42 posts • joined 26 Jun 2009
This was more about publicity and FUD than it was about any serious infrastructure protection or compromise. It's at best a distraction and at least a recruiting function for the NSA.
Do you really think a few service academy cadets could outdo the best the NSA could throw at something like this?
It's no different than playing college sports, it's a way to get into the professional leagues. The various government agencies do not have a problem with acquiring talent or resources, they have a problem with politics and where critical decisions are made. Some of the best and brightest people I know were NCOs and general enlisted. It's nice to see that the officers are catching up with the brains they command.
Isn't this just the EU overstepping its authority?
For a transaction within the EU, it's great. Every country should have laws of this nature.
If somebody in the EU goes to a US (or any other country) website/company and does any sort of business, why would the EU have *any* jurisdiction over that transaction except for import tariffs and customs in the case of a physical product? This is the same problem I have when the US decides it's going to dictate to the rest of the world.
If I ran a US business that had EU customers, I'd simply tell the EU to kiss my ass if they attempted to claim any sort of jurisdiction over me. Same thing I'd tell the US if the positions were reversed.
Now, if I opened an office in Paris and started doing the same business I would gladly submit to local laws and practices.
Just a few thoughts/questions
Would it violate net neutrality to force other station providers to be "compatable" with AT&T DSL?
Does HostGator violate net neutrality by throttling FTP connections?
Do ISP provided spam filters violate net neutrality?
Does Verizon violate net neutrality by blocking SMTP traffic from non-business DSL lines?
Wait... Playboy == Hardcore?
Java in and of itself is not the problem
Re: The law should work in both directions
There are numerous laws in the US designed to handle legal misconduct in any part of the justice system. More importanly, the *insert jurisdiction here* bar association can revoke an attorney's license to practice law, no matter which table they sit at. Even judges can be sanctioned that way. It may not be a criminal charge, but it's far more devastating to an attorney than minor jail time.
This of course assumes that malpractice or some sort of ethical violation actually took place and can be proven. Being a dick isn't a crime, and should never be considered as such.
Not to speak ill of the dead...
But he *knew* he was breaking the law. He *knew* what the possible consequences were.
This is not to say that I am not in favor of sanctions against the prosecutor and overhaul of much of the US criminal code, but let's keep the big picture in mind: he took his own life, and he committed the crimes for which he was charged.
This wasn't a failure of the US justice system, this was a troubled man finding a way out of bad decisions he had made.
As long as they don't
As long as they don't glamorize Ankit Fadia.
I still don't get...
If a vulnerability such as the plaintext within encrypted container password/picture thing on Windows 8... requires local administrator rights to access, and isn't actually useful for anything local... why is that such a major problem?
Bing is a good place to play SEO games
The "market" as it were, is less crowded. There are somewhat fewer people trying to rank for marketing-ready keywords as opposed to Google. If I were a marketer, I would rather "easily" reach 10 million searchers rather than "difficultly" (is that a real word?) fight tons of other marketers for 100 million.
Most of the marketers I know don't play SEO games though, they seem to prefer either direct marketing (email, SMS, or IM) or massive social media campaigns. Trying to rank a landing page just seems like not enough juice for the squeeze these days.
I'm guessing that things will balance out over the next few years; It's hard to believe, but Microsoft seems to have become the lesser evil.
There is a difference...
There is a difference... between software and abstracts, embedded or otherwise, and hardware/material goods.
With software and other abstracts you purchase a license to use the product, not the product itself. It is completely reasonable for a publisher to have the ability to limit rights in the case of a license... A phone company shouldn't have to allow service transfers, a software company shouldn't have to allow the license to be sold to a second party, etc. Regardless of whether we agree with those terms, a business should be allowed to license their products in whatever manner they choose, the free market is the only body capable of properly regulating this through supply and demand. The same concept applies to material goods in terms of market self regulation.
The market will respond to any attempts to allow outrageous licensing by creating a demand for GPL/BSD/etc style licenses and sales agreements, a supplier will step in, and the demand will be filled. I don't see this being much of a problem since the rights holders are publishers, record labels, and manufacturers rather than individual designers and performers usually.
@Michael Dunn: I would argue that the games *are* high value if for no other reason than people are willing to pay those high prices. It's like gold or diamonds.... they are only valuable because people are willing to pay high prices, supply and demand. Unlike silver, Uranium, or other more industrial rare metals, they have no inherent value other than being considered rare/pretty/valuable. (I'm not going to consider gold as a valuable industrial material due to the extremely small amounts required for its industrial applications; powders and plating in most cases.)
