Depends on the company. They can also disappear leaving you without support, decide to abandon the product as non-strategic, or ask you to upgrade when you don't need to.
Which FOSS project you adopt is equally important. A while ago I was looking for a simple FOSS file upload utility, I found one, installed it, read through the sourceforge site, used it for a good year. Then when somebody was looking for a similar utility, I searched for the utility and found a 5 year old CVE which allowed arbitrary files to be overwritten. The project was still being actively downloaded and there was no mention of it in the forum. I tested my site, found myself vulnerable, and notified the maintainer... no response.
In hindsight, the vulnerability in the code was glaringly obvious. I *assumed* that a popular project would use basic input validation, or would update the code when a CVE is released... but no.
Just because there are no patches, negative comments in the forums, and it's a popular project doesn't mean that here's not a major, *glaring*, well-known vulnerability.
Same applies for closed source I suppose, but if the company is active, there's an incentive to disclose major vulnerabilities to subscribed customers, else they could be sued out of existence.
It sounds like you don't have an example. Nuclear, Coal and Gas have been doing it for decades. Hydro has been doing it for longer.
Rejecting nuclear for wind and solar means burning oil, gas and coal until wind and solar are able to handle baseloads. Nuclear plants are being replaced with coal, oil and gas plants as we speak.
That was my first thought, but It's close though, they didn't have an IR thermometer and ovens aren't very precise.
If they didn't preheat, the oven would have run hotter until the temperature sensor triggered. It's quite possible the heat on the board from radiation was much hotter until the air reached 340F.
"Conservatives are hesitant to change things, so they don't screw things up."
Your description would paint Bush as a liberal. What with his pet project to fix Iraq, bailouts for failed corporate ventures, trying to sovle all the problems in the world through big government military, spying and toruture programs, expansion of American powers in the bedroom, and bolstering the profiteers of a nearly wiped out American milddle class.
Liberals like Bush should mind their business, focus on domestic affairs like the failures of healthcare. Conservatives like Obama, with strong focus on small government, reduction in military, long term thinking for healthcare, prudent fiscal policy and expansion of jobs and the economy once again kickstart a broken economy, and lead the U.S. to record job creation and growth.
You just need to look at the DJIA to see who's got the right numbers.
Given the list of ntp servers is generally known based on your OS type, and the ephermal port range is somewhat limited, it doesn't take a lot to guess the sourceip:sorceport->destip:destport combination which would allow you to spoof a packet which will traverse your firewall. UDP packets are cheap so you can send a lot of them over time and wait until you observe an indicator of compromise.
First, the government already seized that land. Any claims to that land by returned exiles will probably be met with the same attitude as claims by Canadians to lands that their Loyalist ancestors lost after the US Revolution.
Second, the land is probably now reserved for use by higher level Party members; they won't be moving.
Ah, but this is all up for negotiation as the U.S. holds the embargo, and many of the former landowners are powerful American political families. The land wasn't ceded to war, it was Cuban land before and Cuban land after.
It's just the cynic in me. The good news I guess is that Obama doesn't have to worry about re-election, so he can make political decisions which aren't in his self-interest.
It's especially easy to die for a cause if you've never amounted to anything.. You can take some comfort in believing that you'll be remembered as a hero, and you don't have to take any responsibility for your actions.
It's hard to think of analogies which reflect the danger, the reputational damage and the material gain of this kind of betrayal. Murder doesn't have the element of reputational damage and material gain.
I mean, you signed a contract with the U.S., you were vetted, they did background checks, you had history together and built a battleship together, then you sold the schematics of that battleship.
If we're using human analogies, this is like selling the diary, identity information and naked photos of your overaccomplished olympian niece... and providing some genetic material to clone her.
There's no way to entrap somebody with that kind of betrayal. Regardless of money, they should actively protect and defend her from this kind of abuse. Out of a sense of decency and loyalty, protecting it even with their own life.
Drama, music, public speaking. If the kid's gay, check out local programs for gay youth. Not even to enroll, just to know such things exist and he has a future.
Mostly agreed, but for some exceptions.... sports and finance are reported with obsessive detail, completeness and accuracy, sometimes when the story is good, sometimes when the story is bad. It's not quite limited to simple facts either, but packed with speculation and editorialization, predictions and rebuttals. Compare the coverage of sports and finance with the weather and traffic. You don't have a circle of pundits discussing the forecast, but they will discuss the sports score or the movement of AAPL.
