Out of curiosity, when did Gentoo stop being in the list of relevant distros?
The Gentoo Bugzilla and forums still seem to be extremely active, so I have no reason to believe that the Gentoo community is dying, but distro discussions on Slashdot seem to ignore it now. What did I miss?
Those are usually more sophisticated that a simple RFID. They usually have an actual smart card in them that handles a cryptographic challenge/response from the reader. The challenge/response resists replay attacks, so a simple cloning won't work.
The infrastructure exists, it's reasonably cheap and easy to convert most vehicles already in use, and the resource is reasonably abundant. HOWEVER, it's not a renewable energy source, any more than oil is. So we wouldn't actually be solving any of our problems by switching.
Methane is methane, so if you process biogas sufficiently, you could inject it into the current NG pipeline and nobody would know the difference (unless they were looking for trace contaminants).
Who cares? If Linus stops updating his repository tomorrow, we'll all just switch to whatever repository meets our needs.
It's only consensus that says that Linus' repository is the "official" one.
There are already plenty of people who track Andrew Morton's repository instead of Linus', so if Linus went away, it's not like we don't already have a tested mechanism to allow us to track "unofficial" repositories.
The proof of concept code is the most important thing they can release since it's the only way that the community can verify that any precautions they take against the vulnerability are effective.
There are lots of smart folks in the community and there's no reason to think that the community can't come up with ways to protect itself even if the researchers don't suggest precautions. It's nice when the researchers release effective precautions when they release the proof of concept, but even if they don't, they are still doing the right thing.
You seem to think that the community is better served by being ignorant of the problem. How can that be true?
Has anyone attempted to talk to the people listed in the attributions to see when the bug was reported and what the experience was like working with Microsoft to get the bug fixed?
And the security researcher is fulfilling his duty to society by alerting society to the issue and giving enough information for informed users to determine their own risk and take precautions.
You seem to think that the researcher is doing society a disservice by releasing the information.
Not being able to fix the problem is very different from not being able to do anything to mitigate your exposure to the problem.
Sometimes the problem is part of an unused component that can be turned off. Sometimes the problem can be protected by simple firewall rule changes. Sometimes the problem has a simple work-around.
All of these things help protect the user even though none of them actually fix the problem.
If the user doesn't know the problem exists, then they can't make any attempt to protect themselves.
But what if Microsoft are currently spending their time fixing a major security hole that is currently being exploited.
You say that as if Microsoft only has a single developer who can fix code. Microsoft has enough developers that the corporation can address multiple issues at the same time. Therefore, worrying that they don't have the resources to address a new bug isn't necessary.
Slashdot Mirror
Why?
Perhaps their interest in Linux is for servers. Or their other laptop. Or their work machines.
Being a member of a LUG doesn't require you to use Linux for all computers, just enough that you're interested in joining the LUG.
How much do windows licenses cost and how much does RedHat charge?
Best. Car. Analogy. Ever.
Don't call them "updates". Instead, say the software/firmware has been "recalled" and you've got the "fixes" from HP.
Out of curiosity, when did Gentoo stop being in the list of relevant distros?
The Gentoo Bugzilla and forums still seem to be extremely active, so I have no reason to believe that the Gentoo community is dying, but distro discussions on Slashdot seem to ignore it now. What did I miss?
Those are usually more sophisticated that a simple RFID. They usually have an actual smart card in them that handles a cryptographic challenge/response from the reader. The challenge/response resists replay attacks, so a simple cloning won't work.
Does OSX still treat X apps like second class citizens?
Last time I tried a Mac, alt-tabbing through my X apps required first alt-tabbing to X and then ~-tabbing to the app I wanted.
The infrastructure exists, it's reasonably cheap and easy to convert most vehicles already in use, and the resource is reasonably abundant. HOWEVER, it's not a renewable energy source, any more than oil is. So we wouldn't actually be solving any of our problems by switching.
Methane is methane, so if you process biogas sufficiently, you could inject it into the current NG pipeline and nobody would know the difference (unless they were looking for trace contaminants).
I believe the intent is to build this into new birds that we put up there, not try to attach them to existing birds.
Yeah, and that same drag will help de-orbit the satellite.
Which is the point of it, right?
We should see a union strike soon enough.
And that will only harden the resolve of the management to replace the union members with predictable machines as soon as feasible.
I've yet to see evidence that Windows has a "stigma" outside of the geek world.
You don't know any Mac users?
I find that hard to believe.
How much do they make?
Is it enough to even be reported in their annual statements?
IAAP = "I Am A Physicist"
Secondhand smoke was never proven to be harmful
So all those second hand smoke studies they've conducted over the last 30+ years were all mis-reported by the media?
Every single one of them?
Who cares? If Linus stops updating his repository tomorrow, we'll all just switch to whatever repository meets our needs.
It's only consensus that says that Linus' repository is the "official" one.
There are already plenty of people who track Andrew Morton's repository instead of Linus', so if Linus went away, it's not like we don't already have a tested mechanism to allow us to track "unofficial" repositories.
Why is this modded "troll"?
"Insightful" is more appropriate. Near as I can tell, this post is dead on.
Thanks!
I needed a smile!
The proof of concept code is the most important thing they can release since it's the only way that the community can verify that any precautions they take against the vulnerability are effective.
There are lots of smart folks in the community and there's no reason to think that the community can't come up with ways to protect itself even if the researchers don't suggest precautions. It's nice when the researchers release effective precautions when they release the proof of concept, but even if they don't, they are still doing the right thing.
You seem to think that the community is better served by being ignorant of the problem. How can that be true?
If I don't know how to do the exploit, then how can I design my precautions and test that they are effective?
Has anyone attempted to talk to the people listed in the attributions to see when the bug was reported and what the experience was like working with Microsoft to get the bug fixed?
And the security researcher is fulfilling his duty to society by alerting society to the issue and giving enough information for informed users to determine their own risk and take precautions.
You seem to think that the researcher is doing society a disservice by releasing the information.
Not being able to fix the problem is very different from not being able to do anything to mitigate your exposure to the problem.
Sometimes the problem is part of an unused component that can be turned off.
Sometimes the problem can be protected by simple firewall rule changes.
Sometimes the problem has a simple work-around.
All of these things help protect the user even though none of them actually fix the problem.
If the user doesn't know the problem exists, then they can't make any attempt to protect themselves.
But what if Microsoft are currently spending their time fixing a major security hole that is currently being exploited.
You say that as if Microsoft only has a single developer who can fix code. Microsoft has enough developers that the corporation can address multiple issues at the same time. Therefore, worrying that they don't have the resources to address a new bug isn't necessary.
Yes.