Stay classy Pete.
706 posts • joined 7 May 2012
Stay classy Pete.
Then how would you refactor your methods? It isn't like IDEs have built in features where you can extract code to new method. Clearly you have to copy the method, add your new loop and if statement and give it some obscure name.
Also, wouldn't it be great if build servers were able to reject check-ins if duplicate code was detected? Ah, pipe dreams.
Still waiting for them to properly fix their production code.
>He said the fix was fairly simple and said the exposure served as an academic exercise in the perils of code reuse
I would venture to suggest that code reuse is not the problem. No, I will go further than that. If you roll your own security code there is a better than average chance that what you come up with is much worse.
The problem here is that the developer used the code without understanding how it worked and failed to write test cases that included validation against an invalid certificate.
True, but probably not as quietly and most likely leaving it in a way that makes it obvious that something is amiss. It would allow the sort of attack where the safe is broken at a time when it is empty and so under minimal supervision. The safe can then be opened in seconds when it is of more interest.
I guess that would be irony as defined by the Allanis Morissette dictionary...
To reintroduce the <blink/> tag?
>"32-bit Windows-powered ATM"
> No further questions, your honour!
Lucky that there is no bash or openSSL in sight ;p
How is this any different to what Barnaby Jack demonstrated at blackhat in 2010?
Are opal cards vulnerable to the same class of attacks?
No, the best way to fight this is given the failure to encrypt the phone home to randomly send millions of books read (to the point where they cannot differentiate which requests are real)
>Good thing I have no interest in reading e-books. This could've been a problem for me if I did
Oh thank heavens. I was about to ask whether anyone knew whether this would be a problem for Frank.
> was the script that deleted all his posts, in fact, run on a windows machine
The site is built using a custom content management system which is written in Perl and filters its input through HTML Tidy. The pages are generated using the GNOME libxslt library. We make substantial use of the excellent DBIx-Class ORM.
The webservers are running Apache, with MySQL for the back-end database and the search engine. Our web applications (search, forums, Reg Whitepapers, Reg Events, etc) are all built on mod_perl. All the software runs on Debian GNU/Linux, chosen for its stability, reliability, flexibility, and especially for its superlative support of remote package management and upgrades.
So my guess is no.
EPIC MEMORY FAIL!!!
If you are talking about the physics involved, then yes, the 2.4 and 5GHz channels over which WiFi operates is a limited resource. Just like a road network, if everyone tries to drive at the same time then no-one will get anywhere quickly, but there are a couple of points that I take issue with:
1. Is it reasonable to expect that the density of WiFi communication is any higher in a hotel environment such as this than it is in a residential building in the CBD?
2. If there is a specific need for a specific set of rooms to be rf pure, then the solution is to build some sort of faraday cage around the room itself.
3. If such active DoS measures are unavoidable (which would be an absolute legal minefield if it reached off premise btw), then the hotel should be providing a ***free*** alternative (guest APs or wired connections), or a lack of availability of WiFi channels should be very clearly stipulated at the time of booking.
Fire with fire!
Find the sales office for these de auth tools and return fire.
I, for one, welcome our meme correcting overlords.
>I'd venture for most people, 500MBps is going to be plenty.
640MBps ought to be enough for anybody.
In your analogy, Google is not the importer. It is an index. Once you click to the link, the content is delivered from the source website. So the source website is the importer.
>Time to show the politicians (and in places like France, that includes the judges) the only language they all understand:
I thought they were using the language of retreat quite well.
No. The rort was to privatise Telstra in the 90s without splitting their retail and wholesale arms.
They need to decide if they sell a product or a licence. If a product then you should be free to do as you like with it once purchased. If a licence, then as a licence holder you should be able to purchase a replacement media or exchange format at (or reasonably close to) cost price.
In simple terms, if you want to force someone to purchase another copy for a format shift, then you are starting that they have purchased something physical rather than a licence.
Also windows since vista. There are basically two reasons to write to disk.
