At least it wasn't the one with the fancy espresso machine in it.
541 posts • joined 3 Nov 2007
Re: Actually I think it might work ... sort of
If you had a material that could be controllably transparent to radio frequencies (similar to a liquid crystal watch display) and a way to determine the direction of the mast in use, this might actually work. Make the part of the case in the direction of the mast radio transparent, changing as the user moves. The blocked signal could be absorbed to reclaim some energy, or reflected to boost signal strength.
How often do planes operate, without shutting down, for more than eight months at a time?
Re: Long passwords
I encountered one site with a similar issue. On the account creation page, the password field had a length of 20 characters, but the login page only allowed 10. Somewhat concerning that no one at the company who developed, tested, or used the site had a password longer than 10 characters.
The discrepancy starts showing up around August 2011. Mt Gox was hacked in June 2011. They rolled back transactions after the hack, but I don't see much talk about strengthening security; my guess is that the hacker still had or quickly regained access, and decided to loot the place more slowly, avoiding the big selloffs that attracted attention the first time.
All the preloaded apps on Android devices are typically installed as system apps, so they can't be removed without root access.
Digitizing and streaming content that had only been released on tape actually sounds like a decent idea; there's good money in the nostalgia business. If they didn't have the bollocks about degrading the quality, it would be very hard to tell if this is real or not.
On copper cables? Anyone care to explain what that means?
They know they broke VS and Hyper-V, but were willing to distribute it anyway. This does not inspire confidence in the quality or stability of the final product.
Re: Slack app? Never heard of it!
Very much panicking here
Any code that handles web pages (i.e., untrusted data) can and will be used as an attack target. I recall a Firefox exploit where image buffers were allocated but not initialized; attackers could use it to read the contents of the screen. If vulnerabilities exist, they will be exploited; if it's written by Adobe, there will be vulnerabilities.
A bit late to the party
Other news outlets were reporting on this back on March 10.
Re: Could be useful... if under control
Even better for enterprises with dozens or hundreds of computers all trying to update at the same time every Patch Tuesday. The LAN-only option makes me a lot more comfortable with this idea, since it's a lot harder to compromise than if it's willing to download from anywhere on the internet.
Republicans love to champion states' rights vs. the federal government, but then get all upset when you apply their same reasoning to cities' rights vs. states.
Re: When will they understand...
You're forgetting that for a large percentage of the US, "another vendor" doesn't exist. I've lived in places where Comcast was the ISP; there was no choice. If ISPs decided to be evil, most people would put up with it, not because they want to, but because the only alternative is to give up internet access entirely.
Also, the notion that 'if one company is bad, they'll be forced to back down when all their customers leave for competitors' doesn't really hold up when you look at historical precedents. For example, commercial airlines started cutting services and adding fees for everything in the late '90s. None of them went bankrupt or had to reverse course over it, because in short order all of the airlines were doing the same thing.
"standard application abstraction layer that is OS independent"
You mean something like the Single Unix Specification/POSIX?
A bit confused here
If extended support is ending and there won't be any security patches, what exactly are people supposed to be paying for?
I don't know exactly how AV signatures are generated, but if there's any way to force collisions (like with md5), this could be a very bad idea. I'm sure plenty of people would love to have their malware whitelisted because it's identified as a core Windows component.
Re: I can see how would work
Not a bad idea, pretty much naked short selling bitcoins. Promise sales (of something you don't actually have yet) at one price, trigger a market panic, buy cheap and deliver. This would be illegal in a regular stock market, but due to the lack of regulation of bitcoins, you could get away with it. Once.
One born every minute
There's at least some plausible basis for fancy audio cables for analog connections, where noise or interference can affect the output. (Whether or not that effect is noticeable or not is beside the point.) Once things are digitized, though, all the ridiculously expensive materials become irrelevant; as long as it still resolves to the same sequence of 1s and 0s, it doesn't matter how much noise there is in the signal.
re Golden Dropping
Nice to see an eloquent counter to the "if you've got nothing to hide, you've got nothing to fear" argument. When it's been brought up, many people dismiss it out of hand, but few have been able to explain why it's a bad argument.
Particularly the parts where they say it would work equally well with Google Voice on Android, or with VoIP phones.
There might be a use for upward directory traversal for specifying files to delete (e.g., "rm ../*.c"), though it would probably be safer to navigate upward first, then call rm. The -r option definitely shouldn't attempt to process . or ..; on the Mac/BSD implementation, it throws an error to even try "rm -r ..", but it will accept "rm -r ../*".
