Okay... I'd still like to see the stats for a fully patched stock system before I say "Oh, this isn't worth the effort."
I never said it was not worth the effort. Exactly the opposite I believe. What I was saying is that according to their own self touted PR the stats they give actually suck by the standards of anyone that has the job to protect the most vital computers in the US Government. They themselves gave the stats, so just read the article.
Do you have a comprehensive list of those attacks? I know that I don't.
I do, but not the specific attacks mentioned because they did not want to give away that kind of information. I happen to be an Information Security professional, but my job would not last long if I gave you any particular specifics in an open forum like Slashdot. Until you have been on a Redteam trying to subvert a network in the name of national security I guess you would not understand exactly what those statistics mean. You shoot for 0% of known vulnerabilities, not 15%. Even 1% of the know vulnerabilities is way too much risk if you understand what is at stake with this particular client, as well as many others.
How many of those attacks are software keyloggers? There's not a whole hell of a lot that you can do to protect against that.
They were talking about intrusion, not spyware. You need to already be on the system to install spyware, and getting on it is where the 0% counts. But yes, you can also do something about key loggers. Cell phone spyware too, but that is much more difficult and all too few people even know how vulnerable they are.
USB or FireWire DMA memory access sploits?
Just like any hardware exploit you need physical access. So you think you can just walk down any hallway in the Pentagon and just slip into a random office to install a hardware keylogger? No, you can't. In my memory in some offices I had an armed escort even though I had a clearance. So I'd say that is not the major concern we have, though I have to agree with you when it comes to the threat of Corporate Espionage. That is a different story. Reflashing an iPod with custom DMA aware software utilizing firewire hardware you could suck a machine's memory onto it in seconds. Passwords, encryption keys, the whole 9 yards. Oouch. But then if you have physical access to a machine then these things are real hard to stop, but that is not where the biggest threat comes from unless you are talking about an inside job.
We need details before we can pass judgement. Until we have these details, this "report" is just some MS PR flack flapping his gums.
As for me I just need a calculator to pass judgement based on the content of this article. Yes, they do need to be doing this, but they also need to be doing a whole lot more. The article is all about PR, and for that it fails miserably if you truly understand the threat model. btw - check out some of the other comments to my last post if you think I may just be spouting hot air. I am actually dead serious in that this story is not good news, but it is possibly headed in the right direction. Its just not enough and if anybody had a chance of doing it right Microsoft should have been able to, unless they are just not serious about doing it right.
This is way beyond a "stock" system, and it is fully patched by the experts from the one company that knows the most about how to protect it. But it still completely fails to protect the host against 15% of the *known attacks* in the wild? The operant word here is "known" attacks. Just do the mathematics with regards to the number of systems employed by this one particular customer. Then add in all the systems that are NOT locked down this tightly in the rest of the world. Despite all the glory that they are claiming in this news story, this is a very clear failure to protect these crucial systems and not something that I would ever associate myself with boasting about.
85 percent of attacks were blocked after the configuration was installed.
Now lets rephrase that; 15% of the attacks were still successful after a complete lock-down configuration was applied and lots of manpower went into burning custom installation disks and procedures. Is it just me or does anyone else see a problem with this?
...that one day Microsoft would not even be able to give it away. If the comments to this latest article are taken as truth I believe we have officially reached that crescendo here and now. I now feel vindicated in having my formerly biased opinion.
I'll be nice enough to "give" Microsoft a free clue though. Nobody likes having the rug pulled out from under them. Deje Vous? This HAS happened to me before with those useless OEM re-installation disks. When the "free" installation stops running, and I have erased my older OS's which won't even reinstall, what do I do then? You guessed it, and it won't be Windows(tm).
I would be, but against either party during a flat out filibuster. Anything that gets enough time on the floor deserves to be voted on, up or down, it doesn't matter. Each person should have their say and given a second round to refute formal arguments introduced after their time, then be done with it. Speak, refute counter arguments, vote, and then move on. If its voted down then go back and correct the problems with the previous proposition and try again later, but don't waste the taxpayers money. Try to get something done that you CAN actually agree on.
