Increasing atmospheric greenhouse gas concentration puts more people at risk than nuclear meltdowns do. It's not like we have some magical technology that will make all the problems with energy production go away.
Perhaps Mozilla could give you the option to set the default search engine when you install it.
Assuming the Windows of Firefox:
you can use the Client Customization Kit to build your own custom Firefox installer that ships with your preferred settings;
you can edit chrome\en-GB.jar\locale\browser-region\region.properties and replace "Google" with "Yahoo.co.uk" in the "browser.search.defaultenginename" line (localize as necessary);
you can delete searchplugins\google.xml, and Firefox will default to the next-highest-priority search engine for your locale (probably Yahoo); and finally
you can just click on the search bar and select which search engine you want.
You're looking for fault in something that works perfectly fine.
This goes against the grain of courts hearing from two sides of an issue before making a decision, and is normally used only under exceptional circumstances.
Fixed that for you. There are often more "sides" of an issue than those which are brought before the court.
I've had enough smokers stand upwind, throw cigarette butts everywhere, walk around stinking like a smokestack, etc., that I just don't care if smokers are inconvenienced once in a while too.
Just to let you know where I stand on Iraq. This is a war we never should have fought. We shouldn't have gotten involved, and I said that at the beginning. However, we are there now, and for better or worse, we are now responsible for Iraq's well-being. Therefore IMO, the only acceptable discussion now is how we help the Iraqis to emerge from their civil war. While we as a country made a mistake, it would be an even bigger one to leave simply because the cost of staying in American lives is too high.
THANK YOU for being sane. I find it terribly surprising (and infuriating) how rare this view seems to be online.
The only benefit that could possibly be derived by publishing algorithms and/or code for Windows security would be if (a) changes proposed would be implemented quickly and (b) everyone planet-wide upgraded.
No. I am going to implement some fairly important software next week that would have strongly relied on CryptRandGen. It will run on Windows 2000, among other things.
Because of this paper, we know the extent of the vulnerability ("trust us, it's broken, but we won't say how" isn't enough to figure out how much time to budget for fixing it), and my software will rely only weakly on CryptRandGen, or possibly not at all.
The abstract made me think that this was akin to the sequence number prediction problems in older TCP implementations, but it doesn't seem that this provides much opportunity for a remote attack.
That's because you're not creative enough, which is fine (most of us aren't), but don't assume that your lack of creativity translates into difficulty of attack.
All you'd have to do is to buffer-overflow some SSL server, capture the state of the RNG, then perform O(1) operations to figure out what session keys will be for future SSL connections, and/or perform 2^23 operations to figure out what _previous_ session keys were (before you compromised the machine). What this means is that you can wait until _after_ some high-value transaction has occurred (which you can figure out via traffic analysis or by watching the guy in the next cube log into his bank account) to execute an attack, then recover the keys used for that transaction.
And a Diffie-Hellman key exchange won't help you. If you have g^x and g^y (which are transmitted in the clear), all you need is to guess either x or y to compromise the key exchange.
No. Read the paper, which states, inter alia (yes, I just learned that phrase this week):
We analyze the way in which the operating system uses the WRNG and note that a different
copy of the WRNG is run, in user-mode, for every process, and that typical invocations
of the WRNG are seldom refreshed with additional entropy. Therefore, the backward and
forward security attacks, which only work while there is no entropy based rekeying, are highly
effective. Furthermore, we also found that part of the state of the generator is initialized with
values that are rather predictable.
Provincial enforcement of federal statutes? Because that's what copyright is, in Canada.
Copyright is a federal statute in Canada, which means that provincial legislatures don't have the power to change that statute. It doesn't affect the police; the Criminal Code is also a federal statute, and yet provincial and municipal police investigate murders (indictable offences) and shoplifting (summary offences) all the time.
Generally, a police officer with jurisdiction in some area of Canada can exercise his powers to enforce any law that governs that area. Of course, the Calgary city police generally aren't going to allocate their resources to investigating crime in Edmonton, for example, but if they do, it might even be considered wilful obstruction of a peace officer for the Edmonton police to interfere.
There are lots of crummy ones, it's true, but it's not like it's hard to find a really good PHP coder when you need one.
