You now have to download, trust & configure a third-party plugin to block javascript.
No, no plugin needed at all. You just need to:
1. go to about:config (read more about about:config here: http://kb.mozillazine.org/Abou...) 2. toggle the option javascript.enabled to false
And no, disabling javascript does not miraculously protect the user from almost all exploits. Some time ago, firefox has used a fonts library. Simply loading a font then could infect you. They've changed it since.
and therefore, it needs super extra protection. Its forbidden to open someone's skull to look for info as well, as should be the analogon for computers.
Its only good for the EU to be rid of forces that oppose an ever closer EU. Out with them!
Really the worst that could happen is that the UK votes for staying in the EU, but by 200 votes or something. If they had voted with 70% for staying in the EU, the ukip may have shut up. But with 200 votes, the matter will be brought out at each and every occasion. However, if the UK votes for leaving the EU by 200 votes, its just good, because then they see the consequences of their actions. A hard border in ireland and maybe in the future even scotland would really show them that being in the EU has its benefits, and may turn their temper in 10-20 years or so.
By then the EU will be more integrated thanks to the UK not blocking lots of integrational changes, and if UK would join again they would have to adopt all those changes.
Its harder than that. You'll need to re-write the whole set of gapps, and this is something really hard, as most of the apps are clients to some google service, and the hardware manufacturer now has to start its own cloud business just to replicate those services.
The NSA has two tasks: snooping and protecting US data. It takes the first task more seriously, and because of the snooping many people fear NSA, but it does stuff to fulfill the second task as well, like writing SELinux.
It appears that european leaders now have discovered that robots don't pay income taxes and want to fix it. Well, that's right, but right now robots are a very good way you can avoid having to resort to do your production in china or something, because robots are as cheap in europe as they are in china. Well, good that the EU is changing it, as then the robot fabs will be built in china as well! Good job EU!
append.patch to the url in order to get an apply-able patch.
But better update the whole library, usually there is lots of security related fixing going on when a security researcher takes a look at the code. Also, the git commit log may lie, and in fact some other commits fixed the issue, its just not marked this prominently.
The best policy is always to not copy the whole library into your source tree, but making downloading the library part of the build process. If you have to modify the library some way, its best to upstream those changes, but if you don't want to do it for some reason, or can't do it, then you can create patch files, and apply the patches as part of the build process as well. Updating the library then gets as easy as changing an url and rebuilding + checking that all the patches applied + retesting.
Its just so funny. Most rust applications as of now only work because they use rust wrappers to native libraries. So even if you wrote your program in rust, if you used this crate, you'd have exactly the same problems as all those c/c++ writers: https://crates.io/crates/libar...
When its about AI, open source is not enough in order to let people have an usable product. The open source license only covers the source code, not the training data. These data are much more important, and usually they have very restrictive licenses.
My main problem with SMS two factor is that in order to do it, I need to tell them my phone number. This gives the service an unique ID.
I much more prefer a yubikey based solution, where the protocol is open and one can implement whatever one wants on the client side (including an app where you have to tap, or an usb stick you have to put into the computer, etc).
(afp). Sofware developers across the world are celebrating. A coordinated effort which started ten years ago has reached one of its major goals: integration of every software ever written on the planet. The 10 GB release announcement mail by german developer Lennart Poettering includes a full listing of all the software incorporated. "We expect systemd to run only on very powerful machines" the mail reads. "systemd has completed a full bootup in a test run by a team of researchers from a japanese institution on the Post-K supercomputer". While traditional linux installations are rendered inoperable, developers expect that thanks to moore's law we might experience linux computers to work again by 2040.
systemd requires glibc. And glibc is 2 MB large. According to the paper, the processor has whopping 768 KB of RAM (and no capabilities to add external RAM).
Means systemd won't gonna run. Dunno about the kernel, probably its easier to write a minimal one from scratch than to port it over to that special architecture.
Well yeah I agree with you that the impression that TOR is mainly used to commit crimes is bad, but the paper has mentioned the FBI hacking in its introduction.
