524 posts • joined 17 May 2007
You know what would be cool?
If the Federal government created a large, well-funded organization designed to safeguard the computer and communications infrastructure so vital to the nation's economy, perhaps by discovering flaws in commercially important cryptographic systems and...
Re: Apple is misleading
"For example, is Safari vulnerable ? So if a apple or windows browser visits a malicious web site can data be stolen from the machine visiting the server. Heartbleed works on clients too."
If you're using a Web browser to browse to a secure site, the security of the connection depends on the version of SSL running server-side. If some banking site somewhere is vulnerable, that's not Apple's fault, seems to me.
Yes, anyone connecting to a vulnerable server is at risk. Apple hasn't said otherwise; what they said was "IOS and OS X never incorporated the vulnerable software and key Web-based services were not affected," which as near as I can tell seems to be true. (Mavericks, for instance, ships with OpenSSL 0.9.8y.)
Re: Luxury item
"The organic movement contains an awful lot of people who think organic=natural=Good whereas using modern pesticides in agriculture=unnatural=Poison, irrespective of the effects/evidence."
Indeed. And rather a lot of those folks don't know that organic food is often grown with pesticides, or if they do, assume for some bizarre reason that "natural" pesticides must be less poisonous than "synthetic" pesticides.
There's a wide range of pesticides used by "organic" growers, ranging from pyrethrins to copper sulfate. You really, really don't want to eat any of those pesticides--in many cases, they're more toxic than synthetics.
Re: 1 in 10 reasons probably invalid, so all invalid?
"And saying that it "won't save you from cancer" is a straw man. No-one has ever claimed that."
Actually, lots and lots (and lots and LOTS and lots) of organic food proponents do indeed say that organic food will protect you from cancer. Do a Google search for organic food cancer and see for yourself. Pay attention to the claims you'll find on undergroundhealth.com, diseaseproof.com (which gets extremely specific--not only does it say that organic foods will protect you from cancer, it even specifies what varieties of cancer it claims are "caused" by "non-organic" foods), or any site at all that mentions "Max Gerson," the poster child of the organic food "non-organic=cancer" crowd. Hell, you'll even find personal stories on huffingtonpost.com of people claiming organic food smoothies "cured" their cancer.
So don't call it a straw-man argument. It's not. Rather a lot of folks make exactly that claim.
"Sorry, either you agree with free speech and democracy, or you don't. If you do, you have to accept others will hold views you don't like."
I accept that he has views I don't like. That's a bit different from trying to have his views enshrined into law, but that's a quibble--if you don't see the distinction, it's not really worth going into.
He has the right to have views I don't like. I have the right to choose what Web browser I use and what companies I patronize.
It seems strange to me that folks who support his right to his views, don't seem to support my right not to patronize companies whose views I don't like. We all have the right to hold our ideas...but Mozilla doesn't have a right to expect me to use their products!
I don't quite understand the ideal that says people who run a company have a right to whatever views they have but their customers don't have a right to take their custom elsewhere.
Ugly, sure, but still more attractive than the PS/2.
I remember when the first PS/2s came out. A friend and I had been reading about them, so when they showed up at the local computer store, we went 'round to have a look.
The pictures in the magazines didn't do justice to how ugly they were. Stunningly ugly. So ugly that the first time you laid eyes on one, you were apt to rock back on your heels and wail "what hath God wrought?" in your best William Shatner voice.
So we went down to check them out. When my friend had recovered the power of speech after being nailed square between the eyes by the ugly, he commented it looked like the business end of a ventilation device for outhouses. "Well, form follows function," I said. The salesperson showing us the wares ducked behind the shelf and broke up laughing.
To this day, I still can't rightly comprehend the enormity if the fact that someone made them look that way on purpose.
A logic tester? Luxury! We had an LED with a resistor soldered to one leg. You'd hokd the resistor against the ground pin, touch the other leg to the pin or trace you were interested in, and see if it lit up.
Re: "expansion of space briefly exceeded the speed of light "
One quick and dirty way that gets the idea across, if crudely, is "space was unfolding so fast that objects in space would seem to recede from each other at greater than the speed of light." If, you know, there were "objects" during the inflationary period (which there weren't) or you could see them (which you couldn't).
"signals intelligence shall be collected exclusively where there is a foreign intelligence or counterintelligence purpose to support national and departmental missions..."
...and it's convenient, though not necessary, when the department's missions align with the nation's.
"Nice IPO you got there. Would be a shame if something happened to it."
"[A]s the authors note, the attacker has to be able to visit the same Web pages as the target, and has to be able to capture the victim's traffic."
So the NSA, basically.
Re: New Barbarian Manifesto
"His point was very simple. If the number of voters consuming government money outnumber the people providing government money, then Democracy will fail. Consumers of government money have no stake in the productive side of the economy, they will simply vote themselves more and more benefits..."