Outside of those topics, it seems to be that people want to hear about failure and disaster. Even when reading about celebrities.
Not sure what the point is. The article is about money laundering, and describes how it's easier to launder digital currencies and how they're controversial because of this.
Bitcoin is at best pseudonymous, each wallet is a pseudonym with a very carefully documented and very public ledger. When the bitcoins are converted to or from hard currency, a trail of that transaction is likely recorded.
The fix would require specific changes to the implementation and "...there's a high risk that this would also cause compatibility problems." IMHO, it would be highly misleading to call it an implementation problem that an unforseen encryption weakness could be mitigated with changes to the implementation.
"I wonder what the conclusion of such an article would be?"
That this isn't a site for sociologists or experts in race or gender studies.
If we talked to sociolgists, race or gender study experts, they'd probably have a non-sensationalist, well researched and well reasoned approach to discussing sensitive issues. And they probably wouldn't be happy if people jumped on their communtiy forums and started talking about SATA drivers.
Slashdot Mirror
Depends on the company. They can also disappear leaving you without support, decide to abandon the product as non-strategic, or ask you to upgrade when you don't need to.
Which FOSS project you adopt is equally important. A while ago I was looking for a simple FOSS file upload utility, I found one, installed it, read through the sourceforge site, used it for a good year. Then when somebody was looking for a similar utility, I searched for the utility and found a 5 year old CVE which allowed arbitrary files to be overwritten. The project was still being actively downloaded and there was no mention of it in the forum. I tested my site, found myself vulnerable, and notified the maintainer... no response.
In hindsight, the vulnerability in the code was glaringly obvious. I *assumed* that a popular project would use basic input validation, or would update the code when a CVE is released... but no.
Just because there are no patches, negative comments in the forums, and it's a popular project doesn't mean that here's not a major, *glaring*, well-known vulnerability.
Same applies for closed source I suppose, but if the company is active, there's an incentive to disclose major vulnerabilities to subscribed customers, else they could be sued out of existence.
You would submit a problem ticket. If enough people submit them, it becomes a priority for a paid developer to address the issue.
It sounds like you don't have an example. Nuclear, Coal and Gas have been doing it for decades. Hydro has been doing it for longer.
Rejecting nuclear for wind and solar means burning oil, gas and coal until wind and solar are able to handle baseloads. Nuclear plants are being replaced with coal, oil and gas plants as we speak.
Note that "renewable" in this graph goes back to the 1950's and includes hydroelectric. http://en.wikipedia.org/wiki/File:US_Electrical_Generation_1949-2011.png
I don't see renewables replacing anything any time soon. Only nuclear can reduce the carbon emissions significantly.
[citation needed]
70 years of nuclear history show that it is fully capable of meeting the requirements.
Can you smelt aluminum with solar and wind?
That was my first thought, but It's close though, they didn't have an IR thermometer and ovens aren't very precise.
If they didn't preheat, the oven would have run hotter until the temperature sensor triggered. It's quite possible the heat on the board from radiation was much hotter until the air reached 340F.
I guess that was a bit forced.
We should declare Dec 25 a national holiday!
The birth of the man for whom the unit of mass was named.
Bush Sr. wasn't successful at not invading Iraq.
Do you mean that he made a decision not to remove Iraq's head of state?
"Conservatives are hesitant to change things, so they don't screw things up."
Your description would paint Bush as a liberal. What with his pet project to fix Iraq, bailouts for failed corporate ventures, trying to sovle all the problems in the world through big government military, spying and toruture programs, expansion of American powers in the bedroom, and bolstering the profiteers of a nearly wiped out American milddle class.
Liberals like Bush should mind their business, focus on domestic affairs like the failures of healthcare. Conservatives like Obama, with strong focus on small government, reduction in military, long term thinking for healthcare, prudent fiscal policy and expansion of jobs and the economy once again kickstart a broken economy, and lead the U.S. to record job creation and growth.
You just need to look at the DJIA to see who's got the right numbers.
UDP is stateless.
Given the list of ntp servers is generally known based on your OS type, and the ephermal port range is somewhat limited, it doesn't take a lot to guess the sourceip:sorceport->destip:destport combination which would allow you to spoof a packet which will traverse your firewall. UDP packets are cheap so you can send a lot of them over time and wait until you observe an indicator of compromise.
e.g., 1.rhel.pool.ntp.org:123->victim:[32768-61000]
You can't do this for web browsers because TCP is stateful.
