When you visit a website, the site owner is well within their rights to record that visit.
Yup. I have no way to stop them, afterall.
The negotiation is between Google and website owners.
Nope. If the website owner wanted to transmit information to Google, he can do so by having his server contact Google, or by dumping his logs to Google.
Instead, if the website owner sends code to my browser to give information to Google, I am within my rights to refuse to do so.
Alternatively, the website owner in question could host his own data-analysing tools on his domain. There exists plenty of free software for this (just as most other domain services Google offers).
The HR Director has tasked me with sending our data out of our network to the consultant that's loading it in to the new package. Obviously this data includes items such as SSN, Name, Birth date, etc.
whatcouldpossiblygowrong
Upon being told that I would not email this data to her, the consultant asked what my security requirements were for sending the data. What would be on your wishlist for the best way to send sensitive data to someone outside your firewall?"
Do you mean you actually do not have a security policy for this? Do your employees know that?
Next, think about an Ubuntu install vs. a Vista install. Vista caught a lot of flak for the "cancel vs. install" thing but sudo('s GUI counterpart) is not much different, right down to the dark fade as it asks the user what to do.
Did you interpret my post to be an attack against Vista? Honestly I did not intend for it to be either an attack or a support.
As for the GUI sudo, what does that have to do with it? Much like with UAC, the user must know what he is doing when he enters his root password (whether using Linux or Vista). If not, there isn't really much else that you can do. I'm not really sure what your point is, anyway.
won't some leet folks please write a virus for Linux
Shit. I just wasted my time replying to a troll post.:(
Man, dis you miss the part where I say "changing base station, etc"?.
No I didn't miss it. Is that what my phone is doing? Honestly I don't know for what purpose my phone broadcasts intermittently, only that it does.
You said the phone isn't broadcasting unless it has "something to do", which someone could take to mean that you think it isn't an issue (if you did think there is an issue, you sure picked a weird way to say it).
I only try to point out that a phone will broadcast just often enough to be useful to somebody, regardless if you think the phone has "something to do" or not.
As a fun experiment, try placing your cellphone (turned on) next to an audio receiver, or television, or any other device that is susceptible to radio interference.
What you'll soon see is that the phone is causing interference (through transmissions) intermittently. For example, every few minutes you will hear slight buzzing from the speakers of your radio or television (and if it is a television you might see the picture go wavy, too).
This is a well-known phenomenon, so saying that phones do not broadcast when they are not in use is an error.
However, I'm not sure how this could be used for accurate tracking, since the broadcasts are only intermittent. You could go halfway across the store between broadcasts, which would make it a bit difficult to show your route I'd guess.
Some files shared on Peer-to-Peer networks are actually viruses
* False
* True
Uhh probably? Shall I look for one? Or should I not worry about it because I don't run Windows? At least, I will make a point to not chmod +x the files I download, is that enough?
Do you intend to infringe copyright?
* Yes
* No
Let me worry about that please. If I get caught doing something illegal, just pass it along to me and let me deal with it. But as I'm intending to download a Linux ISO right now, I'm probably not going to infringe any copyright (they allow and even encourage me to download it and share it, so no worries...).
If a student receives a first DMCA violation notice he/she will lose network access for a minimum of
* 14 calendar days
* None of these
* All of these
* Until he/she passes the "Safe and Legal Computing" course
I don't know. Tell me when I get the DMCA notice.
What is the difference between copying a friend's CD and downloading music?
* It is only legal to copy a friend's CD
* It is legal to download the song
* They are both legal
* They are both illegal
I don't care. I don't want to download or copy CDs.
Copyright protection lasts for:
* 14 years
* Life of the creator
* 25 years
* Life of the creator plus 70 years
I don't care. When the GPL runs out for the Linux ISO I'm downloading, it will be public domain, so it doesn't even matter to me how long it is.
Why not just use/dev/random and stop the stupid games with reinventing the wheel?
Because/dev/random doesn't exist on every system that OpenSSL runs on. And reading bytes from/dev/random is very slow, a few B/s at best, less if the system is otherwise idle.
/dev/urandom is faster, about 10MB/s on my system but also does not exist on every system either. In contrast OpenSSL on my system is about 25MB/s. This with the fact that/dev/{,u}random isn't portable would be a good reason to have a userspace RNG.
The Lynx browser uses OpenSSL!! So you text-only browsing folks would be toast if you didn't pay attention.
