Would that were true.
You can set the price at infinity and your data will be stolen rather than taken.
173 posts • joined 17 Nov 2010
Would that were true.
You can set the price at infinity and your data will be stolen rather than taken.
From a ZDnet article:
"The new MariaDB Enterprise release features protection against SQL-injection attacks using a database firewall filter. In a few months community MariaDB will also include the database encryption developed and used internally by Google, which has been using MariaDB for a year."
So that's two separate and unrelated features.
"Gotta say, disabling UAC's the first (maybe second) thing I do on any new Windows machine."
Fine, but that's your choice. You make a deliberate choice and if/when things go wrong, you know who to blame. Nothing wrong with that.
malware fine monitoring software OTOH, decides for you and doesn't even tell you. Quite a different thing.
The driver is acting illegally, however, so the Dutch court, so is Uber, as (a) it's application is specifically designed to facilitate this illegal behavior and (b) it takes a cut of the proceeds.
That would be someone at Xerox Palo Alto, circa 1975, I think.
In Unity, meanwhile, a simple option turns this off if you don't like it.
It does exactly that in my 14.04, so I see no reason why it shouldn't work in 15.04. So prepare to be delighted, I guess.
Heh. I like that phrasing. :)
More or less what I meant, although it's not limited to the GUI. (Vista admin access, anyone?)
They're experimenting (Vista, Win8). And like all good experiments, some of it turns out to be crap. So then they keep the good bits and retract the bad ones (Win7, Win10). And thus progress is made -- at least, I know very few people who prefer XP over Win7 for reasons other than trying to keep prehistoric hardware or software up and running.
Like I said, arguably they shouldn't be doing their experiments on paying customers. OTOH, this stuff is tough, especially when you think of the very wide range of computers and network setups Windows has to run on and the even wider range of skills and preferences of their users.
So, give them a break and then switch to Linux.
I feel kinda odd being a Microsoft apologist, but there is a kind of sense to this. Feature expand, consolidate. Feature expand, consolidate. And so on. Somewhat reminiscent of Intel's tick, tock model. (Except they tend to get both the ticks and the tocks right.) All the people who have screamed bloody murder at Win8 have helped shape Win10, just as the Vista outcries helped create Win7.
I'd like to think there has to be a more elegant way to do this, but that's easy to say from a comfy chair on the sidelines.
1. Considering ground level wind was mentioned, this is probably what was up.
As for the thing being 21 tons, fair enough, but that doesn't make it hard to move. I have moved 10 ton boats on my own and I am not a strong guy. In water or air, you don't get the friction with the ground and things are very different from what intuition might tell you.
The basic question is, can the wind move the rocket sideways by the couple of meters clearance it has from the tower before the tail of the rocket clears the top of the tower?
Alternatively, can it topple the rocket before it clears the top of the tower? (Once you're clear, you can lean into the wind; while you still next to the tower, you're pretty much restricted to engine gimballing.)
Neither of these would take hurricanes. Just a good solid breeze against that huge sail, err, rocket.
Consider that a 40 knot crosswind is reason not to land most aircraft and those things are more controllable than rockets.
Turnkey security is hard and not always possible, sure. That doesn't mean we shouldn't try to get as close as we can.
You could think of a library that contains the fork/exec boilerplate and a globbing function. Some scripting languages in effect do this.
Alternatively, you could make a safer version of system() that only passes environment variables you explicitly request.
system("foo --bar *.baz", "EMACS", "TMPDIR");
or something like that.
I think the biggest problem is that system() is far more convenient than fork() + the exec*() family of functions.
Water flows downhill. You can rant at people not to do the wrong things until you're blue in the face, but you will only achieve reliable results when it is easier to it right than to do it wrong. At some level, this might be considered a bug in the design of the API.
As Steven said, "patch anyway".
As an exercise in intellectual curiosity: You (and pretty much all other Linux users out there) are not vulnerable in any situation where a shell script is invoked without specifying the shell to execute it. In that case, you get the default shell, which is not bash.
However, it is also possible for the caller to explicitly specify bash as the shell to be used or for the script itself to use a shebang specifying bash. In many environments, doing either of those will get the dev in question hung, drawn and quartered, but still, such things do happen.
The only way to be certain it doesn't happen on your machine would be a complete audit of all code on there. That's probably not your plan, therefore the answer of "patch anyway".
