It beats IE 11 by a small margin in RCEs, but loses in total vulns. Its really not that great of a browser, lacking common security mechanisms like plugin isolation.
Comparing the US's propaganda to China's is truly absurd. We have free media here (albeit with their own agenda); China's papers are all in the pocket of the CPC.
Find me a national publication in China that is critical of the ruling party. I can find hundreds here in the US that openly criticize Obama, Congress, and SCOTUS.
He could have gone with the Samsung "Pro" drives, which have held out to 2PB of data writes before croaking; they at least pretend to not be consumer drives.
1) No, SSL and incognito not included. 2) It does what just about every other "data saver" of this type have always done (BES compression, Opera data saver, I believe safari has an example as well)
I think his point is that there could be alternate reasons why the door would not open besides the position of the switch. Malfunctions, whether mechanical or electrical, CAN happen and HAVE happened.
They are rare, but he is correctly noting that we're speculating here.
And you've provided no evidence or analysis why you're supposed mitigations are an insurmountable defense; at best they're only a stop-gap.
In THEORY breaking most encryption is just guessing the right 2048-bit code. At best, increasing the length from 1024 to 2048 is just a stopgap.
In reality, some attacks are so esoteric and hard to pull off (famous example: hard drive magnetic domain remnant detection) that they are not a real-world threat. MAYBE they could adapt this, but it already requires A) a machine connected to the internet that is compromised (!) B) an AIR-GAPPED, high-security machine directly adjacent to it (!!!) C) That that air-gapped machine be compromised as well (!!!!!) D) Sensors in both machines sensitive enough to detect incredibly minor fluctuations in temperature (given that a steady stream of air will be flowing through)
The proper security procedure is to analyze the chance of the risk, the annualized loss expectancy, etc, and then come up with mitigations. Ok, let me give this a shot. 1) DONT GET YOUR AIRGAPPED MACHINE INFECTED 2) probably dont stick it directly adjacent to non-airgapped machines
They used python and java. Sort of hard to develop a meaningful thesis on general programming when you're that far up the abstraction stack. Who knows, maybe python and Java suck at memory management (GASP).
Your existing m.2 SSD is on a slot with 1GB (8gb) of bandwidth. I really dont think you're going to be maxing that out with any non-enterprise SSD, so you're probably OK-- and even if you somehow did, I seriously doubt you would notice.
So I fail to care about which term is used, it is a security breach and one of the worst kind
Except it will only work in the most esoteric scenarios with laboratory conditions, sure. 2 PCs, with side-vent cooling and no cold aisle, and a distance of 15 inches?
Somehow I dont think this will threaten air-gapped secure networks. Those are going to have steady cold air coming in the front, and exhausting out the back; if theyre dumping significant heat through the side of the cases you're doing it wrong.
Showing a static page involves rendering what amounts to a specialized form of code. Even browsers without javascript like Lynx have code execution CVEs-- and thats a browser that isnt even being fuzzed that hard.
Years ago, it was OSX that was impenetrable. "Find us an active exploit or virus", they said, "and dont give us any of that market share nonsense". All the while the clues were there, with OSX getting exploited in seconds at Pwn2Own when actual cash and computer swag was on the line.
Here again, we have an OS with a minute market share boasting about its impenetrability and lack of exploits. I might propose that a great deal of the lack of exploits is the lack of any real incentive to go after such a tiny group of OSes which are invariably set up by fairly skilled IT persons.
Develop a BSD distro with a desktop environment and a modern web browser, and set it out for a million end users to use with a $50k cash prize for the first exploit, and you'll be paying out in a day, tops.
The amount of arrogance in some of these "My *Nix is best" threads is staggering. There is NOT code out there that is significantly more complex than Hello World that is bug free.
Your post displays an astonishing level of both confidence and ignorance. Find me a piece of software half as complex as a browser (which has the unenviable task of running arbitrary code from untrusted sources in a secure manner) that doesnt have any CVEs and I'd happily retract my statement.
Slashdot Mirror
Firefox doesnt look so hot when you look at the number of CVEs, particularly remote code execution:
http://www.cvedetails.com/prod...
http://www.cvedetails.com/vers...
It beats IE 11 by a small margin in RCEs, but loses in total vulns. Its really not that great of a browser, lacking common security mechanisms like plugin isolation.
Comparing the US's propaganda to China's is truly absurd. We have free media here (albeit with their own agenda); China's papers are all in the pocket of the CPC.
Find me a national publication in China that is critical of the ruling party. I can find hundreds here in the US that openly criticize Obama, Congress, and SCOTUS.
Well, we all know how much power DC has over Baidu and the border routers in China.