Although as was already mentioned, most other browsers do not use OpenSSL. But, that doesn't mean the issue isn't important to casual webbrowser users, though!
Had your favorite browser used OpenSSL (and as a casual user, you wouldn't know), your HTTPS communications could have been compromized. So it is vitally important to be concerned about things like this even if you aren't a SSH user or generate your own CA's or keys for any reason. Dismissing the problem for casual users because they don't actively generate keys would be wrong.
And there's always the risk of getting MITM'd when talking to someone using a weak key, so you'd want to make sure you don't talk to people with weak keys (the code should take care of this too, but it might not always be possible to detect, so you should ask your bank or whoever if their keys might be bad).
In the end it is the casual users who get bitten the worst by things like these, simply because they aren't aware that a problem might affect them.
That's right. I just mis-read what the GGP said but thanks for pointing it out.
In fact you'd be pretty much foobar'd if someone managed to replace your key for you before you had the chance to, if you didn't have any other ID for the server to verify against you. Perhaps locking users out until a plan can be made for your users to provide new keys isn't a bad idea.
And also, it might be wise to have multiple keys generated from different tools just in case something like this happens, and make sure everyone knows about all of them, so you don't get SOL.
Sorry, mod that down, I mistyped. Exchanging public keys isn't a problem even over an insecure channel.
What I'd meant to say was that being able to log in to upload your new key wouldn't do much good since you don't know whether the person logging in is a fake or not. The old key is already assumed to be compromized. Hopefully you have some other way of identifying yourself in that situation.
So, basically, once you upgrade, you'll have no apparent way to access your other machines [1] to upload your new key. That's just spiffy!
It doesn't do much good to transfer your new keys over a channel encrypted with your old, weak key. If someone can guess the old key, then they have the new key, too.
Normally I do not bother to reply to trolling AC's but I will reply to you (congrats!). Yes I program, but I don't rely on magic quotes (I have used it against my will on one adopted project where another developer used it, though).
The problem is that someone unwittingly upgrades to PHP6 and suddenly becomes vulnerable to injections that they were not vulnerable to in PHP<=5. Software upgrades should not do this to users.
Another poster in this thread suggested that PHP could refuse to start if magic quotes are turned on in the config, and crazy messages could be printed at the user. That'd be the correct thing to do, I think. Then at least the user would know to stick with 5 until he can change his code.
So does this mean that if you are using magic quotes and you upgrade to PHP6, suddenly you will become vulnerable to SQL injection attack? Wow, I'd consider that to be a major regression, then.
Then I received a hard lesson in what it means to say that JBOD has a failure rate multiplicatively proportional to that of each individual drive. And, surprise surprise, LVM amounts to nothing more than fancy OS-level JBOD, without even the performance boost of a proper RAID controller.
Thanks but no thanks. If I want to span a volume across multiple disks, I'll use RAID 5 or 6 from now on, ThankYouVeryMuch.
Your problem wasn't that you used LVM, your problem was that you made it into a JBOD. Some of us use LVM without making it a JBOD.
And of course, there is nothing stopping you from using LVM on top of that RAID. I use LVM on a RAID 1 myself.
You're right. I considered that the contestant always has the opportunity to switch, based on what I've seen of the show, but it may not actually be true, which changes all of the assumptions. But it also isn't necessary that they are always done after the first pick as the GP suggested (if they never had the opportunity, there wouldn't be a problem).
If you consider that Monty may actually be deciding whether to give the opportunity based on his knowledge (or his personal mood that instant), then the problem may not even have an optimal solution afterall.
because you chose "G"oat in the fist chance, and you lose right there, because don't get the second chance. You've obviously never even seen the game. The door the contestant ultimately chooses isn't opened until after they've already had the opportunity to change. You cannot lose before you are asked if you want to change or not. That's rather the whole point of the game.
It means that the chance of me picking the car is 8/24 or 1/3 in absolute terms, but in logical terms it is 12/24... To evaluate all the possible outcomes, you have to consider all the possible multiplicative steps That means you must MULTIPLY the probabilities of each step, not count them as equal to other outcomes.
Your truth table assume the contestant has a 1/2 (4 of 8) odds of picking the winning door in every configuration, which should obviously show you that it cannot be right. The other posters already told you that you failed in assuming each entry in the table is equally likely, when they are not.
It also helps to group the tables according to the "Switch" option rather than the configuration, since afterall we're trying to get a decision about whether it is better to switch, regardless of the configuration.
