Comment Re:They're right (Score 2) 503
it makes more sense to just link in the quake engine and support a "quake" tag
Yesterday's news, my good man - haven't you heard of Quake Live? Serve up the
it makes more sense to just link in the quake engine and support a "quake" tag
Yesterday's news, my good man - haven't you heard of Quake Live? Serve up the
Indeed. Remember how well it went for the Germans the last time they tried to phase something out....
Here in the US it is not out of the question to be sued for your public domain program.
If you have some concerns above and beyond freedom, such as being sued over the code, then why would you settle for a BSD license, when you could use the Apache 2.0 license which requires contributors to give patent indemnifications?
Would you honestly prefer that a patent troll gave you some BSD licensed code to put in your project, then sued you over it?
Why would they?
If you want "true freedom", put your software in the public domain.
If you want BSD levels of freedom, the Apache license is better.
This is not even a thinly disguised attack piece. Yet another "if you don't subscribe to the current global warming facts you are an idiot" . As in, there is no room for debate, it has been decided, any contrary view is automatically wrong. Any discussion which does not state full agreement is wrong. Any facts not in the approved list are wrong.
I don't like the article either, it casts aspersions and doesn't say much. However, I don't like your comment either.
If you don't subscribe to the current facts, then you are an idiot.
Global warming is happening. We have hard evidence that the global average surface temperature of the earth has risen between 0.4 and 0.8 degrees C in the past 100 years, and that the majority of this increase can be attributed to human activity.
This has been under sustained scrutiny for years, and while there have been plenty of improvements in the accuracy, nobody has provided credible evidence that the contrary is true; that AST is not increasing, or that its not primarily attributable to human activity.
You are free to debate what we should do about it, you're free to model what you think the localised effects of global AST increase will be, you're free to critique the methodology used for data collection, you're even free to throw out the "conclusions" section of any paper and come up with your own conclusions based on the same facts. You're just not free to make up your own "facts".
How well does the validation engine cope with code that's deliberately obfuscated?
Very well. It rejects it outright.
Disassemble the binary blob. Reject it if you see any instructions you don't allow or don't know how to handle. Reject if it jumps into the middle of any other instructions, or outside its area. Reject if it tries to modify the segment registers. Reject if you find unreachable code.
I'm going to go out on a limb and say that it's very unlikely that you'll be able to break out of the sandbox. The most likely vector of attack is a carefully formatted IPC message between the sandbox and the browser to exploit a bug in the browser, or get the browser to unwittingly inject code into the sandbox, because the sandboxed code is verified that it can't do that itself.
And the company Anonymous is going after probably helps stop real security threats that most of us would agree merit stopping; not just Cablegate-related stuff.
To help you out: HBGary is still running. HBGary Federal is a new spin-off company started in December 2009 to try and sell "cybersecurity" products to the Feds.
If they were cybersecurity experts, ones that were worth paying for with your tax dollars, then Anonymous would not have been able to pwn their website, twitter accounts, email,
According to some of those recently pwned emails, the spokesperson Aaron Barr admitted to his own staff that he was deliberately provoking Anonymous, because he knew that the press was interested in anything to do with Anonymous and they'd get good publicity and possibly sales.
The money quote from Aaron's company email: But it's not about them... it's about our audience having the right impression of our capability and the competency of our research. Anonymous will do what every they can to discredit that. and they have the mic to speak because they are on Al Jazeera, ABC, CNN, etc. I am going to keep up the debate because I think it's good business, but I will be smart about my public responses.
Does that help you swing one way or the other?
However, developers are still subject to the rules of the Android store.
They are not. Tick "Settings -> Applications -> Allow installation of non-Market applications" on your Android phone and install the app directly from the developer's website.
The day you can do that on an iPhone is the day it stops being a closed platform.
The phone manufacturers are carriers still have the final say on which features of the OS are actually shipped intact
There are hundreds of Android phone models. Not all phones have or need the same features. If you don't like one phone's feature set, choose a different one.
Find me an iPhone manufacturer that isn't Apple.
