This is advanced stupid. It takes a whole lot of bad decisions and a high-grade lack of skill to manage a remote exploit via a password field.
I'm gonna go out on a limb and say that, in lieu of hashing and salting the password, and/or using one of the many freely available tools to sanitize inputs, it drops the password field directly into a database query of SELECT * FROM PWNED WHERE PASSWORD = x. Because IoT means cheap crap developed by the cheapest programmers. Hell, even doing a plain text comparison of if (passwordInput == passwordStoredInPlainText) would have been more secure!
In related news, I will never install an IoT device into my house that I didn't design and program myself.
Everyone's here talking about how censorship is wrong etc. etc., but I'm more interested in why this is news at all.
I mean, Yahoo using an abuse-detection isn't news, since they had an older one in place that the new system is beating.
So then the news is that they set up a better machine learning algorithm with better training data, and the results were better? Color me shocked.
11 vs 48? More like 48 vs 48, IMO. Hillary Clinton is completely, utterly corrupt. Her government experience is therefore a bad thing, because it allows that corruption to inflict more damage. Enough damage that I'm not entirely convinced that a Trump presidency would be worse.
Honestly, it's like choosing between dying of stomach cancer or skin cancer. And each time you say you're voting for not getting cancer, the stomach cancer people yell at you for "handing victory to skin cancer".
I disagree with the notion that automation will take over everything. Especially in the realm of fast food, because it's been tried before. Has anyone had a meal at an automat lately? Not since the 1970s, you say? Yeah, that's what I thought.
Most of the younger people in the Brexit referendum had voted "Remain" while the older 60+ voters were predominantly "Leave". So you Canadians might want to watch out: never underestimate the power of a cranky voting bloc with plenty of free time.
Ahem... let's continue that hypothetical conversation a bit further.
"We delivered x votes to put you over the top, you owe us, here's what we want you to sup-"
"No."
"But-"
"No."
"We-"
"No."
It's unlikely. Big, powerful, nearly-unaccountable organizations like the NSA would prefer someone a little more... politically entrenched. Trump, unlike a career politician, would actually be capable of saying "fuck these three-letter agencies, tear them all down". Don't take that as me saying he actually would, but he's capable of doing it, and the NSA knows it.
... I can't believe I just said something positive about Trump. Ugh. Our political climate is a fecal monsoon.
I know SpaceX rockets are much more interesting, but Elon Musk really needs to pay more attention to Tesla. A disgusting NDA attempt like this never originates from engineers; it could only have come from corporate businessweasels that have infiltrated his engineering company.
I'm sure Visual Studio works quite well for you. But, to counter one anecdote with another, I found Visual Studio to be lackluster and irritating in a thousand little ways, and its marginally-better code completion isn't enough to make me prefer it over either Eclipse or QT Creator.
As for a 64-bit Visual Studio, my guess is that the code problems of porting to 64-bit are dwarfed by the bureaucratic maze involved in releasing a new edition of a product.
You have no idea what those terms actually mean, do you? You just heard them used in negative contexts and know people don't like being called them and, without any further research, decided to apply them to everything you don't like.
The businesspeople complaining about this forced intrusion on their workflows are neither hipsters, nor are they SJWs.
Can you imagine if this attitude was taken by any other company?
"Keurig agents have been sneaking into people's houses and replacing their Keurig coffeemakers with the new, fancy Keurig 10.0. However, the Keurig 10.0 is incompatible with all old 3rd party k-cups. To avoid being 'upgraded', you should leave a sign saying 'do not steal and replace' by your coffeemaker, but the Keurig agents will remove the sign sometimes so you need to make sure to keep replacing the sign if it disappears overnight. Reports have also surfaced of the Keurig agents occasionally ignoring the sign altogether, so some people recommend having someone in the house stay awake by the Keurig at all times to decline the upgrade."
"Tesla owners are facing a forced upgrade to the Tesla Model FU, which now runs on diesel. Tesla officials say that, to decline the upgrade, simply park your car facing towards Redmond when the upgrade agents come by to check. The upgrade agents can come by to check at any time, including when you're in the middle of driving."
I could go on, but do you get my point? People should not be required to be actively vigilant about keeping their equipment from suddenly having massive (and potentially ruinous) changes forced on them.
"David hired an Accounting and Financial Consulting firm to assist in the management of Peachy Printer's finances."
And I'll bet that David just so happens to be the sole employee of said consulting firm.
Hah, one of the URLs is "choice.microsoft.com". That's a lovely bit of doublethink from the people trying to force their software down everyone's throat.
No comment on points 2-4, but concerning your first point:
It's true that nobody out-and-out forces young people to take on huge debt, but let's look at their surroundings. Everyone is telling them that a college education is mandatory now if they want to get a good job. All of their peers are taking on student loans, as did all the adults around them that went to college. Their entire environment is screaming "you must take on loans to go to college, and if you don't go to college you will die penniless in a gutter". It isn't fair to hold it against them when they do what every authority figure they know is telling them to do.
