re:spynet
....I take it noone read the thing saying it's opt-in?
without opting in, the only thing sent is what nasties were detected, and what action you took
y'know, like it says in the privacy policy
385 publicly visible posts • joined 18 Feb 2008
...there's some of the HTC apps shipped with the Hero in the mod too (like the greatly improved on-screen keyboard)
on the one hand, it would be best for android as a platform if these apps were available to everyone... on the other hand, with other manufacturers getting involved, obviously HTC are likely to want to preserve their work, and I wouldn't be surprised if they are next in line with the lawyers
as far as the google situation goes, couldn't they
- release the marketplace ONLY, as an installable-over-the-USB-cable app (wouldn't need to be open sourced)
- make the rest of the "default" apps downloadable from the marketplace for free (since every android should come with them)?
If they're going to windows-ise the windows version a bit, how about support for group policy, and picking up user-installed SSL certs?
oh, and have they fixed that bug where the browser cache is stored in the roaming part of a person's profile instead of the local part?
Easy. MS wants silverlight on intel's distro. intel wants a decent level of support. moonlight won't, or can't, provide that. So MS will.
so why have moonlight? Easy. MS wants silverlight on every other general-purpose distro. It knows that all of the freetards (as opposed to people who use linux or think that OSS is a good thing) would object if MS supplied it, more so if it wasn't open source (there are legitimate reasons why OSS advocates might not like that, as well as the knee-jerk freetard reaction). So MS gives support to other people to write moonlight as an open source silverlight implementation
everything except the photoshop it'll do. If you're wanting to do something with serious grunt (video playback doesn't count these days thanks to hardware decoding) you need a proper processor, not an atom. Which means you need a more expensive, less economical chip, which means you also need fans, which means you also need a bigger battery, and by the time you've added all that then it's:
- bigger
- heavier
- more expensive
at least 2 out of 3.
I have to say I'm not entirely sure how big the niche netbooks occupy is, but that archos occupies it brilliantly. Doing serious graphics work means needing a tablet PC that's probably ten times the cost.
Why is offering a lower price for people who don't need the extra cost that licencing various codecs incurs a _bad_ thing? As long as you do your research and realise what the headline price doesn't include... I like the pluggable nature of my archos, it keeps my costs down
It's a shame there's not going to be a phone version of this until next year, though
"Another reason...for a user to have control over their operating system/browser, rather than allowing the developer, in this case Microsoft determine where you don't want to go today."
You do know you can turn the filter off, right?
"It just needs to be standard compliant"
most of said tat/bling is from css3. css3 is not a standard (yet). Microsoft have this little thing called "backwards compatibility" which can be boiled down to "try not to change the behaviour of an application without a version change, if ever". Unless you are seriously wanting another round of designing practically 2 different websites depending on IE version, you should be _BEGGING_ MS not to implement css3 until the spec is completely stable
"However, PC-buying customers in EU countries would only have been eligible for new copies of Windows 7 E and would not have been able to buy upgrade versions from Windows Vista."
I don't recall seeing that anywhere.
I recall seeing info that you could not perform an upgrade installation of win 7 E... I never saw info that said you couldn't have an upgrade licence
"OK, now deploy it to all 60/600/6000 machines you have running Linux. Some of which are running mission critical applications"
and every single embedded linux system like routers, print servers, access points, mp3 players...
oh, and getting user-level access? Are you in your linux distro's security update mailing list? See how often updates come through for user-level access exploits in things like file archive reading, image reading etc. You could exploit a linux mailserver just by sending it an email, if it was doing virus checking.
"Ok I'm going to say it: The new web site is quite nice. A brave choice and not to every bodies taste but I like it"
I think it looks quite nice, however:
1. It displayed other people's details
2. It's a NEW site, they specifically say they DON'T support ie6... and it's not valid html. No excuse
btw for me the certificate worked when I checked...
(if you _really_ want to see it looking hideous, change backgrounds from the drop-down box...)
...meaning the absolute best case, assuming it's a bios password and being a laptop it doesn't let you reset it, is that the bad guys have to go to the "effort" of extracting the hard drive to get at the details.... not very good, is it?
I'll admit they were probably stolen for the kit rather then specifically for the data, but I bet whatever man down the pub techy they use to wipe them knows someone who knows someone who pays for that sort of thing...
