515 posts • joined 17 May 2007
"Nice IPO you got there. Would be a shame if something happened to it."
"[A]s the authors note, the attacker has to be able to visit the same Web pages as the target, and has to be able to capture the victim's traffic."
So the NSA, basically.
Re: New Barbarian Manifesto
"His point was very simple. If the number of voters consuming government money outnumber the people providing government money, then Democracy will fail. Consumers of government money have no stake in the productive side of the economy, they will simply vote themselves more and more benefits..."
How does he explain corporations voting themselves corporate welfare and tax breaks, I wonder? We talk about the poor consuming government money, but we don't talk about all the corporations doing the same.
Well, some folks do, I reckon, but it's always "they DESERVE that government money, because they MAKE JOBS!" Never mind, of course, that they aren't making jobs as an act of charity--they're making jobs because they have to in order to make more money.
Re: We get into problems when.....
"Pretty soon the "wealthy" don't want to be "wealthy" much more and join the majority who just want to feed at the trough."
Riiiiight. Well, I guess that explains the long lines of rich people burning all their money so they can become poor and feed at the trough, then. I was wondering about that.
To me it reads a bit like "Hi there, I'm Mr. Icahn, and I see you have a pot of money. I would like to transfer your pot of money into my pockets please. Oh, look, there's another company with a pot of money! Hi there, I'm Mr. Icahn, and I see you have a pot of money. I would like to transfer your pot of money into my pockets please."
Amazing that folks can make a living doing that.
What's even scarier is the number of cash registers I see running Windows XP. And last month I went to a movie theater and about midway through ending credits, the glorious 4K digital projection stopped suddenly, and was replaced with a Windows XP desktop showing a plain white background and the message "Active Desktop Recovery. Microsoft Windows has experienced an unexpected error. As a precaution, your Active Desktop has been turned off" with a "restore" button and a bunch of troubleshooting info.
Re: How could we have been so stupid?
For every complex problem there is an answer that is clear, simple, and wrong.
The universe isn't under any obligation to be simple, beautiful, or even comprehensible to us. In fact, given that we live in a relatively large world of things moving relatively slowly with respect to each other, it's just about guaranteed that there are bits of the universe which absolutely won't be intuitively obvious, and will vigorously defy attempts to make them seem simple and elegant to us.
Complex theories are complex because when we test simple theories, they usually don't match reality.
Re: "I know absolutely nothing about the black holes...
"its also entirely possible that they've all been coming up with utter twaddle in order to sell impenetrable books to the facebookwits.."
I think you have Dr. Hawking confused with Deepak Chopra.
Welcome to embedded systems programming...
...where security is something we've heard of.
It's not just P2P. I received a text message yesterday on my phone advertising "free Microsoft Office" and a URL, which I knew instantly had to be either a phish or malware. Visited the site (from a disposable *nix VM, naturally), and yup, shore 'nuf, it downloaded Cryptolocker. No surprise there.
The advertising it via text messages is new, though.
Re: Boo Hoo
"The sheeple should be glad the NSA has their back"
And their front, and up their skirts, too, I reckon.
This "sheeple" is literate enough to understand that the risk of terrorism is far less than the risk of being hit by a drunk driver, but we don't use that as an excuse to let the police track every sale and use of alcohol that goes on in the country, nor to eavesdrop on every dinner table throughout the land.
In the US, parody is still permissible use even if the parody is for profit (see the novel "The Wind Done Gone") or for advertising (see the Leslie Nielsen parody of the Energizer Bunny in TV ads for Coors beer).
The US parody exception to copyright law is VERY broad, and is not Invalidated just because the parody is used for advertising or marketing.
Of course, there's a lovely bit of irony here; the Beastie Boys copied the melody from that particular song from another song, and prevailed on "fair use" grounds.
The Supreme Court will no longer be of any concern to us. I have just received word that the NSA has dissolved the court permanently. The last remnants of the Old Republic have been swept away forever.
Cue embarassing Stuxnet infection of Microsoft's cybercrime center in 3...2...1...
Kids these days...
Always taking pictures of themselves and flinging 'em about. Not like in MY time, when taking a selfie meant paying someone to paint it on canvas while we sat very still for hours...
Re: Danger Will Robinson
"But we also need some way to ensure that our liberties are kept intact."
Might be too late for that one already.
He didn't just liquidate the company and return the money to the shareholders?
Re: Another bug fix ....
As it turns out, writing operating systems is actually hard.
