I've actually being wondering about whether I can run messenger on my phone now that the permissions model is better honed. Why would this not work if you deny the app contacts/location permissions?
Yeah, and I'd bet dollars to donuts that "one person" didn't apply the patch for a reason, something like
a "I'm patching today" b "Oh, hold off we're in the middle of an important deployment" a "But this is the scheduled day" b "Just hold until next week, this is an expensive product and we can't delay launch" a "OK, I'll hold off until Monday at the latest" [Monday rolls around] a "OK, I'm patching now" b "Go ahead, but DON'T apply that Tomcat patch, it breaks stuff in the new application" a "It's a critical patch! We'll have a massive vulnerability in our system if we don't address it!" b "You can't. You'll break the system. You'll have to wait until the new version of the code is released that works around the issue. Don't worry it's next week" a "..." [weeks go by, code is still not updated, patch is still not applied, system gets hacked]
Well, the common choice here would likely be Ubuntu (possibly Mint). Not because I love Ubuntu, but because when it comes to a desktop Linux distro supported by vendors, it gets the most love. I'd throw mint as a secondary choice just because whatever works on Ubuntu generally works on Mint.
Generally the choice would be based on: What do you need to run, and what provides it, same as the overall OS situation.
That's been a known thing for awhile.
If you want to play Counterstrike and DOTA, you'll probably do fine on a Ubuntu box as it runs Steam fairly painlessly. If you want to play Battlefield, you'd be better of on a Windows box and skip Linux altogether for now. You could try Wine, but at that point it becomes less feasible for non-technical people.
If you just want to browse the internet and have an email client plus Firefox/Chrome, most anything will do.
Seriously, my grandparents are in their 70's and have been running a Linux desktop for quite awhile. I recently updated it from an older Ubuntu with Gnome to one with KDE.
Thus far it seems good, with the biggest issue I've had recently being showing them how to get pictures from their digital camera to their hard drive, and then email them. That would still be an issue with Windows as well, though there may exist more apps to simplify the process (and the wireless xfer feature might actually work, which it doesn't appear to in 'nix).
That said, I do use CentOS and RedHat etc as well for various purposes, mostly more business-centric.
Even among the enthusiasts, there's different levels ranging from (for the UI/WM) "I'll use a shell for everything" to "XFCE or Fluxbox is good enough" to "I'm running a full gnome/KDE desktop"
There may be a little attrition as focus on what's "popular" pulls resources, but the nice thing is that people will also see popular things become *available* on 'nix. That may mean games, hardware support, Office Suites, productivity software, or even SQL Server for 'nix servers (which more recently became available).
So yeah, I'm already pretty happy that my RX480 runs prettily with just the kernel-provided driver, and is able to play DOTA, TF, or others in my KDE desktop. If I wanted I could still run XFCE, or do all my normal stuff.
If the NSA can already hack the sensors on the phone, wouldn't they be able to pull pics from any front-facing camera app and not just the facial recognition?
THe problem is in that mostly, and on what breaks. A broken aircraft can actually land pretty well in many situations (maybe not so helpful if you're over the ocean, etc).
A broken car which doesn't stop when it's supposed to is a considerable hazard in itself, especially when we're looking at stuff like autonomous vehicles and cargo vehicles.
Videos are great! I mean, who DOESN'T want to watch a 10 tutorial minute video to find out what used to be in a half-page article? Before you could just look at the words and picture and figure out what settings are needed on your phone etc, but that's old-school. Now I can listen to some guy named Frank narrate how to do it AND learn about his cat, other youtube channels, and girlfriend issues! It's even better when you're trying to figure out some shell command and you get to rewind a dozen times to figure out what it was they speed-typed that scrolled past almost instantly, because text articles and cut+paste is for LOSERS! Of course I don't have to worry about manually dealing with all videos, some play themselves *automatically* for me, usually buried in some random webpage at max volume just to make sure I don't miss hearing about how to deal with adult intimacy issues and incontinence!
My cellphone provider loves it too. All that extra bandwidth we get to use in overage fees sure makes their profits go up!
Even a known company can fail you. A big thing with Kickstarters (aside from burn cash then burn out) is to come up with something initially and then get bought out by some other big company and leave your sponsors in the dust.
Pebble did good on their round 1. I enjoyed my watch, and went for a Time 2 in the more recent kickstarter. Just before the ship-date, they sold out to Fibit and killed the product. Thankfully I got refunded on that one...
I don't believe they're actually disabling the device, but rather that they aren't actively maintaining it. In the end though it may amount to the same thing, similar to blu-ray players where if you don't get the code updates you are unable to play or use the functionality of newer discs.
Yeah, depending on what was "exploited", it could have still been a legit purchase.
I've heard of this happening in stores with people who do "extreme couponing", sometimes to the extent where combined coupons equal a negative balance at the till.
I've also heard of cases with things like points-cards where people use the card to buy a cash-value item, then use the cash to pay off the card (free points). E.G. buying several hundred bucks of "commemorative coins" on a special sale of 10 for $10, then using said coins as currency to pay off the card balance.
