Users using old versions of software are vulnerable to old bugs
News at 11.
327 posts • joined 17 Oct 2006
News at 11.
is hillbilly dialect: west Pennsylvania and West Virginia mostly. Never quite went mainstream like y'all.
When it comes down to it, English actually has hundreds of ad-hoc second person plurals, just not a single standard one. That makes it more interesting!
Yeah, but in Queensland you're constantly fighting off roving bands of murderous marsupials and poisonous wolverines, to say nothing of having to hack your own way through the bush to find the road again. It's amazing that you can drive for two days at all.
How do you keep an eye out for bugs without running into said bugs? Once one loses your data, you're screwed anyway and it's time to find a backup, if any.
Dude, the LibreSSL presentation was a little over a year ago. OpenSSL has actually been pretty deeply plumbed since; what was true then isn't all true now. It was a goddam joke at the time, but lots of people who actually know what they're doing have contributed since then.
A huge chunk of OpenSSL is just workarounds for others' buggy implementations, plus a lot of backward compatibility and ciphers & hashes that aren't used in TLS but people like to use anyway.
A dedicated TLS library is probably a better idea than the OpenSSL monstrosity for most uses.
That's not exactly a one-time pad. In fact, it's probably the least secure password of all, these days.
PKD was in-demand, meaning that even today he would still have a publisher (even if it was a collective rather than one of the majors) in order to sell his stories for a better price. This doesn't affect publisher contracts at all, only if you let Amazon be your publisher.
Not to mention that the practice of paying by word was long-standard practice by his day (do you really think it's any coincidence that Dickens' novels are so long?), and he wasn't particularly well compensated in his day relative to his impact on culture, at least until the movie royalties rolled in. The nature of the game has always meant weighing artistry with selling out.
> Reading and leaving reviews would help weed out badly written books
If you can't see that the abject failure of reviews to police the self-published ecosystem has directly led to this new policy, then I don't know what to tell you. Amazon reviews are bought and sold more often than ebooks themselves are, and this is Amazon admitting it can't fix reviews and has to try something radically different.
Orange and Verizon don't write many Qualcomm drivers, as far as I know, and even Motorola and Samsung try to stay away from that (except for the parts they fab). Vendors just package up what the manufacturers hand them, and manufacturers mostly just hand over what the component makers have available. The final vendor-provided OS is lean and only has the drivers for hardware present in the model line, except in rare occasions.
Sometimes the drivers have been donated and integrated, sometimes they're private, doesn't make a real difference to the end user where it's all magic.
That's why I said "see ANY difference", not "see individual pixels." To see individual pixels, you'd have to roughly double the sizes I list... and then you can half them, as you say, and get back to the sizes I list.
If you have any research or personal experience that says otherwise, I'm all ears, but 8K is an extraordinary resolution that requires extraordinary circumstances. Few people will see a benefit beyond HD even well within the listed limits (as I am in my setup), because it's a game of diminishing marginal utility; double disk space, power, and cost for maybe 10-20% more enjoyment only makes sense to the most hardcore... and that's just for 4K.
But there are some rules of thumb: With great eyesight, you'd need a 46" or so TV sitting about 5' away (or 60" at 6' away), in order to be able to possibly see any difference between Full HD (1080p) and UHD (4K). Based on that, you'd need at least a 65" screen at 5' to get any benefit out of FUHD (8K), or an 85" screen at 6'. It'd only start becoming obvious and pleasing at nearly twice that size, and that's assuming excellent vision.
I think they're going to have a very hard time drumming up sales given these stats, outside of those home theater videophiles who crave huge screens and maximum detail. 4K at least has a small but noticeable benefit for anyone who wants a large TV in a small room, and computer monitors.
1 year in county jail. County time in California is half time, and she has 2 years of credits (1 year of actual) and 2 more years to go.
Condiments are important enough to making food worth eating that they just have to be budgeted for, once the necessities are bought. Becoming suddenly poor is easier, of course, then you'll likely have a well-stocked pantry. If you were kicked out of home or just released from jail, well, then you have nothing to get started but a silver tongue and maybe a willingness to nick a few little things that hopefully won't be missed. Hopefully you've got friends and family to help you out before you get to that point.
Each step takes quite a bit more work and time than "Sign up and start spamming" though.
BuzzFeed's "serious journalism" is actually excellent, maybe Pulitzer-quality, and far more in-depth than most other news anymore. At least it began that way. Why they even associate that with their "10 things doctors hate about celebrity nudes" trash brand is beyond me, you'd think they'd want them as separate as possible.
