Re: Still waiting for
shock-resistant BOFH mugs too
119 posts • joined 21 Jun 2007
shock-resistant BOFH mugs too
1) Reported vulnerabilities are not the same thing as unpatched reported vulnerabilities and Google moves pretty quick to patch things.
Their bounty rewards program helps A LOT with finding and reporting vulnerabilities - this is an incentive for people to smash, crunch and otherwise torture the browser in every imaginable way to see if it sprouts a leak, and that leak will be patched for the benefit of all the users.
I don't see the other mentioned browser markers offering such bounties.. MS in particular is known for the secretive way in which it shoves stuff under the carpet (they have a sort of bounty rewards program.. with a NDA with stupid terms attached) when it doesn't like it shown until they release a patch for it, sometimes years later, and bragging about finally fixing x or y while some things never get fixed or get stealth "unsupported" half-fixes (*cough* POSReady fixes allowed for WinXP on purpose - they could easily nuke it.*/cough*).
2) i'm a Secunia PSI user and i can tell you that their detection of the installed Chrome version is crappy about half of the time.
This is because Chrome keeps the previous version around when it installs an update, just in case you need to roll back. If you have Chrome installed and if you ever applied an update to it, just take a look at C:\Program Files\Google\Chrome\Application (or wherever you installed it). You'll see there 2 folders, one for the current version and one for the previous version that you had before the latest update.
Sometimes Secunia PSI will detect the version that was present when i started the computer and keep pestering me to update it even if i just updated it. When this happens i have to manually FORCE a full system scan in Secunia PSI just so that it can detect the updated version.
this ball is in squarely in the manufacturer's court. Almost every device i have encountered so far comes with a disclaimer that you, as user, are shit out of luck if you try to upgrade it's bios/firmware and it's no longer working after that and that the warranty will be voided by ANY changes that you make to the original as-shipped bios. ("any" meaning including trying to upgrade it with a bios downloaded from the manufacturer's site).
Until the manufactures provide full support for bios/firmware upgrading and drop the associated warranty-nuking legalese from the warranty terms, the users won't even consider patching them.
tl;dr version: the technology is not there yet to support this dream and have account security at the same time.
so... is Yahoo now officially facilitating account credentials interception for any services? have they been bought out by the NSA or have they been hit with a stupid ray?
losing control of your phone (either stolen or temporarily/permanently held for "inspection" by border agents/power-drunk LEOs or other rent-a-cops) or just having it intercepted by a stingray or other cell site simulator will give the spooks/crooks way easier access to ANY account that uses that phone number as the only way to validate access. They won't even need to decrypt the device as they can use the phone number alone to get access to the contents of the online services tied to it and can then easily slurp the data. Sometimes you don't even need to power on the phone, the spooks can easily persuade the phone company to temporarily assign that phone number to a SIM card that they control, or can even clone the original SIM.
If the device in question were a fail-proof, not-easily removed or intercepted integral part of your body then yahoo's method would be ok... some SciFi movies even portray people talking to a hologram in their hands or on the periphery of the visual field (or similar stuffs...).
Unfortunately the technology is not there yet and the point of 2FA is exactly to try to avoid those scenarios where you lose control of the device, and by changing one of the factors, to limit the extent that the other one can be exploited.
or is that dr.tl now?
any chance of getting some shock-resistant BOFH mugs in there too?
Duralex/Luminarc or something similar? The current mugs seem a bit too frail for any heavy-duty usage. (including usage as a percussive maintenance tool :p )
for me that looks awfully close to a Glass device viewed from the side...
Google has recently terminated the experimental production run and with Samsung already having had some attempts at developing a similar device... maybe Google signed up with Samsung for mass-market production? Mobile World Congress sounds like the perfect place to launch the mass-market Google Glass Mk 2 (or is that Mk 3...4?.. i lost count of the test variations)
ow..my eyes.. what in the world made you change that nicely compact layout? looks like a tornado messed the site :(
not to mention that there's NO ACTUAL terms & conditions linked. AT ALL.
i think they might be something along the lines.. "by entering this competition you're giving us your first born, an arm and a leg. We'll be coming tonight with a chainsaw to collect the arm+leg."
Amazon: ok.. so.. no more free shipping allowed?.. ok..charge them 0.01 €cents (no..not using verizon math there)..
Amazon: ok.. no discounts more than 5%?... 5% relative to WHAT?.. who sets the base price used for calculating discounts? Answer: we (mostly) do, so instead of discounts >5% we'll start seeing the regular, non-discounted prices dropping...
Is there a law in France that states that regular, non-discounted prices have to be above a certain value?
