Then, you'll probably explain how India managed to launch 30+ rockets successfully in the past, and launched one rocket successfully to the moon as well?
Oh come on. You can't possibly expect everyone to know that.
Those aren't nearly as interesting as the one that exploded on YouTube.
Meh.
People everywhere are short-sighted, mistake-making, bozos if you expect too much of them. We Americans have spent the last century parading around the globe talking about how high our ideals are. Often I've been in agreement with them, but we shouldn't be surprised if people hold us to some kinds of standards.
See, this is what I detest about Americans.
Detest, hate, these are very strong words. LIfe's too short to feel that way about anyone, if you can help it.
Lol, choosing not to install a nonstandard closed source plugin to watch some marketing video isn't anything like disabling text on Wikipedia.
If you don't see the difference, you should probably stay away from text and go back to watching infomercials.
That's it?! Seriously?!
"Stripped-down hosted commercial Rsync with folder metaphor given version number 1.0"
This is a Slashdot headline?
You know, it's almost as if they're afraid to commit to concrete definitions or something...hmm...do you suppose that perhaps even they don't have a clear idea of what the thing is?
Perhaps they could hire the "help I've fallen and I can't get up" ad agency. They are in desperate need of an identifiable problem (e.g. a broken hip) on which to hang their solution.
I click on the link...
The new version comes with hundreds of bug fixes, including invalid file names on Windows, weird Unicode normalizations, Word and Excel file locking, abnormal symlinks hierarchies, and case sensitive file systems on Mac
Oh, so are invalid file names a bug or a feature? Why would I want to lock Word and Excel files? I know what they are but I don't use them. I don't use abnormal symlinks hierarchies or a Mac either.
So I click the first link 'Dropbox' which goes to (wait for it...) "The Dropbox blog"
Hey everyone! We’re super excited to announce the new hotness that we’ve been cooking up for the past few months: Dropbox 1.0! In addition to hundreds (yep, hundreds) of bug fixes, vastly reduced resource usage (think of it as the Prius model of Dropbox), Dropbox 1.0 (“Rainbow Shell”) also offers support for extended attributes, selective sync, and a shiny new installation wizard. Those are just the CliffsNotes though — here’s the true story behind Dropbox 1.0:
You get the idea. It goes on and on. How can these people talk so much and say so little?
The first link from this page: Dropbox Home. This looks promising, it goes to https://www.dropbox.com/
Here is the text of the page:
Suggestions, ideas, bug reports, and comments are always welcome. If you'd like to interact with other Dropbox users, check out our forums. Email Address (optional) There was a problem completing this request. Request completed successfully. Log in Email Password Remember me Create an account Dropbox - Secure backup, sync and sharing made easy. Watch a video about Dropbox. Watch a Video Sync your files online and across computers Download Dropbox Free for Windows, Mac, Linux, and Mobile Dropbox - Secure backup, sync and sharing made easy. Sync your files online and across computers Download Dropbox Free for Windows, Mac, Linux, and Mobile * Sync files of any size or type * Share large files and photos easily * Automatic online backup * Track and undo changes to files Take a tour of Dropbox © 2010 Dropbox * Dropbox * Home * Install * Mobile * Pricing * Features * Tour * Community * Referrals * Twitter * Facebook * Wiki * Developers * Partners * Support * Help Center * Forums * Votebox * Feedback * Contact Us * About Us * Dropbox Blog * Our Team * Press * Policies * Jobs
Oh, ok. So from this I gather that it's some sort of file sync application which needed a major rearchitecture before it could be released at version 1.0.
Almost all of the viewable area of the page is taken up by a giant video play button. Well, believe it or not I actually use my computer for computing and not as a television. I also like it to be halfway secure, so I don't have any Adobe products such as Flash installed. I do know how to read and it is several times faster. I'm not watching some video made by people who can't complete the sentence "Dropbox is
I still don't get it, except that it syncs files and the people who made it should probably cut back on the Red Bull and talk to someone outside the office who hasn't been making and eating their own dog food for eighty hours a week for the last year.
Right. So is Intel now in the business of deciding who gets shut off, like Amazon and DynDns? Or will they hand out kill switch codes to the top 250 computer manufacturers? Will they have a legal team on call 24/7 to ensure that kill switch requests meet even the minimum legal criteria? Will they argue on your behalf, or will they just go with whoever pays the most money? Will there be any prior notice and will you be able to appeal a kill switch order on your CPU? Will Intel do any better than YouTube at rejecting illegitimate requests submitted by parties that just want to screw with you?
Now that the US DHS has found out how much fun it is to play with the kill switch VeriSign gave them on
Why would any foreign government, non-US user, or multi-national corporation buy a system with Intel CPUs now?
How dumb can this company be?
Note to Intel: Ways to kill your product or reduce its performance are failings, not features.
It's not you.
The remaining question is, did the CIA, NSA, KGB, FSB, and MI5 all add backdoors too, or do they have cross-licensing agreements...
Back when we imagined it might be necessary for an attacker to actively insert remote 0-days into MS Windows...
http://en.wikipedia.org/wiki/SHA-2
So for SHA-256 the starting constants are the "first 32 bits of the fractional parts of the square roots of the first 8 primes 2..19" and "first 32 bits of the fractional parts of the cube roots of the first 64 primes 2..311".
That only takes a few words to explain, and most of it is dictated by the design (e.g., "32 bits"). The hash designer is signaling that he only had freedom to select a few general concepts here and there.
http://en.wikipedia.org/wiki/Nothing_up_my_sleeve_number
You can be sure that the people who approve these kinds of things are pretty paranoid about the possibility of someone sneaking a back door in there. If the constants had been proposed as "bits from the base-2 representation of pi starting at bit position 2364826687681" there would have been some serious eyebrow raising.
Still, it's a pretty cool find. I can't wait for the upcoming holiday party, I will surely impress the ladies with that!
You'll be on your own with it because it will not be an interoperable, accepted standard. Hashes are often used for data shared by multiple parties.
An attacker could write a new patch and generate a collision for it. The attacker would then submit the good patch and get the maintainers to accept the patch and sign it with their GPG key. The attacker would then create a rogue mirror site and replace the good patch with the malicious collision.
That would definitely win you the prize for "the most absurdly over-complicated and difficult way of pwning a Linux box".
Why don't you just watch [Full-disclosure] for the 0-day of the week like everyone else?
The bear only has to be faster than the first of the two hunters.
I saw that, but I haven't heard any evidence that it was Stuxnet. We've learned a lot more about how Stuxnet works and that it specifically targets sites with hundreds of high-speed motors from controllers that are only made in Finland and Iran. Somehow I don't picture Japan importing motor controllers from either of those places.
Of course, it's possible that this is an as-yet-unrealized function of the all-powerful Stuxnet, to cause a short power glitch in three Tokyo prefectures. Not content with merely shutting down Iran's nuclear program, it was also designed to cause a decline of "8% of the overall global shipments of the NAND flash memory" in Jan/Feb 2011.
Perhaps a simpler explanation is that an ordinary power glitch found its way past some UPSes and caused a factory to reboot. It happens.
It seems just as likely that the guys running Turbines for your local power company are no better equipped to handle this than Iran. In Iran, they have unlimited budget and first call upon the best brains in the country. Your local power company? Not so much.
I dunno man.
I'd put my local power company up against those "Your nuclear power plant control software license has expired please obtain a valid license" clowns any day.
The local guys may be clowns too. But the difference is that my clowns can at least download a patch.
Never test for an error condition you don't know how to handle. -- Steinbach
