executed. But unless your running FF as root that really shouldn't be a big a problem.
And the fact it uses a BSD like kernel which is way more stable then any NT kernel, and it has true permissions that are horribly emulated in UAC of Vista, so misbehaving applications can't install tons of spyware and the like.
/. ? I'm sure if you scour the Mac forums long enough you'll run into a post where someone claims his Mac ate his cat because it was bothered by it playing with the mouse.
I'm assuming you've never even looked into the NT kernel. The original design is by far one of the best kernel designs I've ever looked at. NT was horribly crippled by Microsoft when it came to the desktop. NT has real permissions, but something else Microsoft decided to dumb down at is was shifted over to the desktop. No matter how you slice it, Mac IS more stable then windows BECAUSE the drivers are written in house. The BSD kernel is nice, but it alone doesn't make Mac inherently better then NT. I've had the kernel PANIC on a Mac before, they're not invulnerable. But I cannot think of a time which I have had either system PANIC/BSOD (Mac OSX and XP) for anything other then a third-party driver.
So back to the article... Since when are forum posts a legitimate article that should be posted on
No load? Please do visit a european country on new years eve, basically all service is out between 23.30-01.00 Just because of the "no load" sms.
I would be very surprised if it was out because of texting alone. Just two seconds of thinking tells you that a plain text message, usually less then 255 characters is a much smaller payload then any voice conversation. If it is the SMS however, its not the payload of the messages that is hurting the system its the constant hammering of the tower by very small messages, much like how bittorrent can freak out routers, not because of a high payload, but because of excessive connections that the tower just plain cannot handle. A cell phone tower can only handle a certain number of simultaneous connections, if you just get enough people with powered on cell phones you can knock out a tower, I've seen this for events in small towns where the number of people is multiple times what it normally is.
Seems weird for a country who's major import is pedophiles. Maybe this is some kind of marketing strategy.
Basically what it comes down to is how they are used. If you can't subdue someone any other way then it obviously isn't torture. If you believe it's the only way to subdue someone without causing serious harm to an officer, bystandards or themselves, then it doesn't constitute as torture. If someone is caught j-walking and the police immediately pull out a taser and zaps him, following it up with a few more zaps as he asks "what the hell was that for?" then you could consider that torture. But trying to say that all taser incidents are obvious forms of torture is crazy since they cause no significant/life-threatening/terminal harm to someone who is in good physical shape and if used in the correct instances. Just because something isn't a magical way of fixing a problem you have doesn't mean it isn't a better way to handle it. If used correctly tasers are some of the most useful tools at the disposal of law enforcement. Anything can be used incorrectly, and in a way that would constitute it as torture, for example; beating the shit out of someone with a nightstick when they had started to follow your orders after the first hit. Tasers are no more inherently a device of torture then anything else.
How do you know that the security auditors identified the vulnerability by looking at the source? I think it's completely possible this was done by fuzzing, just as a lot of the proprietary MP3 codec vulnerabilities have been found.
IMO this potential exploit is useless unless you're doing something with a JET database that you shouldn't be anyways. JET doesn't have database transactions, sure if you want to you can write them in at the application level but that's incredibly costly. If you're allowing people you don't trust to access a JET database something is wrong. JET will screw up if two users try to modify it at the same time, so why would someone you don't trust be using it, they could just as easily cost you enough damage by just modifying the DB while you are. SQL is used for that sort of thing, NOT JET.
When I try to explain the benefits of Nuclear power to some of my friends, many come back with the (rather cliché) horror stories of Three Mile Island and of course Chernobyl.
The thing I find interesting about using this as a reason is the question "well how would you do it then?" Obviously the current way isn't working. The death count related to coal burning plants alone, per year, in the US is higher then 3-Mile and Chernobyl combined, including the projected deaths related to the radiation that was leaked due to both problems.
Because of these wear-leveling techniques, and the fact that a modern NAND device can sustain up to one million write cycles, the overall lifetime of an SSD can be decades. So losing capacity due to flash write cycles is probably not an issue.
Anybody know how these really differ from the older counterparts that are in say my Sansa e280? I've already worn out a couple sectors on it in under a year, which annoys the hell out of me. Although that might have just been SanDisk creating a drive that will run out on average the day after the warranty expires.
Thank you /. automatic grammar checker ;)
If it's a windows vista security patch, then 48 days would be unrealistic.
Not to sound like a M$ fanboy or anything, but they're average time to fix is 48 hours. The other 46 days is just how long it takes them to cycle it out. I assume that if you're cooperate or some other important customer it is possible to get the patch faster, but I honestly have no idea.
Cross out the parts you think are ridiculous.
Sign it.
Last I knew all that achieved was voiding the entire contract unless they initialed all the parts you crossed out. And I assume the old one would still be binding in that case.
I think I can live with that sound, 2600 this quarter has a great hack for goog411 to make free calls. (Technically so people can make free calls to you, but if you and some friends got together and did the hack you could call then from say a pay phone for free and not get a ridiculous collect charge.)
Then after they're:
"...going to fucking bury Microsoft, they've done it before and they'll do it again!"
What is a beta of a beta?
A Microsoft beta