Firefox is the only program that crashes on either of my systems and the crashes started with v29.. it was pretty stable before that, and i'm not the only one that started to see crashes beginning with v29.
system 1: Win7 SP1 x64 fully updated, installed in 2011, 16 gb ram
system 2: winxp sp3, fully updated, including the POS, 4gb ram (3gb usable), freshly installed in january 2014
On both systems i always run as normal user without admin rights and i use an elevated command window when i need administrative access.
again.. Firefox is the only program that's crashing... since it doesnt do that for you.. do you use any add-ons?
Maybe it's because i'm using NoScript / AdBlock Plus / HTTPS Everywhere, but these add-ons worked just fine before v29 appeared and they've been updated repeatedly since v29 was launched.
they'll add the full IDE before or after fixing the crashiness that's been plaguing Firefox lately?
since v29 i get at least a crash a day.. i got into the habit of no longer bothering with providing comments in the Crash Reporter... i use that for ASCII art
If you happen to navigate to about:crashes in Firefox.. you'll get there a nice list of Firefox crashes on the local PC that have been caught by the Crash Reporter, crashes complete with URLs to the crash analysis and the comments neatly formatted on a page... you can see that people swear a lot in crash comments too.. i just use a small piece of ASCII art for comments and i see some other people doing that too :)
edit: meh, elReg is messing with the newlines in the above graphic, doubling them.. just use your imagination and remove the extra spacing (^_^)
there you go... Microsoft throwing a BIG and PUBLIC wrench in the MAFIAAA's laughable claims that IP addresses can map always to a precise physical location. The new address space isn't even from the same general geographic area.
is it my dyslexic imagination or am i the only one to see an "f" letter in the white space on the left side of the circle?.... that means the logo is saying "fuk". LOL
don't worry.. it seems it's built specifically FOR those agencies and not designed to be used at all in Russia and the eastern side of the continent - according to those published specs it has no support for GLONASS at all, it only supports american-style GPS - thus it will be hard for it to achieve commercial distribution in Russia and its neighbors that require GLONASS.
Russia mandates that any device imported for sale that can use GPS must also support GLONASS.
No GLONASS => not designed to be sold in Russia or its neighbors (unless you pay the 25% import tax for devices that are not-GLONASS compatible)
anyone remembers when the same thing was done on a much smaller scale in CounterStrike a few years back?
i wonder if / when will someone call the cops or a swat team down on these... or maybe just dispense with the niceties and use a drone strike directly
for the wrong rover though... but valid nonetheless.
quote: we have launched a voluntary package (VRS) at our Chennai, India facility.
was it launched from a low earth orbit, a high geostationary orbit or from Nokia's HQ in Finland using a phone-shaped ICBM?
(inter-continental snark delivery system)
So Google, and apparently you, think that it is OK to break W3C HTML5?
on the contrary, this behavior is mandated by the W3C HTML principles:
what's happening is that all the OTHER browsers are breaking the HTML design principles by forcing a user to do what a site wants (disabling the autocomplete) instead of prioritizing the user's wishes. In this case Chrome might be the first browser to actually comply with the W3C principles.
Now.. the problem here is that while browsers come with password managers and they ask the user if they want to save the password, a lot of people will click "yes" without thinking...
What the browser designers should have done instead of just blindly clicking on a "yes" button is forcing the user to think when they save a password.
Instead of just clicking that button they should be presented with a more puzzling challenge, e.g. solving a captcha or typing the "yes" answer themselves.
That means that even if users turn off Chrome's feature that collects and automatically enters their login credentials to web services, the browser will nonetheless make the offer to do so.
NO, that's not what it means, you totally misunderstood the change... if the user turns off the password manager then it stays off.
This change affects only when a web SITE specifies the parameter autocomplete=off on a password input field, the browser will ignore that and instead will use the USER's preference instead of the SITE's preference: if the user has the password manager enabled then it will use that for autocomplete. If the user has disabled the password manager then it stays disabled.
without access to WinXP source code i don't see how they can provide updates... maybe they thought they could rely on Microsoft's EMET ?
i'ts already been bypassed, even on latest windows OS's
quote: "Researchers took a real-world IE exploit and tweaked it until they had a complete bypass of EMET's ROP, heap spray, SEHOP, ASLR, and DEP mitigations"
"Files that demanded higher throughput, which meant that more users were accessing those files simultaneously, were stored on faster servers ... [..snip...]...has purposefully made their rapid and repeated distribution a primary focus of their infrastructure"
yep.. looks like akamai.com's modus operandi ... shut them down too! (/sarcasm)
oh wait.. can't do that...
even NASA or the Australian Government or Autodesk uses Akamai services.... or a whole TON of US Government Agencies... shut them down too! :p
first thing i thought (ok..second, first was "wtf! they admit it") when seeing that octopus was yummy....a lot of meat to cook Takoyaki there... who starts to chop the arms and who brings the sauce?
you've been lost up Uranus
roflmao... i think a proctologist has made subtle changes to the article before it went live :p
edit: woooot.. we have an EDIT button! cheers!