If you dont understand networking, its probably best not to wax snarky.
For the record; layer 3/4 typically doesnt handle authentication.
One wonders if we'll be seeing the return of the 50 Cent Party in this thread.
He could have gone with the Samsung "Pro" drives, which have held out to 2PB of data writes before croaking; they at least pretend to not be consumer drives.
I might suggest that you need to not be expecting a consumer SSD to hold up to an enterprise workload.
Would it kill you to read the article? Its not even that long.
ALL of my browser activity through Google?
1) No, SSL and incognito not included.
2) It does what just about every other "data saver" of this type have always done (BES compression, Opera data saver, I believe safari has an example as well)
What are you doing that's writing ~100-200TB / year?
For a do-nothing pc you should be using any of the hundred sub-$60 128GB ssds.
SELinux stops all memory exploit mechanisms? Thats AMAZING.
TIL OpenBSD has built in anti-trojan tools, and the ability to secure browsers from their own memory corruption holes! WOW!
The NSA is a spy agency. You want the FBI, who actually does go after these things.
I think his point is that there could be alternate reasons why the door would not open besides the position of the switch. Malfunctions, whether mechanical or electrical, CAN happen and HAVE happened.
They are rare, but he is correctly noting that we're speculating here.
String += String
Im in a 200 level java class. We're just learning inheritance. I could have told you why thats a bad way to do things.
Do people not study what arrays are and why its expensive to continually append to them anymore?
Maybe these folks need to go back to basics.
And you've provided no evidence or analysis why you're supposed mitigations are an insurmountable defense; at best they're only a stop-gap.
In THEORY breaking most encryption is just guessing the right 2048-bit code. At best, increasing the length from 1024 to 2048 is just a stopgap.
In reality, some attacks are so esoteric and hard to pull off (famous example: hard drive magnetic domain remnant detection) that they are not a real-world threat. MAYBE they could adapt this, but it already requires
A) a machine connected to the internet that is compromised (!)
B) an AIR-GAPPED, high-security machine directly adjacent to it (!!!)
C) That that air-gapped machine be compromised as well (!!!!!)
D) Sensors in both machines sensitive enough to detect incredibly minor fluctuations in temperature (given that a steady stream of air will be flowing through)
The proper security procedure is to analyze the chance of the risk, the annualized loss expectancy, etc, and then come up with mitigations. Ok, let me give this a shot.
1) DONT GET YOUR AIRGAPPED MACHINE INFECTED
2) probably dont stick it directly adjacent to non-airgapped machines
Neither does soapboxing on slashdot.
Tl; DR:
They used python and java. Sort of hard to develop a meaningful thesis on general programming when you're that far up the abstraction stack. Who knows, maybe python and Java suck at memory management (GASP).
Your existing m.2 SSD is on a slot with 1GB (8gb) of bandwidth. I really dont think you're going to be maxing that out with any non-enterprise SSD, so you're probably OK-- and even if you somehow did, I seriously doubt you would notice.
So I fail to care about which term is used, it is a security breach and one of the worst kind
Except it will only work in the most esoteric scenarios with laboratory conditions, sure. 2 PCs, with side-vent cooling and no cold aisle, and a distance of 15 inches?
Somehow I dont think this will threaten air-gapped secure networks. Those are going to have steady cold air coming in the front, and exhausting out the back; if theyre dumping significant heat through the side of the cases you're doing it wrong.
Showing a static page involves rendering what amounts to a specialized form of code. Even browsers without javascript like Lynx have code execution CVEs-- and thats a browser that isnt even being fuzzed that hard.
Its not NIX enough, according to the posts I've read, it doesnt count.
I love seeing history repeat itself.
Years ago, it was OSX that was impenetrable. "Find us an active exploit or virus", they said, "and dont give us any of that market share nonsense". All the while the clues were there, with OSX getting exploited in seconds at Pwn2Own when actual cash and computer swag was on the line.
Here again, we have an OS with a minute market share boasting about its impenetrability and lack of exploits. I might propose that a great deal of the lack of exploits is the lack of any real incentive to go after such a tiny group of OSes which are invariably set up by fairly skilled IT persons.
Develop a BSD distro with a desktop environment and a modern web browser, and set it out for a million end users to use with a $50k cash prize for the first exploit, and you'll be paying out in a day, tops.
The amount of arrogance in some of these "My *Nix is best" threads is staggering. There is NOT code out there that is significantly more complex than Hello World that is bug free.
Your post displays an astonishing level of both confidence and ignorance. Find me a piece of software half as complex as a browser (which has the unenviable task of running arbitrary code from untrusted sources in a secure manner) that doesnt have any CVEs and I'd happily retract my statement.