Re: I HATE comcast
You mean BFHs. BOFHs are actually competent at what they do.
Solution: give them what they ask for
...which isn't necessarily what they want.
Someone takes a work-issued laptop home? That changes the number of licenses on site; notify Microsoft. They bring it back? Notify them again. A device turns off? Arguably, that changes the number of licenses, so notify Microsoft again; same when it turns on. Shouldn't take too long before Microsoft decides to clarify what they mean by "any changes".
There are 8,760 hours in a typical year, give or take a few. By some fairly basic calculations, the Azure uptimes should be 99.5098% and 99.8757%. I don't know how CloudHarmony came up with their numbers, but I wonder if Microsoft 'encouraged' them to use some alternative voodoo calculations so they can claim "99.9% uptime", when any service that is down for more than 8.76 hours clearly fails to meet that standard.
Worse than useless
This will result in more neurotic parents freaking out over every slight variation in the kid's vital signs, because they don't have the medical knowledge necessary to understand what it means and what is or is not cause for concern. I wonder if some hospital executive is behind this, trying to see how many more urgent care visits they can get and bill for.
Sure; the Shellshock bug was introduced back in 1989. Once it was reported, though, there was a patch available in 12 days, from someone who maintains Bash for free as a side project. Microsoft pays thousands of people to work on Windows as their full-time job, so not being able to respond to vulnerability reports in a timely manner is embarrassing, to say the least.
Re: Seems to me
The only way security-minded people would accept a version of Skype as 'compromise-free' is if it's completely open-source, and can be reliably compiled to be byte-for-byte identical to any distributed binaries. If we can't inspect the code and prove that there are no backdoors or weak, home-rolled crypto systems, it will still be considered compromised, no matter what anyone at Microsoft says.
If every node delays every packet by a random amount in the same range, all this will do is slow down the network. With enough packets to analyze, the randomness averages out and isn't a significant obstacle. A better approach might be to add delays depending on the speed of the individual connections between nodes; the idea is that all traffic takes the same amount of time to transit through a node, no matter where it came from or where it's going.
Some airlines (such as SouthWest, IIRC) don't assign specific seats in advance, and flight overbooking is routine, so seat conflicts aren't necessarily a problem. You'd still have to deal with getting an ID to match, though.
More likely they deployed as soon as their software was ready.
Security disaster in the making
As Steve Davies mentioned, there will be security vulnerabilities found in the .NET libraries; it's a question of when, not if. The real problem is what to do about them, now that the libraries are bundled with apps.
On the one hand, they could let developers release new versions of their apps every time the libraries are updated. Realistically, most of them won't bother, which creates a large attack vector. I'm sure VXers will find a way to take advantage of it, such as convincing users to install vulnerable apps which can be exploited. (E.g., "you need XX video player to watch this clip of [celebrity]".) Will antivirus programs have to start flagging anything with outdated libraries as potentially harmful? This way lies madness.
The alternative is to push security patches through Windows Update. Except this is supposed to be cross-platform, so you don't necessarily have Windows Update. Maybe solvable with an updater service, but now that also has to be bundled with apps as well, and could lead to issues with multiple instances and version incompatibility if you install several .NET apps. Even with that solved, pushing updates could break signed apps.
Anyone have better ideas on how to not have this turn into a nightmare?
The real question is
Why would any app need a list of all other (running) apps? Gathering that information and sending it off for 'analysis' definitely counts as spyware. If app functionality depends on the presence of certain other apps, the OS should provide a means to query whether those specific apps are installed, rather than revealing all of them.
Re: How to use the Facebook Messenger app
I can understand the need for some of the permissions, such as access to the camera and storage so you can post photos. But I'd love to see their explanation for why it needs to be able to modify contact information, read text messages, change network connections, or modify battery information.
Re: Time for Linux
Unless Windows 9 (or whatever it's called) goes back to a familiar user interface, I think this will be an increasingly tempting option for enterprises. If they're going to have to retrain users anyway, why pay an arm and a leg for Windows + Office licenses, plus the inevitably required hardware upgrades? In most cases it would be cheaper to hire an on-site migration assistant from a distro provider than to stay with Microsoft.
Trust management problems in 73 percent of the top 1000 apps, but only 36% of the next 9,000 most popular apps. Webkit issues in 77% of the top 1000, but just 6% of the next 9,000. Why are the most-downloaded apps so much more prone to security problems than ones that aren't quite as popular?
Re: Android permissions cannot revoked after installation?
