Nope. Even when I get a headache and associated monocular diplopia, I still prefer my terminals (all light-on-dark) to websites (these days, practically all dark on light). I get the diplopia on light backgrounds as well, and the overall brightness makes my headache worse.
Is there a reputable and updated list posted anywhere?
Not that I have found. That would be too much work for not enough online ad exposures.
Right now the only IoT type devices I have connected are a Buffalo router (DD-WRT out of the box)
Not sure if Buffalo is good about not putting in backdoors. Check that busybox is over v1.20.0. If not see if you can upgrade (maybe to OpenWRT), or set "domain" and "hostname" to hardcoded values before they get used in udhcpc/default.script or whatever script udhcpc first runs... though that may be a bit paranoid if your ISP is good about not letting users see each other's DHCP traffic. (There are a couple other options also affected, but they are likely not used by DD-WRT)
No clue on the Ooma.
Perhaps we could add features to DD-WRT and similar that look at our usage patterns, and notify us when it sees a usage pattern that just seems odd.
That's harder than it sounds... usage patterns depend a lot on server side code that can change anytime the vendor pleases, and cloud services are always moving around these days.
Could there be no way for consumers of IoT to secure their own devices
If they cannot be arsed to change the default passwords, thinking they'd bother with running such an app is fantasy. And that's how these botnets spread
Many of these articles seem to implicate a "bug in busybox" or "bug in telnet", but they do not describe any activity consistent with exploiting CVE-2011-2716. At most the articles might suggest elevation of privileges after getting in via a default password, perhaps via CVE-2013-1813, but probably just due to busybox not originally having been intended as a multiuser runmode so such holes are more likely to be present there.
The "bug" seems to be just journalists not understanding that a default password is not the same thing as a software bug, nor is the language or platform/OS on which malware is targeted at fault for running a program written for it.
Anyway, since vendors seem to only find it economically viable to make these should-be-local devices totally reliant on overcomplicated cloud services, or even just like to leave hardcoded test accounts on them, and many of the devices contain closed SoC/peripherals so there's no equivalent of OpenWRT for them, even enthusiasts cannot really secure them easily enough to maintain any enthusiasm for the product. They'll end up cutting the feet of some shoeless child in a 3rd world landfill as soon as their manufacturer goes bankrupt or abandons the product line.
Incidentally if you have an old busybox where and you can alter the udhpc default script and prevent the use of DHCP-acquired hostname/domainname etc, that might be worth the effort if you cannot just reasonably upgrade it.
No, a scientific approach would realize that it's necessary to throw random genomes at a problem in perpetuity or you'll stagnate at a local minima... and that investing in such a program is only helpful in that it generates data to be analyzed decades down the road when in-place gene editing has reached an adequate level of safety.
A lot of people are pushing the story that she was ignoring any arguments for the pipeline and soliciting opinions to build a case against the pipeline
She's covering the protests and the treatment thereof by authorities (and those who are using force against them perhaps without the authority to do so.) The protests are her story, not the entire issue.
Yes, her coverage has been biased in that she's only interviewed the protesters, but at the same time, if you are covering a fire, you don't have any obligation to seek out people who thought the building in question was ugly and we're better off with it gone (unless there is a reason to suspect they were involved.) You just cover the actual fire -- when the firetrucks pulled up, how much of it is under control, and were there any people in the building.
I'm just enjoying watching everyone who says "There's no real evidence it was Russia" do an about face on WikiLeaks's ability to determine it was a "state actor".
I was kinda torn when all this sex stuff started coming out. I stopped even considering voting for Trump before the campaign even started, when he was jumping around cable stations with the birther nonsense, but even had he not exposed himself as a huckster that way, I would have disqualified him when the Trump University story surfaced... and never looked back because nothing they've dug up on Clinton is more than just run of the mill political favoritism which we've survived as a nation for practically all of our history. But then the hits just kept on coming against Trump -- the anti-intellectualism, the continued appeal to the worst parts of his supporter's nature, the charity frauds, the compulsive blatant lying, the compete lack of experience or understanding.... on and on and on with reasons not to vote for this farce.
But since I'd figure Trump University should have kept him from even being nominated by the Republicans, much less polling well in the general, one part of me wanted to say "Really, you were all set to vote for a guy who ran con schemes to steal money from rank and file regular people until some sex stuff came up? That's what it took?" (And incidentally if were really as rich as he says, then the only reason he'd even have done Trump University is out of some perverse P.T. Barnum source of sadistic amusement... take your pick he's either lying about his money, or an economic psychopath.)
But on the other hand the degree of offense evident in the sex material and the overall tone of that campaign towards women is so atrocious the other part of me is like, well, on balance it may be one of the biggest, steamiest turds, on the pile. So even though it took the public so friggin long to realize just how awful Trump is, at least they ended up fixating on one of the more compelling reasons.
Yeah I do that at work with mine, but at home, I actually want a -- you know -- laptop.
Spent about 30 minutes googling to see if I could find a usb one that I could just plop over the builtin but nothing really looked like it would be workable.