The technique they use is in fact per-function ASLR, and probably the places it can be used are as vast as for ASLR. Its not just limited to TBB or Firefox.
It'll surely severely limit the ability of doing ROP (return oriented programming), a very popular exploit technique.
IDK about the software industry, but in other industries press releases often overstate the truth or make it easy for journalists to misinterpret them. Its not a good practice but it does happen.
I haven't read the press release myself so I can't really make a judgement on whether it was okay or not.
Maybe you don't like mark, but I think its awesome what he's doing, and that he invests his money into ubuntu instead of some yacht or an apartment in some skyscraper.
I'd say its okay to be pissed off by this considering that they didn't make any consensus beforehand, but IDK, for them it seems to be enough that you can port your application to fedora, not that fedora uses it as its main method.
Would fedora adopt it if nobody used it? Its the classical network problem. An app distribution method nobody has installed gets no adoption by app developers because nobody will be reached with it, and if there are no apps for some package manager, nobody will use it, let alone use it as their main package manager.
Innovation creeps up in the FOSS world through other projects, NOT through iteratively improving one core.
Let me continue on your systemd example. You are completely right, innovation works this way. But once the new innovating product is there, and it is obviously superior, people will want to adopt it. Thanks to systemd you now have an unified way to specify services, and an unified way to start and stop them. It is good to have it.
I am welcome to any project which builds on systemd, and keeps the user {CLI,configuration} interface.
If upstream doesn't want your contributions, you no longer have the (realistic) option to fork.
Having trouble convincing one maintainer to add your contributions? Well, It'll be surely harder to convince multiple, if you want a feature inside the whole ecosystem.
In the context of package managers this might be binary diffing. You want the linux package managers to do binary diffing? You'll have to convince each and every little distro king to accept your patch.
The ability to pick and choose your software in Linux is a feature, not a bug.
That might be right, to some extent. But what is fucking wrong is that you have multiple different package managers, each with their own way to invoke them via CLI. Arch even has two, yaourt AND pacman!
And package managers are very simple things. Generally each distro does the same things, just calls them differently.
I do NOT think that this is good.
Yes, its good to have a choice between desktop environments, and between web browsers, or file managers. That's all great. But the amount of lack of unification just harms linux IMO.
Why does each distro need its own package managers? Why does each distro have to re-invent the wheel for this?
All we get from this is just bugs over bugs, and waiting for each package manager to implement the same improvements like binary diff downloading or displaying a progress bar on download.
In fact, with most distros you are missing the choice when its about the package manager. You have to take what the distro gives you.
Unification [...] destroys the ability to greatly change and innovate
The linux kernel has been constant target of innovation, and it has stayed monolithical all the time, without any forks.
Software should depend on as general a base as possible.
I do agree with that one: but many features are not available via abstraction layers, and then you suddenly need to add ugly desktop environment specific code if you ever wanted to implement that feature.
The main issue with "targeting" is itself. Software should depend on as general a base as possible.
So you want to give support to your users via phone. Should you be required to know how each and every distro does things?
In windows you can say "go to start, type 'abc', then click this entry then click yes then no then ok".
Slashdot Mirror
You now have to download, trust & configure a third-party plugin to block javascript.
No, no plugin needed at all. You just need to:
1. go to about:config (read more about about:config here: http://kb.mozillazine.org/Abou...)
2. toggle the option javascript.enabled to false
And no, disabling javascript does not miraculously protect the user from almost all exploits. Some time ago, firefox has used a fonts library. Simply loading a font then could infect you. They've changed it since.
Its possible to block js based ads as well, and blocking works really well, just look at the ad blocking extensions.
No, the actual reason for js was that it allows the advertisers to run their own analytics on the users. They can find out what site they browse, etc.
and therefore, it needs super extra protection. Its forbidden to open someone's skull to look for info as well, as should be the analogon for computers.
Its only good for the EU to be rid of forces that oppose an ever closer EU. Out with them!
