The PC will die slowly. You will plug in your tablet on a monitor, mouse and keyboard to do such work. And then some kind of hybrid app from a closed appstore will allow you to do this work. It won't look much different, but come from the same restricted ecosystem from which mobile apps come.
Ah, okay. I mostly avoid server side js and write client side js with as little libraries as possible. And as little script as possible. Let's be honest, devs love javascript, but users hate it. They do not know, they hate it. They just hate bloated websites, not knowing the actual problem.
I know, there are like tens of alternative package managers, trying to fix the mess. I guess each of them has its own flaws, which are of course fixed by the shiny new one created yesterday. It's still not convincing and the problem with thousands of tiny packages remains.
And many "amateur" packages may not guarantee their function either. think of a left-pad, which pads with spaces. Now assume the original author may not wanted to pad it with the correct number of spaces, but pad it to reach a visible lineup. Now he might decide to use tab characters instead of matching spaces for his next release. You used it assuming it will always use a matching number of spaces. now your whole project is broken and you need to debug which package of the hundereds in your project did change the behaviour. A real standard library does not only have all methods matching, such they can be used together without any problems, but further tries to guarantee a well specified behaviour, which will not change between releases. A "that's what i need" package which is incidentlly adopted by many other projects may not intend to give such guarantees. And i do not have the impression, that people select their packages by checking if they give any promises about future compatiblity.
i don't really know angular, but mayit it is such a library? I heard its one of the trendy things nowadays. I am using more traditional frameworks as jquery and vanilla javascript & brain 1.0.
There are a lot of "standard libraries". Decide for one. And then use it. From a single team. Reading their homepage, maybe watching the development, occasionally checking the implementations of things. But ONE BIG LIBRARY, not millions of tiny packages from a lot of different programmers you never heard of.
Ever installed some nodejs stuff? You do "npm install" and watch an endless packagelist being downloaded. No, not to the central installation, but into the project. And they are like modules with 5 lines. See for example the "left-pad" thing. Yes, people include other programmers code for 5 lines of a function which you can create without even thinking about it. And they include such 5 line functions from hundereds of different people in their project. Not only one missing package can break millions of builds (see the left-pad example), but one malicious programmer can infect millions of production systems by issuing an update, which includes one malicious line, which loads some external script he will be able to change on demand. Because who re-reads the code of the modules, if he even read it the first place, when adding it because the name and short description seemed to match the requirements. The node.js ecosystem is fucked up. Working, but still a working mess.
It is downgrading the security. Normally, an attacker would need to steal your key or the receiving end (you and the other person in turns) will get "wrong key, somebody is doing something BAD" warnings.
Whatsapp doesn't do this. Whatsapp displays a message "the remote end has changed its security number[sic!]". But only if you activated it in the settings. Else you get NO HINT AT ALL.
The next point are unsent messages. The report seems to exaggerate there a bit. The problem here: Go offline, type some messages. Go online, they are sent. Before you have the chance to see the "security number changed" message, which may have you prevented from sending the messages.
The problem is there but doesn't happen often, because its likely you see the message soon (if you do not ignore such messages). I did not test it, but it may be, that you get the message only after the next message you sent, even when you're online. Which is another trap, if you really need security for every message.
0.0.0.0 means "use a random* ip of the system". Your should either use 127.0.0.1 (and make sure NOT to run a webserver on your host) or some unroutable ip.
Hey, its not the targeted ads i am afraid of. I have adblock. Its the mass surveilance, they implement to track me to target their ads. So the promise not to target ads with the data is just a straw man. The problem are not the ads, the problem is the data.
I never said "yes" to certain news sites, which informed me, that visiting them was giving my consent to cookies, which were set before i even had the chance to read the message.
Before it will be horrible incompetent, the not so bad proposal will be discussed in several committees, and each one will add stupid stuff to it, until it's useless for its intented purpose, but has a lot of side effects endangering the free web.
Will we get banners "with visiting the site, you accept that everything you do is monitored and stored forever in the archives of google and the NSA"? Or do they actually ask for consent and accept a no?