"What I possibly want is a Nexus 10 that can become a second screen to a Chromebook, or maybe an iPadBetter that can become a second screen to a MacBook."
Well, at least the second screen bit is covered: https://itunes.apple.com/us/app/iscreen/id379944104?mt=8
Re: A thinner tabler is that it, how robust, it will need a bulky case????
One might, if one were to be a bit pedantic, suggest that moving from a 32-bit processor to a 64-bit processor is something that qualifies as a bit more than an "incremental" upgrade.
But far be it from me to be that pedant. Carry on!
Re: Is Cloudfare under the NSA too?
Cloudflare has ten data centers in the US and is incorporated as a US corporation. It's headquartered in San Francisco, CA. Does that answer your question?
CloudFlare offers a free DDoS mitigation service that, Prince says, "provides at least equivalent DDoS protection to what Google is offering."
CloudFlare has one big competitive advantage over its DDoS-mitigation rivals that significantly boosts its desirability in some markets: It is spam-friendly and willing to host DDoS-proof spam sites for large-scale spammers.
Past and present Cloudflare customers like spamvertised "make money fast" Ponzi scheme site oriscashsystem and carding and malware forums like Cpro can attest to CloudFlare's technical proficiency, DDoS mitigation, and willingness to turn a blind eye to abuse. This will, as the market for DDoS mitigation becomes increasingly competitive, no doubt give Cloudflare a significant marketable edge.
Re: There are far worse things than being cat-called
"Aw come on now. If a bloke gets all dressed up he's out on the pull, to impress the ladies and he doesn't mind saying so. If a woman gets dressed up it's to "make her feel good about herself"??? What complete nonsense, she's out to get noticed..."
The fact that a woman might be dressing up for someone else--her boyfriends, say--doesn't mean she's dressing up FOR YOU.
"The human race would die out if it were left to all you PC hippies, too afraid to call a spade a spade and make the first move just in case you caused offence by daring to talk to a member of the opposite sex."
Not at all. It's not hard (well, it's not hard for people with working social skills) to tell whether or not someone is willing to have you make the first move.
Consent is sexy. Try it some time. You might be surprised how well it works.
"Our industry is working hard to bring content to audiences when they want it, where they want it, but content theft is a complex problem that requires comprehensive, voluntary solutions from all stakeholders involved."
Seems to me, judging from how the Motion Picture Ass. of America and the Recording Industry Ass. of America have operated thus far, that should read "Our industry is working hard to bring content to audiences when we want it, where we want it, but content theft is a complex problem that requires crushing anyone who dares want media on their terms rather than ours." Or am I being cynical?
People still use Network Solutions as their domain registrar?
Re: Worthwhile Features?
"Compressed memory? App Nap? These sound like ways of making a machine slower."
Compressed memory is used as a strategy to avoid page swapping for VM, so it actually makes the machine faster. The computational cost of doing the compression/decompression is significantly smaller than the I/O cost of making the slow, expensive trip out to hard drive storage.
Re: A split personality release
I'm glad I'm not the only one who thought so.
iOS 7 can't seem to make up its mind. In some ways, they've cleaned up and de-cluttered the user interface. The new alert dialogs are less intrusive than the old ones, the new Safari feels a lot more streamlined and keeps the user interface out of my way, the new lock screen makes entering a passcode a whole lot easier...
...and then they added garishly colored icons and a whole lot of animated effects that really don't add to the user interface in any meaningful way I can tell.
What one hand giveth, the other hand taketh away.
Re: Highway to heaven...
"While it's tempting to have a go at Apple Maps, the real problem here is the airport security."
That was my first thought. Who attaches a runway to a public road? What person thought that made sense?
There's a little town in Oregon that has a small general aviation airfield next to a Chinese restaurant, so the enterprising owners of the restaurant extended a taxiway into their parking lot and provide small aircraft tie-downs in said parking lot. Makes flying into town for a bit of take-out easy, I suppose, but I still question the wisdom of connecting runways to roads.
"If you are ashamed of your behavior and don't want it photographed maybe you should just not behave that way in public?"
Ah, right. If you're not doing anything wrong, you don't need to worry about who's watching you, eh?
There are things that people can do in public here in the US that are not shameful but that employers can definitely get upset about. We live in a wannabe theocracy where corporations are considered people, remember?
Obligatory XKCD: http://xkcd.com/137/
Re: Why should an individual's private life influence whether or not an employer should hire them?
"It depends on whether they were legally allowed to smoke a joint when the picture was taken. If they weren't, then you can rightfully expect them to break any other law..."