Really the worst that could happen is that the UK votes for staying in the EU, but by 200 votes or something. If they had voted with 70% for staying in the EU, the ukip may have shut up. But with 200 votes, the matter will be brought out at each and every occasion. However, if the UK votes for leaving the EU by 200 votes, its just good, because then they see the consequences of their actions. A hard border in ireland and maybe in the future even scotland would really show them that being in the EU has its benefits, and may turn their temper in 10-20 years or so.
By then the EU will be more integrated thanks to the UK not blocking lots of integrational changes, and if UK would join again they would have to adopt all those changes.
Its harder than that. You'll need to re-write the whole set of gapps, and this is something really hard, as most of the apps are clients to some google service, and the hardware manufacturer now has to start its own cloud business just to replicate those services.
The NSA has two tasks: snooping and protecting US data. It takes the first task more seriously, and because of the snooping many people fear NSA, but it does stuff to fulfill the second task as well, like writing SELinux.
Well tell the court that you want sony to re-enable linux capabilities as its more valuable to you because with linux you can commit crimes with it.
It appears that european leaders now have discovered that robots don't pay income taxes and want to fix it. Well, that's right, but right now robots are a very good way you can avoid having to resort to do your production in china or something, because robots are as cheap in europe as they are in china. Well, good that the EU is changing it, as then the robot fabs will be built in china as well! Good job EU!
Rust uses the normal C/C++ linker.
They are in git, indeed:
CVE-2016-4300: https://github.com/libarchive/...
CVE-2016-4301: https://github.com/libarchive/...
CVE-2016-4302: https://github.com/libarchive/...
append .patch to the url in order to get an apply-able patch.
But better update the whole library, usually there is lots of security related fixing going on when a security researcher takes a look at the code. Also, the git commit log may lie, and in fact some other commits fixed the issue, its just not marked this prominently.
The best policy is always to not copy the whole library into your source tree, but making downloading the library part of the build process. If you have to modify the library some way, its best to upstream those changes, but if you don't want to do it for some reason, or can't do it, then you can create patch files, and apply the patches as part of the build process as well. Updating the library then gets as easy as changing an url and rebuilding + checking that all the patches applied + retesting.
Its just so funny. Most rust applications as of now only work because they use rust wrappers to native libraries. So even if you wrote your program in rust, if you used this crate, you'd have exactly the same problems as all those c/c++ writers: https://crates.io/crates/libar...
When its about AI, open source is not enough in order to let people have an usable product. The open source license only covers the source code, not the training data. These data are much more important, and usually they have very restrictive licenses.
Simple: get a new email address only used for "important" logins: emails domain names, everything important to you.
Then stash the login credentials for that one away in a safe or something and hope the provider doesn't delete it because you almost don't use it.
My main problem with SMS two factor is that in order to do it, I need to tell them my phone number. This gives the service an unique ID.
I much more prefer a yubikey based solution, where the protocol is open and one can implement whatever one wants on the client side (including an app where you have to tap, or an usb stick you have to put into the computer, etc).
(afp). Sofware developers across the world are celebrating. A coordinated effort which started ten years ago has reached one of its major goals: integration of every software ever written on the planet. The 10 GB release announcement mail by german developer Lennart Poettering includes a full listing of all the software incorporated. "We expect systemd to run only on very powerful machines" the mail reads. "systemd has completed a full bootup in a test run by a team of researchers from a japanese institution on the Post-K supercomputer". While traditional linux installations are rendered inoperable, developers expect that thanks to moore's law we might experience linux computers to work again by 2040.
the MAFIAA gets another digit of the nuclear launch codes
You mean 0?
http://www.dailymail.co.uk/new...
No.
systemd requires glibc. And glibc is 2 MB large. According to the paper, the processor has whopping 768 KB of RAM (and no capabilities to add external RAM).
Means systemd won't gonna run. Dunno about the kernel, probably its easier to write a minimal one from scratch than to port it over to that special architecture.