The point is, he does not have to be helpful to us as uninvolved readers. This is a company thing and maybe a personal thing. This should be managed by the people involved, not by a large crowd reading the mailing list (archives). The trans person did the mistake to take it into the public, not RMS. If the involved people really think there is something discriminatory happening, they should go to court. There are laws for this. But not go to the public, tell their version with some "i do not explain in detail, because of the victim" passages. You see on your posting, that it now seems like the reasonable way would be, to post the other side as well. But this will not help the victim (i just stick with this pov atm), as they would need to release more information against her/him. And probably information, which could really damage an career, because it does not seem like they fired her/him, because they need to reduce jobs, but because of some internal problems with her/him. Do you really want your ex-employee to elaborate about such problems in the public? I would even suspect, that such a statement then could be a big reason to got to court for haressment. You just do not publish something for everybody.
i recommend reading the mailing list thread. Especially the statements from stallman are very calm and peaceful. I would have thought he would be more angry and linus torvalds would have smashed her for what she did on the ML. Stallman seems to be great at diplomacy.
Stallman stated, that there was absolutely no reason concerning the gender/sexuality/sex/whatever but some internal reason he doesn't want to disclose to protect the innocent. There is a thread on the mailinglist. It's hard to say without knowing the internals, but it looks a bit like someone was fired for $reasons and then tried to reframe it as discrimination.
They can do whatever they want... the question is, if they want to attract serious security experts. They won't with this offer. And the hobbyists are tempted to sell the 0-day for more than the "to be created" product wins. Without creating a product, just by collecting the issues.
Thinking of a solution, you need to buy a lot Internet-of-Crap stuff, to test your solution and to dissect it to be able to find i.e. hardcoded passwords. This alone will cost you more than 25.000 if you're serious about it in a way, which will win you the 25.000. The only option would be hoping, that you sell your device often enough, that you will make money from that. But you will realize, that nobody cares about his toaster being part of a dDoS attack.
Slashdot Mirror
The PC will die slowly. You will plug in your tablet on a monitor, mouse and keyboard to do such work. And then some kind of hybrid app from a closed appstore will allow you to do this work. It won't look much different, but come from the same restricted ecosystem from which mobile apps come.
Ah, okay.
I mostly avoid server side js and write client side js with as little libraries as possible. And as little script as possible. Let's be honest, devs love javascript, but users hate it. They do not know, they hate it. They just hate bloated websites, not knowing the actual problem.
I know, there are like tens of alternative package managers, trying to fix the mess. I guess each of them has its own flaws, which are of course fixed by the shiny new one created yesterday. It's still not convincing and the problem with thousands of tiny packages remains.
And many "amateur" packages may not guarantee their function either. think of a left-pad, which pads with spaces. Now assume the original author may not wanted to pad it with the correct number of spaces, but pad it to reach a visible lineup. Now he might decide to use tab characters instead of matching spaces for his next release. You used it assuming it will always use a matching number of spaces. now your whole project is broken and you need to debug which package of the hundereds in your project did change the behaviour.
A real standard library does not only have all methods matching, such they can be used together without any problems, but further tries to guarantee a well specified behaviour, which will not change between releases. A "that's what i need" package which is incidentlly adopted by many other projects may not intend to give such guarantees. And i do not have the impression, that people select their packages by checking if they give any promises about future compatiblity.
i don't really know angular, but mayit it is such a library? I heard its one of the trendy things nowadays. I am using more traditional frameworks as jquery and vanilla javascript & brain 1.0.
don't you dare to use "function foo()". You need to use "var foo=function()"!!!
There are a lot of "standard libraries". Decide for one. And then use it. From a single team. Reading their homepage, maybe watching the development, occasionally checking the implementations of things. But ONE BIG LIBRARY, not millions of tiny packages from a lot of different programmers you never heard of.
Ever installed some nodejs stuff?
You do "npm install" and watch an endless packagelist being downloaded. No, not to the central installation, but into the project. And they are like modules with 5 lines. See for example the "left-pad" thing. Yes, people include other programmers code for 5 lines of a function which you can create without even thinking about it. And they include such 5 line functions from hundereds of different people in their project. Not only one missing package can break millions of builds (see the left-pad example), but one malicious programmer can infect millions of production systems by issuing an update, which includes one malicious line, which loads some external script he will be able to change on demand. Because who re-reads the code of the modules, if he even read it the first place, when adding it because the name and short description seemed to match the requirements.
The node.js ecosystem is fucked up. Working, but still a working mess.