Look, when you're undergoing seriously a dangerous brain transplant surgery, you can't be picky about the VR environment the medics pop you into, OK? They've got weightier things on their hands than simulating real people, and if some corners have to be cut by making a bunch of bland mannequins who never look up from their cell phones, that's just the breaks. Do you want literature, or do you want your motor cortex competently wired up... your choice.
Heh. I actually reported one of these to the appropriate twowebsites earlier this week, and when I read the headline I was like "well, that was fast":-). Then I found another on my voicemail. So... apparently not the same ones. Well, maybe they are clearing the foreign competition away to allow domestic conmen to prosper under an anticipated Trump administration.
I still have yet to run across any materials that actually explain what benefits dbus supposedly offers over proper POSIX IPC. Not that I've gone looking very hard.
Older jacks may be terminated with too much untwisted wire at the end and the traces to the pins might not be as crosstalk-free as they could. YMMV.
For 1G the answer has always been only change the jack out if there are problems with the connection, because usually it's not needed. For this, who knows?
But even though connectors "rated" for higher speeds are a bit on the pricey side, this cost pales in comparision to runnng new cable... that's a lot more manpower.
The main drive for this is terminating wifi APs. Sometimes those connections are male on the AP side, depending on your local installer's druthers. (mostly we do jacks there too, but if we needed to eek a bit more performance out we could go male in most spots.) The male side is much less likely to have such issues.
It actually can have quite profound effects. Take, for example, the ARM "only execute this instruction if this CPU bit is set nevertheless go to the next" feature. That allows you to carry boolean states down a whole list of instructions and pick and choose which ones run. Writing that same thing with jumps is quite more tedious. (Not to say ARM is necessarily a great instruction set.) Differences like that make two hand-coded ASM programs that do the same thing on different CPU families massively different on the whole, because the coder adapts to use the more convenient constructs and those constructs build off each other.
It also make compiler guts the sausage factory of computing, notwithstanding game code.
Slashdot Mirror
Wouldn't a browser setting to override the page attributes be sufficient?
Try it. On Firefox its preferences/content/colors. It does not work out well.
It's just a physical manifestation of Apple's driving philosophy: users should have no power, and no means of escape.
Nope. Even when I get a headache and associated monocular diplopia, I still prefer my terminals (all light-on-dark) to websites (these days, practically all dark on light). I get the diplopia on light backgrounds as well, and the overall brightness makes my headache worse.
And lets not go into websites with white-on black for extra afterimage after you try to read them (eg. hackaday).
Am I the only one who actually finds light text on darker background easier to read?
I just wish webdevs would let the users decide, at least for primart text content, through browser settings instead of hardcoding everything.
Is there a reputable and updated list posted anywhere?
Not that I have found. That would be too much work for not enough online ad exposures.
Right now the only IoT type devices I have connected are a Buffalo router (DD-WRT out of the box)
Not sure if Buffalo is good about not putting in backdoors. Check that busybox is over v1.20.0. If not see if you can upgrade (maybe to OpenWRT), or set "domain" and "hostname" to hardcoded values before they get used in udhcpc/default.script or whatever script udhcpc first runs... though that may be a bit paranoid if your ISP is good about not letting users see each other's DHCP traffic. (There are a couple other options also affected, but they are likely not used by DD-WRT)
No clue on the Ooma.
Perhaps we could add features to DD-WRT and similar that look at our usage patterns, and notify us when it sees a usage pattern that just seems odd.
That's harder than it sounds... usage patterns depend a lot on server side code that can change anytime the vendor pleases, and cloud services are always moving around these days.
Could there be no way for consumers of IoT to secure their own devices
If they cannot be arsed to change the default passwords, thinking they'd bother with running such an app is fantasy. And that's how these botnets spread
Many of these articles seem to implicate a "bug in busybox" or "bug in telnet", but they do not describe any activity consistent with exploiting CVE-2011-2716. At most the articles might suggest elevation of privileges after getting in via a default password, perhaps via CVE-2013-1813, but probably just due to busybox not originally having been intended as a multiuser runmode so such holes are more likely to be present there.
The "bug" seems to be just journalists not understanding that a default password is not the same thing as a software bug, nor is the language or platform/OS on which malware is targeted at fault for running a program written for it.
Anyway, since vendors seem to only find it economically viable to make these should-be-local devices totally reliant on overcomplicated cloud services, or even just like to leave hardcoded test accounts on them, and many of the devices contain closed SoC/peripherals so there's no equivalent of OpenWRT for them, even enthusiasts cannot really secure them easily enough to maintain any enthusiasm for the product. They'll end up cutting the feet of some shoeless child in a 3rd world landfill as soon as their manufacturer goes bankrupt or abandons the product line.
Incidentally if you have an old busybox where and you can alter the udhpc default script and prevent the use of DHCP-acquired hostname/domainname etc, that might be worth the effort if you cannot just reasonably upgrade it.
No, a scientific approach would realize that it's necessary to throw random genomes at a problem in perpetuity or you'll stagnate at a local minima... and that investing in such a program is only helpful in that it generates data to be analyzed decades down the road when in-place gene editing has reached an adequate level of safety.