How does he explain corporations voting themselves corporate welfare and tax breaks, I wonder? We talk about the poor consuming government money, but we don't talk about all the corporations doing the same.
Well, some folks do, I reckon, but it's always "they DESERVE that government money, because they MAKE JOBS!" Never mind, of course, that they aren't making jobs as an act of charity--they're making jobs because they have to in order to make more money.
Re: We get into problems when.....
"Pretty soon the "wealthy" don't want to be "wealthy" much more and join the majority who just want to feed at the trough."
Riiiiight. Well, I guess that explains the long lines of rich people burning all their money so they can become poor and feed at the trough, then. I was wondering about that.
To me it reads a bit like "Hi there, I'm Mr. Icahn, and I see you have a pot of money. I would like to transfer your pot of money into my pockets please. Oh, look, there's another company with a pot of money! Hi there, I'm Mr. Icahn, and I see you have a pot of money. I would like to transfer your pot of money into my pockets please."
Amazing that folks can make a living doing that.
What's even scarier is the number of cash registers I see running Windows XP. And last month I went to a movie theater and about midway through ending credits, the glorious 4K digital projection stopped suddenly, and was replaced with a Windows XP desktop showing a plain white background and the message "Active Desktop Recovery. Microsoft Windows has experienced an unexpected error. As a precaution, your Active Desktop has been turned off" with a "restore" button and a bunch of troubleshooting info.
Re: How could we have been so stupid?
For every complex problem there is an answer that is clear, simple, and wrong.
The universe isn't under any obligation to be simple, beautiful, or even comprehensible to us. In fact, given that we live in a relatively large world of things moving relatively slowly with respect to each other, it's just about guaranteed that there are bits of the universe which absolutely won't be intuitively obvious, and will vigorously defy attempts to make them seem simple and elegant to us.
Complex theories are complex because when we test simple theories, they usually don't match reality.
Re: "I know absolutely nothing about the black holes...
"its also entirely possible that they've all been coming up with utter twaddle in order to sell impenetrable books to the facebookwits.."
I think you have Dr. Hawking confused with Deepak Chopra.
Welcome to embedded systems programming...
...where security is something we've heard of.
It's not just P2P. I received a text message yesterday on my phone advertising "free Microsoft Office" and a URL, which I knew instantly had to be either a phish or malware. Visited the site (from a disposable *nix VM, naturally), and yup, shore 'nuf, it downloaded Cryptolocker. No surprise there.
The advertising it via text messages is new, though.
Re: Boo Hoo
"The sheeple should be glad the NSA has their back"
And their front, and up their skirts, too, I reckon.
This "sheeple" is literate enough to understand that the risk of terrorism is far less than the risk of being hit by a drunk driver, but we don't use that as an excuse to let the police track every sale and use of alcohol that goes on in the country, nor to eavesdrop on every dinner table throughout the land.
In the US, parody is still permissible use even if the parody is for profit (see the novel "The Wind Done Gone") or for advertising (see the Leslie Nielsen parody of the Energizer Bunny in TV ads for Coors beer).
The US parody exception to copyright law is VERY broad, and is not Invalidated just because the parody is used for advertising or marketing.
Of course, there's a lovely bit of irony here; the Beastie Boys copied the melody from that particular song from another song, and prevailed on "fair use" grounds.
The Supreme Court will no longer be of any concern to us. I have just received word that the NSA has dissolved the court permanently. The last remnants of the Old Republic have been swept away forever.
Cue embarassing Stuxnet infection of Microsoft's cybercrime center in 3...2...1...
Kids these days...
Always taking pictures of themselves and flinging 'em about. Not like in MY time, when taking a selfie meant paying someone to paint it on canvas while we sat very still for hours...
Re: Danger Will Robinson
"But we also need some way to ensure that our liberties are kept intact."
Might be too late for that one already.
He didn't just liquidate the company and return the money to the shareholders?
Re: Another bug fix ....
As it turns out, writing operating systems is actually hard.
"What I possibly want is a Nexus 10 that can become a second screen to a Chromebook, or maybe an iPadBetter that can become a second screen to a MacBook."
Well, at least the second screen bit is covered: https://itunes.apple.com/us/app/iscreen/id379944104?mt=8
Re: A thinner tabler is that it, how robust, it will need a bulky case????
One might, if one were to be a bit pedantic, suggest that moving from a 32-bit processor to a 64-bit processor is something that qualifies as a bit more than an "incremental" upgrade.
But far be it from me to be that pedant. Carry on!
Re: Is Cloudfare under the NSA too?
Cloudflare has ten data centers in the US and is incorporated as a US corporation. It's headquartered in San Francisco, CA. Does that answer your question?