On the other hand, you don't need a "really good" Python developer, because Python (unlike PHP) doesn't make it exceedingly easy to write buggy code that looks like good code.
Violent fantasies do not reduce anger. "Venting" does not reduce anger. They both just increase it. You don't realize that they increase anger when you do it, because anger without a solution feels bad, and dominance and/or validation from others feels good. The good feeling you get after violent fantasies or from venting is not the antithesis of the original anger you felt, though- it's a reward for your anger. This can be good, if you were doing strategy 4 and, because of your increased anger, are ready to go to strategies 1 or 2. But if that's not the transition in strategies that's going to take place, then there's no benefit.
Slashdot Mirror
Or sign your releases, like Debian does (not per-package signing, like RPM-based distros usually do).
Also, this.
:(){Is that supposed to use up all the available process IDs?
Unless you're writing code in PHP. Then you learn the opposite. :(
Increasing atmospheric greenhouse gas concentration puts more people at risk than nuclear meltdowns do. It's not like we have some magical technology that will make all the problems with energy production go away.
Oh, and I forgot the obvious one: Firefox is free software. You can just fork it if none of the above options are good enough for you.
Assuming the Windows of Firefox:
You're looking for fault in something that works perfectly fine.
Fixed that for you. There are often more "sides" of an issue than those which are brought before the court.
Basically, no. Not enough to cause anyone any problems.
Cause I've been bothered by drunk people before and I think it should be a pain in the ass for everyone to buy alcohol.I could live with that.
I've had enough smokers stand upwind, throw cigarette butts everywhere, walk around stinking like a smokestack, etc., that I just don't care if smokers are inconvenienced once in a while too.
THANK YOU for being sane. I find it terribly surprising (and infuriating) how rare this view seems to be online.
According to the paper, CryptRandGen won't actually use the output from your digital camera very often.
No text.
The only benefit that could possibly be derived by publishing algorithms and/or code for Windows security would be if (a) changes proposed would be implemented quickly and (b) everyone planet-wide upgraded.
No. I am going to implement some fairly important software next week that would have strongly relied on CryptRandGen. It will run on Windows 2000, among other things.
Because of this paper, we know the extent of the vulnerability ("trust us, it's broken, but we won't say how" isn't enough to figure out how much time to budget for fixing it), and my software will rely only weakly on CryptRandGen, or possibly not at all.
That's because you're not creative enough, which is fine (most of us aren't), but don't assume that your lack of creativity translates into difficulty of attack.
All you'd have to do is to buffer-overflow some SSL server, capture the state of the RNG, then perform O(1) operations to figure out what session keys will be for future SSL connections, and/or perform 2^23 operations to figure out what _previous_ session keys were (before you compromised the machine). What this means is that you can wait until _after_ some high-value transaction has occurred (which you can figure out via traffic analysis or by watching the guy in the next cube log into his bank account) to execute an attack, then recover the keys used for that transaction.
And a Diffie-Hellman key exchange won't help you. If you have g^x and g^y (which are transmitted in the clear), all you need is to guess either x or y to compromise the key exchange.
Be careful. Lots of "white noise generators" are just pseudorandom generators with small state registers.
If somebody reads your RNG state today via /dev/kmem, you don't want them to know what its output was an hour ago, or what it will be in an hour.
IIRC, Copyright infringement can carry civil or criminal penalties, though maybe I'm confusing Canadian law with pre-DMCA U.S. law.
Copyright is a federal statute in Canada, which means that provincial legislatures don't have the power to change that statute. It doesn't affect the police; the Criminal Code is also a federal statute, and yet provincial and municipal police investigate murders (indictable offences) and shoplifting (summary offences) all the time.
Generally, a police officer with jurisdiction in some area of Canada can exercise his powers to enforce any law that governs that area. Of course, the Calgary city police generally aren't going to allocate their resources to investigating crime in Edmonton, for example, but if they do, it might even be considered wilful obstruction of a peace officer for the Edmonton police to interfere.
Why? If you were going to do something illegal, you'd do it before you put in your notice.
250K should be enough for anyone.
On the other hand, you don't need a "really good" Python developer, because Python (unlike PHP) doesn't make it exceedingly easy to write buggy code that looks like good code.
References? Evidence?