The situation is even worse in other rich countries like Qatar. They have only very few inhabitants in relation to their wealth. About every family has at least one maid from the Philippines and nearly all work is done by Indians. The state pays for nearly everything (being married brings you free land to build on, having a child about $5k/month) and natives get only good jobs in high positions that are well paid and require hardly and work (i.e. being head of the local museum, with an assistant who does all your work).
Yet to keep the entire infrastructure running, many non-national workers are required since there are none or too few native inhabitants who would be willing to perform those duties.
Apart from questioning the entire purpose of semi-randomly choosing exactly 7 new world wonders (civilization and their accomplishments has grown tremendously since 140 BC), what exactly is the point of including many rather new constructions in the list? The Sydney Opera House and Statue of Liberty are indeed quite nice, but can they really be called a world wonder and are they actually comparable to the Colosseum? IMHO there should have been categories to distinguish between important historic sites that have only been built after 140BC and more recent constructions like the Eiffel Tower.
At least the majority of people who spent time and/or money on voting made an informed choice by selecting historically relevant sites instead of voting for something like a cheap knockoff of a medieval castle like Neuschwanstein (some German VIPs, forgot who it was, asked on TV to vote for it), that was built only 120 years ago and has hardly any relevance to modern history apart from looking pretty and attracting tourists.
This is somehow off-topic but I've only seen a few videos of him where he looked a lot heavier and, err, well-nourished in comparison to the image in the Wired article. Did he lose all that weight in prison or was he on a diet before his arrest?
Honestly, you pay a fortune for a drink that's poisoning you, why would you choose one of the companies other products?
Because it won't kill you in moderate amounts. All I said was that if you do have a desire to drink Cola, you might want to avoid that specific product line that's currently being heavily advertised. Whether or not you should consume that stuff at all is an entirely different topic.
Now if I can only stop them pumping chemicals into the meat to get it to absorb water to make it seem bigger than it is, I'll be happy. And don't get me started on the move to replace cocoa butter in chocolate with cheaper fats, and still be able to call it chocolate.
I'm sorry, but I can't really comment on that as those problems appear to be much more common in the US. In my nice little country of 8 million inhabitants I could still visit the cow I'm going to consume and watch it eating grass on the pasture. And when I buy eggs at the supermarket, there's a sheet inside the box with the name and address of the farmer they're from, inviting me to come and have a look at the chickens. I also have yet to see any product that contains HFCS instead of normal sugar cane sweetener.
If anybody's interested: There's currently quite a number of marketing campaigns across of Europe for the new Coca-Cola Zero. According to its Wikipedia's entry, the product can contain sodium benzoate depending on the country where it's sold. If you're cautious and want to be on the safe side, you might want to stick to regular Coca Cola or Diet Coke which appear not to contain this stuff.
I maybe didn't mention it, but I do have the same sentiment you mention in your last paragraph. There's so many things that have not yet been properly studied and are dismissed too easily, and I think that the prevalence of people feeling that kind of radiation might be higher that expected.
It's just that you are on your own when traditional medicine is against you. I doubt that any medical professional would give a diagnosis or attest for that since they have an image to lose. I don't have any formal medical training, but I suppose the way this would be treated is a referral to a psychiatrist due to anxiety disorder, delusional behavior or similar "reasons".
The problem with professional research is that you'd have to find a number of individuals exhibiting this behavior and then try to disprove *every* possible explanation for your research to be taken seriously. For example, not too long ago I read an article about a woman who got a rash whenever she was exposed to WLAN. In this case, you wouldn't only have to check for every kind of physical reason but also involve psycho-neuro-immunology, which itself hasn't been thoroughly researched. You'd also first have to convince a respected institution to spend money on a phenomenon that - according to current knowledge of medicine - can't really happen.
This whole thing seems kinda like Morgellon's disease, which is currently classified as something similar to delusional parasitosis but still has many mysteries left to be solved.
I doubt that a normal physician would want to or be capable of doing a double blind study. Most of them are practicing doctors and have nothing to do with publishing or research. You'd rather have to find a research facility that would be willing to spend their research funds on something like that, as you need staff, time and people to perform this as a scientifically valuable study. I also don't know whether one single person would be enough for this study as it might only be a statistical aberration.
surveillance technology is much more likely to be used during times of "business as usual," and generally not during times when most people are running around screaming for their lives.
That raises another interesting point. According to TFA the tags will require a power source and software that can interact with WLAN.
