Many US companies have partnered with Chinese companies and it works great for a couple of years, until the Chinese company no longer needs anything from the US company. Once they get all the information they need, they have no reason to send any payments, or anything else, to the US company.
Yeah yeah yeah. That's what they said before, every time. Souter will "end freedom for women", they said.
First off, the vacancy will be filled before the election, and there will be a conservative majority (still). Control of the Senate in the future doesn't change that. There will be a majority conservative Supreme Court no matter what.
Secondly, worst case, never gonna happen, would be Roe v Wade gets overturned, so the voters get to decide on abortion regulation. Texas and Utah would have significant regulations, and the other 48 states would be pretty much unaffected.
Your comment does not surprise me at all. It reminds me of people who mistakenly think that learning the vocabulary words of programming (a programming language) makes one a professional programmer. Lile most subjects, learning the vocabulary words (language) is rather a prerequisite to learning the art and science of what it's used for.
In my field, reducing the time required to learn the mechanics means people can instead spend that time on learning the hard parts. Some languages are very consistent, and rather small, so they are easy to learn. Some are inconsistent, with functions like AddArray() paired with array_remove(). Time spent memorizing the eccentricities of the language is time not spent learning design patterns, or anti-patterns, or algorithmic analysis.
I suppose if surgeons can spend 60 less hours learning to tie a knot blindfolded, they can instead spend that time learning something else.
> The left is dividing into a group who is traditionally liberal and favors a diversity of opinions and fairness (and many other left wing policies) and a group who insists on compliance, attacks heretics, and isn't in favor of fairness ("it's okay if innocent men's lives are destroyed")
Agreed. And one group makes the other look really bad. When leading Democrats like Maxine Waters call for harassing the family members of the president's staff, so "they can't go to a gas station, can't shop, can't go to a restaurant... absolutely harass them", it makes Democrats look bad. Really bad. Kinda like how Trump makes Republicans look bad when he - well when he acts like Trump.
When David Souter was nominated to the Supreme Court, the left held protest rallies and all that, pumping up their donors yelling "he'll overturn Roe vs Wade, and probably force states to make abortion illegal". Of course Souter not only upheld Roe v Wade, but generally was more liberal than even Ruth Bader Ginsburg, or Clinton's other pick, Breyer. I wouldn't be too concerned about Roe vs Wade. It's stare decisis, settled law.
Even in the very unlikely event Roe v Wade was struck down, consider what that would mean. Before Roe, most states allowed abortions. Since then, public opinion has shifted more toward allowing abortion, so absent Roe v Wade likely all states, certainly the vast majority, would allow abortion. A few more conservative states, such as Texas, might require the clinics performing abortions have procedures in place to transfer a patient to a nearby emergency room if complications arise. Texas might ban partial birth abortions, in which the baby's head is crushed as he or she is born. You may agree or disagree with the policies, but the sky isn't actually falling.
The dev who got fired said it's because she's been doing it a few years that nobody should disagree with her about what makes the most fun game design ("telling my how to do my job").
I've been doing my job, and actively studying to learn to do it better, for twenty years. I make sure all my code gets peer review, because I'm still not perfect. People can have ideas different from mine, and they might be good ideas. I actively encourage new people to peer review my work, reminding them "you don't have to be more experienced than me, or better than me, to see where I might have made a mistake or where I could do something better". I actively seek opinions from other people and never once have I attributed their opinions to their genitalia.
She wrote her thoughts. Someone replied saying what she said is interesting, but on one particular point he disagreed about the relative importance. She went off on her "mansplaining" sexism rant, because they ONLY reason anyone could ever disagree with her on anything would be if they were a sexist pig. Totally impossible for people to have different viewpoints. Disagree with her on just one of her several comments and you're automatically a pig.
> programming isn't some inherently dangerous activity that only those who get special schooling should be able to approach it. It's like any other home utility
If you're writing a utility to use on your own desktop, sure. Code up your own crappy hex to binary converter - no problem with that.
As soon as the code is exposed to the internet, the situation completely changes. Code that is part of a web application or anything else reachable via the internet will be attacked multiple times per day. It must be designed and coded with attacks in mind. When it's not, it results in another headline "Acme Corp leaks 10 million customer records".
