Worst Case Scenario, Really?
The worst case scenario is that someone will "hack" your door lock?
As if they can't enter your house in about 3 seconds with a brick.
31 posts • joined 9 Oct 2009
The worst case scenario is that someone will "hack" your door lock?
As if they can't enter your house in about 3 seconds with a brick.
Of course that's possible, however it's incredibly uncommon and not just at Adobe, the OpenSSL bug last year was the same kind of bug. It might be perhaps telling that we've known about these kind of exploits for 40 years and yet they're still incredibly common in code. They're common because they're really easy mistakes to make.
Every single bit of non trivial code uses the kind of data structures that are vulnerable to exploits like this over and over again, because they're just that common. All it takes is missing a bounds check on one very specific way of accessing your code that you may never have thought of or saying "no one is ever going to access this code that way" once in a project to get a vulnerability and things like that happen way, way, way more often than once in a project.
I'll guarantee that if you're actually a developer you've written at least a hundred of them, mostly in little things, only intended to be used internally or only in a specific space. Or you've counted on a library to do something and the library's author has screwed it up.
Flash is of course particularly vulnerable because Flash was first and never died. It was made when the world was a very different place and all sorts of horrors had to be coded in to make it even remotely plausible. Every attempt at a replacement has failed to date, including the idea that HTML 5 will kill it, as if YouTube videos were the only reason anyone ever used flash.
The "growth" areas are chosen by our illustrious prime minister.
With the exception of medical research nothing that is remotely forward thinking is allowed onto this list. If it wasn't a career option for Tony's father then it shouldn't be a career option for Tony's as yet unborn grandchildren.
I assume you're in a rural area?
Guess what, you're getting satellite, and a shit satellite at that since they coalition cut budget, and since the LNP have the Nationals on a tight leash they give even less of a toss about you than Labor.
This network is worse in every possible way than the NBN, it will take longer, it will be slower and it will cost more. We the Australian tax payer have just paid Telstra for thousands of kilometres of corroded copper in broken ducts, the vast majority will have to be ripped out of the ground and replaced with, you guessed it, fibre.
Fibre to the node might, make sense if the copper network in this country were in good nick, but it's not, it's awful. I'm in less than 10 minutes from the CBD in light traffic and the qualify of my connection to the exchange is so bad I can't get reliable fixed line telephone service, forget internet. Sticking a two meter tall powered cabinet every few hundred meters isn't going to fix that.
Because, and this is the answer to the question about the arbitrary precision comment below you, it's not actually the programmatic type that's causing the problem, it's the type in the database which is the issue.
For a number of reasons most db's don't have a unit type and an arbitrary precision integer is a binary blob which can't be indexed.
The first is that they haven't actually seen whether they get jail sentences or not.
The second is a bit more complicated. Proving who knew or didn't know something is really difficult, and unless there's a legislated duty for the person to know, you're going to have to actually prove they did. HSBC probably knew that the money was drug money, but proving it was going to be difficult so the government took a cash settlement.
These two morons spent years not filing the necessary paperwork for transactions. The government had them stone cold on that, they merely had to prove that a transaction over the reporting limit occurred, and didn't need to prove if they knew it was dodgy. Because of this, the idiots in question had to cop a guilty plea to avoid significantly more jail time.
TL;DR; To toss anyone from HSBC in jail you'd have to prove that they knew that the money was from drugs and proving what someone knew is really damned difficult. These two could have spent the rest of their lives in jail for statutory infractions so they've had to admit they knew(whether they did or didn't) to get out in as little as five years.
There's two problems.
The first is that the issue with MtGox wasn't so much that Bitcoin isn't traceable. The issue with MtGox is that the "Bitcoin Banks" hold your money in Bitcoin wallets which belong to them, they aren't regulated as banks and so unless you've got an explicit contract with them about what they will and won't do with the money you've given them, you're SOL. MtGox lost people's bitcoins and was under no obligation to do a damned thing about it and they didn't.
