I say exponentially decay their bandwidth as if it was an RC circuit with a time constant of about three days. In about a week I'm sure they'll be calling to complain about the Internet speed...and then you'll have their undivided attention.
Actually, I don't know who it originally came from. It was scribbled on the bathroom wall in the engineering labs where I earned my degree. It was particularly funny because the building where their "classes" were held was adjacent to our engineering labs, and so they would occasionally wander in and stare dumbfounded at the joke, which just made it that much more satisfying.
lol, are you for real? Try reading the article you cite as evidence. Last time I checked, ultimatums are generally issued after significant resistance.
The Obama administration urged gas companies to voluntarily disclose the toxic chemicals they inject in the ground in a type of natural gas exploration that uses hydraulic fracturing, or fracking.
If companies rebuff the request — a seemingly unlikely event — environmental regulators could get tough.
I also find it absolutely hilarious that you're trying to use an article that was printed this week as evidence that these companies haven't been fighting to keep these chemicals secret for the past several years.
The fracking you did previously is quite different from the fracking gas companies are doing right now. The EPA has asked the drilling companies to disclose the chemicals. Of course, they don't want to. Of course, they also claim none of the chemicals are known to get into the water.
I'm going to guess from your reply that you didn't bother watching Gasland, because your reply does nothing to address the use of secret chemicals that are pumped underground where humans draw their drinking water from. Did your grandma have such companies trying to extract that gas by hydraulic fracturing without fully disclosing the types of chemicals they will be injecting into the ground that she drew her drinking water from?
The process to remove natural gas and oil from shale is extremely complicated. Many companies won't even tell you what chemicals they use; they claim it's a "trade secret". They tell you that everything's okay, but you know for a fact that some of that cocktail they're pumping into the ground simply must be a carcinogen. And if they're drilling on your land, and you get your water from a well (and that's a lot of people in western PA), then you better believe that their fracking chemicals (hydraulic fracturing) are leeching into the local water table.
Naturally, there are also plenty of loopholes in the regulations to make sure that Corporate America can continue to rape and plunder low-life commoners like you and me.
Actually, their device fails the jig authentication. By design.
When the PS3 initiates the cryptographic challenge, it calls malloc to allocate space for the jig's reply. The exploit depends on this call to malloc allocating space the fake jig reply. The previous attach/detach process created a corrupted heap that ensures that the fake jig reply will be placed over top of the system call free(). The fake jig reply is actually the shellcode that launches the exploit.
The fact that they use the jig's VID/PID is already enough to get them into hot water.
Personally, I don't really care. I'm not about pirating games. I don't even own a PS3, nor do I want once since any games I might want are probably on the 360 anyway. I'm way more interested in how the hardware works.
This isn't really a buffer overflow in the sense of smashing the stack. There's no strcmp or anything that the programmer forgot to do a bounds check on. It relies on corrupting the malloc boundary tag.
In fact, USB descriptors have a size field built into them. One of the elegant aspects of the exploit is that the descriptors are read *twice* by the PS3, and the size is being changed in between the two reads.
I believe the problem lies in the definition of God. There is this obsession with defining God as some entity that exists separate from our existence.
I say bullshit. God is the position and momentum of every particle in existence at every moment in time with infinite precision. God is all the laws of physics that control the evolution of those particles' position and momentum. God knows laws that we don't understand or fail to model; our physics are just poor approximation for God's laws, further distorted by our limitation of finite measurements.
This is why God knows everything. This is why God is everywhere. This is why God is all powerful. This is why there is only one God. It's the only way I can reconcile the classical concept of a God with the scientific world that I know is correct.
I have blue screened my development workstation before because I had a bad descriptor that the Windows Audio driver tried to parse and it brought down the kernel. So I knew this sort of thing would be possible. I think attacking the USB host controller driver is going to become a much more common method of infection in the next few years.
But to get that far...you need dedication. You need to love the hardware. When you see it, it's like the matrix...behind the 1s and 0s and circuit board traces, there is a setting, characters, and a plot.
