Not only can you change variables during execution, you can manually move the execution pointer around, you can recover from unhandled exceptions, and you can edit the source code during a breakpoint and then continue without having to restart your application.
You can also still direct things to the Output window in the IDE if you fancy the printf style statements.
I think you and some other commenters misunderstand my point. Bricking is not a "feature" of hardware, it's a bug that is exploited by an attacker. Of course the hardware engineers designing this tech aren't going to include a "click here to brick your car!" button.
Have you ever heard of the CAN bus? CAN stands for "Controller Area Network". It's how all the MCUs in a car talk to each other. For instance, the door lock's MCU communicates with other MCUs in the car using the CAN bus.
A malicious attacker could exploit a flaw in the door lock's MCU to shut down the CAN or even potentially reprogram the ECU. Cruise control could be turned on and told to accelerate to max speed. Windows could be put down or up. Windshield washers could be told to activate. An automatic engine could be told to switch to first gear. etc.
I know it's tempting to look at a pack of partially differentiated cells and assign anthropomorphic characteristics to it, but a baby is not aborted. A fetus is aborted. A fetus lacks the neural capacity to form an opinion, let alone lungs with which to speak.
Actually, the full version of the helicopter video was released at the same time.
And you ignore the interviews with the members of that very squadron who say such things were common place. One of the interviews was the guy who was saving the kid.
Finally, I bet the people who were most scared were the ones whose improper behavior was being shielded by the US Government. Look what the Tunisians did when they found out about the extravagant lifestyle of Ben Ali and his family.
Podcasts and streaming videos don't require reading, yet they are still Internet news sources that you pull information from, instead of being pushed information to.
Most people are probably not really angry because of the money increase, as there are few good rivals (not for long, I hope), but because nothing of value was added to the service to justify the increase.
Right. Because Netflix NEVER adds anything to their streaming catalog. It's the same stuff that's been there ever since they made a streaming option.
"Today, someone got shot. Someone got stabbed. Someone died in a fire."
Yeah, that definitely sounds like what I want to watch.
Besides, why do you want to be pushed news over a one-way connection? Pull the news that you want using the Internet. Pull from a variety of sources across the spectrum so that you're more informed. Read the news when YOU want to, not whenever the TV decides that it's time for you to watch news.
In the long run, more of your code will be "perfect", but someone else could have made more code that is "good" in the mean time.
If you want to do campfires and share coding tips, it should be done when things are broken. When it's broken is a great time to discuss fixes and "the right way to do something". Get everyone together and have them brainstorm on what the problem is.
When things are working, it is not such a great time, because sometimes those fixes end up breaking something else. If it ain't broke, don't fix it.
In the time we all spend reviewing my code, we could have each fixed separate bugs in the software or completed a new feature. Not only does the code review practically halve my productivity, it halves everyone else's.
When you connect a USB device, Windows automatically polls information from the device, called descriptors. This is a process called enumeration. If Windows recognizes the device class (e.g. HID Keyboard), it will automatically install drivers without user intervention. So will Linux and Mac OS; it has to, otherwise when you plug in a keyboard or mouse it wouldn't work until you activated it, and how can you activate a keyboard or mouse without either one?
I'm not sure it's even possible to stop this process. The best you can do is eavesdrop on the data using a USB Sniffer to see what the device is sending for its descriptors, but by the time the sniffer sees the data it's too late.
What's worse is that you can craft special descriptors which can exploit the OS! This is how the PSJailbreak worked.
The only solution I can think of is to use an embedded host to read the descriptors without attaching it to a computer.
should a government employee be expected to give up all rights to individual privacy just because they work for the government?
When they are on-the-job, yes. Unless they go to the bathroom.
Would you say the same of an office worker who found out they were being secretly recorded by their boss?
When they are on-the-job, yes. Unless they go to the bathroom.
Oh, btw, there's nothing secret about recording police officers, it's pretty obvious you've got some sort of recording device.
Oh, btw2, it's been ruled by courts that employers are allowed to dig through any of your shit that the company owns, like your company cell phone to see who you've been texting.
