Posts by Oninoshiko

Let me fix that for you:

Interesting how totally making stuff up can make such a difference to new information

From the article: "Acidgen also provided suggestions for fixing the flaw." That would be FOR FREE. You know what, anyone who wants to can freely extort ABSOLUTELY NOTHING from me at any time. It really fits solidly into the "I don't mind" department.

In addition, he didn't make a demand that it be patched in a certain timeframe, he REQUESTED to know when they would release the patch so that he could withhold publishing his research until a fix could be deployed.

It sound an awful lot like he did all the right things. His FIRST concern was protecting the users of this software, his own ego was a close second. Even after it, apparently, has been patched, he still only disclosed the vulnerability, not the PoC code, WHICH HE APPARENTLY WROTE AT THEIR REQUEST.

http://www.darkreading.com/vulnerability-management/167901026/security/vulnerabilities/229402356/another-researcher-hit-with-threat-of-german-anti-hacking-law.html

http://www.corelan.be/index.php/forum/security-advisories/corelan-11-002-magix-music-maker-16-stack-buffer-overflow/

@Arctic Fox

Maybe you are correct, and the movement from an innovative industry to one dominated by anti-competitive behavior is inevitable, but I don't think that calling out the industry for going there is necessarily wrong. Maybe someday we can learn from our mistakes, or (better yet) just try doing the right thing.

Maybe it's a little naive, but maybe too I don't want to be always have to be the cynic I act.

hear, hear!

Let's all give a round of applause for the hard work of ACs the world over in making the internet happen in the country!

well....

It can swing both ways. I live in a community with municipal power, while the communities around me have power provided by private 'leccy companies (you can choose your 'leccy company, The delivery charge is the same for all). Our municipal power is cheaper.

I've not figured out why yet. I'm not being sarcastic, larger neighboring communities should have cheaper power, but in practice theory isn't working. There must be some effect here I don't know about.

Of course, don't get me started about how much I hate my natural-gas provider. Incompetent morons.

----

What are they using the sewage for? I thought in most regions that was a pretty serious offense.

@Highlander

Have ever even SEEN a modern automobile? Since you apparently just arrived (I took the long way myself) from 1985, Doc Brown, let me clue you in: a modern automobile has upwards of 50 microprocessors. These run (cue shock and surprise) SOFTWARE which monitors and controls systems throughout the vehicle. The person making the "car analogy" SPECIFICALLY said altering the car's software (which people do). Really I have a hard time calling this an analogy, as it is EXACTLY what GeoHot did.

*sigh*

"If you are so good at Ubuntu, you might already know that you can't run it as root"

not run as root? ever hear of privilege escalation attacks? Linux has been found to be vulnerable to a number of them over the years.

" so it is almost impossible to ruin a system like one would do with Windows."

Accidentally, maybe. But if someone is trying it's not "almost impossible," it's arguably "mildly difficult." (FTR the argument is that it's even THAT hard)

"Oh, and a Linux knowledgeable person wouldn't take that much pleasure bragging how he disinfects Linux PCs."

I think you misread the post, he wasn't bragging about it, just pointing out that Linux isn't the solution to all the worlds woes that the penguinistas seem to think.

Ok, I'll admit it... I maybe trolling a little bit at this point.

The Science inquisition?

The Science inquisition? Sounds like a good name for some of the GW activests...

The UN Population Fund made a recommendation that global warming should be combated with population controls, despite admitting "The linkages between population and climate change are in most cases complex and indirect"

how about Jacques-Yves Cousteau?

"World population must be stabilized and to do that we must eliminate 350,000 people per day."

or maybe Prince Phillip

"In the event that I am reincarnated, I would like to return as a deadly virus, to contribute something to solving overpopulation"

maybe David Bower?

"Childbearing [should be] a punishable crime against society, unless the parents hold a government license ... All potential parents [should be] required to use contraceptive chemicals, the government issuing antidotes to citizens chosen for childbearing."

Combined that with 10:10's exploding head video... no, I don't think I want to see the science inquisition, thank you very much.

Unrigged?

unrigged? If you believe that one, I have a bridge for sale... every game is rigged, normally it's built into the rules.

There are exactly two bets in all of vegas that dont have a house advantage:

Pass/Don't Pass in craps generally are paid out inline with the actual odds (assuming fair dice).

The only other reasonable bet is if you're counting in Blackjack which, while (contrary to popular belief) is perfectly legal (when done without any form of aid), will lead to you being asked to kindly take your winnings and depart.

Betting the banker in baccarat has a vary small advantage to the house (less then 2%), assuming the commission is low.

WTF?

Actually, DARPA are notoriously BAD at what they do.

If anything comes out of this, it will probably something totally unrelated. I'm hoping for the cure for cancer.

You're right even more then you know

Reading this reminded me of a Yogi Berra line: "It's like deja-vu, all over again."

It's kinda funny that it happens to be AOL caught up in this, as they had to pay out 15M USD to their "Community Leaders" a group of volunteers that served as moderators on AOL. two of them filed suit for unfair labor practices in 1999.

So in addition to the "we licensed HuffPo to use it, not AOL" argument, there is also the matter of US federal labor laws. I think AOL will be settling this out of court.

(Most of the information about that class action has disappeared off the internet, unfortunately I can't find an authoritative source for the 15M number. http://news.cnet.com/Former-AOL-volunteers-file-labor-suit/2100-1023_3-226360.html)

I call

Rule 34.

Clearly you must be new to the internet.

I don't know.

Seemed to go pretty darn well for Nathan Birnbaum (January 20, 1896 – March 9, 1996). You might know him as George Burns. I remember seeing an interview with him in the early 90's, when asked what his doctor thought of his smoking, he quipped "My doctor's dead."