I feel for newer programmers trying to learn today. In my first five years of programming, I wasn't qualified to write secure internet-accessible code. That's hard to do, because attackers constantly scan for code with weaknesses. These days, it seems most code connects to the internet. That's not a safe place to learn.
You may have hears the phrase "garbage in, garbage out". That's how programmers used to think. The design and test code try to make it work right, when the user uses it right, of course. If the user mashes keys at random, random things might happen. That used to be an okay way of thinking.
The internet has changed that. Now the user (connecting over the internet) WILL mash keys at random. Well, their script will send random bytes. It's no longer okay for software to respond in random ways when it receives random input. Any software accessible via the network MUST be designed thinking about how things can go wrong, not just about how it should work correctly.
Many programmers, especially those who learned writing desktop applications, still think in terms of the program doing the right thing when it receives sane input. Insane input isn't handled securely. The programmers who wrote the ilo software made this mistake.
Specifically, the input is up to 16 characters long, so they failed to handle the case of very long input. Network. Software should be tested with these inputs, at least:
Empty input Zero The null character (ASCII 0) Very long input
> In a proper free market economy, one that's relatively free of distortion, profit essentially gets driven down to nothing.
That's true, for the 99.9% of people who have a normal attitude about work and money, normal intelligence, normal levels of drive and dedication, etc.
There will always be a few people who are willing to give up everything else - family relationships, time off, weekends, social life, etc to compete in the "make money" game. They'll tend to make more money than people who lead a more balanced life. A few such people will also be extraordinarily intelligent. Some will be very gifted at hiring and motivating great people. Those who do their job extremely well, and put aside other priorities, will do a better job than others, and make more money. That comes at a cost to them, social life etc.
You said when it comes to flagging suspicious content." I think that's an important word, suspicious. There are now more when pages than there are people on the planet. Billions of web pages to run ads on. Pages which include several words related to child sexual abuse are suspicious. Why put your ads on suspicious pages?
More specifically, on a page that has sexual words, so seems to probably be about sex, what kind of ads would be run? Perhaps a Trojan condoms ad? How pissed would Trojan be when the screenshot was going around Facebook of Trojan advertising on a page about sexual abuse of children?
Most of the time, you can kill automatic updates by adding a hosts file entry setting updates.steam.com or whatever to 127.0.0.1. You have to find the right hostname for each software you want to block updates on.
Slashdot Beta is exactly what I thought of. Then they rolled out their really crappy "mobile" version. Fortunately they have the "use classic" link so we can keep using the design that works well.
> These are moon-shot companies that aren't focused on quarter-to-quarter profits
And there's nothing wrong with that. Here's simplified example of how you value a moonshot company:
Profitbc is the future profit in the best case, if they hit there moonshot. Probabilitybc is the probability that they hit it. Years is how long it will take
That last bit in parentheses is the adjustment for how long it takes. $1,000 twenty years from now isn't worth $1,000 today. That's complicated, though, so for now let's just consider the profit IF Tesla becomes the world's largest, most successful car company, and the likelihood of that happening.
Tesla's current stock valuation makes sense only if you assume a 100% probability that they'll make $20 billion / year. And you don't factor in time - you assume they'll be the world's biggest car company *tomorrow*. In other words, it assumes they will definitely be the most successful car company in history. That's quite a stretch, since they aren't even the most successful *electric* car company.
There's a difference between a moonshot saying "we're going to try to fly to the moon" vs "we've already established a permanent base on the moon, with 1,000 staff working there". Tesla is the former, the stock valuation pretends the latter.
> That he's a CEO who boasts about his own organizations? Every CEO does. It's their Job.
Most kinda try, but very few are as good at it as Musk. Most companies don't trade at infinity times earnings, like Tesla does. Typical price to earnings ratio of a well-established, consistently successful company is 20-25 times earnings. Tesla's earnings are *negative*, but it's priced as the most successful car company ever, with billions in profits every year.
It's valued as the world's largest and most successful car company, while it's actually tiny, less than 1% of the market, and losing money fast.
Musk may be the very best hype man alive today, up there with PT Barnum.