If you can't say what you need to, and very convincingly in under an hour, then you are either not smart enough to do the job or you are just gaming the system. Either one of those alternatives deserves some kind of a formal penalty. If the penalty is not delivered by Congress itself, then certainly something like a non-biased publicly rated report card on their performance and 'ability to negotiate a solution', then subsequently allow them to be voted out of office in the next election. I get rated every year based on my performance, why not them? If you are wasting time then you are not performing your function.
Just one problem with that thought, he never returned anything Kindle related, ebooks or otherwise.
That being said, I find it hard to believe that the device is completely 'bricked' though. It should still work with other MOBI formatted ebooks, or just convert your own to text.
I just spent several days wiping a Linux installation from an old laptop, and gritting my teeth as I reinstall an old license for XP. I admit that I hated every minute of it, but its for my mother to retrieve her emails while in the hospital being treated for brain cancer. She is in no condition to learn anything new at the moment. Sorry, but at this point my Linux evangelism just when out the window for a while. Don't worry, I have not gone to the dark side.
My beef with dropping the Firefox/XP support is that after re-partitioning, formatting, installing XP, updating that blank slate with SP1, SP2, SP3, and attempting to install all the assorted post SP3 patches I found that IE no longer worked for getting updates, or anything else for that matter. IE was hung solid. So I started to test to find out what caused it. No amount of wiping, installing, patching, hotfixing, or reinstalling any versions of XP, IE6,7,8 would fix the problem, but Firefox continued to work flawlessly no matter what I did to that poor laptop. In my case what caused IE to fail was exactly *SP3*! Had Firefox stopped supporting the XP OS prior to SP3 I likely would not have a working laptop for her right now, or at the very least I would be doing lots of much slower CD-R sneaker-net transfers back and forth. To this day IE, of any flavor, still doesn't work on that laptop, but at least its up to date with all its patches and, quite debatably, safe to use for perhaps a day or two. All I can say is 'Thank You Firefox!' You saved the day once again.
Remove the rolling mill and replace it with every kind of metal, cutting, bending, punching, welding, burning, abrading, painting, riveting, and drilling operation you can think of. Not to mention the distinct aroma of metal plating, complete with vats of cyanide vapours from the plating department, and burnt cutting oil and plastics. The outgoing section of the loading doc was an ecological/highly toxic nightmare worthy of a full self contained hasmat suit.
My "equipment" consisted of a commandeered (available due to lay-offs) 8088 IBM PC with a IBM/370 terminal controller card which I hacked in assembly in order to connect to the COBOL centric Mainframe for storage, and used IBM-BASIC to create a complete CAD/CAM GUI interface, and used paper tape I/O devices to transfer data (the only media that would survive there). Now the interesting part, that was what I did for "fun" during my off hours, just trying to "improve" things on the factory floor for others, before I even thought to became a programmer! That being said, you should have seen the conditions of my actual "paid" job... but then I wasn't programming so its off topic for this particular "ask Slashdot". 8*}
Yea, I've been wondering about this Anonymous guy too. It seems that he is everywhere! Almost any site on the Internet you look at, there he is. He sure gets around. Trolling mostly, but it seems like he is just trying to be completely unpredictable as to stymie all the Government Home Land Security 'profilers' and cause all the legitimate Slash-dotters to waste enormous amounts of their time arguing over silly and petty opinion, missing work, slowing productivity, and generally causing the economy to collapse in the process. He just creeps me out sometimes, and we all know he is up to no good! This just smells of a Terrorists plot I tell you. I just bet he is even hiding and disseminating propaganda materials right here on SlashDot and no doubt trying to recruit others for his cause, but which one? His opinion and topics change almost as quickly as one can post comments! This guy is hard to figure out.
A while back I took it upon myself to try to expose this creep for what he is, so I took all the normal hacking tools I could gather up and went at it. The only trouble is this guy is a genius of disguise. Not one password cracking tool could guess this 'Anonymous' users SlashDot password! No matter how hard I tried I just couldn't manage to get it. So, I tried the brute force method, starting with 'a', then 'b', then 'c', all the way out to the length of twenty characters and not one got me into his 'Anonymous' account! This guy is obviously good at making uncrackable passwords. In fact almost every site I tried I just could not get in. Now I finally understand why this 'war against terror' takes so much time, money, and resources.