The second is that, once you start actually getting paid in Bitcoins your wallet stops being anonymous. Your employer knows who they sent the money to and that number can be retrieved with a warrant (if they even need that). Bitcoin wallets are anonymous in the same way that IP addresses are anonymous. If you know who either belongs to, they aren't anonymous at all. They know where you get your salary from, so they've got a starting point. A bitcoin starts off in your wallet and ends up at Silk Road a couple hops later, you might see an agent of the government on your doorstep asking you who you sent it do.
The problem with TrueCrypt is that we have no idea who actually develops it. It could be the NSA, it could be Microsoft, it could be anyone on earth. Even the auditors don't actually know who the TrueCrypt foundation actually are. The only thing that identifies them in anyway is the cryptographic signing key they use to sign the binaries.
Using TrueCrypt requires you to take a leap of faith that you can trust those anonymous individuals to be creating a quality product. That's simply no longer possible. Even if this was a hoax and the "real" developers came forward tomorrow to tell us everything was ok, we'd have no way of determining that they were actually the real developers, because the only proof of identity we have was used to sign the current binaries.
TrueCrypt is dead, its developers have told us so. You can speculate on why that's the case for ever and a day, you can decide to use the previous binaries if you like, but it's dead and it's never coming back. Maybe someone can fork it, but they couldn't do so anonymously and if they can't do it anonymously they're under as much pressure from the NSA as anyone else.
The keys were indeed reuploaded, but from everything I've read they're the same keys they've been using for the past decade.
TrueCrypt is dead and over. No possible explanation exists which leaves the code trustworthy at this point. Maybe a fork of the existing code base could be considered trustworthy some day, but TrueCrypt is over. You don't have to replace it with bitlocker, but you need to find a replacement.
It won't as such, but the next stage of the audit is the crypto-analysis phase which requires incredibly skilled people to actually perform. It seems incredibly unlikely that those people are going to actually perform the second stage of the audit at this point and even if they do, knowing human nature, I can't imagine they'll be doing their work with the same level of effort they would have originally.
Whatever the cause of this particular piece. TrueCrypt is dead.
That's about the size of it. Essentially, when California takes a policy to referendum, which they do a lot, they put the policy and the mechanism to pay for it on the ballot separately. The result should surprise absolutely no one.
We want a monopoly on the wholesale side, we should never have gotten rid of the monopoly on the wholesale side because having two companies lay down heinously expensive infrastructure is a gigantic waste of everyone's money.
Selling Telstra Wholesale along with Retail is why we're in this mess in the first place. If Howard had kept the wholesale branch of Telstra and spent some of that mining dosh he threw away in tax cuts and middle class welfare upgrading the network we could have had a nice orderly move from copper through to FTTN through to FTTP over the course of about 20 years comparatively cheaply, but that's not what happened, we sold all of Telstra then regulated the hell out of it which meant that Telstra retail was effectively crippled and Telstra wholesale was still a monopoly, but a private one this time. No one won when Telstra was sold this way, not the government, not the people, not even Telstra.
The coalition's plan wouldn't be a bad plan. IF the copper network hadn't been allowed to degrade so badly and IF it weren't going to need to be upgraded to FTTP almost immediately. The issue is that that's not true. The last mile of Telstra copper in large parts of Australia is horribly degraded and the speeds they're advertising while plenty for 2013 are going to be too little for 2019 when they finish it. Fundamentally the coalition are going to end up doing far more FTTP than they've budgeted for as part of the initial roll out and then almost immediately start a second roll out of FTTP.
TLDR; Competition on wholesale doesn't work, and the coalition are going to roll out exactly the same plan as Labor except they're going to pay for it twice, take 5-10 years longer and make you prove to them that your copper is crap and needs replacing. That's what makes their plan such an epic failure.
The censorship policy was abandoned sometime last year after being essentially dead in the water for the previous 3. Personally I think the policy was just an attempt to get Stephen Fielding's vote in the first place, but serious or not it's officially dead.
That said there's still some concerning data retention stuff going on, but the Greens are against it and the Coalition are against anything that Labor is for so not a whole lot happening there either.Part of the whole minority government deal, Tony Abbott would rather cut off his own leg than support anything Labor wants to do so everything has to pass through the cross bench to get anywhere so most idiotic policies end up on the cutting room floor.