1. A requirement to not lose the data when shutdown or other system crash (including the VM host).
2. Overflow storage where there is insufficient RAM to work in memory (very large datasets).
This solution doesn't solve 1 and if you are using it for 2 then why not just give it that RAM as RAM?
>Have I missed something?
I thought the download links in my comment would suffice as a sarcasm tag. ;)
Deskman is/was always a *Microsoft* powertoy. It is not third party any more than the .net runtime could be considered third party.
Desktops was made by sysinternals but Microsoft bought them out a few years back (one of their more sensible acquisitions) so that is third party in the same sense that Skype or Nokia are third party.
>What do you mean...? How else can one access cyberspace...?!?
It is so sad what is happening to the information superhighway.
I think we all know why...
But will it bend?
Plus provably secure compiler. Even this can only secure against software bugs (buffer overruns etc). What about side channel attacks? The area of the various chips that heat up effectively leaks information too.
I mean, it is only in the last decade that people started to carry pocketable computers that happen to occasionally make phone calls. We seem to forget that before that point in time there was no way to catch criminals. It is only now that crime has been solved.
Just whack bash on there. Then you can sit wherever you feel like.
> "guess where I'm calling you from" for hours on end at 30k feet.
I'm on the plane. Hello? Yeah, the plane. Did you hear me? OK what did you hear up to? I'M … ON … THE … PLANE. No, plane. Yes. Anyway, nearly out of credit. I will call you later.
/yeah, that would definitely get old quickly.
If the cell tower antenna is capturing signal from above and responding in the same direction, they are doing it wrong.
>But what if it's not "a little temporary safety," but "the only thing standing between you and utter oblivion"?
I am not familiar with the situation in the UK, but here are the official stats from Australia. You were 45 times more likely to die least year from diabetes than from the last 2 decades of terrorism activities.
It is a threat, but nowhere near existential threat. That is just an absurd assertion. Any 'victories' in a military perspective that any terrorist organisation can have in the West is militarily insignificant (notwithstanding tragic for the families involved). There are regions where terrorism is an existential threat to some populations, but you can't sacrifice freedom to obtain security because you ultimately end up with neither.
They're testing it wrong…
Can anyone confirm which VPN services work on Vodafone?
Windows 'not 8'
Should sell like hotcakes.
Um, you can't make such a statement without clarifying what you mean by mp3 and what is being played. A 96kbps CBR sounds very different to a 320kbps VBR. Most people could pick the 96. Almost no one could pick the 320 in a statistically significant way in a double blind test.
>Suddenly, all of those 128 kbps MP3 audio files you grabbed from Napster in the 1990s are garbage to your ears.
I think 128kbps is low enough that most people could pick which is which for some types of music. If you double it to 256 and add some VBR, the difference is physically inaudible to most the population. At 320, you would have a lot of trouble in a double blind test to pick one from the other.
That is not to say that it doesn't sound better to you. We know for example that the placebo effect is real. Someone who is told that a particular medication will help their breathing performs better at altitude tests than control even if the medication is just a sugar pill. I am in no doubt that someone who knows they are listening to a lossless encoding will experience in their brain a better quality of sound.
Nonetheless, your point about 1990s tracks sounding like garbage is correct* but that has little to do with how the music is encoded ;)
* especially only happy when it rains.
>(Most headphones under £50 and most speaker systems under £500 cause far more alteration to the music than a high rate MP3 produced by a reasonable encoder.
Some headphones over £50 are pretty terrible in this regard; not to mention any specific brands that may have been pictured in the article.
EPIC MICROSOFT SUCCESS!?
>Write this down: You can't inject anything into machine code, which is what your CGI should be made of.
Yes, heartbleed only worked because openSSL is runtime interpreted rather than compiled.
>Still no word of JUST ONE commercial site (or device!) being pwned by this one
How do you propose to validate that this bug was the source of the mentioned pwnage? It would bypass the logging. Your server could be pwned without you even knowing. And Apache cgi-bins are just one vector we know of.
BTW, I would usually recommend against taking any BASH advice from someone called rm -rf / (although his advice is correct in this instance ;p)
>We've all got iPads now...
But will it bend?