This means that those chips would be intelligent enough to detect some kind of emergency flag embedded into the normal signal and only then actively communicate with the access points, so that the required information can only be obtained when needed. Also a committee could be created to define rules in which situations this flag would be activated, sign off and publish privacy warnings in advance regarding any scheduled use for maintenance and other non-emergency purposes (like collecting useful traffic flow information) and have general oversight over uses and abuses of the system.
But since such a system could only be used for real emergency situations I guess it would never be implemented. Because, you know, who would ever spend that kind of money for preemptive security measures that would hopefully never be used when you could have detailed data about every individual ready to be automatically profiled for the same price?
Even if the drive appears to be clean, you might want to read out its S.M.A.R.T. status. If this capability was turned on by default, most HDs will show you values like error rate and hours it's been in use. Those are hard, cold facts that - unlike simply suspecting that it's previously been in use - they can't as easily deny.
I wouldn't be surprised if the actual cost to Dell for Windows and Linux is the same.
I've heard this argument so many times on slashdot and never seen any kind of proof. Is there anyone who can prove or disprove this?
Honestly, I doubt that even the most "evil" and anti-competitive licensing deal with Microsoft can force the price per install any lower than $20 for Vista. I also doubt that the crapware revenue per unit sold is any higher than $5, which leads to the (speculative) conclusion that Linux should be $15 cheaper per unit sold or at least equal if you consider the cost for retraining the customer service monkeys.
As for the conspiracy theories that surface in the comments: I guess that many people affected by the problem *do* have a genuine (god, how I hate that word) copy of Windows. If I'm not completely mistaken a valid license is required to receive new virus definitions. So why would anybody in their right mind "pirate" the operating system, which is crucial for many aspects of their daily work and for some people the only viable and/or only option known to exist, and then actually buy an overpriced virus scanner for which many better and cheaper or entirely free options exist - especially when it's highly unlikely that their copy of XP came with a 30 day trial version of Symantec products.
Nice ideas, but IMHO this would be blown way out of proportion and not necessarily the right kind of thing for this occasion. xkcd can have quite complex humor but is also quite pragmatic and simple.
Also, if you don't already know, being afraid of and protecting yourself from velociraptor attacks and playpen balls as sexual innuendo are a common meme at xkcd and on its forum. Simple things like releasing playpen balls and stalking Randall Munroe with velociraptors seem to be the perfect hack considering the general spirit of the comic. In the end, the sophistication doesn't matter if it completely misses the joke and just doesn't feel right for the occasion. There's a right time and place to show off your tech skills, but this one just wasn't.
The article seems to lack any details about the switch, except for the quote in the summary and the information that it's currently in the final planning stage and that a local poultry farmed switched to Oracle on Linux from Tru64 (which was misspelled).
In the end, we have no way to determine whether this move made any sense or was FUD by IBM as some other poster implied. AIX on a cheap x86 cluster? Possibly a bad idea. AIX on their IBM mainframe? Possibly a better choice than Linux.
As much as I love Linux it's - as we all should already know - not always the best choice as it's only one of many tools that must fit the general architecture and requirements.
This clearly looks like one of those great "thinking out of the box" ideas upper management come up with in order to pat themselves on their back (and explain their bonuses with) that - apart from being badly thought out in the first place - also was badly implemented. Sending a mail to every single contact in an address book without giving the user any kind of choice might not be the best way to make friends - although due to obvious reasons I didn't want to try and find out whether there's a confirmation or something who this will be sent to. Any volunteers?
The page in question is formatted to resemble a login gateway page of the various providers (think Microsoft Passport and the like) using the domain part of your email address to decide which provider login to display. Even though I consider myself quite knowledgeable when it comes to security related issues and have done security consulting for various companies, I *might* have fallen for this since it admittedly lowered my suspicions. I doubt Joe Sixpack or even many above-average users would have questioned the purpose of this form.
Worth noting is their elaborate privacy policy and the cute picture of a monkey in their terms of service. Also, the footnote "Flixster does not store this information in any way" seems to have been added after the screen shots in TFA were taken and I could not find any information on how they connect to the email services (i.e. via a cryptographically safe link or plain text via a Win98 proxy server in Nigeria)
First of all, the issue HAS been fixed in PHP5 and above.
Was there ever a proper back-port to PHP4 or proper announcement of this bug? I'm not exactly an expert on PHP internals but I imagine there might be possibilities to remedy this situation if desired.
Secondly, this is NOT a remote code execution vulnerability.