The extra bit is outlook, publisher, and access plus the skype calls and 5 licenses instead of the current 2010 3.
YMMV as to whether that's worth it for you, but around here(Oz), the price difference between Office Home and Office with Outlook is about $100 retail rate and you only get one license when you add outlook rather than 3 without it. The price with the other two products is even higher.
I'm not saying the price is worth it. Most home users don't need access or publisher and unless you've got an exchange server to hook it up to outlook is largely surplus to requirements. Five licenses instead of three is nice, though we won't really know whether home and student will end up with five for 2013 or not. If you need those extra things though and you plan on upgrading your office and you make skype phone calls, even the UK price is a steal.
In Australia, prior to this law change, anything which the classification board felt was too mature to be rated MA15+ was marked RC and was therefor illegal to sell in Australia. This has impacted a number of games, though some of them had last minute modifications to allow sale in Australia. If you played either of the new Fallout games this impacted you as the injection of meds was once animated and was removed to get an MA15+ rating.
This is actually believe it or not a win for freedom as the games in this category were previously blocked, we haven't added new censorship we've relaxed what we already had.
Not that the patents Apple is suing Android over aren't ridiculous, but whether they are or not they also clearly don't apply to Windows Phone which is why Apple aren't insane enough to sue Microsoft.
You can show a jury pictures of iPhones and Samsung phones and say "they look identical give us money", the same doesn't work because the metro style interface is fundamentally different. Apple would get laughed out of court for trying to sue Microsoft.
Mom and Pop didn't invest in Facebook. Unfortunately for Mom and Pop, the corrupt hacks running their IRA/401K/Superannuation Fund did.
I live in Australia, I am a parent, a gamer, and an adult. My reasons for wanting an R rating are two fold.
1) As an adult I want to be able to make decisions about what I play which reflect the fact that I am an adult.
2) As a parent I want the things in the MA15+ rating which were put there because the ratings board is highly reluctant to ban things outright but which should be R rated moved into the correct rating.
While game publishers hate having stuff moved into R rating because it interferes with their ability to sell stuff to teenagers that they probably shouldn't be playing without running it pas their parents(15 is still pretty young), most of us just want to be able to have the option as adults to legally play games intended for an adult audience. I don't care if they move 90% of what's currently MA15+ to R, if I think it's appropriate for my kid to be playing it when he's at that age I'll go with him to buy it, what annoys me is when they ban stuff that's meant for me because it might be seen by a kid.
is that he'll be go to Sweden and the US will do nothing whatever. That after all his bluster and self importance it will come out that no one gives a rats. The US isn't stupid, they've said they don't want him, he'd get off as a "journalist" anyway, and in the end they'd pay a huge political cost to let him walk.
When it first happened everyone went through the books trying to find something to charge him with and no one came up with anything, not Australia, not the US, no one. Sure they were pissed off, he's an idiot that released a lot of information that was diplomatically damaging and not in the public interest(along with information that was in the public interest). That doesn't change the fact that the only thing they could possibly want him for at this point is to testify against Manning which he won't do. Why burn the political capital?
The Australian government is doing exactly what it's supposed to be doing. Committing to support him if the US tries to extradite him and keeping their mitts off a non death penalty sexual assault case in a country he tried to get residency in. They probably went a bit overboard with the anti-Assange rhetoric when it first happened, but he revealed their diplomatically damaging stuff everyone knew but no one admitted to as well.
Assange is a symbol for the people who think the US is some sort of evil empire plotting world destruction or who think that the little white lies of diplomacy are some sort of crime against humanity. Yes Wikileaks released a bunch of important stuff we needed to know about, but Assange didn't do that, he was just the poster boy, and even if he was personally responsible for the entire process and only released information we needed to know, it still wouldn't and shouldn't give him a free pass for unrelated crimes.
Manufacturers will never learn this BECAUSE IT ISN'T TRUE.
