top Akamai Warns: Linux Systems Infiltrated and Controlled In a DDoS Botnet
Nope... A vulnerability in a library is not a vulnerability in the underlying programming language. Just because the JRE *is* an execution environment, does not mean that the execution environment being run by a malicious user is a vulnerability in the JRE. That's like saying, there's a vulnerability in C, because Flash is written in C and there's a Flash vulnerability. The point is there is a **critical** vulnerability in older versions of the Struts library, which is used to escalate privileges to the JRE. Once you have rights to the JRE, you can copy files and have the JRE execute system commands using the rights given to it by the OS which should not be a root user(honestly, if they wrote the payload in Java this step would not be needed, a server environment is entirely capable of performing DDoS attacks). Also, I'm calling BS on this exploiting a known Tomcat vulnerability. There are no known "critical" vulnerabilities in any version of Tomcat :
http://tomcat.apache.org/secur... http://tomcat.apache.org/secur... http://tomcat.apache.org/secur... ... Basically, people need to patch Struts 2 because of this fucker: http://struts.apache.org/relea... which was fixed in July 2013: http://struts.apache.org/downl...
top News Aggregator Fark Adds Misogyny Ban
The belief that homosexuality is not a choice is one I generally concur with. What assumptions and definitions I make about the world are pretty arbitrary. Obviously, every individual has a choice about who they choose to fuck and marry. What defines the start of your life, your sexual identity, and your sexual preference are as arbitrary as those who think God is self evident. Not being shitty tribal jerks over queer ideology would be nice, but I don't really blame the tribe for being feeling vengeful for the way they're generally treated.
top Google Will Give a Search Edge To Websites That Use Encryption
hear hear! Sure, encryption is great and has its uses... But also comes at the cost of processing, configuration, maintenance, and low cost 3rd party providers. GoDaddy is about a to get a shitload of extra customers. When the products in the market are comprable, the well known low cost one is frequently the winner. Thanks Google.
about a month and a half ago
top FBI Concerned About Criminals Using Driverless Cars
Not needing a passenger happens to be one of the more awesome features of driverless cars... People can effectively have valet drop off for wherever they go. Cars can be shared because you're staying put at a given location for a period of a time. Cars can drive themselves to maintenance. Cars can make delivery runs. Sure, it's another attack vector, but so is putting salt in your eyes. The danger is imminent, don't put salt in your eyes. I think the more eminent threat is that automated cars are going to result in lots of sex happening on the road. I mean really, what do you think happens when you put people in a close quarters private 15 minute outing, with a virtual guarantee of no interruptions and no need for any person to be paying attention to what's going on outside of the car?
top Google Engineer: We Need More Web Programming Languages
top Cable Companies Use Astroturfing To Fight Net Neutrality
I'd recommend asking the libertarians:
A. Do you think Comcast sucks, not just for terrible quality support, but for extorting money from the people you already paid them for the privilege of communicating with a la Netflix? If you desire access to the fastest connection available, Comcast is your provider in most of the country. Should not paying for the highest bandwidth access contractually cover your connecting with whoever you damn well please without Comcast extorting money from the endpoint you are communicating with? B. Comcast is given exclusive rights to use those lines through local governments. This is the case with pretty much all the cable companies. How do you feel about this collusion? C. The wires and airspace frequencies are given a free pass through private property. Why shouldn't private property owners use the wires on their land how they wish? D. Do you think Comcast sucks? Do you have any actual plans that have a chance in hell of working besides telling people to move across the country or swap to a slower connection?
top Seattle Approves $15 Per Hour Minimum Wage
I imagine the more successful businesses will hire quality employees who they can demand more productivity from. Less productive employees and the unemployed will have less work opportunities. Workers who keep their jobs will be better off but will face a higher level of competition. Prices will increase slightly. Profits might decrease slightly. The gradual phase in will smooth things over. It seems like a pretty clear win for the short term. Getting a job in the long term will be harder and might solidify an underclass that does not earn minimum wage.
top Seattle Approves $15 Per Hour Minimum Wage
Saying that employers should be the guarantors of the welfare of their employees outside of work sounds a lot like slavery, especially if jobs are scarce due to a high minimum wage.
top What qualifications should the 'driver' of a fully autonomous car need?