Maybe one day the 'Imitation Worm' will install a Replica OS http://www.reactos.org/en/index.html just to completely confuse the fellow malware competition. At that point Microsoft will be 'off the hook' for inviting every form of malware possible, and the replacement/replica OS will finally get lots of user testing, and perhaps eventually get released as Beta. At that point the worm only needs to remember to blue-screen periodically and run the 'Windows Replica Advantage' utility just often enough to completely annoy the user so that they don't begin to suspect anything.
It is very cyclic as you say, but its actually more like a Genetic Algorithm. Someone first writes some code that does what they need, and then someone else modifies it for additional features they want. Other people start using various versions and the one that satisfies the most situations becomes dominant. Eventually this goes a step too far and a new modification is made and splinters off the main trunk, and depending on what that new version does differently it may become the dominant version. For example, we started with Gopher, Mosaic, Netscape, Mozilla, then Firefox. Seamonkey appears to be the kitchen sink replacement for the original Mozilla while Firefox was the lighter weight version. Other lighter weight browsers
(e.g. http://www.mozilla.org/projects/mozilla-based.html ) in the family come and go depending on how much support they get, which of course depends entirely on its user base.
I'm sorry, but I can't imagine any industry or job that would not help with a job in some sector of IT. Think about it for a minute. Every industry needs computer professionals that understand their business. If you are without any experience you need to learn that industry the hard way, without any additional help. If you already HAVE some knowledge and experience in some particular industry then the question is how to make use of that experience to sell your new career path choice. Aim high and believe in your hard earned knowledge and you will find a way to build that new career.
They spend all their life being told that their fate is in someone else's hands (another greater being than themselves), and at the last minute they realize that they really don't want to accept that idea as a fact of life. Ignoring the facts, scientific or otherwise, seems to get exponentially easier with age, because by that time they are so well practised at it.
As for me, when this biological unit is too run down to continue I'll be looking for a good research medical school too. Not for a life extension, but rather for educational post mortem forensics analysis. The stories I could tell! My only misgiving is that I won't be able to sit in on the autopsy, lectures, nor help grade the tests. After that I'll finally be retired from research completely.
Very very true. I was trying to state exactly how absurd the reasoning was for doing the blurring in the first place. I understand the science clearly and quite frankly this concept scares me. A high school student could download and employ a similar image recognition on a publicly known image database, such as Google, and publish all the US target vulnerabilities in less than a days time, base solely on where the images have been 'doctored' up. There are already many available libraries/programs which will identify regions of an image which have been changed/modified. Without the proper statistical image map adjustments necessary to cover up such changes this would be point out what we are thinking that we are trying to hide. Its harder to hide them than to find them. Great work has been accomplished with recognising steganography and other methods of manual image manipulation for the very purposes of identifying those modifications. Making these changes to our countries published image maps could be painting one great big bullseye on all the places that matter most. Unfortunately, Congress never understands the technology that they mandate until it is pointed out to them by some covert INTEL on the other side of the fence. Pretty soon I would expect some three letter agency to knocking them up side the head and say 'wake up', how stupid is this?!!!
In other news, kim jong il orders the immediate start of a brand new National North Korean fire control system which applies state of the art AI image processing to the Google Maps/Earth databases in order to identify all blurred image regions. He was overheard saying "No need to even aim the missiles any more, this completely automated approach can continue shooting even after the very last rice patty is scorched and vaporized.". When the rice patty farm workers themselves were asked about the new situation all they said was 'no comment'.
I agree, and I was not trying to say that I equate security for DRM. I was trying to say that some people don't know the difference and they are very scared by the perceived consequences. I too use SELinux btw, and I would not leave home without it. In fact I only run Windows on top of it, not instead of it. I always have a copy of IDA Pro and Olydbg handy too, as you never know what will pop up. In my opinion there is really no reason why one company needs to hold all your keys. That was the point I was trying to make, though apparently not as concisely as I could have. There IS a middle ground that could still be quite effective and even still having a low impact on system performance.