> unlike the new iPhone 7 and 7 Plus and several other Android smartphones
i don't think the author knows what an iPhone is.
Good i am having a webcam.
It is downgrading the security. Normally, an attacker would need to steal your key or the receiving end (you and the other person in turns) will get "wrong key, somebody is doing something BAD" warnings.
Whatsapp doesn't do this. Whatsapp displays a message "the remote end has changed its security number[sic!]". But only if you activated it in the settings. Else you get NO HINT AT ALL.
The next point are unsent messages. The report seems to exaggerate there a bit. The problem here: Go offline, type some messages. Go online, they are sent. Before you have the chance to see the "security number changed" message, which may have you prevented from sending the messages.
The problem is there but doesn't happen often, because its likely you see the message soon (if you do not ignore such messages).
I did not test it, but it may be, that you get the message only after the next message you sent, even when you're online. Which is another trap, if you really need security for every message.
nope, you should not.
0.0.0.0 means "use a random* ip of the system".
Your should either use 127.0.0.1 (and make sure NOT to run a webserver on your host) or some unroutable ip.
* depending on the order of network interfaces.
Have a look at ffprofile.com to generate a secured profile. Look at the github page to extend the site for more un-features.
Stop confusing hardware with software!
The smartphone has i.e. a camera. The operating system has something they call AI.
Why didn't they quit? They knew what they were hired for, then they saw what they saw and still did not quit ... and now they sue?
And MS should just have hired people from 4chan. They don't get PTSD over such stuff.
And how do you enforce, that my phone uses this apn?
Hey, its not the targeted ads i am afraid of. I have adblock. Its the mass surveilance, they implement to track me to target their ads. So the promise not to target ads with the data is just a straw man. The problem are not the ads, the problem is the data.
I never said "yes" to certain news sites, which informed me, that visiting them was giving my consent to cookies, which were set before i even had the chance to read the message.
Before it will be horrible incompetent, the not so bad proposal will be discussed in several committees, and each one will add stupid stuff to it, until it's useless for its intented purpose, but has a lot of side effects endangering the free web.
Will we get banners "with visiting the site, you accept that everything you do is monitored and stored forever in the archives of google and the NSA"? Or do they actually ask for consent and accept a no?
The point is, he does not have to be helpful to us as uninvolved readers. This is a company thing and maybe a personal thing. This should be managed by the people involved, not by a large crowd reading the mailing list (archives). The trans person did the mistake to take it into the public, not RMS.
If the involved people really think there is something discriminatory happening, they should go to court. There are laws for this. But not go to the public, tell their version with some "i do not explain in detail, because of the victim" passages. You see on your posting, that it now seems like the reasonable way would be, to post the other side as well. But this will not help the victim (i just stick with this pov atm), as they would need to release more information against her/him. And probably information, which could really damage an career, because it does not seem like they fired her/him, because they need to reduce jobs, but because of some internal problems with her/him. Do you really want your ex-employee to elaborate about such problems in the public?
I would even suspect, that such a statement then could be a big reason to got to court for haressment. You just do not publish something for everybody.
Every device with bluetooth can do this. It's called blueproximity and you need to know if you think it's secure enough for your needs.
i recommend reading the mailing list thread. Especially the statements from stallman are very calm and peaceful. I would have thought he would be more angry and linus torvalds would have smashed her for what she did on the ML. Stallman seems to be great at diplomacy.
Stallman stated, that there was absolutely no reason concerning the gender/sexuality/sex/whatever but some internal reason he doesn't want to disclose to protect the innocent. There is a thread on the mailinglist.
It's hard to say without knowing the internals, but it looks a bit like someone was fired for $reasons and then tried to reframe it as discrimination.
They can do whatever they want ... the question is, if they want to attract serious security experts. They won't with this offer. And the hobbyists are tempted to sell the 0-day for more than the "to be created" product wins. Without creating a product, just by collecting the issues.
Sorry, the price is not high enough.
Thinking of a solution, you need to buy a lot Internet-of-Crap stuff, to test your solution and to dissect it to be able to find i.e. hardcoded passwords. This alone will cost you more than 25.000 if you're serious about it in a way, which will win you the 25.000.
The only option would be hoping, that you sell your device often enough, that you will make money from that. But you will realize, that nobody cares about his toaster being part of a dDoS attack.