From there, that's how you can see the attack on the heap. That's actually the most complicated part, in my opinion. You are trying to fool the kernel into handing you a certain portion of memory. It's like social engineering...and that's what makes it hard. The kernel is interrogating you, and you have to give the right answers. Not only the right answers, but the answers must be corrupted in just the right way.
Everything from this point can be built on the work of someone before you. Pretty much all exploits eventually launch shellcode somewhere. They all need some way to launch the shellcode, and hooking a system call (in this case, free()) is a favored way to go about that. Then you need some way to do the hook, which in this case was the smashing the Heap.
So you sit there and think...how do I drop shellcode in? What function do I hook? How do I hook it? Dots appear...and then you connect them, and you annotate the connections, and you go back and you start from scratch again because you see a better way, and then finally...it all comes together.
It will take you 20 years to understand Hawking now. Others who have the correct mental framework in place only need a few years. In time, the concepts that we discuss now will be covered in a semester or two at the undergraduate level. Evolution isn't limited to biology...it also works on knowledge too.
Many scientists spent their entire lives trying to come up with a single experiment that redefined our understanding of physics. Now we have mere high school students who are capable of some of these same experiments...and a few of them even understand the concepts at that young age!
That is the beauty of the human condition. It is hard to create knowledge where it was not before, but once it is created it is like Prometheus' fire, and it spreads to the rest of humanity to radically alter our society.
Sure, you can choose to take it on faith that electricity does what it does. But that is what makes science so powerful...you don't need to take anyone's word on faith. You can go get a magnet and some wire and do some experiments. You can get a DMM and an oscilloscope. More importantly, other people who are smarter than you can get those things and verify that what is said is true.
In other words, they choose to do the "right" thing because it is right, not because someone else said it was right and threatened them with torture if they disobeyed.
One of the reasons I liked the anime Naruto, is because Kakashi-sensei said in one of the very early episodes that "not doing right when you know it is right is a coward's way"
Also, Final Fantasy 9 had a quote from Zidane, something along the lines of "you don't need a reason to help people".
It is indeed possible to have morals without religion.
It emulates a six-port hub and connects/disconnects devices with corrupted descriptors (that have their size changed on-the-fly!) in a particular order to smash the Heap so you can use a corrupted malloc boundary tag to overwrite the call to free() so that after the failed Jig authentication tries to release the memory allocated for the cryptographic response it will launch the shell code that was dropped into memory using a USB descriptor.
It brings a tear to my eye. Truly, one of the most beautiful things I ever had the privilege of understanding.
Well, what if I as a consumer WANT to pay a bit more to have my Comcast voice work really well with video, or to get faster bandwidth to some CDN's so that I could really replace cable video with internet video?
If you want to pay Comcast more for better service (LOL)...well then have at it! They currently offer 5 tiers of service. 1.5/0.384, 15/3, 20/4, 30/7, and 50/10. I'm sure that if you wanted to pay them even more money for even better service, you can go to business class...
Herpes, while not fatal, is more than "annoying". It's a lifelong infection. Good luck finding potential mates with that.
Chlamydia, scabies, and gonorrhea...okay, they're curable and won't kill you. So I guess I can see where you might refer to them as "annoying".
But I still stand by my point that anyone who is intelligent enough to be scared of HIV is intelligent enough to know that it's not the only fatal STD.
Why be scared of only one life-threatening illness? Hepatitis still kills you. Syphilis will still kill you, if you don't get the antibiotics. Chlamydia and gonorrhea suck, even if they don't kill you. HPV might kill you, if you're female.
To make things more interesting, consider that people didn't start banging everything in sight once penicillin gave us the ability to cure syphilis.
Your hypothesis would only be true if people had tunnel-vision and were under the impression that HIV is the only high-risk disease that is transmitted sexually. I postulate that those who are scared of the life-threatening consequences of HIV will continue to be scared of the life-threatening consequences from other infections. Those who might have more sex once they knew they are now safe from HIV would probably have the same amount of sex in the absence of any cure for HIV.