My only real concern within all of this is that every time the US supreme court allows for greater regulation of *anything* it creates more problems than it solves. Just look at the unintended/side effects of every major regulation in the US for the past 100 years. Our war on poverty has increased poverty, economic regulations and taxes have punished the lower and middle classes, drug regulations have made drugs far cheaper and more potent (adjusting for inflation), overzealous environmental regulations have targeted non-existant problems causing grief for the lower and middle classes, healthcare regulations have stifled innovation and research while increasing the cost of care, etc.
Does anybody else see the humor...
in the Guy Fawkes mask?
Their symbol is that of a failed terrorist.
Re: I remember 10 or so years ago
I still prefer Windows 2000.
A bit of wisdom that was given to me years ago...
If your product is only considered secure with the confidentiality of the source code, plans, diagrams, etc... It wasn't secure to begin with.
Granted, developing an exploit may be easier if you have access to design materials, but the hole/bug/vulnerability itself was already present.
Re: Dutch tulips
Dutch tulips are about as investment worthy as USD right now... Probably moreso with the upcoming election. We're doomed, but we get to choose which part of the country goes (further) to hell first.
The wonders of statistics.
If I sell or do ten things one year, and twenty the next... I have experienced triple digit growth.
Looking at Quickbooks... This week I have earned over a thousand times what I made last week. (I sold an old printer to a friend last week, didn't work at all.)
Telecommuting from a foreign country wouldn't work in most instances. There are the security risks associated with remote access, especially for programmers, and then there is also a tax issue. As I understand it, if you work for an American corporation, you have to pay US income taxes as well as your "home" taxes (If applicable). The same also applies in reverse... An American who works abroad is also liable for US taxes even if they never set foot in the US. I'd imagine that it can get even worse when you have state/local taxes added on to that, I wouldn't know first hand living in a state with no personal income tax. A similar situation can be seen with the megaupload.com mess, if *one* server is in the US, the entire organization can be considered under US jurisdiction. I'm not taking sides, just pointing out the US view on the matter.
Also... Let's look at it another way... If an American with the resume and talents I want costs me 100k per year gross, and an H1B visa holder costs 70-80k gross, why not? As a business my responsibility is to the shareholders, NOT any loyalty to the community or country, as it should be. Besides, it's been generally proven that outsourcing and importing workers does have a measurable domestic benefit in terms of job growth in related sectors.
One thing that bothers me about people complaining about outsourcing and importing workers... is that nobody complains when Virginia grants special tax breaks and incentives to take jobs from California or Texas for example. Isn't the net effect the same? People lose jobs, people gain jobs. I fail to see the difference here other than the semantic argument that as long as US citizens get the jobs, it doesn't matter who loses them.
Re: Industrial equipment on Android
One of the reasons for this is that most Linux based OSs do not have "legitimate" security evaluations and cannot inherently provide SLAs. This is not to say in any way that Gentoo (for example) is any less secure than RHEL or SEL, but that "official" evaluations have not been done. This is mostly a side effect of cost and time. EAL evaluations can take two years and cost up to half a million dollars. If you are going to be producing and supporting a large product, you usually want the support of a major OEM behind it. The cost of an "enterprise" Linux (I know, CentOS is free) can be just as significant as Windows.
In other cases, the decision to use Windows for an embedded system is simply ease of development (big picture, not just code); if you run a Windows shop, and primarily develop for Windows, developing on Linux could actually cost you more in the short term if you need to train/hire developers or purchase different hardware/virtualization licenses.
Anybody else remember...
When Oracle made that same claim?
Granted, MS doesn't have the best history of speeches...
But I think in this case, given that Microsoft and their "people" were the target of the speech, that some of you are taking things out of context?
Server 2012 *does* begin the era of Cloud systems there... much as NT started the client/server era at Microsoft.
I highly doubt that Microsoft was claiming they invented the client/server OS or that they have the first cloud OS.
Child labor is not the evil in these countries.
We *have* to stop judging Chinese companies/workers with the same standards that we judge US or UK entities. The children are working because they have to work to support their families. If they weren't making your iPhone, flatscreen, or whatever other devices come out of this factory, they would be at a different factory, or even worse... they'd be out in the fields or harvesting sulfur; neither of which pays nearly as well, or is nearly as safe. Sweatshops are a positive *within* those specific environments.
Daniel Griswold of the Cato Institute testimony to some US Senate panel:
Attempts to "enforce" labor and environmental standards through trade sanctions are not only unnecessary but also counterproductive. Sanctions deprive poor countries of the international trade and investment opportunities they need to raise overall living standards. Sanctions tend to strike at the very export industries in less developed countries that typically pay the highest wages and follow the highest standards, forcing production and employment into less-globalized sectors where wages and standards are almost always lower. The end result of sanctions is the very opposite of what their advocates claim to seek.
