Forgot your password?

Comment: No sensible person ever though it was impossible (Score 3, Informative) 81

by daveschroeder (#48027003) Attached to: Apple Fixes Shellshock In OS X

But even here, again, when you look at a typical OS X desktop system, now many people:

1. Have apache enabled AND exposed to the public internet (i.e., not behind a NAT router, firewall, etc)?

2. Even have apache or any other services enabled at all?

...both of which would be required for this exploit. The answer? Vanishingly small to be almost zero.

So, in the context of OS X, it's yet another theoretical exploit; "theoretical" in the sense that it effects essentially zero conventional OS X desktop users. Could there have been a worm or other attack vector which then exploited the bash vulnerability on OS X? Sure, I suppose. But there wasn't, and it's a moot point since a patch is now available within days of the disclosure.

And people running OS X as web servers exposed to the public internet, with the demise of the standalone Mac OS X Server products as of 10.6, is almost a thing of yesteryear itself.

Nothing has changed since that era: all OSes have always been vulnerable to attacks, both via local and remote by various means, and there have been any number of vulnerabilities that have only impacted UN*X systems, Linux and OS X included, and not Windows, over very many years. So yeah, nothing has changed, and OS X (and iOS) is still a very secure OS, by any definition or viewpoint of the definition of "secure", when viewed alongside Windows (and Android).

Comment: News flash for you (Score 1) 165

by Sycraft-fu (#48025247) Attached to: CEO of Spyware Maker Arrested For Enabling Stalkers

If you set foot in a country, they can arrest you for violating their laws. Doesn't matter if you aren't a citizen and live overseas. If you come there, they can arrest you. So let's say you regularly trash Islam and the Ayatollah and are well known for this. Then you travel to Iran. They very well can arrest you for that. They can't do much if you don't go there but if you show up, they can grab you.

Now in terms of if this particular arrest is legit for the American legal system, almost certainly. Doesn't matter that he was living in a foreign country. If he sold something that is illegal to Americans and using American services, he broke American law. Doesn't matter if he wasn't in America at the time, you don't have to be in a country to break their law. Let me give you a couple examples of how one can easily break a country's law from another country:

1) Ordering someone murdered. Let's say you have yourself a little gang with members in a few countries. You don't like someone over in Sweden so you order one of your Swedish members to murder them. That person broke Swedish law, but so did you. Doesn't matter you weren't there, you orchestrated a murder, that's illegal, and if they can get their hands on you you'll stand trial for it (the US would happily extradite you for that).

2) You set up a gun smuggling business for Canadians. You go and buy guns that are legal in the US, but illegal in Canada. You have them smuggled up and warehoused there, and then sell them to Canadians. You've broken Canadian law. Even if you are operating everything out of the US, what you are doing isn't legal in Canada and that's where it is being done. You house the guns in Canada and sell them to Canadians, that makes it a Canadian issue (you'd get extradited for that too).

So if this dude is selling his shit from AWS, to Americans, the courts will have no problems with the claim that American law applies.

Comment: Or put another way (Score 1) 165

by Sycraft-fu (#48025219) Attached to: CEO of Spyware Maker Arrested For Enabling Stalkers

Intent matters in the law. There are things that can be legal or illegal depending on the intent behind it. This can apply to tools as well as actions. If you sell a tool for legitimate uses, you are generally fine even if the tool has some illegitimate uses too. So long as your actions, as in marketing and such, show that you intend it for legit uses, you are fine.

A good example would be all the fine burglary tools for sale at Home Depot. A large number of the tools they sell would work very well for breaking in to houses or cars. However it is very clear that isn't why they sell them, nor why 99.99% of their customers buy them. Not only do the tools have a substantial legitimate use, but that it what all their marketing is about. They don't try to convince you that you need a hammer drill because you could drill open most locks, they try to convince you that you need a hammer drill because you want to put up shelves in concrete or the like. They intend their tools to be used for legitimate activities.

The more shady the product, the more careful you'd better be about how you sell it because the easier it could show intent to have it used for criminal purposes. If it looks like you are just paying lip service to legit uses but really trying to sell your stuff for illegal uses, you are likely to get in trouble.