The sentence reads as if these are the most off-the-shelf and potent malware. That bugs me. The bad guys already have plenty of exploits, and most users don't even do the most basic things for security.
For example, we know we shouldn't re-use passwords, we know the password we always use is probably in a data dump somewhere, but we keep using it. The number one most important security thing we can all do is have well-tested off site backups. (Think cryptolocker etc, and rootkit / malware recovery). When is the last time you tested yours? Yeah me too.
How do you figure? The interstate commerce clause says the Washington politicians can make laws about selling things been states. It doesn't say states can't regulate business in their own state, as long as they don't try to undo federal law on the particular subject (the supremacy clause). Sale of fireworks is an example many of us are conscious of today - different states allow different types of fireworks to be sold, with different regulations on how they sold. The federal government (US DOT) regulates how the fireworks are transported between states on federally-funded roads.
If there were a federal law saying "cancellations may be sent by certified mail", and California says online signups require the option of online cancellations, then BOTH methods would have to be accepted.
There would only be a problem if federal law said cancelling online is illegal, or explicitly said "companies do not have to allow cancellation online".
You keep talking about web browsers, pointing out that most of them have some C++ code. Is the point you're trying to make "if you're writing a new web browser, consider Rust for the C-ish parts?"
If that's what you're saying, fine, I won't disagree with that. If someone is building a new web browser, of course they'll use XUL or similar where appropriate, and it makes sense to consider Rust for other parts. (I didn't say use Rust, but considering it as one option is fine.)
> The first is more or less "someone on a forum said something I don't like therefore Rust is crap".
Not quite. Most of the comments and questions about Rust, here on Slashdot and many other places, either state or assume that using Rust will magically make your software much safer than other languages. That's false. To tell people they are safe (and therefore need not be very careful) when they aren't is not only a lie, is intentionally putting people in danger.
You mentioned Heartbleed. Heartbleed was an input validation error - as in the input wasn't validated at all. If you use invalidated network input for cryptography you have a major bug. That's in no way language specific. Heartbleed written in Rust is still Heartbleed. In Rust the function would be called std::ptr::copy_nonoverlapping instead of memcpy - it does the same thing, dump random memory back to the attacker. (Slice clone was not available at the time).
> And thirdly, you're arguing that all CVEs are equal.
I didn't say that. I said I study vulnerabilities for a living, full time, and for the last several darn few of them have anything to do with anything Rust would help with. Have a look at the OWASP Top 10 - the most significant types of vulnerabilities that happen nowadays. See how many of the ten are addressed by Rust. Spoiler alert - the number is zero. Rust helps with none of the classes of vulnerabilities that cause the most problems.
Had Rust come out, with a stable, fully usable version, in 1985 it might have been useful in the age of buffer overflows. As it is, Rust promises that in 2020 it solve a few of the things that were a problem in 1990.
Last year the big companies produced 75 million automobiles. Tesla produced less than 100 thousand.
Real car companies: 75,000,000 Tesla: 98,000
The car manufacturers care less about Tesla than they care about the weather.
> forcing the other manufacturers to start really pushing out electric cars.
You realize Nissan sold more electric cars BEFORE Tescam showed up than Musk ever has, right? The largest manufacturer of electric cars is BYD, and they were the largest before PT Musk Barnum starting pitching his stock.
> Right so we should neuter everything we use to build the major bits of infrastructure in the world because newbies?
What we should do is not pretend it's any safer than Python, JavaScript, Perl, etc. Most languages don't have the problems that Rust fanbois gloat about. As I said, 99% of all security issues are unrelated to anything Rust does any better, so to pretend that Rust will solve your security problems, or even a significant percentage of security problems, is dishonest.
Suppose you have 160 square feet of space in your store that isn't uses yet. You can use that 160sq feet to sell something that'll make a $10 million profit, or something that will make a $50 million profit. Which would you choose?
"Not profitable enough" means "not as profitable as the other thing we can do with the same resources."
This is an issue I am continually reminded of at work. My company is growing fast. There are a LOT of things we can that are good ideas - we can spend $100 and get $125 return. We don't do a lot of them because we can instead spend our time doing something with an even greater return.