So, try including the probabilities like these tables. The first table assumes we don't switch, and the second table is exactly the same except that it assumes that we do switch.
1 2 3 You/prob Monty/prob Comb Switch Win C G G 1 (1/3) 2 (1/2) 1/6 No Yes C G G 1 (1/3) 3 (1/2) 1/6 No Yes C G G 2 (1/3) 3 (1) 1/3 No No C G G 3 (1/3) 2 (1) 1/3 No No
1 2 3 You/prob Monty/prob Comb Switch Win C G G 1 (1/3) 2 (1/2) 1/6 Yes No C G G 1 (1/3) 3 (1/2) 1/6 Yes No C G G 2 (1/3) 3 (1) 1/3 Yes Yes C G G 3 (1/3) 2 (1) 1/3 Yes Yes
Similarly for the configurations G C G and G G C so those don't need to be shown.
The probability under "Comb" shows the combined probability of you and Monty picking the respective doors in each row. In each table this column adds to 1. The result under "Win" must be weighted according to the "Comb" value.
So in the first table where we don't switch there are 1/3 wins (1/6 times two). In the second table where we do switch there are 2/3 wins (1/3 times two).
Slashdot Mirror
Yeah, people who make such weak passwords are really dumb.
I've got a really good password for my bank account. It's: L;WMc6HC
Nobody will ever break that!
Nope. If the website owner wanted to transmit information to Google, he can do so by having his server contact Google, or by dumping his logs to Google.
Instead, if the website owner sends code to my browser to give information to Google, I am within my rights to refuse to do so.
Alternatively, the website owner in question could host his own data-analysing tools on his domain. There exists plenty of free software for this (just as most other domain services Google offers).
Do you mean you actually do not have a security policy for this? Do your employees know that?
Did you interpret my post to be an attack against Vista? Honestly I did not intend for it to be either an attack or a support.
As for the GUI sudo, what does that have to do with it? Much like with UAC, the user must know what he is doing when he enters his root password (whether using Linux or Vista). If not, there isn't really much else that you can do. I'm not really sure what your point is, anyway.
Shit. I just wasted my time replying to a troll post.
27% of people reporting using the product are infected. Is this a result of self-selection bias? What does it say about the actual population?
Also, no I didn't rtfa.
(frist prost?)
You said the phone isn't broadcasting unless it has "something to do", which someone could take to mean that you think it isn't an issue (if you did think there is an issue, you sure picked a weird way to say it).
I only try to point out that a phone will broadcast just often enough to be useful to somebody, regardless if you think the phone has "something to do" or not.
As a fun experiment, try placing your cellphone (turned on) next to an audio receiver, or television, or any other device that is susceptible to radio interference.
What you'll soon see is that the phone is causing interference (through transmissions) intermittently. For example, every few minutes you will hear slight buzzing from the speakers of your radio or television (and if it is a television you might see the picture go wavy, too).
This is a well-known phenomenon, so saying that phones do not broadcast when they are not in use is an error.
However, I'm not sure how this could be used for accurate tracking, since the broadcasts are only intermittent. You could go halfway across the store between broadcasts, which would make it a bit difficult to show your route I'd guess.
How do you get from:
Fat People Contribute More Human-Made CO2 Emissions Than Skinny People
to
Fat People Cause Global Warming
???
Uhh probably? Shall I look for one? Or should I not worry about it because I don't run Windows? At least, I will make a point to not chmod +x the files I download, is that enough?
Let me worry about that please. If I get caught doing something illegal, just pass it along to me and let me deal with it. But as I'm intending to download a Linux ISO right now, I'm probably not going to infringe any copyright (they allow and even encourage me to download it and share it, so no worries...).
I don't know. Tell me when I get the DMCA notice.
I don't care. I don't want to download or copy CDs.
I don't care. When the GPL runs out for the Linux ISO I'm downloading, it will be public domain, so it doesn't even matter to me how long it is.
Did I pass?
Because
Some CA's allow users to have their certs re-issued for free a limited number of times.
whooooosh
The Lynx browser uses OpenSSL!! So you text-only browsing folks would be toast if you didn't pay attention.
Although as was already mentioned, most other browsers do not use OpenSSL. But, that doesn't mean the issue isn't important to casual webbrowser users, though!
Had your favorite browser used OpenSSL (and as a casual user, you wouldn't know), your HTTPS communications could have been compromized. So it is vitally important to be concerned about things like this even if you aren't a SSH user or generate your own CA's or keys for any reason. Dismissing the problem for casual users because they don't actively generate keys would be wrong.
