Embedded devices do and should connect to the internet, the key is in the device being built properly in the first place and being updated if/when necessary. A properly designed embedded device will have only the features it requires, and thus a very small number of things that *might* need updating. Most routers and firewalls are embedded devices, and they would become pretty useless if not connected to the internet.
The problem is that devices are designed to be "easy to use", which means "enable everything by default in the tiny chance that customers might use those features", and this is why most printers come with support for a whole load of protocols enabled by default when the average user will only ever use 1 of them. I can't think of the last time i tried to print anything via FTP, and yet many printers support that by default.
There's thousands of people out there who will claim to have windows knowledge, and the vast majority of them don't have the first clue. So you'd end up with an extremely poorly configured network just limping along (as happens in many places)...
Theres a lot less people claiming linux/unix knowledge, but the vast majority of those who make such claims actually do have such knowledge, and experience, and in many cases its a genuine interest for them rather than a 9-5 job.
Finding competent windows engineers is generally *harder* than finding competent unix engineers simply because you have many more incompetent ones to sort through first. And generally the most competent people have experience of multiple systems anyway because one of the key differentiators is that someone highly competent will do proper research and use the best tool for the job at hand, rather than just using what they're most comfortable with or what they think is expected.
If it has not been licensed here, it is still copyright infringment, and is certainly harmful.
And arbitrarily deciding that particular groups of people cannot gain access to content is not harmful? There are MANY people in the world who are unable to access certain content in any legal way, and yet they can still read about it online.
Is it fair that i shouldn't be able to watch the UFC PPV events but i can read the results all over the internet, so that when/if they are finally made available here i already know whats going to happen?
Also the fact people made donations to this guy shows that many are willing to pay for the content but that they are either unable to, or the price is too high.
You can configure android to use a 4 digit pin (or nothing at all), and you can also configure ios to use a long passphrase (which for most people is just a complete nuisance to enter on a touchscreen device).
Most of the people who would opt out are the same people who throw the junk directly into the trash without ever reading it... So if anything, they would save money by no longer having to send so much junk to people who will never buy any products anyway.
Plus you don't have to pay more than the marketers, just more than the tiny share of those payments which is used to fund the junk being delivered to you.
Implementing SPF can also do the same thing, the issue is that mailing lists don't rewrite the from headers so despite having been forwarded through the mailing list server the original sender is still shown in the headers, only the mailing list server isnt really supposed to be sending mail *from* other people's addresses...
So either you allow mail to come from anywhere with any sender address, which lets mailing lists and email forwarding work fine but also makes spoofed spam very easy... Or you don't, and break the above...
Really legit mailing lists should be rewriting the sender headers to reflect that the mail has been redelivered by the mailing list, the only difficulty this would cause is when users try to reply directly to messages rather than forwarding their replies to the list itself.
Also makes the code more difficult to debug, more difficult to fix, and increases the chances of exploitable bugs existing in the first place... How many times have security holes resulted from trying to over complicate the code?
So, who is backporting security patches to linux 2.0, or KDE 3.0?
Anyone who is still using such devices.. There will be embedded devices out there still running ancient versions of linux, and still receiving manufacturer updates. In many cases the OS will have been minimalized to decrease the amount of effort required to update it, which is another advantage linux offers.
The fact that very few people still use such old linux devices is another matter, there is far less reason *not* to upgrade your linux devices - support for existing hardware is rarely dropped, memory requirements rarely go up, there are no huge costs involved etc.
FYI i still maintain several old linux boxes... One running a 2.4.x kernel, because it's used to control an SGI machine that requires a proprietary kernel module.. Another running a 2.2.x kernel because i use a third party encryption program that was never ported to newer kernels.
Both of these systems despite having old kernels, have relatively up to date userlands and the services exposed to the network are also kept updated.
Well that's the whole point, you don't need to provide support indefinitely you only need to provide the code to arbitrary third parties and they can continue providing support if you choose not to.
Look at all the embedded devices out there still running linux 2.4.x (or even older), and still being actively supported by the device maker. If there's a market for something and people have the code - someone will step up to provide support.
And that's one of the biggest problems with netflix and other streaming services... Your limited by your bandwidth, which is also likely to go down during peak times (ie when you want to watch), and heavy use streaming means you can't do anything else on the connection either because its too slow or because your activity would cause the stream to stall.