Debt is a particularly important example of an alternative way to spend money and make a guaranteed profit. Suppose you can invest $1 million today and get back $1.15 million next year. Should you do it? Not if you have debt at 15% interest or higher - you're better off using that $1 million to pay off debt. The interest saved, interest you don't have to pay, is effectively profit. It's also a *guaranteed* profit percentage, no risk. If you have debt with a 15% interest rate, you know for certain that paying it off will earn you 15% avoided interest. Guaranteed profits are the best kind.
The app is designed to send messages, to contacts, with pictures attached. Obviously that code didn't appear by accident, it was included because that's the purpose of the app. The question is "why is the app doing its thing without being told by the user?" It's as if it's especially prone to "pocket dialing" (or accidental voice dialing?) for some reason.
> This smells like some debugging function left in accidentally
Specifically, a test script. Unit testing could easily have behavior similar to what was described.
> What API would exist that hides SMS messages
The problem is in the messaging app. Where do you see your text messages other than in your messaging app? There is no hiding happening (no active hiding), rather the "display sent message" function is not being run. Normally the messaging app would do two things - display the message the user types and send the message. The app is not displaying messages that the user isn't typing, so that's normal behavior.
Programmers would write separate unit tests to test those two different parts of the program - the local UI would have tests, and sending messages over the network would have separate unit tests. Running the unit test for the internal process for sending an attachment would be expected to have this behavior - and would not be expected to run anything in the UI. So it would send messages, not display them.
It's ALSO possible that this is nefarious code. That's possible. Pocket dialing while it the screen is supposed to be locked is also possible.
Slashdot Mirror
Simply running "strings" on the executable would probably be sufficient, as it would include names of C++ libraries.
It would also either require or include the C++ standard library.
Many US companies have partnered with Chinese companies and it works great for a couple of years, until the Chinese company no longer needs anything from the US company. Once they get all the information they need, they have no reason to send any payments, or anything else, to the US company.
Yeah yeah yeah. That's what they said before, every time. Souter will "end freedom for women", they said.
First off, the vacancy will be filled before the election, and there will be a conservative majority (still). Control of the Senate in the future doesn't change that. There will be a majority conservative Supreme Court no matter what.
Secondly, worst case, never gonna happen, would be Roe v Wade gets overturned, so the voters get to decide on abortion regulation. Texas and Utah would have significant regulations, and the other 48 states would be pretty much unaffected.
Your comment does not surprise me at all.
It reminds me of people who mistakenly think that learning the vocabulary words of programming (a programming language) makes one a professional programmer. Lile most subjects, learning the vocabulary words (language) is rather a prerequisite to learning the art and science of what it's used for.
In my field, reducing the time required to learn the mechanics means people can instead spend that time on learning the hard parts. Some languages are very consistent, and rather small, so they are easy to learn. Some are inconsistent, with functions like AddArray() paired with array_remove(). Time spent memorizing the eccentricities of the language is time not spent learning design patterns, or anti-patterns, or algorithmic analysis.
I suppose if surgeons can spend 60 less hours learning to tie a knot blindfolded, they can instead spend that time learning something else.
> The left is dividing into a group who is traditionally liberal and favors a diversity of opinions and fairness (and many other left wing policies) and a group who insists on compliance, attacks heretics, and isn't in favor of fairness ("it's okay if innocent men's lives are destroyed")
Agreed. And one group makes the other look really bad. When leading Democrats like Maxine Waters call for harassing the family members of the president's staff, so "they can't go to a gas station, can't shop, can't go to a restaurant ... absolutely harass them", it makes Democrats look bad. Really bad. Kinda like how Trump makes Republicans look bad when he - well when he acts like Trump.
When David Souter was nominated to the Supreme Court, the left held protest rallies and all that, pumping up their donors yelling "he'll overturn Roe vs Wade, and probably force states to make abortion illegal". Of course Souter not only upheld Roe v Wade, but generally was more liberal than even Ruth Bader Ginsburg, or Clinton's other pick, Breyer. I wouldn't be too concerned about Roe vs Wade. It's stare decisis, settled law.