I can quite imagine someone losing their job
while developers aren't lawyers, it's pretty common knowledge that you can't include GPL code in a closed-source app. some MS developer probably took shortcuts and used it, and didn't even bother to raise a query with the (formidably large) support staff. A while down the line, someone notices the infringement, quietly points it out to MS, and they have to release the whole thing as GPL (trying to spin it in the process)
that's my hypothesis, anyway
"Officers were attempting to arrest the unnamed Aboriginal man for sniffing petrol"
A taser is not a god-damn stun gun. It's an alternative to a normal shooty gun that might not kill people as much. it should _only_ be used as a "less lethal" solution in situations where you'd have had to use a gun before :/
"Run Windows and it thinks the Linux partitions are unformatted - despite third-party drivers being available for Linux file systems."
actually, for me, it says it's an unrecognised partition and warns me if I go to format it that it's probably being used by a non-MS OS.
does it read non-MS partitions? no... I'm not sure what the legal status of any of the IFS drivers that support EXT-2 is, but I'd imagine none are BSD-style licenced... and the difference in permission/ownership systems makes any such system vaguely annoying
"So tell me exactly why I should be throttled for a legitimate and legal use of my connection ?"
because you are using a far greater than average share of a contended resource at a peak time. throttling isn't a "punishment", it's a quick and dirty (and therefore low-ping-impacting) way of trying to ensure everyone gets a fair share.
Read their policy again. What you have described is a theoretical maximum download assuming the cap lasts for 5 hours twice a day
Yes.
There are 2 periods, each 5 hours long, during which you can get throttled. Throttling lasts for up to 5 hours. Thus, in each period of throttling, you can only be throttled once. Thus, you will be throttled for up to 10 hours a day.
Not seeing where what we're saying differers from what the policy says:
http://allyours.virginmedia.com/html/internet/traffic.html
"@Adam 52. Your sums are wrong. Please see VM throttling policy for 10Mb package and try again"
2 periods for throttling, in the afternoon and in the evening. Each is defined as a maximum of 5 hours duration. Assume worst case.
14 hours per day @ 10mbps is 61.5 gigabytes
(http://www.google.co.uk/search?hl=en&safe=off&q=14+hours+*+10+megabits+per+second&meta=)
10 hours per day @ 2.5mbps is 11.0 gigabytes
(http://www.google.co.uk/search?hl=en&safe=off&q=%2810+hours+*+2.5+megabits+per+second%29+%2B+%2814+hours+*+10+megabits+per+second%29&meta=)
Total amount: 72.5 gigabytes
http://www.google.co.uk/search?hl=en&safe=off&q=%2810+hours+*+2.5+megabits+per+second%29+%2B+%2814+hours+*+10+megabits+per+second%29&meta=
Turns out adam's numbers were conservative
"Ironically, exploit code associated with Anti-Sec's latest attack was posted on a full disclosure mailing list."
I'd image that's kind of their point ;)
my own view is that full disclosure should only happen,
a) sometime after the vendor issues a patch, or
b) after attacks are known to be widespread, or
c) if the vendor isn't updating their stuff
They are quite correct that this sort of thing isn't new, but:
" For example, the Event MPM effectively nullifies this attack, and was first included in a production release of Apache in 2005."
So I go to the apache website:
http://httpd.apache.org/docs/2.2/mod/event.html
"This MPM is experimental, so it may or may not work as expected."
"Production" and "experimental" are mutually exclusive, no?
"Since TPB and others are now peppering torrents with random and innocent IP addresses; innocent people are going to be cut off."
"Although my IP address could theoreticalyl b obtained by querying a tracker for peers on a torrent, this has been shown to give so many false possitives it is not accepted as proof."
That's really not hard to get around. All you have to do is only list IPs that have actually uploaded a verified chunk of file to whatever snooper they have connected to the torrent. That also ensures they are targeting "providers" not just "downloaders". Yes, that's a meaningless distinction to make in a p2p network. Yes, there's been cases of people getting letters as a result of fake IPs in swarms before (although not in this country, I believe). But if your immunity relies on them never ever wising up, I'd be just a little bit less assured...
Using someone's video to parody them is fair use. Using someone's video to parody something ELSE is not. So the video that uses the clip from Downfall to make fun of the MPIAA is NOT fair use.
Back in the real work, it's always going to happen (and think how idiotic people would have to be to object) - nevertheless, the point stands.
The statement is not precise. "86% attacked" implies Nick's interpretation, "78% automatically cleaned" implies Geoff's. I'd imagine a large about of that 78% was indeed blockings, while all of the 8% that required an engineer, and some unspecified amount of the 78%, was indeed the detection of something already resident.
"Everyone in France start torrenting Linux Distro's, creative commons, and your own licensed work !