I want a service where i can download and watch later, i have limited peak time bandwidth usage and unlimited late at night, at night the network is less congested therefore faster and i'm generally asleep so i don't care if it makes the connection laggy, and downloads are not hampered by fluctuations in performance.
With a downloaded file i can take it offline to watch somewhere i have no or poor connectivity, once the file is downloaded i can watch it knowing there wont be any dropouts, i can download overnight in whatever quality i want , even a 1080p movie will be finished by the morning on a 5mbps connection.
Streaming is often utterly impractical at the times you most want to watch something, eg:
on a train/bus/coach/car - the motion makes 3g slower, tunnels make it drop out entirely as does travelling in/out of service areas... mobile data is often expensive... abroad - roaming data is even more expensive wifi is not always available, and even when it is sometimes its unusably slow and you trying to stream only compounds the problem...
On the other hand, a usb stick full of stuff you downloaded the previous night works very well in all of these situations. I travel a lot, and frequently find myself sitting around bored waiting for something, while having poor or no internet connection.
Almost always better to use a loop, a good compiler can unroll the loop if doing so would be beneficial and unless your targeting a single specific device, what's most efficient will depend on the hardware - eg a large unrolled loop might be slower if the loop is too big to fit in the cpu cache, and the unrolled loops increase the memory usage of the program which may be detrimental depending on the speed and quantity of memory etc.
On the other hand, the likelihood of this vulnerability actually being exploited is quite low for quite a few reasons... Primarily, because it requires that you first install a malicious app and then upgrade to a version of android which actually implements some new permissions...
1, very few users ever update (or even have updates available) 2, manufacturers will sometimes patch android but usually not provide updates to whole new versions and the small incremental patches wont introduce any new permissions 3, now that this issue has been discovered its highly likely that future updates will contain a fix for it, and users are unlikely to update to a version that isnt the latest available for their particular handset, so *if* they can and do update they will be patching this issue anyway.
1, you have the source code so anyone can provide patches, not just the original vendor. If your shipping out thousands of ATMs you can even afford to employ a few developers yourself. 2, linux is far more modular so you can remove all the crap you don't require - if its not present it doesn't need to be patched. 3, linux has lots of distros to choose from, with varying levels of support.. some of the embedded ones are actively supported for a long time
Why would the banks have to do it? Banks don't build their own ATMs, they buy ready made ones and slap a bit of branding on top... For the manufacturers of ATMs, the burden of supporting a cut down ATM-specific linux distro is rather minimal compared to the support they have to provide for the hardware and their own application anyway. If you stripped down a linux system to the bare essentials necessary to run an ATM, you'd not have a lot of code running there so there wouldn't be a huge number of patches you'd need to backport anyway. Plus there are other organisations in other markets in the same boat with whom you could share resources.
Not only support it themselves, but if they strip the system down to the bare essentials there will be a lot less that actually needs maintaining... Having a load of unnecessary code on your device is stupid, doubly so if you have to keep patching it.
Most businesses don't think that far ahead, at least when it comes to things which are not their core business... The idea that they would make their business dependent on software only available from a single vendor is equally staggering.
The exclusivity of the trade secrets was not stolen, neither party has exclusivity anymore... The exclusivity was destroyed, since no noone has exclusivity.
That's assuming the malware is targeting end user workstations... The malware discussed in this article explicitly targets servers, and linux is far from an obscure platform when it comes to servers.
There are many other reasons than lack of desktop users why there is less malware for linux... Linux users are far less likely to be running with admin privileges, linux users have to take extra steps to execute a random binary, linux users are less likely to want to execute random binaries due to the prevalent use of repositories, linux users are generally more savvy than windows users, linux users are more likely to have updated their applications (again due to repositories)...
Also the idea of "security through obscurity" is usually promoted by proponents of closed source, who somehow think that restricted distribution of the sourcecode will prevent people from finding exploitable holes.
Depends wether you can get a job quickly enough.. If you go straight into work instead of taking out several years studying then you will build experience sooner. Of course the situation is different for everyone.
Slashdot Mirror
Embedded devices do and should connect to the internet, the key is in the device being built properly in the first place and being updated if/when necessary. A properly designed embedded device will have only the features it requires, and thus a very small number of things that *might* need updating.
Most routers and firewalls are embedded devices, and they would become pretty useless if not connected to the internet.