...but it has two decades of worthless approved trash to sift through, and it's going to be a long time before this headache is behind us. Fortunately they're expiring at a steady rate now. (Most likely an impetus for last year's lawsuit.)
I feel the deepest pity for Americans who don't know that the FCC and FTC regulates our ads, too. Especially the sexy ones.
Try checking out DansData. YumCha is his word for no-name Chinese knockoffs and generics, in fact apparently a common phrase down under, and there's lots of great info on computers and electronics to be found (particularly if you find yourself anywhere near Australia).
It's a symptom of people hating the Win8 start screen, not of malware. It makes sense that people who'll download and install anything would download it, but a lot of people get it because it's one of the most complete (and heavily advertised) free alternatives. I'm not a fan of it, but at least it's mostly just a mild adware that pushes its own app store ecosystem when you use it, it's not full of popups and trojans.
A small commit to add or fix a little bit of functionality years ago leads to a critical bug today, despite being reviewed and approved by experts. Ouch. It makes you wonder what updates you can ever trust.
Look, it's this or the Gathering of the Juggalos, so if you think a few stinky rich hippies is bad....
...when you scratch it in twenty years' time, or snap disk 2 of 5 after a century?
Look at the condition of pretty much everything in existence that's more than a few decades old, and it should be obvious that even cryogenic vaults of these disks aren't going to make it long.
Reminded me of my high school physics teach: "I'll tell you what I'm going to tell you, I'll tell you, then I'll tell you what I told you."
It's not up to YouTube to decide legality, but it is up to them to decide that someone's followed a specific process. YouTube decided that they wanted to spend as little effort as possible on verifying anything, making every step automated without human intervention, and that's on them, not the law.
If your application is vulnerable, then it's your problem, whether it stems from an underlying library or not.
If this is the case, then LOTS of other ffmpeg-based players and converters are probably similarly vulnerable. I love ffmpeg, it can read and write practically anything for free, but this is one of the downsides of a monoculture.
Nice, sounds vaguely similar (especially the violence) to Altered Carbon, Richard K. Morgan's futuristic hardboiled debut novel.
100 million people have at one time purchased an OEM PC that came pre-installed with some flavor of Corel software, certainly that must mean they're all active users.
In this case, it really is like a drunk man walking down a seedy neighborhood waving money around, only in this case he blindfolded himself and covered his ears. It's not like banks don't have any money to upgrade and secure their systems, they just don't care, so neither do I.
What, the Linux 1.0 kernel? The current Linux kernel has somewhere around 30 times more code than UEFI.
True, but then you always wonder, did it crash/corrupt that file because it was just old, or because I didn't update firmware for 3 years? It's a tough spot, especially when you get changelogs that point to something similar.
"Beg your fucking pardon? I am the problem? I don't mean to be rude but you don't even fucking know me, mate."
Your reading comprehension skills are in the sewer; you managed to completely misunderstand the referenced study AND somehow that brain scans aren't the same, when JulieM clearly said that the differences are of the same magnitude of those between rich and poor, not that they don't exist. The referenced study only makes sense when it comes to people completely lying to themselves to fit a narrative, and genuinely believing it. It's called rationalization, and it's a bedrock of human psychology.
Seriously, man, go back to grammar school.
However lucid Pinker is, pithy one-liners aren't science, they're just pithy one-liners, that's the thing. Science says that brains have certain statistical trends, but that female brains are just as adaptable as male brains, and that there's a much larger overlap between male and female brains than the curmudgeons insist, and yet not as much as the folks who want us to be completely genderblind.
I guess you could ask why, when everyone has two eyes and ten fingers, we make so much out of such minor differences?
Most of the push is just impatience; the idea is that there is an injustice, and we must fix this injustice NOW. Since there's no way to go back in time to change everyone's upbringing, it falls on industry now to retroactively fix society's bullshit. The occasional instance of a wildly unjust and misogynist workplace is blown out of proportion to its real-life influence, and if anything that myopia only drives away women who'd be happy in most IT departments. (Well, as happy as any of us; IT is full of alcoholic clock-punchers. Can't say I blame anyone for avoiding it.)
Unfortunately, it doesn't work out that way. Some social revolutions take time, and can only start with the new generation. This really shouldn't be news to anyone who looks at social dynamics.
A very capable alternative to Paint.Net is PhotoFiltre; both are quite handy and can easily do lots of basic editing. XnView and Irfanview can do basic editing, but it's all too obvious that isn't where the focus is.
GIMP is in a league of its own; not Photoshop by a long shot, but far beyond anything the above crop can do. If it's ever given a total revamp by a real UI designer (and they skip the interminable load time for font at startup) it'd be a one-stop shop for all things image.