The only caveat may be the gay male community. They are somewhat more HIV conscious than your average hetero folks. But most straight folks I know are terrified of all STDs, even the ones that can be cured.
Generally, if you're intelligent enough to fear one STD, you're intelligent enough to fear all of them. I find it hard to imagine someone whose promiscuity hinges on the existence of a cure for just one of them.
The way you describe it, I almost sort of see an arduino controlling a few servo motors and a smell sensor, and the fungus is shorting the smell sensor's output to 1 or 0 to manipulate the ant's programming.
taking their effort, profiting from it and not sharing back
When a construction company uses a hammer, does the manufacturer bitch and whine about how that company is profiting from their hammer without sharing back?
I always get the impression that GPL proponents set up a straw man; that somehow letting your code be used in a commercial product is going to "steal" it from you so that no one else can use it.
With BSD, the code is still out there. Anyone is still free to use it. If a commercial developer puts it into their product, the original code is not suddenly off-limits.
GPL vs BSD boils down to control over the derivative works. GPL demands control over all derivative works, like a possessive husband who won't let his wife talk to other men. BSD does not.
What "freedom" does a user have if the software he wants never exists in the first place, because the GPLed code prevents a company from investing time and money into the product that the user wants?
Most users don't give a fuck about having access to the source code. Whether the source is open or closed has approximately zero value to them. They want a product. They want to buy it from a company who spent time and money ensuring that it will work, won't lose data, won't catch on fire, etc. A company that provides a warranty and support. They want to pay for something that works; note the success of Apple's various idiot-friendly interfaces.
Slashdot Mirror
I say exponentially decay their bandwidth as if it was an RC circuit with a time constant of about three days. In about a week I'm sure they'll be calling to complain about the Internet speed...and then you'll have their undivided attention.
Actually, I don't know who it originally came from. It was scribbled on the bathroom wall in the engineering labs where I earned my degree. It was particularly funny because the building where their "classes" were held was adjacent to our engineering labs, and so they would occasionally wander in and stare dumbfounded at the joke, which just made it that much more satisfying.
The limit of an engineering major as GPA approaches 0 is a business major.
lol, are you for real? Try reading the article you cite as evidence. Last time I checked, ultimatums are generally issued after significant resistance.
The Obama administration urged gas companies to voluntarily disclose the toxic chemicals they inject in the ground in a type of natural gas exploration that uses hydraulic fracturing, or fracking.
If companies rebuff the request — a seemingly unlikely event — environmental regulators could get tough.
I also find it absolutely hilarious that you're trying to use an article that was printed this week as evidence that these companies haven't been fighting to keep these chemicals secret for the past several years.
The fracking you did previously is quite different from the fracking gas companies are doing right now. The EPA has asked the drilling companies to disclose the chemicals. Of course, they don't want to. Of course, they also claim none of the chemicals are known to get into the water.
http://www.csmonitor.com/Environment/2010/0909/EPA-to-natural-gas-companies-Give-details-on-fracking-chemicals
I'm going to guess from your reply that you didn't bother watching Gasland, because your reply does nothing to address the use of secret chemicals that are pumped underground where humans draw their drinking water from. Did your grandma have such companies trying to extract that gas by hydraulic fracturing without fully disclosing the types of chemicals they will be injecting into the ground that she drew her drinking water from?
This isn't new. There are youtube videos of the water coming out of people's kitchen faucet catching on fire.
http://www.youtube.com/watch?v=PRZ4LQSonXA
The process to remove natural gas and oil from shale is extremely complicated. Many companies won't even tell you what chemicals they use; they claim it's a "trade secret". They tell you that everything's okay, but you know for a fact that some of that cocktail they're pumping into the ground simply must be a carcinogen. And if they're drilling on your land, and you get your water from a well (and that's a lot of people in western PA), then you better believe that their fracking chemicals (hydraulic fracturing) are leeching into the local water table.
Naturally, there are also plenty of loopholes in the regulations to make sure that Corporate America can continue to rape and plunder low-life commoners like you and me.