As for Microsoft and Semantic, don't let anybody tell you that Microsoft does not make their code available. I signed the NDA myself, therefore I can't comment further in that respect. Its available under the right circumstances so you just have to trust me on that one. Outside of the NDA restrictions I may be very hard on Microsoft, but that is for a reason. I think they could do much better if they wanted, but they are a for profit company with a large legacy of backward compatible woes that they just won't give up. Even Apple throws away an OS now and then to get rid of what needs real improvement. Sadly, Microsoft will not. Symantec on the other hand built an entire industry on top of a bad paradigm. Actually fixing the problem would make them obsolete overnight. So, what is their incentive for real improvement? Most AV companies are in the same boat. They don't want it fixed. The only company that can really fix the problem without going out of business is Microsoft, or Open Source. Only Microsoft can choose which it will be.
Sorry, but "the scanner" would not be a scanner as you know it today. Outlook does not (or should not) try hooking the kernel level OS services, nor does it try injecting itself inside of other applications. Ok, maybe Microsoft would be that stupid some day, but it would be completely unnecessary to do it seeing that they already control ring0 before the malware even shows up on their doorstep. Using heuristics has nothing to do with scanning anything if done correctly. Doing runtime checksums of memory regions, if done in addition to that, would be looking for values that should NEVER change (between revisions), not fifty million different bit patterns in a database of just the known malware which is always incomplete. looking for BAD patterns is a loosing battle, verifying a single good patterns is the only for reasonable software assurance approach still having a minimal impact on system performance.
btw - Funny you should mention Outlook. Your saved outlook file, if its a PDF probably deserves to be quarantined right now. Simply having a 'special' PDF file in your cache right now is enough to get you infected, once the file system indexing find it, while running at SYSTEM privilege. It can inject a Trojan, and you won't even know it did. There are NO patches for it, you need not click on anything. No user need even be logged in. You will also have to wait for that fix for quite some time from what I am hearing. What problem is that?!! Ok, Find me a signature for it will you? Pick any virus scanner company you want. It just does not exist yet, but a truly heuristic detection system would prevent the infection in the first place. No signatures necessary. No need to push signatures out to a million infected PC's either. No need to update AV software to know how to remove a new Trojan.
If it is a rootkit, having it evade a well know commercial virus scanner would be no real surprise. Most are still using signatures for finding sequences of *known* code, and a rootkit can pretty much lie and tell the virus scanner anything it wants as far as any bits of memory on the computer, code or data. Signatures are a failure, and any virus scanner that doesn't give that up and move on to a heuristic approach is doomed to failure too. Covering up the fact that you don't know what bits of code to look for is about all they can do right now. In a couple days they might get a copy of it, run it through IDA Pro, generate a signature, and finally push it out to all the infected PS's on the Internet. Its really a sad paradigm. The only sure fire way is to have the OS integrity itself to be self verifying but too many people are afraid of loosing control over their system to some type of DRM'ed OS. Or in having system failures that can't even be patched or changed due to draconian measures internal to the OS. There is a middle ground but so far no one is going there. This should be built in, not an add-on after market chewing gum and bailing wire solution like virus scanners are. Time for Microsoft and/or Symantec to buy a clue. Rootkit or not, Symantec needs to get their act together.
If 'the guild' says that consumption of their copyrighted media by virtue of listening to it is illegal then so should the photons that come from the screen. The photons are just as much a copy of the works as the sound waves, all of which are derived from the exact same binary information. When we buy the media we are buying the right to consume it, and for a blind person this feature is the only way that it can be consumed. Would they also say that a brail interface for the same book would also illegal? I bet not in the eyes of the law. This is clearly a justified fair-use of the product which is rightly purchased. If the Guild tries to force Amazon to remove this feature then they are also denying all kindle users from also hearing non-copyrighted works to which they hold no legal control over. If they really want to "enforce" that the feature is not used for public productions of their works, then let them flag this feature with some internal DRM signature and let other non-copyrighted works still be used. That action of course will just mean that I will no longer purchase their products! If their desire is to maximize their own profits then they should just let well enough alone before the fair-use-by-the-blind lawsuits start up, against them.
btw - Perhaps some one else knows the answer... Isn't the Kindle running on GNU software? Isn't the source code publicly available because of this GNU licensing? Or are the reader apps running on top of Linux still proprietary?