You do realize that the US government is targeting its own citizens for assassination attempts without due process, eavesdropping on its citizens communications without warrants, sending out NSLs with gag orders, starting wars based on lies, starting wars without Congressional approval, ruthlessly pursuing anyone who blows the whistle on wasteful government spending, locking people up with the Material Witness statute with no intent on ever calling them as a witness, kidnapping foreign nationals and sending them to other countries to be tortured, torturing foreign nationals to death, denying them any kind of due process to prove their innocence, locking them in cages for years without any evidence, expanding the powers of the "Patriot" act so that can target people without any suspicion at all...
The list goes on and on. Just because the US does not oppress you, specifically, does not mean the US isn't an openly oppressive government. Perhaps if you lived in one of those multiple Muslim countries that we drop bombs on...perhaps if it was your family that was dying while our journalists write about government strikes that "killed militants"...you might feel differently.
I imagine that's the same way iPod redefined "mp3 player" "nearly overnight", huh?
So what you're basically admitting is that even though other competitors were coming up with similar products and had them in the pipeline before Apple released their smartphone, Apple still deserves monopoly rights to the technology because they have a good marketing strategy.
That you dodged the question of whether multi-touch would exist without giving Apple patent protection is, I think, implicit acknowledging that such innovation would have happened without the patent.
The iPhone was neither obvious nor derivative, and all the devices that have come since have benefited greatly from the research and development time and funds that Apple poured into the concept.
I disagree with great fervor. Smartphones were clearly the next step in the evolution of mobile phones. I'm not sure if you're aware, but there were smartphones before Apple made one. They benefited greatly from everything that came before them.
It takes a lot of time to design and test a product. It needs to go through FCC testing, UL testing, CE testing, etc. You can't just copy someone else's mobile phone design and put a product out in the market in a few months of turn-around time. These things are in development for years, and yet they all head in the same general direction at about the same time.
In order for this to be a proper application of the patent system, you must show that multi-touch would not have existed without granting Apple monopoly rights to it. Can you with a straight face tell me that multi-touch interfaces would not exist today if not for Apple?
Patents are being abused, allowing the first competitor to patent an idea to get a slice of every other competitor's pie. It has nothing to do with the incentive to create since these things would be made with or without the patent system, and everything to do with barriers to entry for other competitors.
I didn't blame it directly on Google, but I do blame it on Google Image Search. A lot of people get infected after using it. Whether or not it's Google's fault is irrelevant to whether it is safe or not.
(bad car analogy warning) If you drive through the ghetto with your windows down and you get carjacked at a red light, is it the fault of the car's manufacturer? No, it would be the driver's own dumbass fault for going somewhere that isn't safe.
Sure, the vuln is probably in the browser I was using. Or there was an exploit on the page that I visited. But when someone proficient with computers can't even search for something as innocuous as a connector without getting a drive-by, it's an indication that the service is ripe with exploits.
I was looking for a certain type of connector, so I google image'd it. While perusing results for something as totally bland as surface mount connectors, I suddenly got a UAC prompt. Even after canceling it, I got an icon in the taskbar. Thankfully the denied UAC kept it from getting its hooks in, and I promptly found and deleted the offending file.
Now, I won't even touch Google Image Search through a remote connection to a virtual machine running Chrome in a sandbox on someone else's network.
The person who decided to hide extensions by default is single-handedly responsible for a great deal of the trojans that get executed.
And I agree, the idea of getting rid of the address bar is just terrible. It's EXTREMELY important for you to know where you are at all times in this world of multiple redirects! This will do for phishers what hiding extensions did for trojans.
I tutored programming when I was an undergrad. They call those "weed out courses" for a reason. Some folks are just not capable of CS. I had to tutor one kid who could not understand arguments and function calls. I spent over an hour trying to explain it to him with five different analogies and sketches on a chalk board and lots of emphatic hand-gestures, and yet he had absolutely no clue how to read
int multiply(int x, int y) {
return x * y; }
Some people just don't cut it, even as code monkeys. And universities shouldn't be flooding the job market by giving idiots a degree.
Slashdot Mirror
Not only can you change variables during execution, you can manually move the execution pointer around, you can recover from unhandled exceptions, and you can edit the source code during a breakpoint and then continue without having to restart your application.
You can also still direct things to the Output window in the IDE if you fancy the printf style statements.
I think you and some other commenters misunderstand my point. Bricking is not a "feature" of hardware, it's a bug that is exploited by an attacker. Of course the hardware engineers designing this tech aren't going to include a "click here to brick your car!" button.
