Yeah, windowmaker is an option. However, the rest of NExTSTEP isn't there yet. I'm keeping an eye on Etoile` and have been for ages, but development is slow.
I really think it is in Free software's interests to hop on the GNUStep bandwagon to get some level of cross-platform compatibility with the development frameworks and techniques used in iOS and OS X.
But, day job commitments preclude me taking much more than a casual interest these days...
Or, a mirror site. Which is not as uncommon as we'd like. Furthermore, without any red flags from say, invalid digital certs, detecting this would require some sort of checksum validation - which if the signature worked would be entirely un-necessary, and is the entire point of using a digital certificate.
This is a major, major flaw - essentially the entire point using of digital signatures on android has been invalidated, unless your device has had this flaw patched.
So you mean end users should check the digital signature to ensure that it is trustworthy? Or that the site they are retrieving from hasn't been hacked and trojaned?
I might add that I've run pretty much all of the major DEs or Window managers out there at some point since 1995. At the end of the day it is there to manage windows created by your applications, provide file management and an app launcher. How an environment goes about this is all subjective personal taste. I'd prefer something more like NExTSTEP but hey...
I'm probably going to get flamed here, but I've only recently tried unity and don't see what the fuss is about? Sure, network integrated search is a big turn off, but in terms of the UI I don't see any major problems with it? It can open multiple xterms, do drag/drop file management, and has a dock/application launcher. Is it the minor, fairly irrelevant UI semantics? I certainly find Unity less annoying than recent versions of KDE. And I'm sure KDE can do a lot of funky stuff I'm not attempting to use. Fact is, it is not intuitive in the slightest.
I understand performance did suck previously, but I've had no problems running it as a VM under OS X in Fusion, and i wasnt exactly liberal with resources.
You mean like back when I had to manually configure modelines for my X11 configuration, and if I fucked it up my display manager would cycle through an endless loop of crash, start and take over console, crash, making console use impossible and requiring either a hard reboot into single user mode or remote SSH access to fix my machine? Like the good old days of having to write a PPP chat script by hand? No thanks. Been there, endured that, have better things to do with my time.
At the end of the day.... unless you use your computer in an isolated environment with no network - you are being monitored, logged, spied on, etc. Whichever OS you use. So whilst switching to Linux or FreeBSD or whatever may help - the network is still user hostile now.
Performance can be impacted by "safe" programming, but these days mostly it's just laziness or incompetence (along with perhaps using the wrong tool for the job). And I say that without intending disrespect. It's human nature to try and do the bare minimum in terms of boring drudge work. Security is boring and hard.
Because memory management in a muli-tasking, multi-threaded operating system and associated support libraries is hard, and end users are not willing to pay for the additional development time. Free software writers are mostly not willing to spend the development time on the boring security stuff either (the OpenBSD team being a notable exception, and even they are only human).
It's simply human nature to solve a problem (i.e., get an application or OS to "work") and then move onto the next problem. Very few people are willing to spend a heap of time attempt to break their own software, and every programmer believes he writes better code than he probably does.
There are more vulnerabilities discovered now than in previous decades simply because the software is a lot more complex and programmers, and programming techniques have not caught up.
Making a "safe" compiler is, in theory quite possible, however you won't get the power required to write a full operating system, and the platform your runtime is running on will still, at some point need to be written in a low level language (with all of the potential programming pitfalls that entails). I.e., even if YOUR program is secure, the platform may well still have issues.
Cheap, shiny, secure. Pick 2. OK, maybe 1 and 1/2.
... patch tuesday is news now? If this was an out-of-band, critical update then maybe this would be newsworthy. What next? News items for every time Adobe release a flash security update?
The fact that the western world earns so much more in terms of purchasing power than the third world is a massive problem. It's not just them undercutting us. We are simply paid way too fucking much. Go work/live in africa for a while and see just how poorly the locals over there get paid for doing a hard day's work just like you or I would do. What entitles us westerners to earn so much for much less risk, better working conditions, etc?
Writing the code before the spec (i.e., what you are intending to have the code do) means that whatever buggy-ass shit the coder writes as his version 0.1 ends up being the "spec". Which means that when the bugs are fixed (if they are ever fixed, as they're part of the spec now!), it breaks the spec.
A specification shows intent. Code shows whatever random joe coder interpreted as how he thinks the spec should work. No spec means that the design hasn't been formalised and thus, there is no testing possible to validate that it is correct and complies with the standard. It is a fact of life that coders write bugs.
Relying on an initial version of a bit of code to hold up as your "spec" is only going to end in tears eventually.
Slashdot Mirror
Seriously? MS is as bad as anyone if not worse, as they are commercially motivated and security isn't "sexy". Try again, asshat.
Yeah, windowmaker is an option. However, the rest of NExTSTEP isn't there yet. I'm keeping an eye on Etoile` and have been for ages, but development is slow.
I really think it is in Free software's interests to hop on the GNUStep bandwagon to get some level of cross-platform compatibility with the development frameworks and techniques used in iOS and OS X.