Even in the very unlikely event Roe v Wade was struck down, consider what that would mean. Before Roe, most states allowed abortions. Since then, public opinion has shifted more toward allowing abortion, so absent Roe v Wade likely all states, certainly the vast majority, would allow abortion. A few more conservative states, such as Texas, might require the clinics performing abortions have procedures in place to transfer a patient to a nearby emergency room if complications arise. Texas might ban partial birth abortions, in which the baby's head is crushed as he or she is born. You may agree or disagree with the policies, but the sky isn't actually falling.
> An unfounded accusation of sexism is just as bad as being sexist yourself.
"All men are sexist when they disagree with me"
That IS sexist. Not "as bad as sexist", actually sexist. It seems that's what she believes.
The cops might show up to take a report on Tuesday. Or not.
Cops mostly take reports of crimes. Occasionally, they accidentally catch a criminal. Very rarely do they stop a crime in progress.
The dev who got fired said it's because she's been doing it a few years that nobody should disagree with her about what makes the most fun game design ("telling my how to do my job").
I've been doing my job, and actively studying to learn to do it better, for twenty years. I make sure all my code gets peer review, because I'm still not perfect. People can have ideas different from mine, and they might be good ideas. I actively encourage new people to peer review my work, reminding them "you don't have to be more experienced than me, or better than me, to see where I might have made a mistake or where I could do something better". I actively seek opinions from other people and never once have I attributed their opinions to their genitalia.
She wrote her thoughts. Someone replied saying what she said is interesting, but on one particular point he disagreed about the relative importance. She went off on her "mansplaining" sexism rant, because they ONLY reason anyone could ever disagree with her on anything would be if they were a sexist pig. Totally impossible for people to have different viewpoints. Disagree with her on just one of her several comments and you're automatically a pig.
> programming isn't some inherently dangerous activity that only those who get special schooling should be able to approach it. It's like any other home utility
If you're writing a utility to use on your own desktop, sure. Code up your own crappy hex to binary converter - no problem with that.
As soon as the code is exposed to the internet, the situation completely changes. Code that is part of a web application or anything else reachable via the internet will be attacked multiple times per day. It must be designed and coded with attacks in mind. When it's not, it results in another headline "Acme Corp leaks 10 million customer records".
I feel for newer programmers trying to learn today. In my first five years of programming, I wasn't qualified to write secure internet-accessible code. That's hard to do, because attackers constantly scan for code with weaknesses. These days, it seems most code connects to the internet. That's not a safe place to learn.
You may have hears the phrase "garbage in, garbage out".
That's how programmers used to think. The design and test code try to make it work right, when the user uses it right, of course. If the user mashes keys at random, random things might happen. That used to be an okay way of thinking.
The internet has changed that. Now the user (connecting over the internet) WILL mash keys at random. Well, their script will send random bytes. It's no longer okay for software to respond in random ways when it receives random input. Any software accessible via the network MUST be designed thinking about how things can go wrong, not just about how it should work correctly.
Many programmers, especially those who learned writing desktop applications, still think in terms of the program doing the right thing when it receives sane input. Insane input isn't handled securely. The programmers who wrote the ilo software made this mistake.
Specifically, the input is up to 16 characters long, so they failed to handle the case of very long input. Network. Software should be tested with these inputs, at least:
Empty input
Zero
The null character (ASCII 0)
Very long input
The United States is an economy. It can have economic growth, or it can have a recession.
Comcast is a company, not an economy. A company getting bigger isn't economic growth. Let's not confuse the two different things.
Would you like to make a case that recession (economic shrinking) is a good thing?
Or is your point that larger companies often provide mediocre products, which has absolutely nothing at all to do with economic growth?
> In a proper free market economy, one that's relatively free of distortion, profit essentially gets driven down to nothing.
That's true, for the 99.9% of people who have a normal attitude about work and money, normal intelligence, normal levels of drive and dedication, etc.
There will always be a few people who are willing to give up everything else - family relationships, time off, weekends, social life, etc to compete in the "make money" game. They'll tend to make more money than people who lead a more balanced life. A few such people will also be extraordinarily intelligent. Some will be very gifted at hiring and motivating great people. Those who do their job extremely well, and put aside other priorities, will do a better job than others, and make more money. That comes at a cost to them, social life etc.