Who do you think owns your PC before you do? Do you think it's sitting in some sort of legal limbo just waiting for you to get your grubby mitts on it? Up until the moment that the contract is fulfilled and you have your PC in your hands, it belongs to the manufacturer, they can do whatever the heck they like to it including install whatever crapware they like.
You can refuse to purchase from people who do this, you can argue that the item isn't fit for purpose and try to return it, if what they've installed is a root kit or the like you might even be able to sue them, but you'll never get them to learn they don't own your PC before you do because THEY DO.
People always look at this and thing "Oh, that's no good", but what that means is that with a half way decent controller, you can write the full volume of this disk 30000 times. So if you're writing the full volume of your disk every day(which would be high utilization it'll last approximately 8.2 years or about twice as long as your HDD.
There are really just very few cases where this level of rewrite cycles is even remotely an issue.
This is just reiterating an old truth. If you use undocumented APIs they can and probably will change without notice. If you're the office or internet explorer team you will probably get told this is going to happen(with at least 5 minutes notice).
It's not about the APIs being bad as such, or about Microsoft knowing what they're doing, it's about change management. Published APIs require massive amounts of hoopla to change, and they generally have to keep the old APIs around in a deprecated state for the next 10 years so that legacy code works. Unpublished APIs on the other hand can essentially be changed at will, won't remain in a deprecated state and the first notification you as an outside developer will receive that these APIs have been changed is when your program fails.
This isn't new, nor is it distinctly Microsoft. The interesting part of this article is that Microsoft realizes that crappy third party software impacts their reputation.
The problem we have is that insanity has come to rein free, and for all of the vitriol against "freetards" it didn't begin with them. We have reached a point in our society where in the telling of a single story can keep not only oneself, but one's children, grandchildren, and even great grandchildren fat and happy for all time, and all indications are that if thing don't change soon, that this protection will extend out to untold generations. We have reached a point or soon will where the protection of an idea my outlast the civilization which spawned it.
We live in a society wherein the basic building blocks of life, our very DNA is being actively patented, this isn't fantasy, it's happening. It's not really all that much of a stretch to envision a future where the act of procreation violates intellectual property laws.
Yes, the idea that information wants to be free is ludicrous, information doesn't want anything. Yes, creative works deserve protection as do all manner of other ephemeral ideas. That said, how can we criticize people for taking a ludicrous response to a ludicrous system? How do we judge someone for believing their should be no property while condoning a man who believes that an idea which was based largely on the previous efforts of others should remain the exclusive holding of himself and his heirs through the course of generations yet unborn?
For better or worse there is no known or imagined enforcement mechanism for copyright or privacy which is both functional and allows for the existence of a free society. We simply cannot determine what information people are transmitting or storing without looking at that information which is, in many ways a worse violation of privacy than any of the evil done by Google.
Enforcement of intellectual property and privacy can only be done via the medium of the social contract. Society must believe that the free distribution of such information is a moral or societal wrong, and this simply can never be the case until we begin to until we begin to claw back some of the ridiculous gains achieved by the copyright lobby.
Given how bad Symbian is and how much of that is the fault of the group developing it I'd say disbanding it happened too late not too quickly.
Even if you had 250 applications per machine the math doesn't work.
Any serious software company isn't going to let you reduce your 2500 licenses to 1 just because you ran it on one machine. Maybe some dinky little outfit might let themselves get screwed that way, but none of the big boys are. You want to run 2500 instances of Office off one RDP server(which is insane to begin with) you'll pay for 2500 licenses as well as the 2500 CALs for the RDP. Want to run em in a virtual desktop, you'll pay all that plus the 2500 windows licenses.
You will never find a long term solution wherin you can drastically reduce your software licensing requirements unless you didn't actually need that software in the first place or you get a deal from the vendor. You might get away with it for a little while, but vendors who don't close those loopholes go bankrupt.
Open Source is about free developers, and prying free developers away from Android is going to be pretty much impossible. Nokia simply do not have the resources(or ability) to be sole maintainers of a mobile linux fork.
With very rare exceptions, all audio cd players run at the same speeds they did when they first came out. There's only 700 MB of data on them at most and the corresponding music has a playtime of about 74 minutes. You don't need to spin very fast to draw a little under 10 MB a minute.
