Comment Re:NIH (Score 5, Insightful) 249
It's OK, nobody uses JPEG 2000 anyway.
It's OK, nobody uses JPEG 2000 anyway.
Billions and billions of stars!
How did you test? nginx does honor Range requests. The Apache killer will report that nginx not vulnerable, so what, it misreports PHP-based Apache installations too. However, this attack can be performed in more than one way. Maybe you should know that nginx maintainers have released a patch today. I wonder why.
I have read that IIS is vulnerable to this too, not sure if this is true, I have no IIS installations that I can check.
I'm not sure what Cherokee does so I can't comment here.
Apache has its share of its own unique bugs, that's true.
It's a protocol bug. Any server that implements the protocol to the letter is vulnerable. And it's not just about overlapping ranges. If the server can send a ten megabyte file, an attacker can ask it for ten million of one-byte ranges. The processing overhead will bring most servers to their knees. If the server can compress the output, an attacker can ask for ten million of compressed one-byte ranges. An attempt to execute such a request will kill just about anything. The protocol should have limited the number of ranges per request to, say, 10.
An attacker doesn't need to sniff anything. Why bother? Just fire up your own hotspot, name it "Courtyard Marriott" or "Starbucks", and trawl away.
Think about it every time you connect to a free public hotspot.
Maybe using that credit card number as a Twitter password wasn't such a good idea after all.
"doc" and "pro" and "ad" and "gym" are not contractions, they are clipped forms. no apostrophe in those.
I wonder what happens if I swap an Ubuntu kernel for my own kernel, configured and compiled by myself. Do I still have a licensed Ubuntu system? Even if the kernel is from vanilla sources? What if I replace their libc? How about gnu userland, I hear there are alternatives? Do I have to use Canonical's repositories for my updates? Maybe I can switch to rpm or even portage-based package manager, do I still have an Ubuntu? It should be feasible to port Debian/FreeBSD to the Canonical platform, is it OK to use Ubuntu/FreeBSD system? In short, how much of Ubuntu can I leave in the system to be still considered a licensee?
I also wonder whether smart lawyers at MPEG LA have answers to these questions. Or maybe they have no idea of what Linux is about.
These sites are in effect off-limits to you anyway. Not because you can't type an address (you can), but because you can't bloody read the friggin' content! Insightful my ass.
Lough all you want, but Adobe DOES make a version of Photoshop for Android. I have it on my phone. It's even free! The functionality is rather limited though.
"or too" --> "or two". I need some sleep...
The "study" in question was performed in an extremely amateurish, non-scientific way.
Read it for a good laugh or too, but don't give it any weight because it deserves none.
The president of China, that's who.
Thank you, my collection of backgrounds has just become one step closer to ultimate perfection.
Kleeneness is next to Godelness.
