Guarding your phone number doesn't work. They literally call every number, they don't care whose it is.
Robocalls would be stopped cold is phone calls transferred a dime from the caller to the callee. Or a penny.
Robocalls are only economically viable if calls are free to make.
These are local news for me - I encounter the birds all the time while biking through Venice.
The birds look a little unsafe for the riders, but less so than the skate boards that are
also common, and better overall than an equivalent number of cars and skateboards
in any mix.
If you read the post carefully, it's not about the birds; it's that the birds are yet another
tool to help yuppies avoid the homeless.
There's repair and then there's hacking. Suppose the "breakdown" is that the ass-on-seat sensor is broken, and the "fix" is to let the tractor run anyway. When the tractor runs over it's operator, the operator gets dead, but who gets sued?
using DMCA to enforce a repair monopoly is indefensible, but be careful what you wish for by allowing anyone to mod their own software. There are millions of diesel Mercedes owners who will want to "performance mod" their cars rather than allow them to be fixed to comply with pollution control laws; and don't even think about the implications of modding the software for your self driving car.
The biggest problem with this idea is that typical business documents (word docs, spread sheets..) would have to be treated
as binary files. You couldn't get any meaningful information about the differences between two versions of a document, and
you certainly couldn't merge and resolve conflicts. This would make the usefulness of a version control system zero (or less)
for the short term editing frenzy that many business documents undergo.
On the other hand, long term tracking of evolving documents, where only thoughtful edits were committed to the repository, could
be very useful.
I think you are missing the point about what Oracle has done already and is promising to do in the future. All of this about applets running inside the sandbox. After the demonstration of bugs that allowed applets to break out of the sandbox, Oracle panicked and has gone through mutiple generations of scary pop-ups warning you are about to run a sandboxed applet. Now they are promising to not run sandboxed applets at all, unless they are also signed by a trusted certificate.
Signing has nothing to do with trust, but establishes that the code hasn't been modified since the signer signed it. That's potentially useful.
Trust has nothing to do with signing or inspecting the actual applet or the intentions of the software. It only means the signer paid a certificate authority who is trusted. The CAs have no responsibility to certify anything except some fig leaf level of identity check. There's no way to walk the signer identity back to somebody you want to arrest unless they were honest and not evasive when they purchased their certificate. There's no way to prove that a certificate that was used to sign malware was actually used by the person who purchased it. It's a nearly vacuous concept of trustworthiness.
I don't believe that Oracle is planning to make money from the certificate process. It's all about covering their asses, which I can understand without liking it. It's long been my contention that some morning, every windows machine connected to the internet will be bulk-erased, and every one of the victims will sue Microsoft.
If I were Oracle, I'd be worried about that prospect too.
I believe java web start is treated the same as java applets in this respect. Training users to download applications and run them (unsandboxed) is a much worse alternative. Things need to run "in the browser" so they retain the context of the other content, and remain up to date.
The recent security problems have rightly killed off using older versions of java from the browser, but Oracle seems to be abandoning the sandbox rather than committing to keep it fixed. Ultimately, all manner of browser extensions have to have the same inherent hazards. I've had my browser and search engines hijacked several times by "trusted" toolbars installed by sneaky installers.
"Prove who you are" consists of cashing your check. The "trust" part of certificates is a bad joke. As I see it, it's the ability for the certificate authority to revoke a certificate (and browsers willingness to enforce the revocation) that provides some damage control.
There are lots of java applets that implement games, graphs, and other useful things that require a real program. Making sandboxed java applets harder to use will displace legitimate programs to more dangerous forms (such as downloaded java applications, or other directly executable programs), and in the process train users to ignore the danger.
Slashdot Mirror
Guarding your phone number doesn't work. They literally call every number, they don't care whose it is. Robocalls would be stopped cold is phone calls transferred a dime from the caller to the callee. Or a penny. Robocalls are only economically viable if calls are free to make.
These are local news for me - I encounter the birds all the time while biking through Venice. The birds look a little unsafe for the riders, but less so than the skate boards that are also common, and better overall than an equivalent number of cars and skateboards in any mix. If you read the post carefully, it's not about the birds; it's that the birds are yet another tool to help yuppies avoid the homeless.
There's repair and then there's hacking. Suppose the "breakdown" is that the ass-on-seat sensor is broken, and the "fix" is to let the tractor run anyway. When the tractor runs over it's operator, the operator gets dead, but who gets sued?
using DMCA to enforce a repair monopoly is indefensible, but be careful what you wish for by allowing anyone to mod their own software. There are millions of diesel Mercedes owners who will want to "performance mod" their cars rather than allow them to be fixed to comply with pollution control laws; and don't even think about the implications of modding the software for your self driving car.
Call me an optimist, but given Chrome's market share, surely Oracle will announce a compatible java plugin sometime before doomsday.
The biggest problem with this idea is that typical business documents (word docs, spread sheets..) would have to be treated as binary files. You couldn't get any meaningful information about the differences between two versions of a document, and you certainly couldn't merge and resolve conflicts. This would make the usefulness of a version control system zero (or less) for the short term editing frenzy that many business documents undergo. On the other hand, long term tracking of evolving documents, where only thoughtful edits were committed to the repository, could be very useful.
Signing has nothing to do with trust, but establishes that the code hasn't been modified since the signer signed it. That's potentially useful.
Trust has nothing to do with signing or inspecting the actual applet or the intentions of the software. It only means the signer paid a certificate authority who is trusted. The CAs have no responsibility to certify anything except some fig leaf level of identity check. There's no way to walk the signer identity back to somebody you want to arrest unless they were honest and not evasive when they purchased their certificate. There's no way to prove that a certificate that was used to sign malware was actually used by the person who purchased it. It's a nearly vacuous concept of trustworthiness.
I don't believe that Oracle is planning to make money from the certificate process. It's all about covering their asses, which I can understand without liking it. It's long been my contention that some morning, every windows machine connected to the internet will be bulk-erased, and every one of the victims will sue Microsoft. If I were Oracle, I'd be worried about that prospect too.
the links are from slashdot admins, not me; and the are bad, as you observed.
I believe java web start is treated the same as java applets in this respect. Training users to download applications and run them (unsandboxed) is a much worse alternative. Things need to run "in the browser" so they retain the context of the other content, and remain up to date.
The recent security problems have rightly killed off using older versions of java from the browser, but Oracle seems to be abandoning the sandbox rather than committing to keep it fixed. Ultimately, all manner of browser extensions have to have the same inherent hazards. I've had my browser and search engines hijacked several times by "trusted" toolbars installed by sneaky installers.
The current warning promises that in the future, self-signed certs won't be accepted at all.
"Prove who you are" consists of cashing your check. The "trust" part of certificates is a bad joke. As I see it, it's the ability for the certificate authority to revoke a certificate (and browsers willingness to enforce the revocation) that provides some damage control.
That's exactly what's promised by the red warning seen today.
There are lots of java applets that implement games, graphs, and other useful things that require a real program. Making sandboxed java applets harder to use will displace legitimate programs to more dangerous forms (such as downloaded java applications, or other directly executable programs), and in the process train users to ignore the danger.