Yep, you kinda got me there. This might be very, very hard to exploit by using other attack vectors like improper input handling or decoding by PHP itself. Although one mustn't forget that this can be an interesting attack vector for an app-based vulnerability (ie remote file inclusion) if PHP is secured semi-properly since using it you *can* execute shell code, even if exec() etc. is normally disabled. I also think that there *might* be ways to trigger the exploitable behavior remotely in *some* PHP scripts.
This fact coupled with the backwords compatibility break is why it's marked WONTFIX, not because of incompetence or misunderstanding.
I think you misread this. I do not call somebody incompetent easily and unnecessarily. The context was "and I even dare to say incompetent handling of reports and fixes". This in my opinion holds true, as the PHP developers appear to have limited understanding of formal and proper incident handling and therefore limited competency on that subject matter.
Stefan Esser has found some interesting yet not too surprising vulnerabilities in PHP. All those scenarios described in the various vulnerability reports are very typical for the development process of PHP and many similar ones have already been found and reported. The same goes for the fact that many of those are simply WONTFIX. A perfect example for the general attitude regarding a remote code execution vulnerability cited here:
Because the PHP developers do not want to fix this anymore because it creates problems for companies providing closed source PHP extensions the only potential workaround is to manually change the size of the reference counter in your own PHP. However if you do so you have to recompile all your PHP extensions and cannot use closed source PHP extensions anymore.
I more and more get the feeling that the PHP developers themselves do not properly understand the vulnerabilities any more, which leads to improper and I even dare to say incompetent handling of reports and fixes (many of which simply get applied somewhere down the road without proper announcement or mentioning anywhere in the CHANGELOG) as well as seemingly ignorance regarding more complex vulns that are just as relevant as the glaringly obvious ones but simply not as mass-exploitable by script kiddies.
And *this* is the big problem that PHP is facing today regarding enterprise support. Maybe Jon Doe's blog installation is not as mass-exploitable by a script kiddie any more as it used to be some years ago, yet Big Company's CMS is still vulnerable to complex attacks by an experienced attacker who might use published attacks that security experts know about, yet end users do not.
I wouldn't be too sure about that. The article mentions that "the dialog is bordered by Vista's own greenish color to signify the file is part of the operating system". Since this dialog will likely pop up frequently with a low chance that the user triggered it unintentionally (i.e. the user knows what he/she is doing) it might actually lower the barrier of clicking "Allow".
Don't forget that even though a user might not consciously notice the color after a lot of usage and especially repetition the brain might subconsciously notice the difference between a red (not as often appearing -> think twice) and green (frequently appearing after normally trusted "system" action -> just click on the damn thing) border and act accordingly.
Didn't Sony already claim that this is not true? As far as I understand it they have no intentions and/or means to prohibit the licensing or sub-licensing of pornography even though they themselves won't press or publish it. Details see here.
I also believe Vivid's claims that the revenue of the porn industry is grossly overestimated. Yet having worked at an adult media shop and reseller I know that even though there might not be that much profit to be made there's a still a damn high volume of discs sold. And this is the important factor in this whole discussion: there might be less market share in terms of profit but higher market share in terms of media sold.
People on various forums suspect that an island would be the way to go. "Only" thing left to do is convince a country to allow them sovereignty, raise the necessary funds and find out how to operate a server farm on a small island without power or water supply as well as lack of Internet connection...
Having recently abandoned its plans for acquiring Sealand, the FreeNation community, along with ThePirateBay.org, the world's largest torrent tracker, is looking to purchase an as-yet-undetermined small island, to eventually become a sovereign nation. The most likely candidate at the moment is Ile de Caille of Grenada. This new country would not employ any intellectual property laws, such as copyrights or trademarks. The official site is located at FreeNationFoundation.org.
It's only partially politically correct. Many prostitutes call themselves hookers with pride but do not like the term being used in derogatory ways.
Then there's also many men and women offering sexual services with high business ethics and highly professional attitude, just-for-fun prostitutes, tantra massage and other intimate services that involve some sexuality for spiritual and emotional reasons as well as parts of the sex industry that perform sexual acts that do not actually involve penetration or similar but focus on phantasy and mental aspects.
Long story short, prostitutes are still prostitutes but as such only a part of the performing sexual industry nowadays called sex workers.