It's a perfect metaphor when you're working for a company which produces crappy products and forces you to use them in front of customers.
Sales demos become the customer watching you eat dogfood.
I never regret quitting that place.
Ah, but this is all up for negotiation as the U.S. holds the embargo, and many of the former landowners are powerful American political families. The land wasn't ceded to war, it was Cuban land before and Cuban land after.
It's just the cynic in me. The good news I guess is that Obama doesn't have to worry about re-election, so he can make political decisions which aren't in his self-interest.
Trick is what to do with all the big U.S. families with claims to beachfront resorts and casinos?
Kick the Cubans off the land and re-employ them as card dealers and prostitutes?
Yay freedom!
It's harder to live for a cause than die for one.
It's especially easy to die for a cause if you've never amounted to anything.. You can take some comfort in believing that you'll be remembered as a hero, and you don't have to take any responsibility for your actions.
It's hard to think of analogies which reflect the danger, the reputational damage and the material gain of this kind of betrayal. Murder doesn't have the element of reputational damage and material gain.
I mean, you signed a contract with the U.S., you were vetted, they did background checks, you had history together and built a battleship together, then you sold the schematics of that battleship.
If we're using human analogies, this is like selling the diary, identity information and naked photos of your overaccomplished olympian niece... and providing some genetic material to clone her.
There's no way to entrap somebody with that kind of betrayal. Regardless of money, they should actively protect and defend her from this kind of abuse. Out of a sense of decency and loyalty, protecting it even with their own life.
But really, analogies suck.
Somebody modded me down on it too...
I guess some people consider it okay to have a stepdad who has a problem with their stepson being a princess.
Poor kid.
Respect the kid, it's hard to be different.
Drama, music, public speaking. If the kid's gay, check out local programs for gay youth. Not even to enroll, just to know such things exist and he has a future.
Mostly agreed, but for some exceptions.... sports and finance are reported with obsessive detail, completeness and accuracy, sometimes when the story is good, sometimes when the story is bad. It's not quite limited to simple facts either, but packed with speculation and editorialization, predictions and rebuttals. Compare the coverage of sports and finance with the weather and traffic. You don't have a circle of pundits discussing the forecast, but they will discuss the sports score or the movement of AAPL.
Outside of those topics, it seems to be that people want to hear about failure and disaster. Even when reading about celebrities.
Not sure what the point is. The article is about money laundering, and describes how it's easier to launder digital currencies and how they're controversial because of this.
Bitcoin is at best pseudonymous, each wallet is a pseudonym with a very carefully documented and very public ledger. When the bitcoins are converted to or from hard currency, a trail of that transaction is likely recorded.
Because it's trivial to move over borders and easy to launder.
That's an excellent article, thanks.
The fix would require specific changes to the implementation and "...there's a high risk that this would also cause compatibility problems." IMHO, it would be highly misleading to call it an implementation problem that an unforseen encryption weakness could be mitigated with changes to the implementation.
I offer the above to be XKCD1318 compliant.
POODLE is not an implementation problem. It's a protocol problem.
https://www.us-cert.gov/ncas/alerts/TA14-290A
"There is currently no fix for the vulnerability SSL 3.0 itself, as the issue is fundamental to the protocol"
It's an implementation problem if you're speaking abstractly about the application of crypto. But we're talking about "SSL", a protocol.
"Chapter 4 is particularly interesting in that the author notes that while the cryptography behind SSL and PKI is fundamentally secure,"
Post-POODLE, SSL has been shown fundamentally insecure.
TLS is fine as far as we know.
Went to a Python developers meetup. There were 2 women in a room of 100 people.
Went to an infosec meetup. There were 5% women in a room of 200 people.
Went to a Wordpress developers conference, there were 50% women in attendance of hundreds of people.
They're all tech jobs. Why are women choosing paths that earn less?
"I wonder what the conclusion of such an article would be?"
That this isn't a site for sociologists or experts in race or gender studies.
If we talked to sociolgists, race or gender study experts, they'd probably have a non-sensationalist, well researched and well reasoned approach to discussing sensitive issues. And they probably wouldn't be happy if people jumped on their communtiy forums and started talking about SATA drivers.