Re: Can you actually read anything on it?
Android has proper support for DPI scaling. Text will be the same size as always, it will just look better.
29 posts • joined 14 Sep 2007
What bothers me about this article is not the vulnerabilities themselves. Yes, graphics drivers are buggy, any most likely exploitable through GLES and GLSL if you're not careful. This is bad.
What bothers me is that it is being painted as an end-of-the-line, unfixable problem for WebGL. It's not. Browsers could add sanity checking to values passing through the WebGL layer. GLSL shaders could be sanitized. It'll hurt performance a bit, but what are you going to do? Hell, Google Chrome on Windows is already passing the OpenGL commands through a translator (ANGLE) to translate them to DirectX (and therefore is translating GLSL to HLSL) to bypass the dodgy OpenGL situation on Windows, so I see little reason why sanitization cannot be added to this as well. Similar should be possible for any browser, though Google may have a head start due to ANGLE.
I'm not saying this will be easy, but I really don't see why it's painted as being so very impossible. Hell, Google wrote a sandboxing architecture to allow x86 code to run safely from the web. This should be doable.
SpiderMonkey, TraceMonkey, JaegerMonkey, IonMonkey?
What the everliving fuck are these people ON? I realize that developers like to give things codenames early on, but seriously, how the fuck am I supposed to know what this shit does? To the outsider, it's utterly impenetrable. Worse than 'regular' jargon.
Good luck with that.. since the addition of Android phones, Virgin Mobile hasn't been able to keep their data network up and running. The Sprint network proper seems okay, so it's unclear what's going on, but I wouldn't put my money there right now. Wait and see; maybe they'll fix it, but I'm not holding my breath.
Microsoft doesn't ship OpenGL drivers with their OS these days, so ma and pa who never update drivers from the video card manufacturer's website don't have OpenGL support. This very likely accounts for a large majority of machines.
Also, Intel's 3D drivers for Windows have pretty abysmal OpenGL support, as I understand it. Not that Intel's 3D drivers for DirectX have a sterling reputation either; however, their chips are very common, because most people don't know any better, nor do they care to.
Oh, so you can take code for Windows and just run it through GCC on Mac OS and it will just work, eh?
The actual reason that Chrome is so slow to be released on Mac OS X is due to problems implementing their one-process-per-tab architecture on OS X. You see, Windows has no problem allowing a window from one process to be parented to a window from another process, thus how the content from a tab process can be rendered within the Chrome window. But Mac OS X, as of 10.5, doesn't support that.
So, they've had to rearchitect that part of the system for the Mac port. Therefore, delay.
But, I'm sure if you were on the team, they'd be done by now.
"From where we sit, however, Palm doesn't have the right to tweak its iPhone competitor to make it pretend to be something it's not."
The hell they don't. It's just bits, ones and zeroes, and not even particularly interesting ones or zeroes. It's a vendor ID field, _a number_.
If they want to tweak it to claim to be 7, 42, or the square root of 2, more power to them.
Google may try to obfuscate their reasoning with ridiculous statements like "Your computer has to do extra work to decrypt all that data" (my Core 2 Duo is more than capable of decrypting one paltry GMail session, thank-you-very-much), but their real reasoning is clear.
They don't want their servers to have to do all that "extra work" to ENcrypt all the data. It would mean they'd have to buy more servers, and that would hurt their bottom line. That is, ultimately, all that any company gives a shit about (do-no-evil or otherwise). Oh, and I suppose that using more servers isn't 'green' or something- I'm surprised they didn't trot out that line. Save the planet, ban encryption!
They give you the option to turn on https to placate the savvy users, but everyone else gets whatever uses the fewest CPU cycles. If you expect them to do anything else, you don't understand how a business works.
"The REAL question is what else in their system failed that allowed a surge to get that far into the network..."
EVERYTHING failed; it was a direct lightning strike. If you think you have a surge protector that works against that, I suggest you get yourself to the patent office straight away.
"The better question is why didn't UPS and generator kick in"
Oh come ON. Lightning doesn't cause a power INTERRUPTION; it eats your infrastructure for breakfast. Nothing is going to protect your data center from a lightning strike. Oh, so you have a UPS system? Well, when the massive current fuses every metallic component in your UPS into a giant conductor, fat lot of good that will do you.
I have (had!) a backup server hosted by these folks... I used to have some more important stuff there, but pulled it out a few months ago because HyperVM was making me nervous. They pulled the entire control panel down several times since recently due to suspected vulnerabilities in the software.
