Forgot your password?
typodupeerror

Comment: Re:Yes, there is a simple fix (Score 1) 167

by mrnobo1024 (#44470581) Attached to: New JavaScript-Based Timing Attack Steals All Browser Source Data

How is even a malicious javascript code on one web page going to see the the content of a page that I have manuallly opened up in an entirely separate window?

It can't, but it can load that same page's URL in an iframe, and it will contain the same confidential information. Browsers try to prevent pages from reading the contents of cross-domain iframes, which is extremely difficult to do in a completely airtight manner. A much better solution would be not sending cookies on cross-domain requests and thus making it impossible for one site to load the secrets a different site is storing for you, but so far everybody is focused on treating the symptoms and not the disease.

Earth

Mice, Newts Retrieved After a Month Orbiting Earth At 345 Miles Up 85

Posted by timothy
from the eye-of-space-newt-was-called-for dept.
The Associated Press (as carried by the Washington Post) reports that a living payload of newts and mice has been retrieved after a month orbiting earth in a Russian space capsule at an altitude of 345 miles, far higher than the ISS's orbital distance of 205 miles. Says the story: "Fewer than half of the 53 mice and other rodents who blasted off on April 19 from the Baikonur Cosmodrome survived the flight, Russian news agencies reported, quoting Vladimir Sychov, deputy director of the Institute of Medical and Biological Problems and the lead researcher. Sychov said this was to be expected and the surviving mice were sufficient to complete the study, which was designed to show the effects of weightlessness and other factors of space flight on cell structure. All 15 of the lizards survived, he said. The capsule also carried small crayfish and fish."

Comment: Re:Patent-encumbered standards are stupid (Score 0) 182

by mrnobo1024 (#42702345) Attached to: ITU Approves H.264 Video Standard Successor H.265

This is the ITU, the same geniuses behind the "leap second" that crashed computer systems all over the world last June (because god forbid our clocks should ever be out of synch with the Earth's rotation by more than one second - never mind that given the way time zones are set up, many places are off by over an hour anyway). I'd be surprised if they even know what a patent is let alone why it's a bad thing to have on a standardized file format.

Comment: Re:Yeah, yeah, yeah. (Score 2) 156

by mrnobo1024 (#40185325) Attached to: The Cost of Crappy Security In Software Infrastructure

The designers of Java tried to do two things regarding security:
1. allow running untrusted code (applets) without letting it break out of its sandbox
2. prevent unsafe memory access by bounds checking, type checking on casts, no explicit deallocation

#2 is a prerequisite for #1, since if code can write to arbitrary memory locations then it can take over the Java runtime process. However, #1 is not a prerequisite for #2. Java has in practice done poorly at meeting goal #1 but has been quite solid at #2.

Comment: Re:wow, McAfee has fallen to new lows! (Score 1) 196

by mrnobo1024 (#39637747) Attached to: McAfee Claims Successful Insulin Pump Attack

Finding a security vulnerability is not "making viruses". Would you prefer that this be first discovered by someone who's not so nice as to disclose their findings, so that insulin pumps just start mysteriously "malfunctioning" and killing patients?

Regardless of what you may think of the quality of McAfee's software, they're not being anything besides white-hat here.

Comment: Re:McAfee for insulin pumps next (Score 1) 196

by mrnobo1024 (#39637641) Attached to: McAfee Claims Successful Insulin Pump Attack

That could have been believable back in the DOS days, when most viruses seemed to have no real purpose besides amusement, but today the vast majority of malware is written for profit. Selling antivirus software would be counterproductive if you're making a lot more money from owning a botnet and the antivirus would eat into that.

Comment: Re:They have a right to be angry ... (Score 4, Insightful) 151

by mrnobo1024 (#39610971) Attached to: Anonymous Hacks UK Government Sites Over 'Draconian Surveillance'

So-called "democracy" as it exists in countries like the US is a complete sham. The government can act against the public interest on literally every single issue and still stay in power: any individual is only going to be knowledgeable about a small fraction of what the government does, and a majority of people will just take the media's word for it that they're doing right on most everything else.

The only issues on which the public actually has any influence are those which our rulers recognize to be of relatively minor importance, so the parties can put on a show of virulently disagreeing on them, which makes people feel like they're actually making a difference when they throw out corporate-owned party A and put into power corporate-owned party B. On the most important issues, there's always bipartisan agreement on the wrong side.

Comment: Re:Yay! (Score 4, Insightful) 426

by mrnobo1024 (#39534157) Attached to: Adobe Releases Last Linux Version of Flash Player

I used to think of Flash as a CPU hog, but it pales in comparison to Javascript/HTML5. Even simple 2D games in Javascript will run at about 3 frames per second despite constantly using 100% CPU, and they often hog memory too (which Flash has never been all that bad about in my experience, unless you leave a dozen YouTube tabs open or something).

Annoying ads won't go away just because Flash does; they'll move to HTML5 and will be just as annoying, more resource hungry, and harder to block (disabling Javascript everywhere makes the Web unusable; a whitelist system like NoScript is going to be a necessity).

Comment: Re:WebM (Score 5, Informative) 320

by mrnobo1024 (#39345263) Attached to: Mozilla Debates Supporting H.264 In Firefox Via System Codecs

WebM supporters: Free Software Foundation, Participatory Culture Foundation, Xiph, Android, Codecian, Collabora, CoreCodec, Digital Rapids, FFmpeg, Adobe Flash Player, Flumotion Services, Google Chrome, Grab Networks, iLink, Inlet Technologies, Oracle Java, Matroska, Moovida, Mozilla, ooVoo, Opera, Oracle, Harmonic Rhozet, Skype, SightSpeed, Sorenson, Telestream, Tixeo, Ucentrik, VideoLAN, Wildform, Winamp Media Player, Wowza Media Server, XBMC Media Center, Allwinner Tech, AMD, Anyka, ARM, Broadcom, Chinachip, Chips&Media, C2 Microsystems, DSP Group, Freescale, GeneralPlus, Hisilicon, Hydra Control Freak, Imagination Technologies, Shanghai InfoTM Microelectronics, Leadcore Technology, Logitech, Marvell, MIPS, MStar Semiconductor, nVidia, Qualcomm, Rockchip Microelectronics, RayComm Group, SEUIC, Socle Technology Corp., ST-Ericsson, Texas Instruments, Verisilicon, Videantis, ViewCast, ZiiLABS, ZTE Corporation, Anevia, Brightcove, Delve Networks, Encoding.com, EntropyWave, Flumotion Services, HD Cloud, HeyWatch.com, Kaltura, Media Core, MetaCDN, ooyala, Panda, Panvidea, Sorenson 360, thePlatform, VideoRX.com, VMIX, YouTube, Zencoder

The meat is rotten, but the booze is holding out. Computer translation of "The spirit is willing, but the flesh is weak."

Working...