Can we fit them to sharks also and train them?
We might then get a remote-controlled shark... next step is just to add lasers to a shark's dorsal package
Diigo is far worse... if you're logged in with ANY account you can download ANYONE ELSE's exported bookmarks if you manage to get the download key (looks like a MD5 sum slightly modified) for one.
The site doesn't check that the file actually belongs to you, only that you're logged in with a diigo account. (it used to be that the site didn't even check that you're logged in, but they added a login check sometimes last year).
even data for PAST ACCOUNTS, that are currently deleted, can be downloaded. Diigo doesn't allow you to delete ANY EXPORT files even if the account that generated them is deleted by the user.
rofl @ user interface on that thing
i think that interface makes a nice 3rd pane to this comparison:
"ACTA" as such might be dead and buried but its contents is risen back copypasta-style in the form of CETA and TPP:
"Only to the size of the hammer," - this is my rule too :)
i think your interpretation of the new DMCA extemptions is a bit flawed: true, unlocking is still freely allowed BUT that will last ONLY UNTIL January 2013. After that you must have the carrier's permission (and assistance) to do so:
No more unlocking
In 2006 and 2010, the Librarian of Congress had permitted users to unlock their phones to take them to a new carrier. Now that's coming to an end. While the new rules do contain a provision allowing phone unlocking, it comes with a crippling caveat: the phone must have been "originally acquired from the operator of a wireless telecommunications network or retailer no later than ninety days after the effective date of this exemption."
In other words, phones you already have, as well as those purchased between now and next January, can be unlocked. But phones purchased after January 2013 can only be unlocked with the carrier's permission.
the actual URL in the article should be this one:
Westergren Timothy: Insider Trading and Stock Options:
that shows the monthly trades much more clearly and by looking at what the other executives of the company are doing it seems this kind of slow fire sale ("under the radar") is "normal" for them:
KAVNER ROBERT M:
anyone has any clue what's happening here? From what i know executives selling stock (and stock options) in the company they manage happens usually only once a year or so. Doing this monthly and in such high volumes smells weird to me.
That's amazing, i know someone that has the same combination on his luggage:
well, they did SHIP them....they just didn't reach the intended delivery destination :p
they might be in the process of renewing it, so the renewal won't show up yet.
if you look at the status it does say it's an ACTIVE trademark, so SBB might have a grace period to renew the mark
Status Active trademark
Trademark no. 512830
Filing date 03.09.2002
Expiry date 03.09.2012
Source of first publication SOGC no.145 to 31.07.2003
Application no. 07606/2002
A) or try starting it in recovery mode and re-flash it.
1. Turn phone off
2. Press and continue to hold the Home button while you reconnect the USB cable to your iPhone, this will cause the iPhone to turn on
3. Continue to hold the Home button until an alert message in iTunes informs you that an iPhone in recovery mode has been detected. (hopefully)
4. re-flash it.
B) if you tried (A) and it still doesn't work and it's under warranty, return it.
C) if (A) doesn't work and it's not under warranty, you're SOL.
Consider selling it for parts OR if you have data on it that you're worried about, consider CAREFULLY removing the salvageable bits yourself (e.g. screen+touch sensor assembly, battery,...) and applying some heavy duty percussive maintenance to the remaining mainboard bits. :p
wtf... price games again:(
they're practically selling 64Gb of flash memory for +200 usd?
a heavy duty usb flash drive is half of that and it also includes a sturdy rubber enclosure that you can drive a truck over or dump into water 50m deep and it will protect it. Try that with their phone.
after they migrate the data from the tapes, recycle the tapes themselves to launch a new line of designer clothes and wearable accessories.
It's way more profitable than dumping the tapes in a landfill and it gives a new life to the stuff.
<quote src=Graham 24>[...]simple deny all logins from that source IP for say, five seconds. Hardly a great inconvience to a genuine user making a typo on the password, but makes a remote "dictionary attack" (where the dictionary including all combinations of upper, lower case and digits) of even an eight-character password unfeasible.[...]</quote>
these days it's a lot easier to do DISTRIBUTED dictionary attacks or port/vulnerability scans, denying logins from a particular ip address or address range is meaningless.