The problem is that devices are designed to be "easy to use", which means "enable everything by default in the tiny chance that customers might use those features", and this is why most printers come with support for a whole load of protocols enabled by default when the average user will only ever use 1 of them. I can't think of the last time i tried to print anything via FTP, and yet many printers support that by default.
Or hobbled to create the false impression of security, while not actually being secure at all, just terribly inconvenient to use.
There's thousands of people out there who will claim to have windows knowledge, and the vast majority of them don't have the first clue. So you'd end up with an extremely poorly configured network just limping along (as happens in many places)...
Theres a lot less people claiming linux/unix knowledge, but the vast majority of those who make such claims actually do have such knowledge, and experience, and in many cases its a genuine interest for them rather than a 9-5 job.
Finding competent windows engineers is generally *harder* than finding competent unix engineers simply because you have many more incompetent ones to sort through first. And generally the most competent people have experience of multiple systems anyway because one of the key differentiators is that someone highly competent will do proper research and use the best tool for the job at hand, rather than just using what they're most comfortable with or what they think is expected.
If it has not been licensed here, it is still copyright infringment, and is certainly harmful.
And arbitrarily deciding that particular groups of people cannot gain access to content is not harmful?
There are MANY people in the world who are unable to access certain content in any legal way, and yet they can still read about it online.
Is it fair that i shouldn't be able to watch the UFC PPV events but i can read the results all over the internet, so that when/if they are finally made available here i already know whats going to happen?
Also the fact people made donations to this guy shows that many are willing to pay for the content but that they are either unable to, or the price is too high.
You can configure android to use a 4 digit pin (or nothing at all), and you can also configure ios to use a long passphrase (which for most people is just a complete nuisance to enter on a touchscreen device).
Most of the people who would opt out are the same people who throw the junk directly into the trash without ever reading it... So if anything, they would save money by no longer having to send so much junk to people who will never buy any products anyway.
Plus you don't have to pay more than the marketers, just more than the tiny share of those payments which is used to fund the junk being delivered to you.
Largely because better trained staff will demand more pay, or will go somewhere else to get it.
Implementing SPF can also do the same thing, the issue is that mailing lists don't rewrite the from headers so despite having been forwarded through the mailing list server the original sender is still shown in the headers, only the mailing list server isnt really supposed to be sending mail *from* other people's addresses...
So either you allow mail to come from anywhere with any sender address, which lets mailing lists and email forwarding work fine but also makes spoofed spam very easy...
Or you don't, and break the above...
Really legit mailing lists should be rewriting the sender headers to reflect that the mail has been redelivered by the mailing list, the only difficulty this would cause is when users try to reply directly to messages rather than forwarding their replies to the list itself.
Also makes the code more difficult to debug, more difficult to fix, and increases the chances of exploitable bugs existing in the first place...
How many times have security holes resulted from trying to over complicate the code?
So, who is backporting security patches to linux 2.0, or KDE 3.0?
Anyone who is still using such devices..
There will be embedded devices out there still running ancient versions of linux, and still receiving manufacturer updates. In many cases the OS will have been minimalized to decrease the amount of effort required to update it, which is another advantage linux offers.
The fact that very few people still use such old linux devices is another matter, there is far less reason *not* to upgrade your linux devices - support for existing hardware is rarely dropped, memory requirements rarely go up, there are no huge costs involved etc.
FYI i still maintain several old linux boxes...
One running a 2.4.x kernel, because it's used to control an SGI machine that requires a proprietary kernel module..
Another running a 2.2.x kernel because i use a third party encryption program that was never ported to newer kernels.
Both of these systems despite having old kernels, have relatively up to date userlands and the services exposed to the network are also kept updated.
In the case of XP, clearly the up front costs have long ago been recovered many thousands of times over.
Well that's the whole point, you don't need to provide support indefinitely you only need to provide the code to arbitrary third parties and they can continue providing support if you choose not to.
Look at all the embedded devices out there still running linux 2.4.x (or even older), and still being actively supported by the device maker. If there's a market for something and people have the code - someone will step up to provide support.
So you're violating their terms of service and effectively pirating the content anyway...
And that's one of the biggest problems with netflix and other streaming services... Your limited by your bandwidth, which is also likely to go down during peak times (ie when you want to watch), and heavy use streaming means you can't do anything else on the connection either because its too slow or because your activity would cause the stream to stall.