Now, I don't smoke, stats show that it increases my risk and accounts show that it lowers my funds. That said, if you want fag, have at it.

Bad assumption.

Diesel subs are being being used by drug cartels. while most are fiber-glass, and few are fully submersible, atleast one fully-submersible steel one has been found.

http://news.bbc.co.uk/2/hi/americas/915059.stm

where are your numbers from?

Nuclear alone, using fast-breeders, is enough to last us 30,000 years. That is not even counting the concept of moving to the much more common (and potentially safer and cleaner) Th-232.

http://www.scientificamerican.com/article.cfm?id=how-long-will-global-uranium-deposits-last

*sigh*

A patent violation is something that is determined by a court. Experts need to look into it. Microsoft is a biased party, by definition you should not trust them on it. There my be a violation, it is true, it also may not achieve novelty on reexamination, there might be existing prior art on reexamination, the accuser may be just making stuff up too.

To date no non-biased party has found a patent violation in Linux, Period. Microsoft claims to own some, but wont tell anyone what they are... sounds fishy to me. Let's lay down the cards and see who's holding what.

Android, might violate the patents Oracle bought from sun, the jury's still out. But the "slightest bit of critical thinking" would show that onus is on the accuser to prove his/her case, and the defendant should get the opportunity to defend themselves.

Horse-drawn carriages? My god, you're a MADMAN!

We can't use horses, sometimes they get startled and trample a child!! What are you, some kinda heartless bastard? THINK OF THE CHILDREN!!

I propose everyone get of those giant plastic ball things, that way we can't run over each other, and the ball will keep of from getting hurt.

hrm...

I'm glad no one gave me to eyes. Giant eyes would be creepy, twice over if the owned me.

The two are related HOW?

The number of vulnerabilities in a system has no bearing on the legality of attacking it. That's right up there with the "oh common, she was asking for it, just look at her" defense.

If your granny penetrated these systems, she would also be a criminal. As it is, your granny probably couldn't have penetrated these systems, as I'm sure she has the common sense to recognize that is is wrong and illegal.

Either a) he knowing broke the law, in which case he should pay for the crime, or b) he could not tell right from wrong, in which case he is criminally insane and needs to be separated from society for the mutual protection of both.

In addition

for LFTRs if they do overheat, a plug (imagine some ice plugging up your sink drain) melts out and the core (which is normally liquid, making the term "meltdown" meaningless) just flows out into containers which make is more dispersed, taking it non-critical (a normally operating nuclear reactor is "critical" meaning there is enough density if fissile material to sustain a chain reaction).

The reason we don't use them they don't generate enough nuclear waste. Because I am fully aware of how "tinfoil-hatter" that sounds, let me explain. In the 1960's, when much of the choices were being made about what should be researched in the field, there was a little cold-war with the Soviets going on (you might have heard about it). A core part of this was the creation of atomic weapons. One of the common ingredients (Pu-239) in a atomic weapon just so happens be in the waste products of common Pressurized Water Reactor designs.

This combined with a underestimation of the amount of U-235 was available lead to a concentration of development designs based on the dirtier, less-safe, and less readily available (0.74% of U is U-235 vs. almost 100% of naturally occurring Th is Th-232, in addition it is estimated that there is 4x as much Th as U naturally occurring) fuel.

Most of the waste from the Thorium fuel cycle is not suitable for weapons, and the excess of U-233 which is produced is mostly fed into the core to sustain the reaction. The U-233 which is above the requirements is such a small amount that it is not considered a large proliferation risk. That said, there is normally too much Pu-240 in waste from a "conventional" civilian reactor to be used directly for weapons but centrifuges can be used to remove the contaminating isotope.

There have been a couple of LFTRs built, notably the MSRE in 1964, which went critical (remember, being critical is the normal state for a operating nuclear reactor) in 1965, and operated as a research reactor until 1969. This tested many of the systems, including (and possibly most importantly) the frozen-salt-plug safety-valve, which was used to shut down the reactor multiple times. There has been a resurgence of interest in this technology lately, I have read of programs in PRC, India, and Japan to finish the necessary components to use this technology for power generation.

I just love ACs....

Webkit: A fork of KHTML, LGPL was a requirement as a derivative work.

CUPS: Predates Apple. (yes they hired michael sweet, but this is still just them using an existing project)

LLVM: An existing project from the University of Illinois at Urbana-Champaign/National Center for Supercomputing Applications. Compliance with the UofI/NCSA license was a requirement as a derivative work.

Clang: This is the ONLY thing in this list that Apple actually deserves any credit for, but even so, this is just a ObjC front-end for LLVM. Without LLVM, It wouldn't even exist, let alone be under the same license.

Darwin/XNU: fork of Mach and BSD, with a little CDDL licensed code from SUN. While the BSD and CMU licenses would have permitted re-privatizing this code, It would have been largely pointless at the time (because Apple's value-add isn't the kernel or commandline userspace). CDDL code, of course, must remain CDDL.

As to the rest of your post, Apple most assuredly has a monopoly on iPhone app distribution. And no, when they sell the toy to a consumer, it becomes the CONSUMER'S toy, that is what "selling" is.

RE: Lewis Mettler, not completely accurate

I seem to recall a article on the vary site about some code entering the kernel from MS, I think it was to help running linux on Hyper-V or some such. If my recollection is correct, that means that Microsoft does own some copyrights to the Linux kernel. That might be enough to give them standing (the right to sue).

IANAL, of course.

As ratfox mentioned above

prepared statements are pretty close to what you want. They allow you to write up the SQL statement, and sent it off to the server, then you just call that statement later and send the variables for it. Because the variable-values are kept separate from SQL, it's (AFAIK) immune to SQL-injection attacks.

You also get the side benefit of having more responsive queries (you don't have to keep sending the query and redoing the planning phase each time).