But somehow, in the desktop world there's just no equivalent to the instant-tweaking editors of the mobile world (Snapseed, Instagram, etc). Multiple times I've been upset that Photoshop, let alone all the free alternatives, makes it so difficult to do trivial things. There's still a long way to go in the editing world....
Now let's see what the NYT crossword completion percentage is among the same crowd complaining about the low test results. After all, that's just a collection of basic facts, too....
In what world is source patching the only form of patching? Barring a catastrophe, Windows Update is two clicks and forget. OpenSSL can be that simple if it was delivered as part of your OS, but it turned out that it was also statically built into many applications, it was a large part of many unsupported or never-updated networking appliances, long with the necessary extra work to get custom installs working.
If you ever look into it, I think you'll find that building a copy of DD-WRT is significantly more painful than changing one line of code, despite having the source. Then come back about how trivial it is.
For a supposedly intelligent audience, reg commenters don't seem to remember that people were still glad to get 1GB of memory only a few short years ago, and tablets made do perfectly well with 512MB. It's no speed demon, but it's obviously not meant to be a desktop publishing platform; it'll play simple games designed for it, write documents, and do other tablet-y things. Stick to Metro browsers and apps and memory pressure won't be a problem, only desktop apps will seriously suffer from paging. Sorry it enrages you guys that something like this exists and caters to people who want to stretch their budget.
And given that it's expandable and they give you another 16GB card free, this is really a 32GB tablet. 16GB would be a joke indeed (but at least not a $700 joke, like the lowest-end iPhone 6 and iPad Air 2).
"Now, pick any two of the above. You are not allowed by the laws of economics to pick all three, sorry. Unfortunately our quasi-president is selling the idea that people can pick all three, and much of the public is ignorant enough to believe him."
Or maybe we can rearrange things to do less of some things and more of other, while becoming more efficient with better practices; it's not like any of those three choices are binary. Well, they are if you're an idiot.
Pithy sayings lose some of their power against $2.5tn industries.
It's just a hoary old rubber chicken that they trot out every time they don't get their way. Every few years they go make a big announcement to keep it fresh in everyone's mind, make a few token rollouts, and then use the rest of the country as pawns until they're finally forgotten about entirely.
This time it looks like they haven't even bothered to make a token rollout first. Even their pram-tossing fits are victims of cost-cutting these days!
Given that most client-facing services that use STARTTLS (or POP/IMAP/SMTP in general, these days) require some random other port anyway, it isn't really that transparent to the client. It's more of a bolt-on for lazy server admins, not clients, and it's the businesses that should move to connection-based TLS instead.
It seems odd to argue to drop it for PGP, since they each mitigate completely different attacks.
Technical content should be downloadable on the giant URL website shown on the first and final slide, not throughout the whole presentation to audience members squinting to read and ignoring the speaker.
Amazon's obviously not going to publish a title already under contract to another publisher.
I look forward to this, it'll be a good way to filter out the dreck that fills up 99+% of the ebook store. I was so excited by it until I started buying and actually reading that crap.
It's almost impossible to not have TLS support in anything that supports SSL, and this is just one more of the dozens of existing vulnerabilities in SSL 3. Even TLS 1.0 is past its prime and needs to be replaced by 1.2 ASAP, so it's time to just turn SSL off for good.
YouTube description says that the quad was undamaged. Those things are tough! ROTM can't be stopped that easily, we need laser hawks....
Higher voltages allow lower resistance (heat). 12V and 24V are the standard PoweredUSB voltages, but even then you're still talking 4-8A, quite a bit for a little wire. They'd have to go up to 48V (PoE) to get it under the 2.1A that seems pretty standard on USB chargers now, and maybe that's exactly what they did.
That has to do with all of the conspiracy theories that Facebook demands money for exposure... they assume everyone who "liked" them is still an active user, didn't unfollow them for spamming feeds, and even cares about anything they post. FB's algorithm is dirt simple: If you stop liking, sharing, and commenting on a page of with a friend, it stops showing you anything from that friend/page, and by and large, people are actually happy to have your uninteresting crap cleaned off their feed.
Quite a few pages have paid their money only to realize users still don't give a damn, and still aren't seeing their posts, so I basically just unlike pages that persist in spreading that rumor now.
Didn't OpenSSL refuse numerous contributions and refuse to give outsiders any say in the project? It was run like a hobby project despite being used in so many critical things; it's more like businesses should have forked it much earlier than they did.
The only reason Pi has to be activated is the MPEG-LA demanding their pound of flesh, otherwise Raspberry would be sued. In these cases you have to differentiate between vendors demanding more money because fark you pay me, and ones that are forced to by outside patent-holding entities.