...because if you've broken one law you'll break any?
Ever get a speeding ticket? I hear speeding is a gateway to embezzlement, murder, larceny, mugging, and Sabbath-breaking.
Re: Don't we live too long already?
"have the decency to hop off the mortal coil and let someone else have a go."
Why--because potential people are somehow worth more than actual people who are already here?
Re: Cloud based
"Which in case you have not noticed; is what this whole cloud exercise is all about."
Because why pay once and own it forever, when you can pay over and over and over and over again?
Re: Very strange
"Crowdfunding is very strange and questionable."
Quite the opposite. Crowdfunding is a way to break the monopoly of wealthy businesses.
There are many businesses--the book publishing industry and the music recording industry come to mind--that have made being a content producer a sucker's game. It's difficult for many people to write, edit, print, and distribute a book, or record an album, by themselves. Sure, you can do a lot of it for little or no money, but to get professional editing, or design, or sound engineering? That (for most folks) costs.
The publishers know it, so they are able to charge extortionate rates, screw the content producers on royalties, and just generally be evil as hell, because until recently there was no other game in town.
Now, things are changing. Print on demand, online distribution, and--yes--crowdfunding are all parts of the process that's taking control of these industries out of the hands of big, moneyed corporations and putting that control back in reach of individuals.
And that's a good thing, I say.
"The other mystery is why the exchanges (or governments or regulartory bodies) don't put a stop to it..."
No mystery there. Where do you think the governments, regulatory bodies, and so on get their money from? Who do you think they're answerable to?
This is what happens when people who aren't evolutionary biologists try to talk about evolutionary biology.
The normal lay view of natural selection--the "survival of the fittest" model where only the most 'fit' individuals in a community survive to reproduce--is oversimplified to the point of being flat-out wrong.
Evolution only needs three things to operate:
1. There are differences, however small, between different individuals in a population;
2. Those differences are heritable; and
3. Those differences have some impact, however small, on the likelihood that an individual will reproduce.
Humans still have all three. There are still heritable differences between individuals that affect, even if it's only to a tiny degree, the odds that we will reproduce. Whether it's a gene that makes it just slightly more likely that we will have asthma, and having asthma makes it just slightly more likely that we either won't reproduce or will choose not to reproduce, or if it's a gene that has just a tiny effect on our immunity to disease...anything, even if it only has a small chance of affecting reproduction, matters.
The number of studies demonstrating evolutionary processes at work in humans is too long to bother listing completely, but here are a few:
There should be a few surprises in sotre, I imagine. Maybe the new Surface tablets will come with a free Zune MP3 player, along with new software to sync to your Kin phone!
Sorry, my bad.
I did a Google search for "You reach down and flip the tortoise over on its back. Why aren't you helping?"
They do have a point, kinda, in that this is a business model that's used many times in many industries.
For example, if you buy a car from a dealership, the car manufacturer may have agreements in place with the dealership specifying a minimum price below which the dealer can't go. Same with a bunch of other industries.
Not saying that's good. Just the opposite, in fact; I wish the DOJ would pursue vertical price-fixing in other industries as aggressively as it's pursuing this. Price fixing on an ebook might cost me three dollars; price fixing on a car will likely cost me hundreds, or even thousands.
The purpose of this attack, as near as I can tell, is to serve up the W32/Kuluoz malware from compromised sites.
The attack comes in stages:
1. Launch a brute-force password-guessing attack on Joomla and Wordpress sites;
2. Deposit a malicious backdoor script on the hacked site;
3. Install a file, nowadays usually but not always named "main.php" (earlier versions of the attack used different script names) on the compromised sites. On WordPress sites, it may be installed on the root level of the site, in the /images folder, or in a folder called /img; on Joomla sites, it is often placed at the root level of the site or in the /components directory;
4. Send out spam emails directing marks to the location of the main.php script, usually disguised as DHL or Fedex notifications.
The main.php script is interesting. It checks the browser's user agent when a visitor arrives, and some variants appear to check the IP address against a blacklist as well.
If it sees a vulnerable Windows user agent string, it downloads the W32/Kuluoz malware using a number of different drive-by download exploits.
If it doesn't see a vulnerable user agent string (or if the IP address is blacklisted), early versions presented a phony 404 error page. This error page was generated by the script and looked different from the site's true 404 error page.
More recent versions of the script, which I've seen in the past few weeks, do an internal redirect to a real 404 error page, making them more difficult to detect.