Slashdot Mirror
The situation is even worse in other rich countries like Qatar. They have only very few inhabitants in relation to their wealth. About every family has at least one maid from the Philippines and nearly all work is done by Indians. The state pays for nearly everything (being married brings you free land to build on, having a child about $5k/month) and natives get only good jobs in high positions that are well paid and require hardly and work (i.e. being head of the local museum, with an assistant who does all your work).
Yet to keep the entire infrastructure running, many non-national workers are required since there are none or too few native inhabitants who would be willing to perform those duties.
At least the majority of people who spent time and/or money on voting made an informed choice by selecting historically relevant sites instead of voting for something like a cheap knockoff of a medieval castle like Neuschwanstein (some German VIPs, forgot who it was, asked on TV to vote for it), that was built only 120 years ago and has hardly any relevance to modern history apart from looking pretty and attracting tourists.
My account doesn't work either :/
Did you mean the BlackDog Personal Server?
This is somehow off-topic but I've only seen a few videos of him where he looked a lot heavier and, err, well-nourished in comparison to the image in the Wired article. Did he lose all that weight in prison or was he on a diet before his arrest?
If anybody's interested: There's currently quite a number of marketing campaigns across of Europe for the new Coca-Cola Zero. According to its Wikipedia's entry, the product can contain sodium benzoate depending on the country where it's sold. If you're cautious and want to be on the safe side, you might want to stick to regular Coca Cola or Diet Coke which appear not to contain this stuff.
It's just that you are on your own when traditional medicine is against you. I doubt that any medical professional would give a diagnosis or attest for that since they have an image to lose. I don't have any formal medical training, but I suppose the way this would be treated is a referral to a psychiatrist due to anxiety disorder, delusional behavior or similar "reasons".
The problem with professional research is that you'd have to find a number of individuals exhibiting this behavior and then try to disprove *every* possible explanation for your research to be taken seriously. For example, not too long ago I read an article about a woman who got a rash whenever she was exposed to WLAN. In this case, you wouldn't only have to check for every kind of physical reason but also involve psycho-neuro-immunology, which itself hasn't been thoroughly researched. You'd also first have to convince a respected institution to spend money on a phenomenon that - according to current knowledge of medicine - can't really happen.
This whole thing seems kinda like Morgellon's disease, which is currently classified as something similar to delusional parasitosis but still has many mysteries left to be solved.
That raises another interesting point. According to TFA the tags will require a power source and software that can interact with WLAN.
This means that those chips would be intelligent enough to detect some kind of emergency flag embedded into the normal signal and only then actively communicate with the access points, so that the required information can only be obtained when needed. Also a committee could be created to define rules in which situations this flag would be activated, sign off and publish privacy warnings in advance regarding any scheduled use for maintenance and other non-emergency purposes (like collecting useful traffic flow information) and have general oversight over uses and abuses of the system.
But since such a system could only be used for real emergency situations I guess it would never be implemented. Because, you know, who would ever spend that kind of money for preemptive security measures that would hopefully never be used when you could have detailed data about every individual ready to be automatically profiled for the same price?
Even if the drive appears to be clean, you might want to read out its S.M.A.R.T. status. If this capability was turned on by default, most HDs will show you values like error rate and hours it's been in use. Those are hard, cold facts that - unlike simply suspecting that it's previously been in use - they can't as easily deny.
I've heard this argument so many times on slashdot and never seen any kind of proof. Is there anyone who can prove or disprove this?
Honestly, I doubt that even the most "evil" and anti-competitive licensing deal with Microsoft can force the price per install any lower than $20 for Vista. I also doubt that the crapware revenue per unit sold is any higher than $5, which leads to the (speculative) conclusion that Linux should be $15 cheaper per unit sold or at least equal if you consider the cost for retraining the customer service monkeys.
As for the conspiracy theories that surface in the comments: I guess that many people affected by the problem *do* have a genuine (god, how I hate that word) copy of Windows. If I'm not completely mistaken a valid license is required to receive new virus definitions. So why would anybody in their right mind "pirate" the operating system, which is crucial for many aspects of their daily work and for some people the only viable and/or only option known to exist, and then actually buy an overpriced virus scanner for which many better and cheaper or entirely free options exist - especially when it's highly unlikely that their copy of XP came with a 30 day trial version of Symantec products.
I actually like that one better. If you haven't seen it, it's just as awesome as frustrating.