I don't know if they would give it to you or not, but at only 12 mph it would be real hard to 'get away with it' unless you change the plot a little, like adding a worm hole or something. But if you were to take two of the Littoral Combat Ship's Rolls-Royce MT30 36MW gas turbines and retrofitted it with those then you would really be cooking!
Just one problem. Where do all your scantly clad women go sunbathing on that thing? That's got to get real hot in the sun...
I get what you are saying. They can have my WiFi logs if they want them. But with encryption, randomized onion routing (e.g. TOR), and a mesh network they will have a hard time proving that anything was ever downloaded that is even taxable much less know where I have been. They might know the number of bytes transferred through my WiFi hub in each direction but that is of little use in knowing the actual content of that transmission. The most they would gain would be my neighbours IP address and then they would have to process those logs, and of each and every WiFi hop along the way right down to the ultimate IP destination, perhaps in another country. The only logs that would do them any real good would be my physical machines logs, not ones from any specific router. Getting my own computers logs would require some real heavy handed draconian laws that would stand little chance of passing in Congress. Making encryption itself illegal will be even harder, since online banking and purchasing actually requires it. Why pass laws to tax downloads if nobody is going to purchase what gets downloaded?
It seems that the the National Wireless Community Network (NWCN) has just been born. Comcast, At&T, eat your heart out. So far there have been a hodgepodge of wireless community networks, and many competing dynamic mesh routing protocols to choose from. With this news things are sure to get standardized now. Once there is a decentralized mesh network of WiFi onion routers, the legislators only recourse will be to make all the WiFi networks illegal or to force the source of the download (e.g. China, North Korea, Cuba) to collect US taxes for each US, State, and local Government all while tracking the private US Citizens SSN's for tax purposes. What a choice. I'm glad I'm not a politician.
Ok, so lets assume that you can get a burst of 'entangled' photons into your eye and someone else's eye at the same time. And the point is? Last time I checked the human eye was incapable of determining anything about a photon except whether it was received or not, and the color if in sufficient quantity for a long enough period of time. Polarization? Not a chance. So how would you know its been polarized the same as a photon that someone else received? You can't even ask them because they will be just as clueless as you. Of course they might just lie to you to play a joke. Its too early to be April 1st, so why are the 'scientists' saying all this?
That's simple. Just stick to identifying galaxies that are more than 100 light years away and you will be relativistically safe. Your children's children's children on the other hand...
Slashdot Mirror
I never said it was not worth the effort. Exactly the opposite I believe. What I was saying is that according to their own self touted PR the stats they give actually suck by the standards of anyone that has the job to protect the most vital computers in the US Government. They themselves gave the stats, so just read the article.
I do, but not the specific attacks mentioned because they did not want to give away that kind of information. I happen to be an Information Security professional, but my job would not last long if I gave you any particular specifics in an open forum like Slashdot. Until you have been on a Redteam trying to subvert a network in the name of national security I guess you would not understand exactly what those statistics mean. You shoot for 0% of known vulnerabilities, not 15%. Even 1% of the know vulnerabilities is way too much risk if you understand what is at stake with this particular client, as well as many others.
They were talking about intrusion, not spyware. You need to already be on the system to install spyware, and getting on it is where the 0% counts. But yes, you can also do something about key loggers. Cell phone spyware too, but that is much more difficult and all too few people even know how vulnerable they are.
Just like any hardware exploit you need physical access. So you think you can just walk down any hallway in the Pentagon and just slip into a random office to install a hardware keylogger? No, you can't. In my memory in some offices I had an armed escort even though I had a clearance. So I'd say that is not the major concern we have, though I have to agree with you when it comes to the threat of Corporate Espionage. That is a different story. Reflashing an iPod with custom DMA aware software utilizing firewire hardware you could suck a machine's memory onto it in seconds. Passwords, encryption keys, the whole 9 yards. Oouch. But then if you have physical access to a machine then these things are real hard to stop, but that is not where the biggest threat comes from unless you are talking about an inside job.