That's because when you dive that low, the pressure builds up and you need titanium plate rather than contem plate.
I've seen it used in the sense of 'load an entire file into memory in one read() action' as far back as the mid-80s -- and it might be older than that.
In general, using a regular dictionary in an attempt to disprove the existence of jargon is a mistake; the purpose of such dictionaries is to show only the regular, non-jargon, use of the language.
An enviable capability, to be sure.
I'm afraid your explanation of the executable files gaffe is factually incomplete. The reason is that Windows memory maps AND is incapable of allowing existing accesses to a deleted file to continue for the life of the relevant process, something that all flavors of Unix have been able to do since the 70s. As you say, there are advantages to memory mapping. There are no advantages to being incapable.
"Could be a bit annoying when you've just plugged in a keyboard and have no other means of responding to the prompt."
Er, yes. One of the reasons I've never quite gotten the big rush to make keyboards USB. (Yeah, I know, standard connector is 0.3 cents cheaper). The things need exceptional handling in a number of places and this is one of them.
Still, as someone below has already suggested, you can pop up a passcode on the screen and require it to be input. Combine that with serial number lock-in for known good keyboards and you're good to go.
Alternatively, dedicate a USB port to the keyboard and only ask questions if a keyboard is plugged into another port. This should serve most desktops well. A laptop already has a built-in keyboard, so you have a channel to answer the popup. That in combination with a serial number lock should minimize the fuss on most laptops.
I suppose the non-sensitive machine still works (doesn't really matter whether it gets pwned by a malicious document or a malicious drive -- you were prepared for it to get pwned)
But, yeah. Nasty.
How hard would be to modify the OS so it pops up a notice, "The device you just inserted wants to register as mass storage, a keyboard, and a network card. Which of these functions do you want to allow?"
I'm guessing that would depend on your jurisdiction.
The Dutch anti-tracking law, for example, specifically states that it is the act of tracking that is being legislated, not any specific technology used for that purpose. So as far as I understand it, you'd be perfectly welcome to use these techniques instead of cookies as long as you only use them for purposes for which cookies would be allowed (that is, to implement essential functionality of the site, such as login; to gather anonymized usage statistics of the site; or to do anything else for which I have given explicit and informed consent.)
To Boldly Fly where Mighty Orbs Go Bust.
> Here's a link for anyone interested:
Thanks. That looks interesting.
It'd be interesting to think through how hard it would be to do a purely peer-to-peer facebook alternative. Kill the vampire in the middle, so to speak.
Most Android devices suffer from a double MitM attack (Manufacturer in the Middle).
As far as I know, there are two ways to avoid that. First, buy your device, don't get it via a carrier plan. That gets rid of the one middleman. For the other, either get one of the Nexus devices, or install Cyanogenmod.
At least it was in the US. Otherwise he might have expected to get chips with his pin.
Yup, the article talks about electron-positron pairs. The positrons would be the anti-matter bits.
So, to add to your fine list: possibility of making a hole to another dimension from which robots with positronic brains emerge. No matter what orders we shout at them, they shut down the facility, because it is dangerous to poor befuddled humans.
So they have omelet for breakfast. No biggie to them.
The critical thing here is that they have a captive audience. People will write angry tweets, blogs and what have you and they will keep paying Adobe. Unless and until somebody writes a viable alternative to CS, they have no choice but to keep paying Adobe.
for being a sane voice in a howling storm.
In Dutch you'd get either 'de hond zijn ballen' or 'de hond zijn kloten', but that wouldn't normally be used as an expression of praise. Once upon a time, there were some people who were using 'de tieten van Jezus' (the tits of Jesus) in a similar way, but it's been decades since I last heard that one.
Makes sense to me. The stuff inside goes 'popty' and then the microwave says 'ping'.
I think we're partly talking past each other. I completely agree that most of the time, search is inconvenient for file access and the few times it is convenient, it's either because I or a a colleague messed up and something wasn't filed where it belonged or because I'm trying to make sense of a project I'm not familiar with. (And then I'm usually using find and/or grep, not the Unity file search.)
Where I find search to be superior to menus is in program startup and occasionally as a replacement for deep menu navigation. This is a very fast way to get to programs I don't use frequently enough to pin. So, windows key;c;a;enter and Calibre starts up. Windows key;g;enter and gjiten is there and so on.