CloudFlare offers a free DDoS mitigation service that, Prince says, "provides at least equivalent DDoS protection to what Google is offering."
CloudFlare has one big competitive advantage over its DDoS-mitigation rivals that significantly boosts its desirability in some markets: It is spam-friendly and willing to host DDoS-proof spam sites for large-scale spammers.
Past and present Cloudflare customers like spamvertised "make money fast" Ponzi scheme site oriscashsystem and carding and malware forums like Cpro can attest to CloudFlare's technical proficiency, DDoS mitigation, and willingness to turn a blind eye to abuse. This will, as the market for DDoS mitigation becomes increasingly competitive, no doubt give Cloudflare a significant marketable edge.
Re: There are far worse things than being cat-called
"Aw come on now. If a bloke gets all dressed up he's out on the pull, to impress the ladies and he doesn't mind saying so. If a woman gets dressed up it's to "make her feel good about herself"??? What complete nonsense, she's out to get noticed..."
The fact that a woman might be dressing up for someone else--her boyfriends, say--doesn't mean she's dressing up FOR YOU.
"The human race would die out if it were left to all you PC hippies, too afraid to call a spade a spade and make the first move just in case you caused offence by daring to talk to a member of the opposite sex."
Not at all. It's not hard (well, it's not hard for people with working social skills) to tell whether or not someone is willing to have you make the first move.
Consent is sexy. Try it some time. You might be surprised how well it works.
"Our industry is working hard to bring content to audiences when they want it, where they want it, but content theft is a complex problem that requires comprehensive, voluntary solutions from all stakeholders involved."
Seems to me, judging from how the Motion Picture Ass. of America and the Recording Industry Ass. of America have operated thus far, that should read "Our industry is working hard to bring content to audiences when we want it, where we want it, but content theft is a complex problem that requires crushing anyone who dares want media on their terms rather than ours." Or am I being cynical?
People still use Network Solutions as their domain registrar?
Re: Worthwhile Features?
"Compressed memory? App Nap? These sound like ways of making a machine slower."
Compressed memory is used as a strategy to avoid page swapping for VM, so it actually makes the machine faster. The computational cost of doing the compression/decompression is significantly smaller than the I/O cost of making the slow, expensive trip out to hard drive storage.
Re: A split personality release
I'm glad I'm not the only one who thought so.
iOS 7 can't seem to make up its mind. In some ways, they've cleaned up and de-cluttered the user interface. The new alert dialogs are less intrusive than the old ones, the new Safari feels a lot more streamlined and keeps the user interface out of my way, the new lock screen makes entering a passcode a whole lot easier...
...and then they added garishly colored icons and a whole lot of animated effects that really don't add to the user interface in any meaningful way I can tell.
What one hand giveth, the other hand taketh away.
Re: Highway to heaven...
"While it's tempting to have a go at Apple Maps, the real problem here is the airport security."
That was my first thought. Who attaches a runway to a public road? What person thought that made sense?
There's a little town in Oregon that has a small general aviation airfield next to a Chinese restaurant, so the enterprising owners of the restaurant extended a taxiway into their parking lot and provide small aircraft tie-downs in said parking lot. Makes flying into town for a bit of take-out easy, I suppose, but I still question the wisdom of connecting runways to roads.
"If you are ashamed of your behavior and don't want it photographed maybe you should just not behave that way in public?"
Ah, right. If you're not doing anything wrong, you don't need to worry about who's watching you, eh?
There are things that people can do in public here in the US that are not shameful but that employers can definitely get upset about. We live in a wannabe theocracy where corporations are considered people, remember?
Obligatory XKCD: http://xkcd.com/137/
Re: Why should an individual's private life influence whether or not an employer should hire them?
"It depends on whether they were legally allowed to smoke a joint when the picture was taken. If they weren't, then you can rightfully expect them to break any other law..."
...because if you've broken one law you'll break any?
Ever get a speeding ticket? I hear speeding is a gateway to embezzlement, murder, larceny, mugging, and Sabbath-breaking.
Re: Don't we live too long already?
"have the decency to hop off the mortal coil and let someone else have a go."
Why--because potential people are somehow worth more than actual people who are already here?
Re: Cloud based
"Which in case you have not noticed; is what this whole cloud exercise is all about."
Because why pay once and own it forever, when you can pay over and over and over and over again?
Re: Very strange
"Crowdfunding is very strange and questionable."
Quite the opposite. Crowdfunding is a way to break the monopoly of wealthy businesses.
There are many businesses--the book publishing industry and the music recording industry come to mind--that have made being a content producer a sucker's game. It's difficult for many people to write, edit, print, and distribute a book, or record an album, by themselves. Sure, you can do a lot of it for little or no money, but to get professional editing, or design, or sound engineering? That (for most folks) costs.
The publishers know it, so they are able to charge extortionate rates, screw the content producers on royalties, and just generally be evil as hell, because until recently there was no other game in town.