You said when it comes to flagging suspicious content." I think that's an important word, suspicious. There are now more when pages than there are people on the planet. Billions of web pages to run ads on. Pages which include several words related to child sexual abuse are suspicious. Why put your ads on suspicious pages?
More specifically, on a page that has sexual words, so seems to probably be about sex, what kind of ads would be run? Perhaps a Trojan condoms ad? How pissed would Trojan be when the screenshot was going around Facebook of Trojan advertising on a page about sexual abuse of children?
Most of the time, you can kill automatic updates by adding a hosts file entry setting updates.steam.com or whatever to 127.0.0.1. You have to find the right hostname for each software you want to block updates on.
Slashdot Beta is exactly what I thought of. Then they rolled out their really crappy "mobile" version. Fortunately they have the "use classic" link so we can keep using the design that works well.
> These are moon-shot companies that aren't focused on quarter-to-quarter profits
And there's nothing wrong with that. Here's simplified example of how you value a moonshot company:
Profitbc is the future profit in the best case, if they hit there moonshot.
Probabilitybc is the probability that they hit it.
Years is how long it will take
CurrentValue = Profitbc * Probabilitybc * ([1- (1+r )^-years / 2 ])
That last bit in parentheses is the adjustment for how long it takes. $1,000 twenty years from now isn't worth $1,000 today. That's complicated, though, so for now let's just consider the profit IF Tesla becomes the world's largest, most successful car company, and the likelihood of that happening.
Tesla's current stock valuation makes sense only if you assume a 100% probability that they'll make $20 billion / year. And you don't factor in time - you assume they'll be the world's biggest car company *tomorrow*. In other words, it assumes they will definitely be the most successful car company in history. That's quite a stretch, since they aren't even the most successful *electric* car company.
There's a difference between a moonshot saying "we're going to try to fly to the moon" vs "we've already established a permanent base on the moon, with 1,000 staff working there". Tesla is the former, the stock valuation pretends the latter.
> That he's a CEO who boasts about his own organizations? Every CEO does. It's their Job.
Most kinda try, but very few are as good at it as Musk. Most companies don't trade at infinity times earnings, like Tesla does. Typical price to earnings ratio of a well-established, consistently successful company is 20-25 times earnings. Tesla's earnings are *negative*, but it's priced as the most successful car company ever, with billions in profits every year.
It's valued as the world's largest and most successful car company, while it's actually tiny, less than 1% of the market, and losing money fast.
Musk may be the very best hype man alive today, up there with PT Barnum.
The sentence reads as if these are the most off-the-shelf and potent malware. That bugs me. The bad guys already have plenty of exploits, and most users don't even do the most basic things for security.
For example, we know we shouldn't re-use passwords, we know the password we always use is probably in a data dump somewhere, but we keep using it. The number one most important security thing we can all do is have well-tested off site backups. (Think cryptolocker etc, and rootkit / malware recovery). When is the last time you tested yours? Yeah me too.
Most of us are pretty easy targets.
How do you figure? The interstate commerce clause says the Washington politicians can make laws about selling things been states. It doesn't say states can't regulate business in their own state, as long as they don't try to undo federal law on the particular subject (the supremacy clause). Sale of fireworks is an example many of us are conscious of today - different states allow different types of fireworks to be sold, with different regulations on how they sold. The federal government (US DOT) regulates how the fireworks are transported between states on federally-funded roads.
If there were a federal law saying "cancellations may be sent by certified mail", and California says online signups require the option of online cancellations, then BOTH methods would have to be accepted.
There would only be a problem if federal law said cancelling online is illegal, or explicitly said "companies do not have to allow cancellation online".
You keep talking about web browsers, pointing out that most of them have some C++ code. Is the point you're trying to make "if you're writing a new web browser, consider Rust for the C-ish parts?"
If that's what you're saying, fine, I won't disagree with that.
If someone is building a new web browser, of course they'll use XUL or similar where appropriate, and it makes sense to consider Rust for other parts. (I didn't say use Rust, but considering it as one option is fine.)
> The first is more or less "someone on a forum said something I don't like therefore Rust is crap".