For lots more information, go watch Gasland.
http://www.pbs.org/now/shows/613/index.html
Money can't buy you happiness, but poverty can't buy you shit.
Actually, their device fails the jig authentication. By design.
When the PS3 initiates the cryptographic challenge, it calls malloc to allocate space for the jig's reply. The exploit depends on this call to malloc allocating space the fake jig reply. The previous attach/detach process created a corrupted heap that ensures that the fake jig reply will be placed over top of the system call free(). The fake jig reply is actually the shellcode that launches the exploit.
The fact that they use the jig's VID/PID is already enough to get them into hot water.
Are you even reading what I wrote? I said it's about the hardware. I'm a geek. I like to know how things work.
It's not about sticking it to anyone.
Personally, I don't really care. I'm not about pirating games. I don't even own a PS3, nor do I want once since any games I might want are probably on the 360 anyway. I'm way more interested in how the hardware works.
This isn't really a buffer overflow in the sense of smashing the stack. There's no strcmp or anything that the programmer forgot to do a bounds check on. It relies on corrupting the malloc boundary tag.
In fact, USB descriptors have a size field built into them. One of the elegant aspects of the exploit is that the descriptors are read *twice* by the PS3, and the size is being changed in between the two reads.
I believe the problem lies in the definition of God. There is this obsession with defining God as some entity that exists separate from our existence.
I say bullshit. God is the position and momentum of every particle in existence at every moment in time with infinite precision. God is all the laws of physics that control the evolution of those particles' position and momentum. God knows laws that we don't understand or fail to model; our physics are just poor approximation for God's laws, further distorted by our limitation of finite measurements.
This is why God knows everything. This is why God is everywhere. This is why God is all powerful. This is why there is only one God. It's the only way I can reconcile the classical concept of a God with the scientific world that I know is correct.
I have blue screened my development workstation before because I had a bad descriptor that the Windows Audio driver tried to parse and it brought down the kernel. So I knew this sort of thing would be possible. I think attacking the USB host controller driver is going to become a much more common method of infection in the next few years.
But to get that far...you need dedication. You need to love the hardware. When you see it, it's like the matrix...behind the 1s and 0s and circuit board traces, there is a setting, characters, and a plot.
From there, that's how you can see the attack on the heap. That's actually the most complicated part, in my opinion. You are trying to fool the kernel into handing you a certain portion of memory. It's like social engineering...and that's what makes it hard. The kernel is interrogating you, and you have to give the right answers. Not only the right answers, but the answers must be corrupted in just the right way.
Everything from this point can be built on the work of someone before you. Pretty much all exploits eventually launch shellcode somewhere. They all need some way to launch the shellcode, and hooking a system call (in this case, free()) is a favored way to go about that. Then you need some way to do the hook, which in this case was the smashing the Heap.
So you sit there and think...how do I drop shellcode in? What function do I hook? How do I hook it? Dots appear...and then you connect them, and you annotate the connections, and you go back and you start from scratch again because you see a better way, and then finally...it all comes together.
It will take you 20 years to understand Hawking now. Others who have the correct mental framework in place only need a few years. In time, the concepts that we discuss now will be covered in a semester or two at the undergraduate level. Evolution isn't limited to biology...it also works on knowledge too.
Many scientists spent their entire lives trying to come up with a single experiment that redefined our understanding of physics. Now we have mere high school students who are capable of some of these same experiments...and a few of them even understand the concepts at that young age!
That is the beauty of the human condition. It is hard to create knowledge where it was not before, but once it is created it is like Prometheus' fire, and it spreads to the rest of humanity to radically alter our society.
Sure, you can choose to take it on faith that electricity does what it does. But that is what makes science so powerful...you don't need to take anyone's word on faith. You can go get a magnet and some wire and do some experiments. You can get a DMM and an oscilloscope. More importantly, other people who are smarter than you can get those things and verify that what is said is true.
In other words, they choose to do the "right" thing because it is right, not because someone else said it was right and threatened them with torture if they disobeyed.