I've written extensively about this attack and the apparent link between the WP/Joomla brute-force hacking and the Kuluoz malware downloaders on my blog:
The attack has been tweaked and modified several times--the earliest versions tried to dupe marks with spam emails pretending to be airline flight confirmations, for instance. It has also scaled rapidly as the attacks on weak WP and Joomla passwords has scaled. In some cases, I have seen ISPs remove the malware script, only to see it reappear a few days later--suggesting that either the passwords haven't been changed or the backdoor scripts are still on the compromised servers.
Cue "The NSA got to the infosec researchers!" conspiracy theories in 3... 2... 1...
Re: I wonder what these people get from threatening people
"By getting some fembot to create an anonymous bomb threat, the women's rights outfit, get to ask for more funding."
Riiiiiight. Because a conspiracy is so much more plausible than a bunch of losers actually sending rape threats.
Actually, now that I think about it, that would be a nice world to live in, wouldn't it? I wonder what color the sky is in that world.
Re: Haha ha ha
When I read about the issuance of indulgences back in the Middle Ages (the Golden Age of Catholicism), I kinda had to wonder...
If these guys believe in a god that casts people into a special laundromat in the sky to wash away their sins, surely that god would have to sign on to validate the get-out-of-the-wash-free coupons the church issued, right?
I mean, what on earth makes anyone think these indulgences would even be valid? What theological argument would compel some divine being to accept time-off coupons handed out by a bunch of blokes here on earth? By that logic, isn't it a bit like me printing off a bunch of coupons for shiny iThings and handing them out to my friends, in the hopes that the Apple store would accept them? (Not that I'm comparing Apple to a divine supernatural creator of all the universe, mind.)
Re: Outlook is for Fanbois?
Sure, but how many of those Fortune 500 companies are using Micosoft-hosted Office 365 servers, vs. their own servers?
I routinely track down malware and phishing sites (bit of a hobby, I like figuring out what the crims are up to and how they're doing it), and I generally use Chrome in a VM to do it. So I always ignore Chrome's malware/phishing warning page...not that it matters, since that warning always seems a bit behind the curve anyway.
I had no idea I was cooking the statistics by doing that.
"According to the US CERT, a fixed version of the firmware is available that allows users to change their login keys, and should be applied to critical devices, but probably won't be."
There. Fixed it for you.
""Microsoft and Yammer plan to weave social into the work people do every day,..."
...much the way they wove Web browsing into operating systems, or created a seamless desktop and tablet experience?
Re: It's just a matter of time
"Not really taking a side in all this but the US government reaction to this has been very strange if this guy really was a big threat as they are making him out to be."
I don't find it that strange at all. When a bureaucracy reaches a certain size, it becomes almost impossible for that bureaucracy to act with alacrity no matter how much it may want to. Bureaucracies are cumbersome beasts, and it takes them a while to get their collective arses in gear.
Even when they're really pissed off.
Further proof, as if any were needed, that anything we store in "the cloud" exists only on someone else's whim. Especially if we store it there for free.
""It's something that has to be seen to be believed," said Microsoft chief marketeer Chris Capossela."
I bet that's true, though perhaps not in the way he intends...
"3) Send astronauts who are past their child-bearing ages..."
...and 3a) Send astronauts who are aware of the risks and think the reward is worthwhile.
There are many professions which are more dangerous than a 3% increased risk of cancer. I know a deep-water welder who can't get life insurance at any cost. He talks about a dive he was on where four people went down and two came back alive, as if it's not that exceptional a thing. Some American football players (specifically, defensive linemen) have a much higher risk of death from heart disease than men in the general population.
The right to risk--that is, the right to consent to activities which are dangerous, provided that what we know about those dangers is clearly communicated--seems like a reasonable thing to me. People voluntarily engage in risky activities all the time. Hell, strapping yourself in to a hollow tube filled with millions of gallons of volatile propellants seems inherently risky to me!
I bet if you were to say "There's a mission to Mars that has a 50% chance of killing you; want to go?" you'd still find qualified volunteers. I think it's reasonable to reduce the risk as much as we feasibly can, then still allow people the choice to go if they want to.
- The land of Milk and Sammy: Free music app touted by Samsung
- The long war on 'DRAM price fixing' is over: Claim YOUR spoils now (It's worth a few beers)
- Privacy warriors lob sueball at Facebook buyout of WhatsApp
- 20 Freescale staff on vanished Malaysia Airlines flight MH370
- Dell thuds down low-cost lap workstation for
cheapfrugal creatives or engineers