As for me I just need a calculator to pass judgement based on the content of this article. Yes, they do need to be doing this, but they also need to be doing a whole lot more. The article is all about PR, and for that it fails miserably if you truly understand the threat model. btw - check out some of the other comments to my last post if you think I may just be spouting hot air. I am actually dead serious in that this story is not good news, but it is possibly headed in the right direction. Its just not enough and if anybody had a chance of doing it right Microsoft should have been able to, unless they are just not serious about doing it right.
This is way beyond a "stock" system, and it is fully patched by the experts from the one company that knows the most about how to protect it. But it still completely fails to protect the host against 15% of the *known attacks* in the wild? The operant word here is "known" attacks. Just do the mathematics with regards to the number of systems employed by this one particular customer. Then add in all the systems that are NOT locked down this tightly in the rest of the world. Despite all the glory that they are claiming in this news story, this is a very clear failure to protect these crucial systems and not something that I would ever associate myself with boasting about.
Now lets rephrase that; 15% of the attacks were still successful after a complete lock-down configuration was applied and lots of manpower went into burning custom installation disks and procedures. Is it just me or does anyone else see a problem with this?
I'll be nice enough to "give" Microsoft a free clue though. Nobody likes having the rug pulled out from under them. Deje Vous? This HAS happened to me before with those useless OEM re-installation disks. When the "free" installation stops running, and I have erased my older OS's which won't even reinstall, what do I do then? You guessed it, and it won't be Windows(tm).
If you can't say what you need to, and very convincingly in under an hour, then you are either not smart enough to do the job or you are just gaming the system. Either one of those alternatives deserves some kind of a formal penalty. If the penalty is not delivered by Congress itself, then certainly something like a non-biased publicly rated report card on their performance and 'ability to negotiate a solution', then subsequently allow them to be voted out of office in the next election. I get rated every year based on my performance, why not them? If you are wasting time then you are not performing your function.
That being said, I find it hard to believe that the device is completely 'bricked' though. It should still work with other MOBI formatted ebooks, or just convert your own to text.
My beef with dropping the Firefox/XP support is that after re-partitioning, formatting, installing XP, updating that blank slate with SP1, SP2, SP3, and attempting to install all the assorted post SP3 patches I found that IE no longer worked for getting updates, or anything else for that matter. IE was hung solid. So I started to test to find out what caused it. No amount of wiping, installing, patching, hotfixing, or reinstalling any versions of XP, IE6,7,8 would fix the problem, but Firefox continued to work flawlessly no matter what I did to that poor laptop. In my case what caused IE to fail was exactly *SP3*! Had Firefox stopped supporting the XP OS prior to SP3 I likely would not have a working laptop for her right now, or at the very least I would be doing lots of much slower CD-R sneaker-net transfers back and forth. To this day IE, of any flavor, still doesn't work on that laptop, but at least its up to date with all its patches and, quite debatably, safe to use for perhaps a day or two. All I can say is 'Thank You Firefox!' You saved the day once again.
My "equipment" consisted of a commandeered (available due to lay-offs) 8088 IBM PC with a IBM/370 terminal controller card which I hacked in assembly in order to connect to the COBOL centric Mainframe for storage, and used IBM-BASIC to create a complete CAD/CAM GUI interface, and used paper tape I/O devices to transfer data (the only media that would survive there). Now the interesting part, that was what I did for "fun" during my off hours, just trying to "improve" things on the factory floor for others, before I even thought to became a programmer! That being said, you should have seen the conditions of my actual "paid" job... but then I wasn't programming so its off topic for this particular "ask Slashdot". 8*}
A while back I took it upon myself to try to expose this creep for what he is, so I took all the normal hacking tools I could gather up and went at it. The only trouble is this guy is a genius of disguise. Not one password cracking tool could guess this 'Anonymous' users SlashDot password! No matter how hard I tried I just couldn't manage to get it. So, I tried the brute force method, starting with 'a', then 'b', then 'c', all the way out to the length of twenty characters and not one got me into his 'Anonymous' account! This guy is obviously good at making uncrackable passwords. In fact almost every site I tried I just could not get in. Now I finally understand why this 'war against terror' takes so much time, money, and resources.