I think a possible answer to student debt is to (somehow) put more emphasis on trade schools. Many people going to college right now don't really know why they're there, and just pick the easiest classes and majors to coast through. That takes up slots that could be filled by more driven students, and that allows the colleges to continue raising prices. Find a way to funnel the unmotivated away from college and into learning a trade they find interesting, instead, and we'd get better results all around: more skilled workers with less debt weighing them down.
Funny you should mention the desktop. My Windows 10 installation (oh how I regret "upgrading") woke up from sleep this morning with all my carefully-arranged icons crammed into the top-left corner. In other words, Microsoft has been in the business of displaying icons on desktops for over 20 years, and yet it is still utterly incompetent at it
The annoying part isn't that Microsoft would try to advertise on your own lock screen. No, the moment we heard that Windows 10 was announced as a free upgrade, we all knew they'd eventually stoop to this level. The annoying part is how they refer to it in their settings.
"Get fun facts, tips, tricks, and more"!? Go piss up a rope, you insincere, weasel-mouthed, marketing stooges. You've already hidden the option to turn the ads off behind a labyrinth of menus, you could at least give us the courtesy of not bullshitting us any further than that.
Never attribute to malice etc etc, but this isn't the first time Microsoft has pulled this sort of crap, and the fact that they still haven't put safeguards in place to prevent these "bugs" is telling.
The last two motherboards I've bought boasted twin BIOS chips, such that if the active BIOS was corrupted a quick jumper connection would copy the read-only contents of the backup chip to the active chip, providing an easy out from a possibly bricked computer. Sounds to me like the affected motherboards didn't offer a similar feature for EFI, and were very cavalier about how they stored their system-critical data, so we should file this bug under "lazy/negligent mobo manufacturer".
That said, the kernel should be a bit more careful when applying "rm -rf" to EFI vars. When I decide to send my current setup to oblivion, I'd prefer it not take my hardware along for the ride.
It is still a very useful tool, though. As the GP pointed out, it allows for more effective use of computing resources by knowing in advance which passwords can and can not be feasibly cracked, and applying brute force attacks at only the crackable ones.
Slashdot Mirror
This is advanced stupid. It takes a whole lot of bad decisions and a high-grade lack of skill to manage a remote exploit via a password field.
I'm gonna go out on a limb and say that, in lieu of hashing and salting the password, and/or using one of the many freely available tools to sanitize inputs, it drops the password field directly into a database query of SELECT * FROM PWNED WHERE PASSWORD = x. Because IoT means cheap crap developed by the cheapest programmers. Hell, even doing a plain text comparison of if (passwordInput == passwordStoredInPlainText) would have been more secure!
In related news, I will never install an IoT device into my house that I didn't design and program myself.
Everyone's here talking about how censorship is wrong etc. etc., but I'm more interested in why this is news at all.
I mean, Yahoo using an abuse-detection isn't news, since they had an older one in place that the new system is beating.
So then the news is that they set up a better machine learning algorithm with better training data, and the results were better? Color me shocked.
11 vs 48? More like 48 vs 48, IMO. Hillary Clinton is completely, utterly corrupt. Her government experience is therefore a bad thing, because it allows that corruption to inflict more damage. Enough damage that I'm not entirely convinced that a Trump presidency would be worse.
Honestly, it's like choosing between dying of stomach cancer or skin cancer. And each time you say you're voting for not getting cancer, the stomach cancer people yell at you for "handing victory to skin cancer".
I disagree with the notion that automation will take over everything. Especially in the realm of fast food, because it's been tried before. Has anyone had a meal at an automat lately? Not since the 1970s, you say? Yeah, that's what I thought.
An easy-to-find security hole is still a security hole.
From the context, it's supposed to be read as "it's not a bad business model for the companies doing it", what with the mention of revenue streams.
Most of the younger people in the Brexit referendum had voted "Remain" while the older 60+ voters were predominantly "Leave". So you Canadians might want to watch out: never underestimate the power of a cranky voting bloc with plenty of free time.
Ahem... let's continue that hypothetical conversation a bit further.
"We delivered x votes to put you over the top, you owe us, here's what we want you to sup-"
"No."
"But-"
"No."
"We-"
"No."
It's unlikely. Big, powerful, nearly-unaccountable organizations like the NSA would prefer someone a little more... politically entrenched. Trump, unlike a career politician, would actually be capable of saying "fuck these three-letter agencies, tear them all down". Don't take that as me saying he actually would, but he's capable of doing it, and the NSA knows it.
... I can't believe I just said something positive about Trump. Ugh. Our political climate is a fecal monsoon.
I know SpaceX rockets are much more interesting, but Elon Musk really needs to pay more attention to Tesla. A disgusting NDA attempt like this never originates from engineers; it could only have come from corporate businessweasels that have infiltrated his engineering company.