Apparently you missed the bit about Google removing access to App Ops late last year; as of 4.4.2, you can't use it without rooting the device, and it's possible they'll remove it entirely in future versions.
Amazon and Ebay aren't actually that unreasonable – they're probably trying to look up your postal/zip code so they can automatically calculate shipping costs. Still, it would be nice to have the option to turn that off, in case you're shopping while not at the location you want things delivered to.
Re: Non-coms ?
There are multiple grammatically-valid ways of parsing that statement, but I believe he meant "limit (i.e., reduce) [the number of] casualties to non-coms".
Re: they're a spy agency
I'm not trying to defend the NSA here, but as far as targets go, this one isn't unreasonable. People who are looking into ways to hide their online communication are more likely than the average netizen to be doing something of interest. They might be terrorists or other spies, they might be Chinese pro-democracy activists or Iranian counter-revolutionaries; in any case, the NSA wants to know what they're up to. Of course, there are also plenty of people doing nothing of interest who happen to be conspiracy theorists or just don't like being spied upon, but I don't know of an easy way to tell the difference short of spying on them more.
I don't like the overbroad dragnet espionage, but at least there were some attempts to focus on valid targets. If it had emerged that they were scrutinizing visitors to dailykitten.com, that would raise serious questions about their competence.
'll' isn't actually its own command; it's usually implemented as an alias (to 'ls -la' or similar) in your .fooshrc file. What exactly it does, and if it's present by default at all, depends on your distro.
Re: Very puzzling and disturbing.
That would only happen if it were claimed that Paypal is inherently a criminal enterprise, not just that the CEO has committed a crime. Pretty much everything being sold on Silk Road was illegal, which is what justified shutting it down and seizing its assets. Even if the CEO was using Paypal for money laundering or such, most traffic on that site is legitimate, so they'd only seize the related accounts, not everything.
Re: A Speculative Fiction
Wouldn't have been Icahn – he only cares about short-term profiteering. Bidding high enough to win all of the blocks of coins means they probably paid above market value, so this is probably someone who expects their value to continue growing long-term.
Re: "our goal was never to upset anyone"
It could have been done reasonably well. Throw up a notification asking if people are willing to be part of an experiment on social behavior, which may alter their experience of Facebook for the next week. Explain that providing any more details about the experiment would alter people's behavior and invalidate the results, but provide more information about the study and which group people were in after it's over. Not complete information, but enough for reasonably informed consent, and far better than how they provided no information and obtained no consent.
Very, very fishy
Claiming that there's no battery, but it "stores the energy in a uniquely designed power bank." Sounds a lot like a battery to me. Somehow it's able to contain all the circuitry, the power-harvesting antennas, the Bluetooth antenna, the not-a-battery™, the accelerometer, and possibly other components. It can somehow tell the difference between being shaken intentionally by a person and being shaken incidentally when attached to a dog's collar. They're able to connect a wired diagnostic interface to it, but it's sealed and waterproof.
Supposedly they have working prototypes, but there's no clear demonstration or explanation of how they are used. My guess is that it would use some sort of roundtrip timing signal, which would only give a distance to the tag, and no information on direction. If the phone can track its own location accurately enough, I suppose it could do some sort of automatic triangulation. However, AFAIK, GPS isn't accurate to less than about ten feet at best, which is too fuzzy to use for finding something within a house only a few tens of feet wide.
Re: Something very wrong here.
It doesn't seem like this would be particularly hard to do; you could probably borrow a lot of the code from web browsers, which already do a fairly good job of handling malformatted HTML. There are three main types of XML error that I can see:
Orphaned tags with no matching closing or opening tag, which is what Trevor's problem seems to have been. Easy enough to delete or escape as text.
Transposed tags, such as < a ...>< p >< /a >...< /p >. This would take a bit more work to detect, but the fix is obvious.
Broken tags, particularly missing right angle brackets. Escape the left bracket and recheck the document, as this will probably create an orphaned closing tag.
Re: Whoa there
And furthermore, how secure are the built-in encryption schemes? Both Microsoft and Apple are subject to pressure from the NSA, and there's no way to independently audit their proprietary code.
Sounds like the Nintendo Zapper, which also used a camera-based method of determining where it was pointed, and by far predates the patent filing.
Re: 8. MainThreadProc() integer overflow
Integer overflow is very different from buffer overflow (and to be pedantic, heartbleed is a buffer overread issue). It can cause mathematical issues (e.g., for a signed byte, 100 + 100 = -56), but it's not easy to turn that into a security flaw.