When the bastards cut you off, sue them into the ground, with complete logs of everything you file shared, showing NO piracy at all"
That would only work if they were doing some sort of man-in-the-middle snooping of your traffic. Not only would that, as you've suggested, be inaccurate (especially for encrypted p2p) but it'd also be expensive, possibly rights-breaching, and also totally unnecessary. All the regulators have to do is connect to a swarm for a torrent of unlicenced media, verify the media IS in fact, what it claims to be, and record the IPs of any peer that sends them a valid (non-corrupt) file fragment.
HOWEVER this is where it all breaks down. What regulation is there to ensure the ips/times submitted are correct? What regulation is there to ensure the ISPs can resolve an IP and time back into the customer that was connected at the time? iirc in the comments for another one of these articles an ex-BT employee said the script they used for the job was a horrible frankenstein bit of hackery that was notoriously flaky...
technically, there is no problem ensuring only infringers get caught (or at least, infringer's connections - but most ISPs have a "you are responsible for what hackers do on your line, you are responsible for securing your equipment" line in their T&Cs.. and you'd hope after the first or second warning they'd sort it out). It's the human/beuracracy factor that makes this scheme dangerous.
it compiles to CIL, not raw assembler (else it won't be patform independant, unless you are meaning that CIL is the assembler language of the CLR) but I think only a subsection of the full .net APIs are available (the linux download is 9 meg, which I wouldn't classify as "hefty")
as regards sandboxing though: how is that any different from the sandboxing people have to rely on to make sure flash code, or browser javascript, or pdf javascript doesn't take over their systems?
having said that, moonlight 2 is nowhere near done, and its sandboxing code is at best not yet tested ( http://www.mono-project.com/Moonlight/SecurityStatus ) which means that you can either have platform independance (moon/silverlight 1 and javascript) or language independance (silverlight 2) but not both
"It's an invaluable resource for helping the kids with their homework, or just spending an afternoon expanding your knowledge. It's great for getting an overview on a subject and supplying you with key words to search for using Google. You've just got to be careful NEVER to repeat anything indiscriminately, without following up references and getting confirmation from secondary sources."
but the point that's being made, time and again, is that if even those who are supposed to make a living from information are getting incorrect data from wikipedia, what chance do schoolkids have? If I want to expand my knowledge, what good does a source whose validity I don't yet have the knowledge to evaluate do me?
The furthest I go is checking out the sources/references on a wikipedia page, and that's _after_ checking the discussion page for signs of wikiDrama: but evidently lots of other people aren't. This may be a problem with people, rather than with wikipedia, but humain nature ain't gonna change.
Well said!
however, I'd qualify your last point (appearances do matter) - different people have different working habits and modes of thought. one man's "it just works!" is another man's "i have no control!" and one man's "I have total contro!l" is another man's "why isn't this configuration automated?" - and sometimes it's the same man ;)
You need to read his comment instead of just copypasting a standard rebuttal (the "proven monopoly" line was a giveaway :P )
that AC was proceeding on one interpretation of the rules. I don't see how the interpretation he's using (that the rule is "no program may alter the user's preference over what the default browser is", NOT "you may not write a browser") embodies monopolistic tactics, and I'm genuinely curious if you can explain that.
of coure, the wording is a little wooly, and it's possible the correct interpretation is indeed the braindead one. In which case it's not only monopolistic, it's damned stupid.
does that mean you _are_ still allowed to have a browser, it just can't make itself default? and can the _user_ make other browsers the default?
If "yes" to both, then meh, it's a perfectly reasonable thing ("no apps that randomly stomp on the user's preferences"). If "yes" to the first only, it's still somewhat understandable. If "no" to both, that's totally stupid
though at least with windows mobile you can still manually install stuff if you want
...because that way you pay less for a version that doesn't include things you don't want?
ignoring netbooks for the moment, there's essentially 3 versions: home, business, ultimate, where each is a superset of the one before it - in business you gain remote desktop and AD support, in ultimate you get bitlocker and what used to be called SFU. Realistically, 99% of people only want home or business, then.
The other versions are are volume licence version of ultimate, a home basic version for poorer countries, and the tesco value edition for netbooks.
"The Bill also contains provisions to permit, though not compel, employers to employ people from disadvantaged or under-represented groups, but only if they are an equally good candidate for a job as someone not from that group."
are you saying up until now, if there were 2 equally good candidates we were forced to take in someone from an _over_ represented group? I don't think so...