One of the reasons I liked the anime Naruto, is because Kakashi-sensei said in one of the very early episodes that "not doing right when you know it is right is a coward's way"
Also, Final Fantasy 9 had a quote from Zidane, something along the lines of "you don't need a reason to help people".
It is indeed possible to have morals without religion.
http://www.ps3news.com/PS3-Dev/ps-jailbreak-ps3-exploit-reverse-engineering-is-detailed/
It emulates a six-port hub and connects/disconnects devices with corrupted descriptors (that have their size changed on-the-fly!) in a particular order to smash the Heap so you can use a corrupted malloc boundary tag to overwrite the call to free() so that after the failed Jig authentication tries to release the memory allocated for the cryptographic response it will launch the shell code that was dropped into memory using a USB descriptor.
It brings a tear to my eye. Truly, one of the most beautiful things I ever had the privilege of understanding.
Well, what if I as a consumer WANT to pay a bit more to have my Comcast voice work really well with video, or to get faster bandwidth to some CDN's so that I could really replace cable video with internet video?
If you want to pay Comcast more for better service (LOL) ...well then have at it! They currently offer 5 tiers of service. 1.5/0.384, 15/3, 20/4, 30/7, and 50/10. I'm sure that if you wanted to pay them even more money for even better service, you can go to business class...
If you can't take the time to make an ECO, you've got no business mucking with the production server.
Hepatitis C is fatal in much the same way as HIV.
Syphilis can be fatal, without antibiotics.
HPV can be fatal, if you develop cervical cancer.
Herpes, while not fatal, is more than "annoying". It's a lifelong infection. Good luck finding potential mates with that.
Chlamydia, scabies, and gonorrhea...okay, they're curable and won't kill you. So I guess I can see where you might refer to them as "annoying".
But I still stand by my point that anyone who is intelligent enough to be scared of HIV is intelligent enough to know that it's not the only fatal STD.
Why be scared of only one life-threatening illness? Hepatitis still kills you. Syphilis will still kill you, if you don't get the antibiotics. Chlamydia and gonorrhea suck, even if they don't kill you. HPV might kill you, if you're female.
To make things more interesting, consider that people didn't start banging everything in sight once penicillin gave us the ability to cure syphilis.
Your hypothesis would only be true if people had tunnel-vision and were under the impression that HIV is the only high-risk disease that is transmitted sexually. I postulate that those who are scared of the life-threatening consequences of HIV will continue to be scared of the life-threatening consequences from other infections. Those who might have more sex once they knew they are now safe from HIV would probably have the same amount of sex in the absence of any cure for HIV.
The only caveat may be the gay male community. They are somewhat more HIV conscious than your average hetero folks. But most straight folks I know are terrified of all STDs, even the ones that can be cured.
Generally, if you're intelligent enough to fear one STD, you're intelligent enough to fear all of them. I find it hard to imagine someone whose promiscuity hinges on the existence of a cure for just one of them.
The way you describe it, I almost sort of see an arduino controlling a few servo motors and a smell sensor, and the fungus is shorting the smell sensor's output to 1 or 0 to manipulate the ant's programming.
taking their effort, profiting from it and not sharing back
When a construction company uses a hammer, does the manufacturer bitch and whine about how that company is profiting from their hammer without sharing back?
I always get the impression that GPL proponents set up a straw man; that somehow letting your code be used in a commercial product is going to "steal" it from you so that no one else can use it.
With BSD, the code is still out there. Anyone is still free to use it. If a commercial developer puts it into their product, the original code is not suddenly off-limits.
GPL vs BSD boils down to control over the derivative works. GPL demands control over all derivative works, like a possessive husband who won't let his wife talk to other men. BSD does not.
What "freedom" does a user have if the software he wants never exists in the first place, because the GPLed code prevents a company from investing time and money into the product that the user wants?
Most users don't give a fuck about having access to the source code. Whether the source is open or closed has approximately zero value to them. They want a product. They want to buy it from a company who spent time and money ensuring that it will work, won't lose data, won't catch on fire, etc. A company that provides a warranty and support. They want to pay for something that works; note the success of Apple's various idiot-friendly interfaces.