Basically, HyperVM looks like a house of cards so I think it was only a matter of time before it got hacked. The control panel appears to run as root on each VPS host, of course any outward-facing thing can get hacked but there ought to have been some level of abstraction between the control panel and the VPSes to slow down the hackers. Doesn't seem like there was though.
Pretty glad I moved my stuff when I did.
Seriously, I am tired of the attitude that everything on the internet should be free and that ad revenues are a viable way to sustain a business.
There is only so much advertising that you can shove down the throat of consumers. It is just advertisers advertising for advertisers advertising for advertisers at this point. It is just a bubble that is going to burst sooner or later.
That's not to say that it is reasonable to expect me to pay $25/mo for a service that used to be ad sponsored when I know full well that the advertisements you served to me brought you a grand total of 4 cents of revenue. Let's just be realistic- you bill me for 8 cents instead of 4, you make twice the money, we can all go home and I can stop looking at ads for pointless bullshit I don't need or want and will never click on.
With all of the hyperlinks in this article, I figured the reg signed up for some sort of contextual link ad company or something (Kontera and friends).
Seriously, we know how to use a search engine, I don't need every second word to be blue so I can be linked to an explanation. This is an IT website.
"More-adventurous users might be happy to download their own non-Microsoft players, or treat the netbook as a lightweight second machine that doesn't need media. Most ordinary consumers won't, though, and will - rightly - expect a fully functioning, self-contained PC package out of the box."
Please... OEMs will just bundle PowerDVD or something which they can license for pennies. Microsoft removing DVD support from the OS (frankly, I didn't realize it ever had it) is hardly a loss. Ordinary users will GET a fully functioning, self-contained PC because the OEMs will make it so. It's the more adventurous users that will have to go to extra effort to rip out the preinstalled bloat.
Also, as it has already been pointed out, netbooks don't have an optical drive.
Will have to test this next time I use Paypal (I have a Paypal fob). If this is really true then one has to wonder what exactly the programmers at PayPal are smoking. A validation function that returns success regardless of input? Awesome coding guys!
I'm not sure how exactly a security vulnerability this wide slips through the cracks. Testing, wonder if they've heard of it?
On a tangent, why the hell does Paypal make me answer a security question after I have successfully (1) provided my user ID, (2) provided my password, AND (3) provided my key fob number thing? It's beginning to get on my nerves, and I'm not sure I understand what additional security it is generating. If they've stolen my password AND my fob, then congrats, they probably deserve access to my account already.
Hah, yeah, you can't update your credit card through their system, but at least they let you do it online somehow (not that e-mail/phone is overly secure but..)
At my *other* host, they make me fax them a signed form for changes. Fax! Who has a fax machine? Have to go to Kinko's just to update my billing details....
So they say the attack had the potential to expose names, addresses, phone numbers, email addresses and server login details.
The first four points are of course true. The fifth (server login details) is true as well, but only because people are dumb enough to give their server provider their root password (to fix a problem, etc.) and then NOT CHANGE IT AFTER.
I lease a server from LT and although I've certainly changed my support portal password, I'm not losing any sleep over the security of my server itself. Any server password I ever gave to their techs was changed the moment after they were done with it. They have no business retaining any valid logins for my server after that point.
I have trouble feeling sorry for anyone who doesn't follow this basic security procedure.
Must be in Europe that the mobile phone reception doesn't suck inside buildings (last job was in Canada).. heaven help me if I tried to use a cell phone inside the office, it would be dropping constantly or all I would hear was a bunch of garbage... or sometimes I could hear the other party but they would just hear a bunch of garbage from me. Useless. Desk phone all the way.
At my current job I don't even have a phone. Let the receptionist answer the damn phone. If someone needs me, they can bloody come talk to me. I love it.
Although at some level I like this idea- I don't really believe that the masses will ever be smart enough to run their own damn computer- this proposal seems to raise more security concerns than it solves.
You're putting the security of your box in the hand of some 'geek' you've never met who works for the management company. (Or maybe just a 'volunteer' to the project?) Maybe that geek is trustworthy. Maybe he's not. All it would take is one malicious 'administrator' to turn all the boxes into a botnet.
This sort of things works pretty well in a corporate setting, where you're turning over control to the IT department, who you have some level of 'relationship' with and some reason to trust them, but to turn over control of a personal computer to an organizaton with offices hundreds/thousands of miles away (maybe outsourced to India someday), enh, I wouldn't let my granny do it.
Unless granny is turning over control to someone she already trusts (i.e., her geeky grandson)- which pretty much eliminates any edge this has over existing Linux distributions- then I fail to see how they intend for this to be trustable in a grander fashion. They better have an ace up their sleeve if they intend for this to go anywhere.
Biting the hand that feeds IT © 1998–2020