It's an interesting part of society, and if we could learn a similar lesson for stuff like wages or other social conditions it would be nice.
Trickle-down is bullshit, but still a favorite of politicians etc because - surprise - they benefit from it.
Add a bunch of money at the top and it gets hoarded, wasted, and maybe a little bit falls down here and there.
Invest in raising the floor, many of the benefits flow upward. People with more money will patronize businesses more. Better access to counselling/detox means less addicts, which reduces homelessness/crime. When people have a roof over their heads, they can better avoid certain issues than when on the streets, and better contribute to society.
More people in the lower/mid end = more taxpayers. Upper end means more loopholes. etc
Even if there were $120 in movies worth seeing... those with young kids etc might have a hard problem taking advantage of this.
Still, it's a neat idea, and one that likely would increase viewership of movies. For those that *do* like theatre movies it may be worthwhile, especially the types that re-watch the same flick a few times when a good one comes out.
Blizzard actually seems to do pretty well for having strong female characters in their games. Kerrigan (Starcraft) was bad-ass, and Overwatch has some pretty awesome characters as well. Plus SC2 had a nice switch-up from Raynor saving Kerrigan and to vise-versa.
Having female characters that people can *play* seems a good step towards getting females interested in playing games, which is a step towards increase interest in making games.
Yup. I know a lot of people that use Kodi plugins to watch "pirate" streams. For myself I just take any new disc that I've purchase and transcode it for my personal library, then archive the disc.
That means the kiddo can watch Frozen as many times as she wants, easily, without scratching/losing the disc.
Damn, those actually seem quite useful (especially the volume thing, kinda like how chrome has it as a per-tab mute option). It's quite possible that they would be abused/over-used though.
It seems that some of that stuff (such as progress bars) is moving to the taskbar lately, either as a small applet or within the task-manager section for the given application.
That was my first thought. Also, on many window-managers those decorations are determined by the active theme and can be on either side of the window, split among both, and/or even with custom icons.
I haven't used Ubuntu's gnome flavor in awhile, so assume it's just referring to the default settings for that (it says shipping-with, so it's entirely possible it's something that can be changed and this is just the default).
I love how you like to jump around trying to avoid any responsibility on the part of the devs. It's not a new bug, it's a broken fix to the original bug. But I think that now we're coming full-circle because aardvarkjoe has already pretty much captured this:
they still haven't fixed the problem that systemd won't accept valid usernames. As far as I can tell, that is 100% an ego thing -- they won't admit that having systemd have its own username validation rules is a mistake.
After which it delved into: * SystemD does accept valid usernames, useradd(8) is distribution-specific (conveniently ignores the fact that even the distribution of the company which employees the lead SystemD dev - RedHat - allows the number) * Topic switch: but just because it works for you doesn't mean it's the same as others (but again, RedHat per above and also Ubuntu and derivatives, some of the most common desktop and enterprise Linux distributions) * Topic switch: well your version might not be the same as other versions (except, again, the behavior per the common distributions regardless of version has been accepting of numerics) * Topic switch: Well, those distributions don't come with services that run with users starting with numbers (regardless the usernames are still completely valid on those systems, and thus the application is disregarding valid OS users) * Topic switch: Well, nobody really needs this (aka I don't know anybody who gives a f***, so why should I) so it's not really an issue * Topic switch: Yeah, maybe it's a bug, but the old root-privilege issue was a different bug, this is a new one and not severe
Looking forward to 6 months from now where some similar issue comes up with a crafted username being used as a hidden attack vector but "hey, it wasn't our fault for trying to rewrite the entire stack - ignoring existing standards - and introducing ugly bugs in the process".
Care to switch it up again? Actually, I'm happy with "yes it's (finally admitted to be) a bug" and agreeing that in the current state it's not of high severity. However low severity is not no severity, and we've happily obscured the underlying issue of the devs continually creating dangerously broken shit by redoing everything under the sun, being caustic towards legitimate user feedback, and generally turning deaf ear at the "good enough, IDGAF" point....
Slashdot Mirror
I've actually being wondering about whether I can run messenger on my phone now that the permissions model is better honed. Why would this not work if you deny the app contacts/location permissions?
Except with oauth, you should not be entering your credentials anywhere except Google/FB's site. That's part of the point of it.
If you're not on google.com or facebook.com, don't enter the password.
So he knew enough about how to use the darknet, bitcoin, and PGP, but not to encrypt his actual files/login or store them outside of local storage.
Seems a little off to me.
Yeah, and I'd bet dollars to donuts that "one person" didn't apply the patch for a reason, something like
a "I'm patching today"
b "Oh, hold off we're in the middle of an important deployment"
a "But this is the scheduled day"
b "Just hold until next week, this is an expensive product and we can't delay launch"
a "OK, I'll hold off until Monday at the latest"
[Monday rolls around]
a "OK, I'm patching now"
b "Go ahead, but DON'T apply that Tomcat patch, it breaks stuff in the new application"
a "It's a critical patch! We'll have a massive vulnerability in our system if we don't address it!"
b "You can't. You'll break the system. You'll have to wait until the new version of the code is released that works around the issue. Don't worry it's next week"
a "..."