The press release does not include it, nor does the slashdot summary. The link to the paper: http://vcl.ece.ucdavis.edu/pub...
Wow that image reminds me of that infamous microsoft defragmentation tool. I remember watching it moving around stripes of stuff.
If your computer is completely untrusted then there are ways it still can communicate over an air gap with another untrusted computer.
For example, if you use usb sticks to share data, they could obiously store different stuff as well on the USB stick.
Well yeah I agree with you that the impression that TOR is mainly used to commit crimes is bad, but the paper has mentioned the FBI hacking in its introduction.
The technique they use is in fact per-function ASLR, and probably the places it can be used are as vast as for ASLR. Its not just limited to TBB or Firefox.
It'll surely severely limit the ability of doing ROP (return oriented programming), a very popular exploit technique.
That movie depicts one of the possible futures of our planet. Space is vast and big. We know now that FTL travel is an impossible thing.
But why explore space if we can just put ourselves on drugs and live in a phantasy world?
Computer games are just the beginning. VR is the second step.
https://it.slashdot.org/story/...
IDK about the software industry, but in other industries press releases often overstate the truth or make it easy for journalists to misinterpret them. Its not a good practice but it does happen.
I haven't read the press release myself so I can't really make a judgement on whether it was okay or not.
Maybe you don't like mark, but I think its awesome what he's doing, and that he invests his money into ubuntu instead of some yacht or an apartment in some skyscraper.
I'd say its okay to be pissed off by this considering that they didn't make any consensus beforehand, but IDK, for them it seems to be enough that you can port your application to fedora, not that fedora uses it as its main method.
Would fedora adopt it if nobody used it? Its the classical network problem. An app distribution method nobody has installed gets no adoption by app developers because nobody will be reached with it, and if there are no apps for some package manager, nobody will use it, let alone use it as their main package manager.
Innovation creeps up in the FOSS world through other projects, NOT through iteratively improving one core.
Let me continue on your systemd example. You are completely right, innovation works this way. But once the new innovating product is there, and it is obviously superior, people will want to adopt it. Thanks to systemd you now have an unified way to specify services, and an unified way to start and stop them. It is good to have it.
I am welcome to any project which builds on systemd, and keeps the user {CLI,configuration} interface.
If upstream doesn't want your contributions, you no longer have the (realistic) option to fork.
Having trouble convincing one maintainer to add your contributions? Well, It'll be surely harder to convince multiple, if you want a feature inside the whole ecosystem.
In the context of package managers this might be binary diffing. You want the linux package managers to do binary diffing? You'll have to convince each and every little distro king to accept your patch.
The ability to pick and choose your software in Linux is a feature, not a bug.
That might be right, to some extent. But what is fucking wrong is that you have multiple different package managers, each with their own way to invoke them via CLI. Arch even has two, yaourt AND pacman!
And package managers are very simple things. Generally each distro does the same things, just calls them differently.
I do NOT think that this is good.
Yes, its good to have a choice between desktop environments, and between web browsers, or file managers. That's all great. But the amount of lack of unification just harms linux IMO.
Why does each distro need its own package managers? Why does each distro have to re-invent the wheel for this?
All we get from this is just bugs over bugs, and waiting for each package manager to implement the same improvements like binary diff downloading or displaying a progress bar on download.
In fact, with most distros you are missing the choice when its about the package manager. You have to take what the distro gives you.
Unification [...] destroys the ability to greatly change and innovate
The linux kernel has been constant target of innovation, and it has stayed monolithical all the time, without any forks.
Software should depend on as general a base as possible.
I do agree with that one: but many features are not available via abstraction layers, and then you suddenly need to add ugly desktop environment specific code if you ever wanted to implement that feature.
The main issue with "targeting" is itself. Software should depend on as general a base as possible.
So you want to give support to your users via phone. Should you be required to know how each and every distro does things?
In windows you can say "go to start, type 'abc', then click this entry then click yes then no then ok".