If I find Motorola's restrictions on a DROID 2 onerous, I could just buy Google's Nexus S instead. They're both Android phones and they'll both run the same apps.
Find me an iPhone that's sold without Apple's restrictions.
Downloads don't revolutionize music consumption in the way the cassette did
Are you kidding?
Cassettes allowed portable playback - great. But digital downloads just made impulse buying possible. You can buy anywhere, anytime. It's not convenient to buy from a physical music store unless you're already in one.
Physical music sales don't know they're already dead.
Check out this graph of music sales by format, 1973-2008. You can clearly see that each format grew, peaked, then was pushed to death by some new format. Cassettes killed vinyl. CDs killed cassettes. Digital downloads, provided they don't suddenly drop (and there's no indication that they will) are going to utterly kill CDs in the next few years. Since 1999, music publishers have made less and less money from CD sales.
Sure, you'll still be able to buy CDs - even in reasonably sized shops like HMV. There are any number of vintage vinyl shops trading today. But it's not where most of the money in selling music will be; the billions. That will be digital downloads.
Sorry, the oversimplified version is confusing and misleading.
Text messages aren't sent as an extension to messages that would've been sent anyway. They're sent in contention with very important messages like "you have someone calling you", and if not carefully managed can overwhelm the capacity of the cell tower.
A cell tower's connection to the hard-wired telephone network has one "control channel" and multiple data/voice channels.
SMSes go on this control channel.
This one control channel is shared by everybody in the same cell as you. It carries important messages like "there's a phone call from +1234567890 incoming" or "user +1111111111 wants to call +1234567890".
The control channel has 64kbit/s of bandwidth available and has promises to deliver messages without delay and in order. It's an expensive way to send data compared to internet data routers (which don't promise to deliver anything or in any order).
So sure, back when signalling channels were mostly empty, people thought "why not put text messages on them". They now rue their decision and text messages' massive popularity overwhelms a signalling channel not really designed for them.
It's possible geohot could dump the public key metldr uses for verification, from any new metldr, but he won't be able to take multiple public keys where Sony used the same random number and turn them into the private key used for signing.
We have the signing key right now. We're unlikely ever to get that again.
Is this downgrade also dependent on metldr (or lower) being non-updatable?
Yes.
If geohotz hadn't given us the metldr private key, we could not sign our own firmware.
In that scenario, the lv1 revocation list hack would have been useful. It would allow us to install older Sony-signed firmwares that metldr trusts, but then skip the lv1 check that refuses older firmware. If we knew all private keys but metldr (which fail0verflow did), and Sony came out with an upgrade and we applied it, we could still downgrade at a later time to an official Sony firmware where we knew the private keys, despite the system Sony put in place to stop us doing that.
However, geohotz gave us the metldr private key, so we don't even need that. We just write our own firmware and sign it.
To deny us, Sony now have to alter metldr.
Nice post!
1) True, but doesn't make updating metldr impossible if Sony kept a copy.
2) True, but doesn't make updating metldr impossible if Sony kept a copy.
3) It is, but Sony are happy to make their customers' Windows PCs vulnerable to viruses in the name of DRM (XCP scandal). Even Nintendo were happy to brick Wiis in pursuit of locking out mods.
4) There's no reason why Sony can't have two separate paths: compromised firmware with old keys for offline updates, plus uncompromised firmware with new keys for online updates.
5) If the alternative is games and media publishers abandoning their platform, they now have the incentive to build the necessary infrastructure.
6) There is no currently known way, correct.
7) That's a very large "probably" and whether Sony can recover control of their platform hinges on it. If there's the slightest possibility they can do it, they will.
Hackers can change any new firmware as they wish and sign it again. This work can then be used by anyone who didn't install it.
If you do install any firmware after 3.55 (which Sony haven't released yet), it will likely a knock-out punch that changes all the keys, including metldr, so your PS3 will be impervious to all current softmodding and hardmodding techniques. And Sony will never inadvertently let slip their private keys again.
Top Ten Things Overheard At The ANSI C Draft Committee Meetings: (5) All right, who's the wiseguy who stuck this trigraph stuff in here?