Maybe one day the 'Imitation Worm' will install a Replica OS http://www.reactos.org/en/index.html just to completely confuse the fellow malware competition. At that point Microsoft will be 'off the hook' for inviting every form of malware possible, and the replacement/replica OS will finally get lots of user testing, and perhaps eventually get released as Beta. At that point the worm only needs to remember to blue-screen periodically and run the 'Windows Replica Advantage' utility just often enough to completely annoy the user so that they don't begin to suspect anything.
It is very cyclic as you say, but its actually more like a Genetic Algorithm. Someone first writes some code that does what they need, and then someone else modifies it for additional features they want. Other people start using various versions and the one that satisfies the most situations becomes dominant. Eventually this goes a step too far and a new modification is made and splinters off the main trunk, and depending on what that new version does differently it may become the dominant version. For example, we started with Gopher, Mosaic, Netscape, Mozilla, then Firefox. Seamonkey appears to be the kitchen sink replacement for the original Mozilla while Firefox was the lighter weight version. Other lighter weight browsers (e.g. http://www.mozilla.org/projects/mozilla-based.html ) in the family come and go depending on how much support they get, which of course depends entirely on its user base.
I'm sorry, but I can't imagine any industry or job that would not help with a job in some sector of IT. Think about it for a minute. Every industry needs computer professionals that understand their business. If you are without any experience you need to learn that industry the hard way, without any additional help. If you already HAVE some knowledge and experience in some particular industry then the question is how to make use of that experience to sell your new career path choice. Aim high and believe in your hard earned knowledge and you will find a way to build that new career.
As for me, when this biological unit is too run down to continue I'll be looking for a good research medical school too. Not for a life extension, but rather for educational post mortem forensics analysis. The stories I could tell! My only misgiving is that I won't be able to sit in on the autopsy, lectures, nor help grade the tests. After that I'll finally be retired from research completely.
Very very true. I was trying to state exactly how absurd the reasoning was for doing the blurring in the first place. I understand the science clearly and quite frankly this concept scares me. A high school student could download and employ a similar image recognition on a publicly known image database, such as Google, and publish all the US target vulnerabilities in less than a days time, base solely on where the images have been 'doctored' up. There are already many available libraries/programs which will identify regions of an image which have been changed/modified. Without the proper statistical image map adjustments necessary to cover up such changes this would be point out what we are thinking that we are trying to hide. Its harder to hide them than to find them. Great work has been accomplished with recognising steganography and other methods of manual image manipulation for the very purposes of identifying those modifications. Making these changes to our countries published image maps could be painting one great big bullseye on all the places that matter most. Unfortunately, Congress never understands the technology that they mandate until it is pointed out to them by some covert INTEL on the other side of the fence. Pretty soon I would expect some three letter agency to knocking them up side the head and say 'wake up', how stupid is this?!!!
In other news, kim jong il orders the immediate start of a brand new National North Korean fire control system which applies state of the art AI image processing to the Google Maps/Earth databases in order to identify all blurred image regions. He was overheard saying "No need to even aim the missiles any more, this completely automated approach can continue shooting even after the very last rice patty is scorched and vaporized.". When the rice patty farm workers themselves were asked about the new situation all they said was 'no comment'.
As for Microsoft and Semantic, don't let anybody tell you that Microsoft does not make their code available. I signed the NDA myself, therefore I can't comment further in that respect. Its available under the right circumstances so you just have to trust me on that one. Outside of the NDA restrictions I may be very hard on Microsoft, but that is for a reason. I think they could do much better if they wanted, but they are a for profit company with a large legacy of backward compatible woes that they just won't give up. Even Apple throws away an OS now and then to get rid of what needs real improvement. Sadly, Microsoft will not. Symantec on the other hand built an entire industry on top of a bad paradigm. Actually fixing the problem would make them obsolete overnight. So, what is their incentive for real improvement? Most AV companies are in the same boat. They don't want it fixed. The only company that can really fix the problem without going out of business is Microsoft, or Open Source. Only Microsoft can choose which it will be.