I can post thousands of legitimate studies from legitimate journals and sources, but until we stop reacting with emotions and start using logic and reason, there does not seem to be a point.
"Vote with your wallet" is the *worst* thing you can do to stop child labor.
Re: Shortcoming in Firefox, Opera browsers
>What OS do these malicious web pages run on, that will allow access to the underlying OS and can be leveraged for compromising the computers?
In most cases, only a generic exploit within a browser or plugin is needed. An effective compromise rarely requires root/admin/whatever access to the system. *Actively* stealing keystrokes requires fancy programming, AV evasion, and somewhat complete access to the underlying system; stealing stored passwords from a browser rarely requires any real effort once you have the ability to execute code in any way. The same can be said for botnet creation, you simply do not need complete access to the system for it to be useful.
Re: And yet...
Irrelevant. I can stick an exploit into 26KB, with more than enough space left for a well designed page.
User input is *not* needed at this point. Even if we need to stick a payload onto a "hosted web site on a routable domain", that's difficult to detect and negate. I can run a few hundred free .tk domains on free hosting with a few thousand bit.ly's holding the URIs... and I won't get caught nearly as easily or quickly as I would if I had the landing page hosted on a traditional server.
Payloads are easy to hide, landing pages are not. What's even better, it's trivial to pull a quick double meta refresh on the shortened URL, thereby hiding traffic sources and making it harder to track things in any direction.
You can't compare the overall number of vulnerabilities for any meaningful purpose. The real problem is how you define a "Linux" vulnerability. If a remote code execution vulnerability is discovered in.... Sendmail for example... is that a Linux issue, or a sendmail issue? What about the users who use Postfix or any other MTA? How do you compare issues across multiple kernel types? I'd venture to say that the Windows kernel has had *far* fewer vulnerabilities than the Linux kernel, but can you really compare security issue within a monolithic kernel with those in a pseudo-microkernel? Even if you could... who gets the blame for bad drivers written by an OEM?
I highly doubt there are anywhere near 3500 vulnerabilities in the "core" of SuSE, but I could certainly see that across their entire repository. If Microsoft or Apple had the equivalent, they'd be up there too.
Although I am against censorship from governments and nation states...
I have always felt that companies and people have the natural right to conduct business in any way they see fit. If they choose not to do business with a segment of the market, their competitors will. If a company wants to overprice merchandise or services, their competitors will lower their prices.
Let the market determine these things, keep the courts out of it.
Re: Am I missing something?
@cupboard that makes sense, but it's illegal.
I liked Casino Royale, didn't care for QoS.
I don't think it was Craig's fault though, a crap movie can't be saved by an actor.
People have been demanding that bloggers be treated like journalists and given the same protections....
This is the result. If the New York Times or The Sun had called this guy an asshole... they'd have been reamed too.
I just saw a picture of her without makeup.
I'd still hit it.
I thought Neil Young died.
Good points, except that the "damages" under US law would require her to have actually lost that money. The burden of proof lies on her to prove beyond a reasonable doubt that she would have actually made 200k each year. That is not going to happen. Punitive damages are possible, but would be at the whim of not only a jury, but the various appeals courts that the case would invariably be sent to. Since actors/actresses are not salaried and are not considered employees (some are exceptions, she is not.) it's difficult to prove that the damages were real. Even if this affected her future earnings, there is no way for her to have ensured that she would have continued to have the same or greater earnings.
Lawyers in the US have a comple set of algorithms and statistics that are used to give a relative value to every person in every situation, and a value of damages. It's grim and somewhat disgusting, but it's how the US system works. Now, if something happened to me (as a systems engineer with a specific salary and work history) that caused me to lose work, I could very easily sue and be awarded some damages, although not punitive unless it was negligence or malpractice.
The other concern is the location of the trial (if any), Many areas in the US do not award punitive damages for "minor" things. It's a jury of your peers, and sometimes your peers don't like making other people rich. You'll notice that civil litigation is more active in some areas than others.
Next week's headline
AOL Datacenter burglarized.
No witnesses found.
It may be distasteful...
but I'm not sure whether it would constitute a hostile work environment. That would be the closest applicable issue for this. Bad management and/or idiocy is not a crime.
Employees are being fired for breaking the rules they agreed to follow. From what I've read, these are not even obscure or unusual rules. Not talking on your cell phone while violating the dress code seems fairly clear cut.
Maybe the problem is that they are technically gambling?
XenServer and HyperV
Hyper-V was created from Xen Server. I don't know how many people realize that. Citrix and Microsoft have a minor virtualization partnership which is why you see so much interoperability between the two. TBQH, I've never had any problems with Hyper-V, although I've never done the massive deployments that really test the limits of the platforms.