It's better to deny logins globally to that account for x seconds/minutes and after that to add a mandatory captcha to the login for the next few hours. I've even seen servers that always ask for captcha on logins (i configure mine this way too.).
does this thing do any sort of chemical analysis of the liquid it's subjected to?
if not... just bring a [section of a] garden hose into the bathroom, connect one end to a water tap at the nearby sink, open the water flow and use the other end to obtain the gold pee medal :P
unfortunately, for yahoo sms auth it is still in beta testing and it can easily be bypassed even if turned on.
Just log on via yahoo messenger (desktop app), click on the mail icon in ymess and you have Instant mail access without any nagging sms prompts.
@AC with "police have seizure..." blabla
FBI is not police and especially not outside the borders of the USA
the FBI agents were in New Zealand as simple visitors / tourists / consultants, not members of the NZ police force so they had no right to hijack potential evidence.
when members of other agencies around the world do the same thing inside the USA they get arrested, prosecuted and imprisoned for spying. Sometimes they get directly executed with a bullet/car "accident", skipping the arrest/prosecution/prison stage.
that "storage" is not ony hard drive space but physical space storage too.
the servers themselves might be powered down and sealed but that doesn't mean they have been moved, they still use up valuable datacenter space and resources...
however... i don't remember reading anywhere that the servers themselves have been powered down, only that they have been disconnected from the network.
factor in the wasted datacenter space, electrical power needed to keep servers and air conditioning running, routers, switches, UPSs, generators, building maintenance, security & staff, etc...
this all translates into costs and a huge revenue loss for the company operating the data center.
THE CATCH here is that MPAA wants an absolute rate of 0% counterfeit.
Not 0.00something%, not 5%...they don't allow for any tolerance, so ZERO.
You can NEVER GUARANTEE that compliance rate LAWFULLY unless you hire a JUDGE (ok, a lot of them) to examine MANUALLY EACH FILE and rule on its compliance.
A few days ago a research report came out that such a thing would costs roughly 50 BILLION USD in the case of all the videos on youtube.
This request from MPAA is around the same order of magnitude & impossibility.
"its investigators arrived in New Zealand, copied seven hard drives, and sent the information back to the US without local police knowing what was happening"
Soooo.... copying copyrighted information is theft when MPAA says it is, but copying copyrighted information that belongs to someone else is not theft when the FBI does it on the sly in a foreign country while acting as MPAA's lap dog?
<quote>WD still has a 5 year warrany on the Caviar Black series of drives and RE4 series of drives.</quote>
yea... right.. it's funny that NOW the warranty page on WD's sites loads just fine but back in february/march when i needed it, it didn't LOAD AT ALL! It was showing an error message with an apology about warranty terms not being available.
At that time even the WD Black / RE4 i was seeing for sale had warranties of only 2 years. Maybe they fixed that since then but i was royally screwed over by this thing. :(
that's why they also dropped warranty lengths.
All drives manufactured after january 1st, 2012 have the warranty cut down. You won't see anymore drives shipped directly from manufacturer with a warranty of 3 or 5 or more years.
Now Seagate and Western Digital only provide a maximum warranty of 2 years but only on some drives.
I see also many drives from these two that come with only ONE year warranty and they hope they won't be sued by the European Union for ignoring the minimum 2 years warranty mandatory legal requirement across the E.U.
well, to give my point of view, from Eastern Europe, (and maybe for most of the rest of the world) here the US is mostly viewed as a redneck country with the border rednecks willing to almost rape and anal probe you if you dare to visit and WILL kick arrest and deport you even for posting twitter jokes (TSA checkpoints). The USA's new logo for promoting tourism is: "Come and visit the USA, strip for the TSA!"
i'm stuck in a similar porting hell with Vodafone (in Romania) since 2009 and they won't do ANYTHING about it.
in october 2009 i ported my number from Vodafone to another carrier (RDS DigiMobil) and to this day i CANNOT RECEIVE any international call or sms.
i tested with a friend in Canada: while we were both on skype video chat i had him call my mobile phone number from his mobile phone and after he started to get a ringing tone (and my phone wasn't ringing at all) i used the very same phone that he was trying to reach to call his home land line number.
His landline started to ring immediately and at the same time his mobile phone was still trying to ring my mobile number (and did a very good job of faking the ringing, there was no indication that the call was not connected properly at all, he was hearing a standard ringing tone)
i filed complaints all the way up to the National Authority for Communications but all my complaints end up in the same stink-hole that is vodafone+rds support.
RDS says that the porting has been completed from their end... Vodafone says the same and i'm stuck with having to use a secondary prepaid sim card (from vodafone since they won't unlock that handset even if the contract is finished) so that i can receive international calls and sms.
P.S. read that 2007 blog article and the linked blogspot article too...
Ferrari lost the right to the horse image trademark in China to a company that registered it properly in 1996.