btw - Funny you should mention Outlook. Your saved outlook file, if its a PDF probably deserves to be quarantined right now. Simply having a 'special' PDF file in your cache right now is enough to get you infected, once the file system indexing find it, while running at SYSTEM privilege. It can inject a Trojan, and you won't even know it did. There are NO patches for it, you need not click on anything. No user need even be logged in. You will also have to wait for that fix for quite some time from what I am hearing. What problem is that?!! Ok, Find me a signature for it will you? Pick any virus scanner company you want. It just does not exist yet, but a truly heuristic detection system would prevent the infection in the first place. No signatures necessary. No need to push signatures out to a million infected PC's either. No need to update AV software to know how to remove a new Trojan.
If it is a rootkit, having it evade a well know commercial virus scanner would be no real surprise. Most are still using signatures for finding sequences of *known* code, and a rootkit can pretty much lie and tell the virus scanner anything it wants as far as any bits of memory on the computer, code or data. Signatures are a failure, and any virus scanner that doesn't give that up and move on to a heuristic approach is doomed to failure too. Covering up the fact that you don't know what bits of code to look for is about all they can do right now. In a couple days they might get a copy of it, run it through IDA Pro, generate a signature, and finally push it out to all the infected PS's on the Internet. Its really a sad paradigm. The only sure fire way is to have the OS integrity itself to be self verifying but too many people are afraid of loosing control over their system to some type of DRM'ed OS. Or in having system failures that can't even be patched or changed due to draconian measures internal to the OS. There is a middle ground but so far no one is going there. This should be built in, not an add-on after market chewing gum and bailing wire solution like virus scanners are. Time for Microsoft and/or Symantec to buy a clue. Rootkit or not, Symantec needs to get their act together.
btw - Perhaps some one else knows the answer... Isn't the Kindle running on GNU software? Isn't the source code publicly available because of this GNU licensing? Or are the reader apps running on top of Linux still proprietary?
Just one problem. Where do all your scantly clad women go sunbathing on that thing? That's got to get real hot in the sun...
I get what you are saying. They can have my WiFi logs if they want them. But with encryption, randomized onion routing (e.g. TOR), and a mesh network they will have a hard time proving that anything was ever downloaded that is even taxable much less know where I have been. They might know the number of bytes transferred through my WiFi hub in each direction but that is of little use in knowing the actual content of that transmission. The most they would gain would be my neighbours IP address and then they would have to process those logs, and of each and every WiFi hop along the way right down to the ultimate IP destination, perhaps in another country. The only logs that would do them any real good would be my physical machines logs, not ones from any specific router. Getting my own computers logs would require some real heavy handed draconian laws that would stand little chance of passing in Congress. Making encryption itself illegal will be even harder, since online banking and purchasing actually requires it. Why pass laws to tax downloads if nobody is going to purchase what gets downloaded?
It seems that the the National Wireless Community Network (NWCN) has just been born. Comcast, At&T, eat your heart out. So far there have been a hodgepodge of wireless community networks, and many competing dynamic mesh routing protocols to choose from. With this news things are sure to get standardized now. Once there is a decentralized mesh network of WiFi onion routers, the legislators only recourse will be to make all the WiFi networks illegal or to force the source of the download (e.g. China, North Korea, Cuba) to collect US taxes for each US, State, and local Government all while tracking the private US Citizens SSN's for tax purposes. What a choice. I'm glad I'm not a politician.
btw - Thanks for the link! Excellent summary there, I just wish it had the red-shift included, but I can follow the links to find that.
Ok, so lets assume that you can get a burst of 'entangled' photons into your eye and someone else's eye at the same time. And the point is? Last time I checked the human eye was incapable of determining anything about a photon except whether it was received or not, and the color if in sufficient quantity for a long enough period of time. Polarization? Not a chance. So how would you know its been polarized the same as a photon that someone else received? You can't even ask them because they will be just as clueless as you. Of course they might just lie to you to play a joke. Its too early to be April 1st, so why are the 'scientists' saying all this?
That's simple. Just stick to identifying galaxies that are more than 100 light years away and you will be relativistically safe. Your children's children's children on the other hand...