And there's always the risk of getting MITM'd when talking to someone using a weak key, so you'd want to make sure you don't talk to people with weak keys (the code should take care of this too, but it might not always be possible to detect, so you should ask your bank or whoever if their keys might be bad).
In the end it is the casual users who get bitten the worst by things like these, simply because they aren't aware that a problem might affect them.
That's right. I just mis-read what the GGP said but thanks for pointing it out.
In fact you'd be pretty much foobar'd if someone managed to replace your key for you before you had the chance to, if you didn't have any other ID for the server to verify against you. Perhaps locking users out until a plan can be made for your users to provide new keys isn't a bad idea.
And also, it might be wise to have multiple keys generated from different tools just in case something like this happens, and make sure everyone knows about all of them, so you don't get SOL.
Sorry, mod that down, I mistyped. Exchanging public keys isn't a problem even over an insecure channel.
What I'd meant to say was that being able to log in to upload your new key wouldn't do much good since you don't know whether the person logging in is a fake or not. The old key is already assumed to be compromized. Hopefully you have some other way of identifying yourself in that situation.
It doesn't do much good to transfer your new keys over a channel encrypted with your old, weak key. If someone can guess the old key, then they have the new key, too.
Normally I do not bother to reply to trolling AC's but I will reply to you (congrats!). Yes I program, but I don't rely on magic quotes (I have used it against my will on one adopted project where another developer used it, though).
The problem is that someone unwittingly upgrades to PHP6 and suddenly becomes vulnerable to injections that they were not vulnerable to in PHP<=5. Software upgrades should not do this to users.
Another poster in this thread suggested that PHP could refuse to start if magic quotes are turned on in the config, and crazy messages could be printed at the user. That'd be the correct thing to do, I think. Then at least the user would know to stick with 5 until he can change his code.
So does this mean that if you are using magic quotes and you upgrade to PHP6, suddenly you will become vulnerable to SQL injection attack? Wow, I'd consider that to be a major regression, then.
Your problem wasn't that you used LVM, your problem was that you made it into a JBOD. Some of us use LVM without making it a JBOD.
And of course, there is nothing stopping you from using LVM on top of that RAID. I use LVM on a RAID 1 myself.
Except unlike tax, you have the option to decline it.
What about opting-out of such service? The spooks already have television and radio under cover. Why should you want it in your pocket?
You're right. I considered that the contestant always has the opportunity to switch, based on what I've seen of the show, but it may not actually be true, which changes all of the assumptions. But it also isn't necessary that they are always done after the first pick as the GP suggested (if they never had the opportunity, there wouldn't be a problem).
If you consider that Monty may actually be deciding whether to give the opportunity based on his knowledge (or his personal mood that instant), then the problem may not even have an optimal solution afterall.
Your truth table assume the contestant has a 1/2 (4 of 8) odds of picking the winning door in every configuration, which should obviously show you that it cannot be right. The other posters already told you that you failed in assuming each entry in the table is equally likely, when they are not.
It also helps to group the tables according to the "Switch" option rather than the configuration, since afterall we're trying to get a decision about whether it is better to switch, regardless of the configuration.
So, try including the probabilities like these tables. The first table assumes we don't switch, and the second table is exactly the same except that it assumes that we do switch.
1 2 3 You/prob Monty/prob Comb Switch Win
C G G 1 (1/3) 2 (1/2) 1/6 No Yes
C G G 1 (1/3) 3 (1/2) 1/6 No Yes
C G G 2 (1/3) 3 (1) 1/3 No No
C G G 3 (1/3) 2 (1) 1/3 No No
1 2 3 You/prob Monty/prob Comb Switch Win
C G G 1 (1/3) 2 (1/2) 1/6 Yes No
C G G 1 (1/3) 3 (1/2) 1/6 Yes No
C G G 2 (1/3) 3 (1) 1/3 Yes Yes
C G G 3 (1/3) 2 (1) 1/3 Yes Yes
Similarly for the configurations G C G and G G C so those don't need to be shown.
The probability under "Comb" shows the combined probability of you and Monty picking the respective doors in each row. In each table this column adds to 1. The result under "Win" must be weighted according to the "Comb" value.
So in the first table where we don't switch there are 1/3 wins (1/6 times two). In the second table where we do switch there are 2/3 wins (1/3 times two).