Your xbox 360 on the other hand is dealing with a disc with 4.5 GB on it, and at that same rate of transfer it'd take about 7.5 hours to finish reading that dis, which you'd find rather unacceptable. There are some differences in read methods for dvds which account for some of this transfer difference, but a lot of it comes down to rotating the disc substantially faster.
In short it's one hell of a lot easier to control something going relatively slowly than something going very very fast.
Microsoft is at the moment at least pretending to care about promoting open source which runs on windows and doesn't compete with Office. It's in their best interests to do so as it enhances the Windows environment and makes their product more desirable. Open source is after all people doing development for free, and every corporation likes that.
As part of this, they are willing to coexist at least nominally with open source software which doesn't benefit them. They want to make a buck off it if they can, but they're ok with it existing even if they don't. This is mostly because trying to destroy it cost them more than it gained them, but Microsoft are a for profit company after all.
On the other hand, they would probably very much like the free software movement to cease to exist, which is perfectly fine since the free software movement would very much like to see Microsoft cease to exist. Free Software and Microsoft are fundamentally incompatible, and are likely to remain so for the forseeable future. There's still a war there, and there always will be.
You see, the thing is, karma is a bitch.
Microsoft left IE6 to rot for the better part of a decade, making the lives of every web developer since just the tiniest bit more painful and unhappy. The ironic thing is that now that they've realized they have to move with the times, the people who most want it to go away are actually Microsoft.
Unfortunately for them(and for everyone else) getting rid of that boondoggle is proving a lot harder than anyone might have anticipated.
Microsoft have to keep supporting it because at this point they really have no choice, if .NET applications don't work in their own browser they'e pretty much sunk. On the other hand they need to support real web standards these days for pretty much exactly the same reason. If .NET applications don't work in other browsers(as well as more modern versions of IE itself) they're still pretty much sunk.
JQuery is really their best way forward, they can distribute it and count on its libraries to sort the whole tangled mess out as much as is humanly possible MVC applications will now "just work"(for a rather wide definition of work) in all browsers including Microsoft's, and they don't get their new technology sunk by their old one.
IBM is a service provider now. It's what they do and it's how they make their money. You pay IBM money and they provide and take care of your systems for you. It's a perfectly sensible thing to do, mainframe experts aren't exactly growing on trees these days and IBM made the damned machine. If they did indeed screw this one up(and even if they didn't) this kind of failure isn't going to be good for their core business.
Outsourcing isn't always bad, I don't do my own electrical work or plumbing I outsource that to someone with the relevant expertise. It's not cheaper, but it's usually a lot better.
Certainly outsourcing normal business functions is stupid and generally bites you in the long run. Outsourcing things which you can't do to people who can isn't stupid though. Having enough staff on hand to provide 24 hour support to a mainframe is expensive, you essentially need four people to cover it fully. If you have only one mainframe it's generally not cost effective for the company or the staff. IBM has a lot of mainframes and can provide that support.
Why does everyone presume that because it's "nuclear" or "radioactive" it must be the same as a nuclear reactor or an atomic bomb. It's not. There are tonnes of things which are radioactive but not plutonium or uranium.
Your smoke detector is probably radioactive. Those little bags you put in camping lanterns are radioactive. Any number of things in your house are mildly radioactive.
That doesn't mean this stuff is safe, but it doesn't mean it's going to explode all over the place.
As for disposal. The thing about radioactive material is that when it stops giving off radiation(and in this case power) it's because it's stopped being radioactive. When your battery runs out of juice it's because it's not generating enough radiation anymore to power your device. It probably also isn't generating enough radiation to cause anyone any harm, and will probably stop generating any radiation at all within a fairly short period of time(just because the fallout from an atomic bomb lasts for a thousand years doesn't mean that this stuff will, the author is an idiot).
I'm not saying I'd be super thrilled to stick this sort of thing in my pants pocket or hold it up to my head until they've done a bit more research on its safety, but an isotope of sulfur is a long way off from Uranium or Plutonium.