(which means I'm going to continue torrenting what I want, when I want, until the pricing from the media companies becomes realistic and fair, games aren't drm'd to the point of collapse, and commercial actually works and is worth the price the manufacturers expect you to pay for it. If they didn't rip us off in the first place we wouldn't go d/ling hookey copies)
self-serving hypocrasy. "It's alright to rip these people off, because they rip people off!". Er... no it isn't. Either being a rip-off merchant is OK (in which case you should have said "I'll bittorrent because I'm a cheap git scumbag") or it's not, in which case you just DON'T BUY THE STUFF. Apart from anything else, you're convincing publishers that there's a decent market for their stuff if only they could write some better DRM.
And for myself? Yeah, I use bittorrent, and I'm a cheap git scumbag. But at least I know it, and at least I'm not trying to claim some kind of moral right to rip people off.
I'd be happy if they took advantage of features in XP, to be honest. I run my own website/general purpose server, and have a self-signed root certificate which signs any ssl certs I need, so I only have one thing to install to avoid certificate errors... NOT.
Because firefox, in its infinite wisdom, totally ignores window's built-in cert store, meaning I have to install the cert into FF seperately. Something that chrome managed from day 1, I might add.
And don't get me started on group policy and roaming profiles...
Dropping support for XP SP1 and win2k, yes (the only people using them will be corporate types who are forced to use IE6 anyway) but SP3 is perhaps a little recent to be enforcing it. And XP is used in 60% of computers in the valve hardware survey, which is a pretty cutting-edge market segment, so I don't see making it vista-only worthwhile.
I agree that article is a piece of mince, but your dell vs apple comparison isn't too great either. All you've proved is that it's possible to find systems more expensive. But the thing about PCs is that you aren't forced to buy from the one vendor. It's certainly possible to get a machine with the same spec as that apple for less
"SQL Injection" isn't what happens when you don't validate your input. It's what happens when you use a way of talking to your database that requires validating your input in the first place!
Like many of the commenters have suggested, using parameterized queries / bound variables, or whatever you want to call it.
Validating your input is for preserving the sanity of your data, _NOT_ for preventing injection attacks. Optionally, you might quote/validate input that you know is only going to be output in one format (say, text in a web page) to save you doing output validation (but I prefer to escape html entities on output and leave my data "pure")
... just assume _all_ cameras on _all_ phones are crap :P
While i'm sure there are exceptions, like presumably the ones mentioned in your article, in general they are all crap because of the optics. I have a very old digital camera with less megapixellage and it's miles better than any camera phone ever
I thought the feature list on the original iPhone was lacking in many many ways; the quality of the camera wasn't one of them
Don't forget certificates. many corps may have a root certificate that signs all kinds of in-house stuff (vpns, websites, programs etc.) which is self-signed because it would cost too much for internal computers they can install the cert on anyway. Except FF totally ignores the windows cert. store (whereas chrome, for instance, works perfectly)
these apps would do better if they tried to use the features of the OS instead of going their own way. Makes sense in the linux environment (all apps are self-contained; can't make assumptions about the OS because it could be heavily customised), but not on windows
(I wonder if anything other than IE uses the windows RSS store, for instance? though even outlook doesn't use it yet...)
". Frankly, it's sad to me that their parents don't realize this is wrong and they should be encouraging them to take the classes"
"Parents thinking their children's behaviour was wrong" is not equivalent to "parents thinking their children's behaviour is criminal" or "parents thinking their children's behvaiour means they need to attend a re-education program". It's very possible for their parents to be standing up for their kid's rights without them endorsing their behaviour, and well done to them.
"So, IE8 was being rolled out in Beta (and released on Thursday) and they didn't include the ASLR/DEP until the day after? I mean I do believe it, I'm just not smart enough to figure out why the security gets added on D-Day plus 1."
that's not what the article said
the article said the security wasn't in the beta (which was what was targeted during pwn2own) but was present in the final release.
"It also means that Microsoft continues to exert undue and damaging influence over the web"
If IE8 didn't support these older sites, it wouldn't drive those webmasters to upgrade. It would drive network admins to block IE8 from autoupdate on their networks
"What about the home consumer?" I hear you ask. The home consumer is either using firefox, doesn't care, or only goes to sites that work in every browser ever made anyway.
This is and always has been about the crufty intranet sites that dinosaur corporations rely on; if IE 8 didn't support them all that would happen is that there wouldn't be a clear upgrade path for those sites (like, say, crufty site -> works in IE8 -> rewrite to be standards compliant, which should still work in ie8 -> roll out firefox)
And it's slightly arrogant of opera to criticise MS for going their own way, and then moan that Apple won't let Opera go _it's_ own way; it implies some kind of "I know better than you" attitude. And it's ironic that of the 2 popular paid-for desktop OSs*, MS is by far the most open...
*Just to avoid whether or not people consider linux a viable broad appeal desktop OS, which is something for another day