Not quite. Most of the comments and questions about Rust, here on Slashdot and many other places, either state or assume that using Rust will magically make your software much safer than other languages. That's false. To tell people they are safe (and therefore need not be very careful) when they aren't is not only a lie, is intentionally putting people in danger.
You mentioned Heartbleed. Heartbleed was an input validation error - as in the input wasn't validated at all. If you use invalidated network input for cryptography you have a major bug. That's in no way language specific. Heartbleed written in Rust is still Heartbleed.
In Rust the function would be called std::ptr::copy_nonoverlapping instead of memcpy - it does the same thing, dump random memory back to the attacker. (Slice clone was not available at the time).
> And thirdly, you're arguing that all CVEs are equal.
I didn't say that. I said I study vulnerabilities for a living, full time, and for the last several darn few of them have anything to do with anything Rust would help with. Have a look at the OWASP Top 10 - the most significant types of vulnerabilities that happen nowadays. See how many of the ten are addressed by Rust. Spoiler alert - the number is zero. Rust helps with none of the classes of vulnerabilities that cause the most problems.
Had Rust come out, with a stable, fully usable version, in 1985 it might have been useful in the age of buffer overflows. As it is, Rust promises that in 2020 it solve a few of the things that were a problem in 1990.
Last year the big companies produced 75 million automobiles. Tesla produced less than 100 thousand.
Real car companies: 75,000,000
Tesla: 98,000
The car manufacturers care less about Tesla than they care about the weather.
> forcing the other manufacturers to start really pushing out electric cars.
You realize Nissan sold more electric cars BEFORE Tescam showed up than Musk ever has, right? The largest manufacturer of electric cars is BYD, and they were the largest before PT Musk Barnum starting pitching his stock.
> Right so we should neuter everything we use to build the major bits of infrastructure in the world because newbies?
What we should do is not pretend it's any safer than Python, JavaScript, Perl, etc. Most languages don't have the problems that Rust fanbois gloat about. As I said, 99% of all security issues are unrelated to anything Rust does any better, so to pretend that Rust will solve your security problems, or even a significant percentage of security problems, is dishonest.
Suppose you have 160 square feet of space in your store that isn't uses yet. You can use that 160sq feet to sell something that'll make a $10 million profit, or something that will make a $50 million profit. Which would you choose?
"Not profitable enough" means "not as profitable as the other thing we can do with the same resources."
This is an issue I am continually reminded of at work. My company is growing fast. There are a LOT of things we can that are good ideas - we can spend $100 and get $125 return. We don't do a lot of them because we can instead spend our time doing something with an even greater return.
Debt is a particularly important example of an alternative way to spend money and make a guaranteed profit. Suppose you can invest $1 million today and get back $1.15 million next year. Should you do it? Not if you have debt at 15% interest or higher - you're better off using that $1 million to pay off debt. The interest saved, interest you don't have to pay, is effectively profit. It's also a *guaranteed* profit percentage, no risk. If you have debt with a 15% interest rate, you know for certain that paying it off will earn you 15% avoided interest. Guaranteed profits are the best kind.
The app is designed to send messages, to contacts, with pictures attached. Obviously that code didn't appear by accident, it was included because that's the purpose of the app. The question is "why is the app doing its thing without being told by the user?" It's as if it's especially prone to "pocket dialing" (or accidental voice dialing?) for some reason.
> This smells like some debugging function left in accidentally
Specifically, a test script. Unit testing could easily have behavior similar to what was described.
> What API would exist that hides SMS messages
The problem is in the messaging app. Where do you see your text messages other than in your messaging app? There is no hiding happening (no active hiding), rather the "display sent message" function is not being run. Normally the messaging app would do two things - display the message the user types and send the message. The app is not displaying messages that the user isn't typing, so that's normal behavior.
Programmers would write separate unit tests to test those two different parts of the program - the local UI would have tests, and sending messages over the network would have separate unit tests. Running the unit test for the internal process for sending an attachment would be expected to have this behavior - and would not be expected to run anything in the UI. So it would send messages, not display them.
It's ALSO possible that this is nefarious code. That's possible. Pocket dialing while it the screen is supposed to be locked is also possible.