But, day job commitments preclude me taking much more than a casual interest these days...
I see what you did they're.
Not really
Exactly. People who aren't seeing this as being a major, major problem just aren't thinking maliciously enough.
Performance. HTTP can be cached easily, and doesn't require processing overhead for the encryption. HTTPS not so much.
Or, a mirror site. Which is not as uncommon as we'd like. Furthermore, without any red flags from say, invalid digital certs, detecting this would require some sort of checksum validation - which if the signature worked would be entirely un-necessary, and is the entire point of using a digital certificate.
This is a major, major flaw - essentially the entire point using of digital signatures on android has been invalidated, unless your device has had this flaw patched.
So you mean end users should check the digital signature to ensure that it is trustworthy? Or that the site they are retrieving from hasn't been hacked and trojaned?
Oh, wait...
I might add that I've run pretty much all of the major DEs or Window managers out there at some point since 1995. At the end of the day it is there to manage windows created by your applications, provide file management and an app launcher. How an environment goes about this is all subjective personal taste. I'd prefer something more like NExTSTEP but hey...
I'm probably going to get flamed here, but I've only recently tried unity and don't see what the fuss is about? Sure, network integrated search is a big turn off, but in terms of the UI I don't see any major problems with it? It can open multiple xterms, do drag/drop file management, and has a dock/application launcher. Is it the minor, fairly irrelevant UI semantics? I certainly find Unity less annoying than recent versions of KDE. And I'm sure KDE can do a lot of funky stuff I'm not attempting to use. Fact is, it is not intuitive in the slightest.
I understand performance did suck previously, but I've had no problems running it as a VM under OS X in Fusion, and i wasnt exactly liberal with resources.
You mean like back when I had to manually configure modelines for my X11 configuration, and if I fucked it up my display manager would cycle through an endless loop of crash, start and take over console, crash, making console use impossible and requiring either a hard reboot into single user mode or remote SSH access to fix my machine? Like the good old days of having to write a PPP chat script by hand? No thanks. Been there, endured that, have better things to do with my time.
At the end of the day.... unless you use your computer in an isolated environment with no network - you are being monitored, logged, spied on, etc. Whichever OS you use. So whilst switching to Linux or FreeBSD or whatever may help - the network is still user hostile now.
Wow, that's so much more user friendly!
Given that I never said the vulnerability was in Linux code, and you don't seem to understand parody, it looks like you're the retard.
Performance can be impacted by "safe" programming, but these days mostly it's just laziness or incompetence (along with perhaps using the wrong tool for the job). And I say that without intending disrespect. It's human nature to try and do the bare minimum in terms of boring drudge work. Security is boring and hard.
Because memory management in a muli-tasking, multi-threaded operating system and associated support libraries is hard, and end users are not willing to pay for the additional development time. Free software writers are mostly not willing to spend the development time on the boring security stuff either (the OpenBSD team being a notable exception, and even they are only human).
It's simply human nature to solve a problem (i.e., get an application or OS to "work") and then move onto the next problem. Very few people are willing to spend a heap of time attempt to break their own software, and every programmer believes he writes better code than he probably does.
There are more vulnerabilities discovered now than in previous decades simply because the software is a lot more complex and programmers, and programming techniques have not caught up.
Making a "safe" compiler is, in theory quite possible, however you won't get the power required to write a full operating system, and the platform your runtime is running on will still, at some point need to be written in a low level language (with all of the potential programming pitfalls that entails). I.e., even if YOUR program is secure, the platform may well still have issues.
Cheap, shiny, secure. Pick 2. OK, maybe 1 and 1/2.
... patch tuesday is news now? If this was an out-of-band, critical update then maybe this would be newsworthy. What next? News items for every time Adobe release a flash security update?
The fact that the western world earns so much more in terms of purchasing power than the third world is a massive problem. It's not just them undercutting us. We are simply paid way too fucking much. Go work/live in africa for a while and see just how poorly the locals over there get paid for doing a hard day's work just like you or I would do. What entitles us westerners to earn so much for much less risk, better working conditions, etc?
By selling goods or services.
So by extension, if you want to remain safe, you need to revert the device back to functionality apple provides with iOS.
Why do i want to run android again?
how dare anyone post anything security related about it. linux is secure, and apple's locking down of the device is evil. etc.
And furthermore.... Windows actually has a relatively stable driver ABI...
Misleading headline is misleading...
Writing the code before the spec (i.e., what you are intending to have the code do) means that whatever buggy-ass shit the coder writes as his version 0.1 ends up being the "spec". Which means that when the bugs are fixed (if they are ever fixed, as they're part of the spec now!), it breaks the spec.
A specification shows intent. Code shows whatever random joe coder interpreted as how he thinks the spec should work. No spec means that the design hasn't been formalised and thus, there is no testing possible to validate that it is correct and complies with the standard. It is a fact of life that coders write bugs.
Relying on an initial version of a bit of code to hold up as your "spec" is only going to end in tears eventually.