Have you ever heard of the CAN bus? CAN stands for "Controller Area Network". It's how all the MCUs in a car talk to each other. For instance, the door lock's MCU communicates with other MCUs in the car using the CAN bus.
A malicious attacker could exploit a flaw in the door lock's MCU to shut down the CAN or even potentially reprogram the ECU. Cruise control could be turned on and told to accelerate to max speed. Windows could be put down or up. Windshield washers could be told to activate. An automatic engine could be told to switch to first gear. etc.
Or someone bricks your car on the highway while you're driving it because you cut them off.
a third degree black belt in Tie Kwan Do
....did you mean "tae kwan do"? Funny, I would expect a black belt in a martial art ought to know how said martial art's name is spelled.
I know it's tempting to look at a pack of partially differentiated cells and assign anthropomorphic characteristics to it, but a baby is not aborted. A fetus is aborted. A fetus lacks the neural capacity to form an opinion, let alone lungs with which to speak.
There are better reasons why TSA couldn't stop the underwear or shoe bombers.
They flew in from foreign airports. Abdulmutallab was flying in from Amsterdam. Reid was flying in from Paris.
Actually, the full version of the helicopter video was released at the same time.
And you ignore the interviews with the members of that very squadron who say such things were common place. One of the interviews was the guy who was saving the kid.
Finally, I bet the people who were most scared were the ones whose improper behavior was being shielded by the US Government. Look what the Tunisians did when they found out about the extravagant lifestyle of Ben Ali and his family.
Podcasts and streaming videos don't require reading, yet they are still Internet news sources that you pull information from, instead of being pushed information to.
Most people are probably not really angry because of the money increase, as there are few good rivals (not for long, I hope), but because nothing of value was added to the service to justify the increase.
Right. Because Netflix NEVER adds anything to their streaming catalog. It's the same stuff that's been there ever since they made a streaming option.
"Today, someone got shot. Someone got stabbed. Someone died in a fire."
Yeah, that definitely sounds like what I want to watch.
Besides, why do you want to be pushed news over a one-way connection? Pull the news that you want using the Internet. Pull from a variety of sources across the spectrum so that you're more informed. Read the news when YOU want to, not whenever the TV decides that it's time for you to watch news.
QA testers are supposed to find bugs and report those results back to the developers.
In the long run, more of your code will be "perfect", but someone else could have made more code that is "good" in the mean time.
If you want to do campfires and share coding tips, it should be done when things are broken. When it's broken is a great time to discuss fixes and "the right way to do something". Get everyone together and have them brainstorm on what the problem is.
When things are working, it is not such a great time, because sometimes those fixes end up breaking something else. If it ain't broke, don't fix it.
In the time we all spend reviewing my code, we could have each fixed separate bugs in the software or completed a new feature. Not only does the code review practically halve my productivity, it halves everyone else's.
Not really.
When you connect a USB device, Windows automatically polls information from the device, called descriptors. This is a process called enumeration. If Windows recognizes the device class (e.g. HID Keyboard), it will automatically install drivers without user intervention. So will Linux and Mac OS; it has to, otherwise when you plug in a keyboard or mouse it wouldn't work until you activated it, and how can you activate a keyboard or mouse without either one?
I'm not sure it's even possible to stop this process. The best you can do is eavesdrop on the data using a USB Sniffer to see what the device is sending for its descriptors, but by the time the sniffer sees the data it's too late.
What's worse is that you can craft special descriptors which can exploit the OS! This is how the PSJailbreak worked.
The only solution I can think of is to use an embedded host to read the descriptors without attaching it to a computer.
should a government employee be expected to give up all rights to individual privacy just because they work for the government?
When they are on-the-job, yes. Unless they go to the bathroom.
Would you say the same of an office worker who found out they were being secretly recorded by their boss?
When they are on-the-job, yes. Unless they go to the bathroom.
Oh, btw, there's nothing secret about recording police officers, it's pretty obvious you've got some sort of recording device.
Oh, btw2, it's been ruled by courts that employers are allowed to dig through any of your shit that the company owns, like your company cell phone to see who you've been texting.