It's an automated car, not a babysitting service...
top Melbourne Uber Drivers Slapped With $1700 Fines; Service Shuts Down
The ride-shares are additionally insured through Uber. Using Uber also causes the rides to be tracked, and removes the handling of cash out of the scenario. Your arguments are some of the exact reasons why you should use Uber over a Taxi company...
top Report: Comcast and EA To Stream Games To TVs
Why do I get the feeling this is going to be one of those things where Comcast degrades other internet traffic because they EA wants DRM you can't break?
top How 'Fast Lanes' Will Change the Internet
Netflix is a perfectly good example to look at. There's no reason Netflix's media should be getting privilege over Amazon media, AT&T media, Google media, Comcast media, or some guy in Delaware's media. If I want to use a less popular service or run things over a corporate network linked through the internet, it should not be throttled so that Netflix gets priority. The two main problems seem to be:
1. The internet service providers don't want to upgrade their infrastructure. 2. The internet service providers are unwilling to meter the activities that would actually make them upgrade their network because they can make more money degrading service, not upgrading the network, and not fixing their peering arrangements. ... How do you "meter" Netflix? ICANN has the root addresses to blocks in networks that can very easily be used to calculate an abstract "distance". If a customer exceeds a certain amount, say X gigabytes from a "long distance" provider, you need to "meter" it and bill them more. This would be neutral and a way of fairly charging customers for their usage. Shady backroom deals with Comcast and Verizon are no way to do honest business when the wires have a right of way through my property.
top 'weev' Conviction Vacated
In no way shape or form is a "Browser agent" a security measure. Identifying a user's browser agent is not, never was, and never will be a security or authorization method. If you do any web based testing, you can change your browser agent. It's the equivalent of telling another machine what kind of clothes you are wearing. "Hi! I'm wearing firefox 1.0 today." Then AT&T says, "Neat! Since you said you're wearing firefox, you get data we're legally not supposed to give you." Replace Firefox with your browser environment of choice.
Explain to me how any part of changing a browser agent is, "Accessing a system without authorization", when it is not a method of authorization?
I'll assume you can tell the difference between black and white and move on to what the docket describes as a "brute force attack". A brute force attack means sending a massive amount of data to find collisions with a ***SECURE*** piece of information. For example, a randomized 64 bit number has over 10 quintillion possibilities. To brute force a 64 bit secure number and get 100,000 results, you would need to try on average 100 trillion numbers for each of those results. In this case, the information in question was an incremental number. For example 1 is a number. 2 is the number after that. 3 is the number after 2, and so on. Counting in a visible parameter is not, never was, and never will be a security or authorization method. If you can see a number, and increment it, that does not give AT&T permission to give data they're legally not supposed to give to you.
Explain to me how any part of counting is, "Accessing a system without authorization", when it is not a method of authorization?
top Navy Debuts New Railgun That Launches Shells at Mach 7
I found it interesting to describe by calculating kinetic energy. A stabbing ~ 185 joules. A gunshot of 45 caliber ACP round ~ 702 joules. A 1 ton vehicle going 100mph ~ 1 megajoule. A giant truck about to hit a series of tubes ~ 30 Megajoules. The kinetic energy of this railgun as it leaves the muzzle ~ 30.9 Megajoules.
top Brendan Eich Steps Down As Mozilla CEO
its not wrong to be intolerant of intolerance.
It all depends on your social norms. Are you tolerant of recreational use of crack cocaine? Do you tolerate people openly masturbating nude in the streets? What is your particular stance on bestiality? How about having children participate in sexual acts as part of a cultural practice, even if it was a new cultural practice? Other people's participation in these acts does not affect you any more than other people's participation in marriage. What part of marriage is a basic right? I personally think we should allow same-sex marriage because it's generally proper from an equality perspective, but intolerance is pretty natural and the government generally already favors particular groups...
Brendan Eich might be a bit of a religious bigot. It still doesn't mean that singling someone with different cultural views who is largely tolerant of your cause actually helps your cause. By ostracizing opposing viewpoints, you are likely causing your viewpoint to be ostracized in other less tolerant circles. I don't think targeting Brendan Eich was a sensible move.
top New Apache Allura Project For Project Development Hosting
Or you could try Atlassian Stash:
https://www.atlassian.com/soft... ... Or, like me, you see the term "Apache Software" and get drunk on the beer.
top Massachusetts Court Says 'Upskirt' Photos Are Legal
I admit this is a bit pedantic, but the judge was right because there is no ambiguity about the meaning of "partially nude". In the same light, secretly taking up-skirt photos does not make you guilty of committing murder.
top MtGox Files For Bankruptcy Protection
And who is going to internationally track where all those stolen bitcoins landed downstream? Is some international organization going to go and recover those bitcoins and return them to their proper owners? Actually... this sounds like really good news for actuaries.
top Interview: Ask Richard Stallman What You Will
rms, I recently read you were interested in developments for anonymized digital currency. Currency in its current form is the primary rational for restricting the sharing of information. All currencies I am aware of are based on the currency being scarce, which encourages artificial scarcity of information. Have you seen any attempts at creating digital currencies that are not scarce, but reflect value based on usage and distribution? Search engine tracks ratings of websites. Users get more individual value out of certain information. Perhaps this is all just a pipe dream, but philosophically speaking, what do you think about creating a better carrot as opposed to relying on sticks like the law?
top Gmail's 'Unsubscribe' Tool Comes Out of the Weeds
A lot of the mess I get in my inbox is related to companies not validating email addresses. I've got people doing business transactions with my address and doing things like registering a twitter account. So, in a sense, it's spam but not spam.
smartr has no journal entries.