I want a service where i can download and watch later, i have limited peak time bandwidth usage and unlimited late at night, at night the network is less congested therefore faster and i'm generally asleep so i don't care if it makes the connection laggy, and downloads are not hampered by fluctuations in performance.
With a downloaded file i can take it offline to watch somewhere i have no or poor connectivity, once the file is downloaded i can watch it knowing there wont be any dropouts, i can download overnight in whatever quality i want , even a 1080p movie will be finished by the morning on a 5mbps connection.
Streaming is often utterly impractical at the times you most want to watch something, eg:
on a train/bus/coach/car - the motion makes 3g slower, tunnels make it drop out entirely as does travelling in/out of service areas...
mobile data is often expensive...
abroad - roaming data is even more expensive
wifi is not always available, and even when it is sometimes its unusably slow and you trying to stream only compounds the problem...
On the other hand, a usb stick full of stuff you downloaded the previous night works very well in all of these situations. I travel a lot, and frequently find myself sitting around bored waiting for something, while having poor or no internet connection.
Almost always better to use a loop, a good compiler can unroll the loop if doing so would be beneficial and unless your targeting a single specific device, what's most efficient will depend on the hardware - eg a large unrolled loop might be slower if the loop is too big to fit in the cpu cache, and the unrolled loops increase the memory usage of the program which may be detrimental depending on the speed and quantity of memory etc.
On the other hand, the likelihood of this vulnerability actually being exploited is quite low for quite a few reasons... Primarily, because it requires that you first install a malicious app and then upgrade to a version of android which actually implements some new permissions...
1, very few users ever update (or even have updates available)
2, manufacturers will sometimes patch android but usually not provide updates to whole new versions and the small incremental patches wont introduce any new permissions
3, now that this issue has been discovered its highly likely that future updates will contain a fix for it, and users are unlikely to update to a version that isnt the latest available for their particular handset, so *if* they can and do update they will be patching this issue anyway.
Linux has 2 advantages here...
1, you have the source code so anyone can provide patches, not just the original vendor. If your shipping out thousands of ATMs you can even afford to employ a few developers yourself.
2, linux is far more modular so you can remove all the crap you don't require - if its not present it doesn't need to be patched.
3, linux has lots of distros to choose from, with varying levels of support.. some of the embedded ones are actively supported for a long time
Why would the banks have to do it? Banks don't build their own ATMs, they buy ready made ones and slap a bit of branding on top...
For the manufacturers of ATMs, the burden of supporting a cut down ATM-specific linux distro is rather minimal compared to the support they have to provide for the hardware and their own application anyway. If you stripped down a linux system to the bare essentials necessary to run an ATM, you'd not have a lot of code running there so there wouldn't be a huge number of patches you'd need to backport anyway. Plus there are other organisations in other markets in the same boat with whom you could share resources.
Have you not looked in access logs or firewall logs? chances are whoever is exploiting this is also actively scanning for it...
What happens if MS goes tits up? Where do you get your compatible OS from?
Having multiple suppliers for something important makes sense, but running single vendor software completely destroys that benefit.
Not only support it themselves, but if they strip the system down to the bare essentials there will be a lot less that actually needs maintaining... Having a load of unnecessary code on your device is stupid, doubly so if you have to keep patching it.
Most businesses don't think that far ahead, at least when it comes to things which are not their core business...
The idea that they would make their business dependent on software only available from a single vendor is equally staggering.
The exclusivity of the trade secrets was not stolen, neither party has exclusivity anymore...
The exclusivity was destroyed, since no noone has exclusivity.
That's assuming the malware is targeting end user workstations... The malware discussed in this article explicitly targets servers, and linux is far from an obscure platform when it comes to servers.
There are many other reasons than lack of desktop users why there is less malware for linux... Linux users are far less likely to be running with admin privileges, linux users have to take extra steps to execute a random binary, linux users are less likely to want to execute random binaries due to the prevalent use of repositories, linux users are generally more savvy than windows users, linux users are more likely to have updated their applications (again due to repositories)...
Also the idea of "security through obscurity" is usually promoted by proponents of closed source, who somehow think that restricted distribution of the sourcecode will prevent people from finding exploitable holes.
Depends wether you can get a job quickly enough.. If you go straight into work instead of taking out several years studying then you will build experience sooner. Of course the situation is different for everyone.