You do realize that the US government is targeting its own citizens for assassination attempts without due process, eavesdropping on its citizens communications without warrants, sending out NSLs with gag orders, starting wars based on lies, starting wars without Congressional approval, ruthlessly pursuing anyone who blows the whistle on wasteful government spending, locking people up with the Material Witness statute with no intent on ever calling them as a witness, kidnapping foreign nationals and sending them to other countries to be tortured, torturing foreign nationals to death, denying them any kind of due process to prove their innocence, locking them in cages for years without any evidence, expanding the powers of the "Patriot" act so that can target people without any suspicion at all...
The list goes on and on. Just because the US does not oppress you, specifically, does not mean the US isn't an openly oppressive government. Perhaps if you lived in one of those multiple Muslim countries that we drop bombs on...perhaps if it was your family that was dying while our journalists write about government strikes that "killed militants"...you might feel differently.
I imagine that's the same way iPod redefined "mp3 player" "nearly overnight", huh?
So what you're basically admitting is that even though other competitors were coming up with similar products and had them in the pipeline before Apple released their smartphone, Apple still deserves monopoly rights to the technology because they have a good marketing strategy.
That you dodged the question of whether multi-touch would exist without giving Apple patent protection is, I think, implicit acknowledging that such innovation would have happened without the patent.
The iPhone was neither obvious nor derivative, and all the devices that have come since have benefited greatly from the research and development time and funds that Apple poured into the concept.
I disagree with great fervor. Smartphones were clearly the next step in the evolution of mobile phones. I'm not sure if you're aware, but there were smartphones before Apple made one. They benefited greatly from everything that came before them.
It takes a lot of time to design and test a product. It needs to go through FCC testing, UL testing, CE testing, etc. You can't just copy someone else's mobile phone design and put a product out in the market in a few months of turn-around time. These things are in development for years, and yet they all head in the same general direction at about the same time.
In order for this to be a proper application of the patent system, you must show that multi-touch would not have existed without granting Apple monopoly rights to it. Can you with a straight face tell me that multi-touch interfaces would not exist today if not for Apple?
Patents are being abused, allowing the first competitor to patent an idea to get a slice of every other competitor's pie. It has nothing to do with the incentive to create since these things would be made with or without the patent system, and everything to do with barriers to entry for other competitors.
I'd like a receipt for my Change.
If I saw my CC or Account number in the URL bar...the first thing I would do is cancel my account and look for another service.
Pretty sure that video shows an ACTUAL full-screen image for two different players at the same time.
I didn't blame it directly on Google, but I do blame it on Google Image Search. A lot of people get infected after using it. Whether or not it's Google's fault is irrelevant to whether it is safe or not.
(bad car analogy warning) If you drive through the ghetto with your windows down and you get carjacked at a red light, is it the fault of the car's manufacturer? No, it would be the driver's own dumbass fault for going somewhere that isn't safe.
Sure, the vuln is probably in the browser I was using. Or there was an exploit on the page that I visited. But when someone proficient with computers can't even search for something as innocuous as a connector without getting a drive-by, it's an indication that the service is ripe with exploits.
Google Image Search is EVIL
I was looking for a certain type of connector, so I google image'd it. While perusing results for something as totally bland as surface mount connectors, I suddenly got a UAC prompt. Even after canceling it, I got an icon in the taskbar. Thankfully the denied UAC kept it from getting its hooks in, and I promptly found and deleted the offending file.
Now, I won't even touch Google Image Search through a remote connection to a virtual machine running Chrome in a sandbox on someone else's network.
The person who decided to hide extensions by default is single-handedly responsible for a great deal of the trojans that get executed.
And I agree, the idea of getting rid of the address bar is just terrible. It's EXTREMELY important for you to know where you are at all times in this world of multiple redirects! This will do for phishers what hiding extensions did for trojans.
Thisthisthisthis!
I tutored programming when I was an undergrad. They call those "weed out courses" for a reason. Some folks are just not capable of CS. I had to tutor one kid who could not understand arguments and function calls. I spent over an hour trying to explain it to him with five different analogies and sketches on a chalk board and lots of emphatic hand-gestures, and yet he had absolutely no clue how to read
int multiply(int x, int y)
{
return x * y;
}
Some people just don't cut it, even as code monkeys. And universities shouldn't be flooding the job market by giving idiots a degree.