A lot of people are pushing the story that she was ignoring any arguments for the pipeline and soliciting opinions to build a case against the pipeline
She's covering the protests and the treatment thereof by authorities (and those who are using force against them perhaps without the authority to do so.) The protests are her story, not the entire issue.
Yes, her coverage has been biased in that she's only interviewed the protesters, but at the same time, if you are covering a fire, you don't have any obligation to seek out people who thought the building in question was ugly and we're better off with it gone (unless there is a reason to suspect they were involved.) You just cover the actual fire -- when the firetrucks pulled up, how much of it is under control, and were there any people in the building.
I'm just enjoying watching everyone who says "There's no real evidence it was Russia" do an about face on WikiLeaks's ability to determine it was a "state actor".
I was kinda torn when all this sex stuff started coming out. I stopped even considering voting for Trump before the campaign even started, when he was jumping around cable stations with the birther nonsense, but even had he not exposed himself as a huckster that way, I would have disqualified him when the Trump University story surfaced... and never looked back because nothing they've dug up on Clinton is more than just run of the mill political favoritism which we've survived as a nation for practically all of our history. But then the hits just kept on coming against Trump -- the anti-intellectualism, the continued appeal to the worst parts of his supporter's nature, the charity frauds, the compulsive blatant lying, the compete lack of experience or understanding.... on and on and on with reasons not to vote for this farce.
But since I'd figure Trump University should have kept him from even being nominated by the Republicans, much less polling well in the general, one part of me wanted to say "Really, you were all set to vote for a guy who ran con schemes to steal money from rank and file regular people until some sex stuff came up? That's what it took?" (And incidentally if were really as rich as he says, then the only reason he'd even have done Trump University is out of some perverse P.T. Barnum source of sadistic amusement... take your pick he's either lying about his money, or an economic psychopath.)
But on the other hand the degree of offense evident in the sex material and the overall tone of that campaign towards women is so atrocious the other part of me is like, well, on balance it may be one of the biggest, steamiest turds, on the pile. So even though it took the public so friggin long to realize just how awful Trump is, at least they ended up fixating on one of the more compelling reasons.
Yeah I do that at work with mine, but at home, I actually want a -- you know -- laptop.
Spent about 30 minutes googling to see if I could find a usb one that I could just plop over the builtin but nothing really looked like it would be workable.
Yeah I pretty much turn off every one of these damn features.
What laptop manufacturers really need to do is invest in precision keyboards that work as well as they used to 10 years ago, or better.
A browser "open in tab as mobile device" option seems more inevitable each passing year, sadly.
P.S. And, it's not our fault you signed up for the cheapest possible insurance plan.
Look, when you're undergoing seriously a dangerous brain transplant surgery, you can't be picky about the VR environment the medics pop you into, OK? They've got weightier things on their hands than simulating real people, and if some corners have to be cut by making a bunch of bland mannequins who never look up from their cell phones, that's just the breaks. Do you want literature, or do you want your motor cortex competently wired up... your choice.
Heh. I actually reported one of these to the appropriate two websites earlier this week, and when I read the headline I was like "well, that was fast" :-). Then I found another on my voicemail. So... apparently not the same ones. Well, maybe they are clearing the foreign competition away to allow domestic conmen to prosper under an anticipated Trump administration.
Why do they call this wireless, for that matter... it's not even a good word for marketing anymore. Maybe something catchy like "MeatWire"?
This doesn't tell me anything I didn't know, and has one unsubstantiated claim that normal IPC is "inefficient and quite unreliable".
Pointers to a case study where someone who actually knows how to use POSIX IPC runs the numbers would be appreciated.
I still have yet to run across any materials that actually explain what benefits dbus supposedly offers over proper POSIX IPC. Not that I've gone looking very hard.
He deserved it.
Online users brush aside weightist comment, just happy to be noticed.
Sorry. Couldn't resist.
Older jacks may be terminated with too much untwisted wire at the end and the traces to the pins might not be as crosstalk-free as they could. YMMV.
For 1G the answer has always been only change the jack out if there are problems with the connection, because usually it's not needed. For this, who knows?
But even though connectors "rated" for higher speeds are a bit on the pricey side, this cost pales in comparision to runnng new cable... that's a lot more manpower.
The main drive for this is terminating wifi APs. Sometimes those connections are male on the AP side, depending on your local installer's druthers. (mostly we do jacks there too, but if we needed to eek a bit more performance out we could go male in most spots.) The male side is much less likely to have such issues.
Bah! Real geeks write in microcode :-)
It actually can have quite profound effects. Take, for example, the ARM "only execute this instruction if this CPU bit is set nevertheless go to the next" feature. That allows you to carry boolean states down a whole list of instructions and pick and choose which ones run. Writing that same thing with jumps is quite more tedious. (Not to say ARM is necessarily a great instruction set.) Differences like that make two hand-coded ASM programs that do the same thing on different CPU families massively different on the whole, because the coder adapts to use the more convenient constructs and those constructs build off each other.
It also make compiler guts the sausage factory of computing, notwithstanding game code.