Things that I do use frequently enough to pin are even faster. WIndows key + 7 and emacs is up. Still other stuff I fire up from a shell; xdg-open foo.pdf and so on. The whole system works well enough I don't need much pinned. (nautilus, firefox, write, calc, settings, shell, emacs, xpad -- and the write should actually be removed, I hardly ever fire that up from the bar.)
I agree that discoverability isn't as good as a classical menu system. I don't care, that's startup costs. I use computers intensively and startup costs are negligible compared to the total, so the relevant criterion to me is the speed I can eventually reach. And between fast application access and not having to drag windows around, I think Unity saves me an hour every week.
That's not for everybody of course. Somebody who spends their time in Gimp is going to be using the mouse far more often than I do. Even office software has many features that are easier with the mouse than the keyboard. So, no I'm not claiming this is a universal solution; I'm certainly not saying that everybody should switch. I am saying that it works for me and that works amazingly well for me.
Why search for everything? Because it fits well with a keyboard-centric way of working. Unity is pretty meh unless you're a keyboard freak, then it effortlessly outstrips everything else out there.
The funny bit about Unity is that it will work reasonably well for a beginner (no clutter to get lost in) and it shines for the experienced keyboarder. The ground between beginner and expert and the ground for mouse-based experts is left, well, not bare, but certainly not covered by anything very inspiring either.
All it says is that any coffee they happen to serve will not contain rat-droppings...
Oh, I agree. Some days you're a little slow, you say. Well, some days, I pun poorly. So there. 'Tis the nature of me, especially before the coffee...
I love LaTeX and use it a lot, but...
TeX is a programming language. .tex files, including LaTeX ones, are executable content. If you blindly process a .tex I send you, I can read from and write to everywhere in the file system you have access.
I'm aware of the history of at least two file formats called RTF, both going back several decades. In this case, I was doing simple acronym punnery.
I've always thought Rich Text Format was misnamed.
It should have been Windows Text Format.
But at least it is a stylish cop, right?
I'd agree with you, except I ran KDE and Gnome 2 in parallel that way for a year or two and every last single update caused trouble that required console-jockeying to resolve -- making this Not Recommended for anybody who isn't a console jockey. I swear they forbid their QA to test setups like that.
"The United States government has to get out of the business – if it were ever in the business – has to get out of the business of fucking with encryption standards," Clarke said.
No, Mr. Clarke. The United States government would have to be seen and believed to have gotten out of that business. Regardless of your political stance on the whole matter, that is going to be a Herculean task in the current environment.
Yes, but it takes a programmer to understand that and the speaker being quoted was an analyst.
True. OTOH, I usually expect/want exactly zero of these sites to use the mic or cam. Clicking OK for the one or two exceptions per year I can handle.
Also, what is reported is market share, not actual units. In a market that is changing overall size, that's likely misleading.
All in all, quite the Soviet style statistics.
Maybe, but checking that your model does not go bonkers when the land masses are redistributed seems like a good idea. He could have just drawn a random map, or used xkcd's idea of the Earth on its side, but he picked Tolkien instead. Works for me.
As you wish. I still respect those who can build stuff well beyond those who sit on wads of largely inherited cash.
I'm sure that goes on already. The sheer fact that other countries do not (yet) have their Edward Snowdens doesn't mean there isn't anything to report.
Actually, there's several methods for handling that out there already. Punycode has been mentioned in the comments here, there's idnccd and some more. Alternatively, a browser could have a configuration where it changes the background color behind non-ASCII characters to some configurable color. If you're worried about such attacks, you set that color to bright red or something loud like that and your HSBC will stand out like a sore thumb.
You could make that fully general by allowing assignment of colors to arbitrary Unicode ranges.
It's not actually a 100%. If the attack depends on things that changed since XP, it won't work on XP and you can breathe a sigh of relief. If the attack uses features and code common between XP and the later Windows, it will work on XP and the bad guys score.
Yes, that is really freedom. You might want to look up the word in a dictionary.
I'm not suggesting you should become a Marxist --I have no need for Marxists-- but freedom means that others have to the right to disagree or to read the stuff so as to form a reasoned opinion or even to read it because it makes them laugh. Their right, their choice, their time. None of your business.
And, once we're done frothing at the mouth, just how likely do you think it is that papers about astronomical pictures will be 'Marxist screed' anyway?