I'm sure Visual Studio works quite well for you. But, to counter one anecdote with another, I found Visual Studio to be lackluster and irritating in a thousand little ways, and its marginally-better code completion isn't enough to make me prefer it over either Eclipse or QT Creator.
As for a 64-bit Visual Studio, my guess is that the code problems of porting to 64-bit are dwarfed by the bureaucratic maze involved in releasing a new edition of a product.
Also, while the situation is slowly getting better, there's still far more commercial software that supports Mac than supports Linux.
"hipster"
"SJW"
You have no idea what those terms actually mean, do you? You just heard them used in negative contexts and know people don't like being called them and, without any further research, decided to apply them to everything you don't like.
The businesspeople complaining about this forced intrusion on their workflows are neither hipsters, nor are they SJWs.
Can you imagine if this attitude was taken by any other company?
"Keurig agents have been sneaking into people's houses and replacing their Keurig coffeemakers with the new, fancy Keurig 10.0. However, the Keurig 10.0 is incompatible with all old 3rd party k-cups. To avoid being 'upgraded', you should leave a sign saying 'do not steal and replace' by your coffeemaker, but the Keurig agents will remove the sign sometimes so you need to make sure to keep replacing the sign if it disappears overnight. Reports have also surfaced of the Keurig agents occasionally ignoring the sign altogether, so some people recommend having someone in the house stay awake by the Keurig at all times to decline the upgrade."
"Tesla owners are facing a forced upgrade to the Tesla Model FU, which now runs on diesel. Tesla officials say that, to decline the upgrade, simply park your car facing towards Redmond when the upgrade agents come by to check. The upgrade agents can come by to check at any time, including when you're in the middle of driving."
I could go on, but do you get my point? People should not be required to be actively vigilant about keeping their equipment from suddenly having massive (and potentially ruinous) changes forced on them.
"David hired an Accounting and Financial Consulting firm to assist in the management of Peachy Printer's finances."
And I'll bet that David just so happens to be the sole employee of said consulting firm.
Woah, there. Don't mock a person for asking a question and trying to educate themselves, even if you think they should already know the answer.
Hah, one of the URLs is "choice.microsoft.com". That's a lovely bit of doublethink from the people trying to force their software down everyone's throat.
"Hey, there's still not enough people signing up for YouTube Red"
"OK, hit the button marked 'Make Regular YouTube Slightly Shittier' once or twice"
No comment on points 2-4, but concerning your first point:
It's true that nobody out-and-out forces young people to take on huge debt, but let's look at their surroundings. Everyone is telling them that a college education is mandatory now if they want to get a good job. All of their peers are taking on student loans, as did all the adults around them that went to college. Their entire environment is screaming "you must take on loans to go to college, and if you don't go to college you will die penniless in a gutter". It isn't fair to hold it against them when they do what every authority figure they know is telling them to do.
I think a possible answer to student debt is to (somehow) put more emphasis on trade schools. Many people going to college right now don't really know why they're there, and just pick the easiest classes and majors to coast through. That takes up slots that could be filled by more driven students, and that allows the colleges to continue raising prices. Find a way to funnel the unmotivated away from college and into learning a trade they find interesting, instead, and we'd get better results all around: more skilled workers with less debt weighing them down.
I doubt it, because both developers I know who own Macbooks have installed Linux on them.
Funny you should mention the desktop. My Windows 10 installation (oh how I regret "upgrading") woke up from sleep this morning with all my carefully-arranged icons crammed into the top-left corner. In other words, Microsoft has been in the business of displaying icons on desktops for over 20 years, and yet it is still utterly incompetent at it
The annoying part isn't that Microsoft would try to advertise on your own lock screen. No, the moment we heard that Windows 10 was announced as a free upgrade, we all knew they'd eventually stoop to this level. The annoying part is how they refer to it in their settings.
"Get fun facts, tips, tricks, and more"!? Go piss up a rope, you insincere, weasel-mouthed, marketing stooges. You've already hidden the option to turn the ads off behind a labyrinth of menus, you could at least give us the courtesy of not bullshitting us any further than that.
Never attribute to malice etc etc, but this isn't the first time Microsoft has pulled this sort of crap, and the fact that they still haven't put safeguards in place to prevent these "bugs" is telling.
The last two motherboards I've bought boasted twin BIOS chips, such that if the active BIOS was corrupted a quick jumper connection would copy the read-only contents of the backup chip to the active chip, providing an easy out from a possibly bricked computer. Sounds to me like the affected motherboards didn't offer a similar feature for EFI, and were very cavalier about how they stored their system-critical data, so we should file this bug under "lazy/negligent mobo manufacturer".
That said, the kernel should be a bit more careful when applying "rm -rf" to EFI vars. When I decide to send my current setup to oblivion, I'd prefer it not take my hardware along for the ride.
It is still a very useful tool, though. As the GP pointed out, it allows for more effective use of computing resources by knowing in advance which passwords can and can not be feasibly cracked, and applying brute force attacks at only the crackable ones.