Now, things are changing. Print on demand, online distribution, and--yes--crowdfunding are all parts of the process that's taking control of these industries out of the hands of big, moneyed corporations and putting that control back in reach of individuals.
And that's a good thing, I say.
"The other mystery is why the exchanges (or governments or regulartory bodies) don't put a stop to it..."
No mystery there. Where do you think the governments, regulatory bodies, and so on get their money from? Who do you think they're answerable to?
This is what happens when people who aren't evolutionary biologists try to talk about evolutionary biology.
The normal lay view of natural selection--the "survival of the fittest" model where only the most 'fit' individuals in a community survive to reproduce--is oversimplified to the point of being flat-out wrong.
Evolution only needs three things to operate:
1. There are differences, however small, between different individuals in a population;
2. Those differences are heritable; and
3. Those differences have some impact, however small, on the likelihood that an individual will reproduce.
Humans still have all three. There are still heritable differences between individuals that affect, even if it's only to a tiny degree, the odds that we will reproduce. Whether it's a gene that makes it just slightly more likely that we will have asthma, and having asthma makes it just slightly more likely that we either won't reproduce or will choose not to reproduce, or if it's a gene that has just a tiny effect on our immunity to disease...anything, even if it only has a small chance of affecting reproduction, matters.
The number of studies demonstrating evolutionary processes at work in humans is too long to bother listing completely, but here are a few:
There should be a few surprises in sotre, I imagine. Maybe the new Surface tablets will come with a free Zune MP3 player, along with new software to sync to your Kin phone!
Sorry, my bad.
I did a Google search for "You reach down and flip the tortoise over on its back. Why aren't you helping?"
They do have a point, kinda, in that this is a business model that's used many times in many industries.
For example, if you buy a car from a dealership, the car manufacturer may have agreements in place with the dealership specifying a minimum price below which the dealer can't go. Same with a bunch of other industries.
Not saying that's good. Just the opposite, in fact; I wish the DOJ would pursue vertical price-fixing in other industries as aggressively as it's pursuing this. Price fixing on an ebook might cost me three dollars; price fixing on a car will likely cost me hundreds, or even thousands.
The purpose of this attack, as near as I can tell, is to serve up the W32/Kuluoz malware from compromised sites.
The attack comes in stages:
1. Launch a brute-force password-guessing attack on Joomla and Wordpress sites;
2. Deposit a malicious backdoor script on the hacked site;
3. Install a file, nowadays usually but not always named "main.php" (earlier versions of the attack used different script names) on the compromised sites. On WordPress sites, it may be installed on the root level of the site, in the /images folder, or in a folder called /img; on Joomla sites, it is often placed at the root level of the site or in the /components directory;
4. Send out spam emails directing marks to the location of the main.php script, usually disguised as DHL or Fedex notifications.
The main.php script is interesting. It checks the browser's user agent when a visitor arrives, and some variants appear to check the IP address against a blacklist as well.
If it sees a vulnerable Windows user agent string, it downloads the W32/Kuluoz malware using a number of different drive-by download exploits.
If it doesn't see a vulnerable user agent string (or if the IP address is blacklisted), early versions presented a phony 404 error page. This error page was generated by the script and looked different from the site's true 404 error page.
More recent versions of the script, which I've seen in the past few weeks, do an internal redirect to a real 404 error page, making them more difficult to detect.
I've written extensively about this attack and the apparent link between the WP/Joomla brute-force hacking and the Kuluoz malware downloaders on my blog:
The attack has been tweaked and modified several times--the earliest versions tried to dupe marks with spam emails pretending to be airline flight confirmations, for instance. It has also scaled rapidly as the attacks on weak WP and Joomla passwords has scaled. In some cases, I have seen ISPs remove the malware script, only to see it reappear a few days later--suggesting that either the passwords haven't been changed or the backdoor scripts are still on the compromised servers.
Cue "The NSA got to the infosec researchers!" conspiracy theories in 3... 2... 1...
Re: I wonder what these people get from threatening people
"By getting some fembot to create an anonymous bomb threat, the women's rights outfit, get to ask for more funding."
Riiiiiight. Because a conspiracy is so much more plausible than a bunch of losers actually sending rape threats.
Actually, now that I think about it, that would be a nice world to live in, wouldn't it? I wonder what color the sky is in that world.
- Mounties always get their man: Heartbleed 'hacker', 19, CUFFED
- Analysis Oh no, Joe: WinPhone users already griping over 8.1 mega-update
- Leaked pics show EMBIGGENED iPhone 6 screen
- Opportunity selfie: Martian winds have given the spunky ol' rover a spring cleaning
- OK, we get the message, Microsoft: Windows Defender splats 1000s of WinXP, Server 2k3 PCs