Comment: Re:You raise? Call, mofo! (Score 3, Informative) 366

by Jeremi (#48025159) Attached to: Energy Utilities Trying To Stifle Growth of Solar Power

do you really think I'll put up with your bullshit instead of spending another $5k on batteries and going totally off-grid, costing you even your scammy $14/month "connection charge"?

Hmm. $5,000 up-front in order save $14/month? Those batteries will pay for themselves in only 29 years, yay! Or rather, they would pay for themselves if they lasted that long, which they definitely won't.

So yes, the power company really does think you'll put up with their bullshit -- or at least, that most people will.

Comment: Re:Failure of Imagination; Utilities Could Sell So (Score 1) 366

by Jeremi (#48025117) Attached to: Energy Utilities Trying To Stifle Growth of Solar Power

Instead, [power companies] want to coast on coal plants and grid they built out, much of it long ago - and keep slamming your checks.

Well, sure -- those coal plants cost a fair amount of money to build, and the longer they can keep them running, the more they can amortize that cost.

Of course, while that's a rational policy for the power companies, it's not rational for society as a whole, since it's the rest of us who end up paying the costs of the carbon pollution (in the form of flood damage, crop losses, war, etc). A carbon-emissions tax would go a long way towards re-aligning the power companies' economic incentives to better reflect those of society at large.

Comment: Re:net metering != solar and 10% needs new physics (Score 1) 366

by Jeremi (#48025085) Attached to: Energy Utilities Trying To Stifle Growth of Solar Power

Seems like what the world really needs is a way to combine (excess solar electricity) and (excess atmospheric CO2) back into some kind of useful hydrocarbon fuel.

Then your "storage device" could simply be the underground tanks at the local gas station, which would partially refill themselves each afternoon by siphoning off the excess electricity to create gasoline.

Dunno if it will actually happen, but it's not beyond the realm of possibility.

Comment: The illusion of security (Score 2) 59

by Animats (#48024919) Attached to: CloudFlare Announces Free SSL Support For All Customers

OK, so now you're encrypted from user to Cloudflare, in plaintext within Clouflare, and possibly in plaintext from Cloudflare to the destination site. That's more an illusion of security than real security. Even worse, if they have an SSL cert for your domain, they can impersonate you. Worst case, they have some cheezy cert with a huge number of unrelated domains, all of which can now impersonate each other.

Comment: Who is Justin Bieber? (Score 1) 160

by Latent Heat (#48024173) Attached to: New Research Casts Doubt On the "10,000 Hour Rule" of Expertise
I know the bit about him being from Canada and having something to do wtih music and about him being unpleasant to neighboring homeowners.

But is he someone I need to know about to be not oblivious to current culture, that is, apart from "getting" Justin Bieber jokes on late night TV?

Comment: Re:No he didn't (Score 4, Insightful) 175

TFA implies he caused the delay, when in fact incompetent airport security staff caused the delay.

I'll go you one further, and suggest that inadequate airport design caused the delay.

In particular, hiring a human being to stare at a hallway for 8 hours a day to make sure nobody walks this way instead of that way is not a good design. People -- even well-trained, competent people, with the best intentions -- are notoriously bad at doing mind-numbingly tedious tasks like this for hours at a time.

Machines, on the other hand, could be employed to do the same job more effectively and reliably. It doesn't even need to be particularly high-tech: a simple one-way turnstile (perhaps augmented with a video camera to sound an alarm if the turnstile is tampered with or somehow bypassed) would do a more reliable job, and as a side benefit would not need to be paid a salary.

Comment: Re:It's true (Score 2) 249

by Animats (#48022367) Attached to: Former GM Product Czar: Tesla a "Fringe Brand"

It's a fringe brand in that Ferrari is a fringe brand. I don't think most people wouldn't want one but I don't know a soul who has one. Very few have seen them.

We get a warped view here in Silicon Valley. Lots of Teslas. No Supercharger stations, though. There are a fair number of electric car outlets around, of too many varieties.

Debug is human, de-fix divine.