I did attend a Microsoft sponsored virtualization seminar, mostly to snag free stuff... I got 5 flash drives, a bag full of notepads and desk stuff, as well as a few Microsoft water bottles; I consider the seminar to have been very profitable. Free lunch too. I'm hoping that VMWare will attempt to top that by having an open bar at some point in the near future.
My biggest issue with VMWare's offerings is the pseudo-Linux kernel that boots the ESX platform, and later becomes the first guest and console (soon to be deprecated). I have always had trust issues with monolithic architecture, especially in such a critical role. ESXi has solved those issues for some time, although I have not personally looked at the remote administration system for ESXi.
So... when should we start looting?
I need a new ThinkPad.
How can you honestly consider yourself to have a right to privacy over public actions?
I'm not taking sides, but just pointing something out.
Once you get over the notion that web browsing is something happening in your home (where you do have a legal right to privacy), and realize that you (your data at least) is leaving the house and visiting public servers which have every right to track you while visiting the sites.
Analogy: If you go to the grocery store, can you honestly complain when they ask you to remove the ski mask from your face so the security camera can get a good look at you? If you don't agree with the advertising or tracking, do not use the site, it's that simple. (I don't have a Google+ for this reason) If I run a website, I have every right as a private businessperson to run that site in any way I see fit providing I comply with sales and content laws, and of course disclose certain things.
Getting back to the grocery store analogy, how is the information that gets stored via Internet any different than what the grocery store sees on their security camera? You pull up in the same car (browser), waddle in to purchase your case of twinkies (browse content), and pay with cash (don't log in) so that nobody will know that YOU are the 400lb guy with curly black hair and a Ford Taurus who likes twinkies.
To be honest, I'd rather have ads that I might actually *like* appear on my preferred sites, instead of the recent influx of ads having to do with being Mormon. I'm going to see advertising anyway, at least this way, I get something that might be interesting.
(Disclaimer: I am *not* a hardware person) Wouldn't it also be an option to expand the ARM chips a bit... a few extra instruction sets, etc? I don't see the need for chip based virtualization, especially on such a low powered platform, but surely we can sortof... meet in the middle? This would obviously be something that ALL OSs could use, with Linux not having to be built for the lowest common denominator.
Why is this new?
I was hijacking session credentials years before FireSheep was ever thought of. Why is this something new all of a sudden?
I fail to see what the problem is
Having been a network administrator for many years, I can certainly feel the pain over Microsoft licensing and pricing, however, it's their right as a company to charge whatever they want. Only the market can change things. Linux isn't ready to take over yet, and Apple has blatantly said they have no interest in enterprise markets. Maybe in a decade, the market will force the various OEMs and developers to act with some sort of logic, but until then, it is what it is. Show me any OSS package that allows the scalable functionality and granular controls that Microsoft offers, with the same verified assurance level, and I'll gladly adopt it. Until then, I'll keep purchasing per CPU server licenses with add on CALs and TS licenses that I'm never going to be able to accurately keep track of without an additional license for an application that does nothing but ensure licensing is correct.
That's how referrals work.
ANY web server will get a referral address, unless you are specifically using something like a double meta refresh to blank the referral.
ANY link you click on within facebook, or *any* other website will do this.
The funny thing is, the only ads that will blank a referral are the ones not allowed on FaceBook, which are run through a double meta refresh by the ad poster to hide the traffic source from the affiliate program.
I don't see why any of this matters...
If a corporation wants to bundle their own proprietary software on their own proprietary operating system... I fail to see anything wrong with that.
Also... I don't see this being intentional, or as the article said, even something the average user would see. Everytime I build an XP machine for a customer, halfway through the updates, I have to configure IE8.
Microsoft has done quite a few things wrong over the years, but I've never had an issue with what they do on the software side of things.
I fail to see it.
ZOMG... They offer deals on Hotels, Airlines, AND Cruise packages.
AND LOOK!!! THEY HAVE AN ORANGE BUTTON!!!!
Obvious ripoff. Somehow, I really don't see Microsoft ripping something off in that manner. Quite honestly, Microsoft has an extremely skilled marketing and design section. They would not copy a crapshoot of a search engine like Kayak.
- 'Windows 9' LEAK: Microsoft's playing catchup with Linux
- Infosec geniuses hack a Canon PRINTER and install DOOM
- Boffins say they've got Lithium batteries the wrong way around
- Game Theory Half a BILLION in the making: Bungie's Destiny reviewed
- Review A SCORCHIO fatboy SSD: Samsung SSD850 PRO 3D V-NAND