Also, if you don't already know, being afraid of and protecting yourself from velociraptor attacks and playpen balls as sexual innuendo are a common meme at xkcd and on its forum. Simple things like releasing playpen balls and stalking Randall Munroe with velociraptors seem to be the perfect hack considering the general spirit of the comic. In the end, the sophistication doesn't matter if it completely misses the joke and just doesn't feel right for the occasion. There's a right time and place to show off your tech skills, but this one just wasn't.
In the end, we have no way to determine whether this move made any sense or was FUD by IBM as some other poster implied. AIX on a cheap x86 cluster? Possibly a bad idea. AIX on their IBM mainframe? Possibly a better choice than Linux.
As much as I love Linux it's - as we all should already know - not always the best choice as it's only one of many tools that must fit the general architecture and requirements.
And am I the only one who pronounced it as "bitchin' IM"?
The page in question is formatted to resemble a login gateway page of the various providers (think Microsoft Passport and the like) using the domain part of your email address to decide which provider login to display. Even though I consider myself quite knowledgeable when it comes to security related issues and have done security consulting for various companies, I *might* have fallen for this since it admittedly lowered my suspicions. I doubt Joe Sixpack or even many above-average users would have questioned the purpose of this form.
Worth noting is their elaborate privacy policy and the cute picture of a monkey in their terms of service. Also, the footnote "Flixster does not store this information in any way" seems to have been added after the screen shots in TFA were taken and I could not find any information on how they connect to the email services (i.e. via a cryptographically safe link or plain text via a Win98 proxy server in Nigeria)
Was there ever a proper back-port to PHP4 or proper announcement of this bug? I'm not exactly an expert on PHP internals but I imagine there might be possibilities to remedy this situation if desired.
Yep, you kinda got me there. This might be very, very hard to exploit by using other attack vectors like improper input handling or decoding by PHP itself. Although one mustn't forget that this can be an interesting attack vector for an app-based vulnerability (ie remote file inclusion) if PHP is secured semi-properly since using it you *can* execute shell code, even if exec() etc. is normally disabled. I also think that there *might* be ways to trigger the exploitable behavior remotely in *some* PHP scripts.
I think you misread this. I do not call somebody incompetent easily and unnecessarily. The context was "and I even dare to say incompetent handling of reports and fixes". This in my opinion holds true, as the PHP developers appear to have limited understanding of formal and proper incident handling and therefore limited competency on that subject matter.
I more and more get the feeling that the PHP developers themselves do not properly understand the vulnerabilities any more, which leads to improper and I even dare to say incompetent handling of reports and fixes (many of which simply get applied somewhere down the road without proper announcement or mentioning anywhere in the CHANGELOG) as well as seemingly ignorance regarding more complex vulns that are just as relevant as the glaringly obvious ones but simply not as mass-exploitable by script kiddies.
And *this* is the big problem that PHP is facing today regarding enterprise support. Maybe Jon Doe's blog installation is not as mass-exploitable by a script kiddie any more as it used to be some years ago, yet Big Company's CMS is still vulnerable to complex attacks by an experienced attacker who might use published attacks that security experts know about, yet end users do not.
I wouldn't be too sure about that. The article mentions that "the dialog is bordered by Vista's own greenish color to signify the file is part of the operating system". Since this dialog will likely pop up frequently with a low chance that the user triggered it unintentionally (i.e. the user knows what he/she is doing) it might actually lower the barrier of clicking "Allow".
Don't forget that even though a user might not consciously notice the color after a lot of usage and especially repetition the brain might subconsciously notice the difference between a red (not as often appearing -> think twice) and green (frequently appearing after normally trusted "system" action -> just click on the damn thing) border and act accordingly.
I also believe Vivid's claims that the revenue of the porn industry is grossly overestimated. Yet having worked at an adult media shop and reseller I know that even though there might not be that much profit to be made there's a still a damn high volume of discs sold. And this is the important factor in this whole discussion: there might be less market share in terms of profit but higher market share in terms of media sold.
From this wiki:
It's only partially politically correct. Many prostitutes call themselves hookers with pride but do not like the term being used in derogatory ways.
Then there's also many men and women offering sexual services with high business ethics and highly professional attitude, just-for-fun prostitutes, tantra massage and other intimate services that involve some sexuality for spiritual and emotional reasons as well as parts of the sex industry that perform sexual acts that do not actually involve penetration or similar but focus on phantasy and mental aspects.
Long story short, prostitutes are still prostitutes but as such only a part of the performing sexual industry nowadays called sex workers.
Got SIGBUS on 2.0.3 FreeBSD. Trace here, EIP seems not overwritten.