[weeks go by, code is still not updated, patch is still not applied, system gets hacked]
Well, the common choice here would likely be Ubuntu (possibly Mint). Not because I love Ubuntu, but because when it comes to a desktop Linux distro supported by vendors, it gets the most love. I'd throw mint as a secondary choice just because whatever works on Ubuntu generally works on Mint.
Generally the choice would be based on: What do you need to run, and what provides it, same as the overall OS situation.
That's been a known thing for awhile.
If you want to play Counterstrike and DOTA, you'll probably do fine on a Ubuntu box as it runs Steam fairly painlessly. If you want to play Battlefield, you'd be better of on a Windows box and skip Linux altogether for now. You could try Wine, but at that point it becomes less feasible for non-technical people.
If you just want to browse the internet and have an email client plus Firefox/Chrome, most anything will do.
Seriously, my grandparents are in their 70's and have been running a Linux desktop for quite awhile. I recently updated it from an older Ubuntu with Gnome to one with KDE.
Thus far it seems good, with the biggest issue I've had recently being showing them how to get pictures from their digital camera to their hard drive, and then email them. That would still be an issue with Windows as well, though there may exist more apps to simplify the process (and the wireless xfer feature might actually work, which it doesn't appear to in 'nix).
That said, I do use CentOS and RedHat etc as well for various purposes, mostly more business-centric.
That's why there's forks and options though.
Even among the enthusiasts, there's different levels ranging from (for the UI/WM) "I'll use a shell for everything" to "XFCE or Fluxbox is good enough" to "I'm running a full gnome/KDE desktop"
There may be a little attrition as focus on what's "popular" pulls resources, but the nice thing is that people will also see popular things become *available* on 'nix. That may mean games, hardware support, Office Suites, productivity software, or even SQL Server for 'nix servers (which more recently became available).
So yeah, I'm already pretty happy that my RX480 runs prettily with just the kernel-provided driver, and is able to play DOTA, TF, or others in my KDE desktop. If I wanted I could still run XFCE, or do all my normal stuff.
Choice is good.
Here, hold my beer...
If the NSA can already hack the sensors on the phone, wouldn't they be able to pull pics from any front-facing camera app and not just the facial recognition?
THe problem is in that mostly, and on what breaks.
A broken aircraft can actually land pretty well in many situations (maybe not so helpful if you're over the ocean, etc).
A broken car which doesn't stop when it's supposed to is a considerable hazard in itself, especially when we're looking at stuff like autonomous vehicles and cargo vehicles.
Videos are great! I mean, who DOESN'T want to watch a 10 tutorial minute video to find out what used to be in a half-page article?
Before you could just look at the words and picture and figure out what settings are needed on your phone etc, but that's old-school. Now I can listen to some guy named Frank narrate how to do it AND learn about his cat, other youtube channels, and girlfriend issues!
It's even better when you're trying to figure out some shell command and you get to rewind a dozen times to figure out what it was they speed-typed that scrolled past almost instantly, because text articles and cut+paste is for LOSERS! Of course I don't have to worry about manually dealing with all videos, some play themselves *automatically* for me, usually buried in some random webpage at max volume just to make sure I don't miss hearing about how to deal with adult intimacy issues and incontinence!
My cellphone provider loves it too. All that extra bandwidth we get to use in overage fees sure makes their profits go up!
Even a known company can fail you. A big thing with Kickstarters (aside from burn cash then burn out) is to come up with something initially and then get bought out by some other big company and leave your sponsors in the dust.
Pebble did good on their round 1. I enjoyed my watch, and went for a Time 2 in the more recent kickstarter. Just before the ship-date, they sold out to Fibit and killed the product. Thankfully I got refunded on that one...
And yet all my other bluetooth headsets and headphones seem to work fairly well despite this...
Either account for the signal loss, or don't sell a broken product.
I don't believe they're actually disabling the device, but rather that they aren't actively maintaining it. In the end though it may amount to the same thing, similar to blu-ray players where if you don't get the code updates you are unable to play or use the functionality of newer discs.
Yeah, depending on what was "exploited", it could have still been a legit purchase.
I've heard of this happening in stores with people who do "extreme couponing", sometimes to the extent where combined coupons equal a negative balance at the till.
I've also heard of cases with things like points-cards where people use the card to buy a cash-value item, then use the cash to pay off the card (free points). E.G. buying several hundred bucks of "commemorative coins" on a special sale of 10 for $10, then using said coins as currency to pay off the card balance.
Well hell, if you can't trust nogirlsallowed81's youtube expose, who CAN you trust?!
It's an interesting part of society, and if we could learn a similar lesson for stuff like wages or other social conditions it would be nice.
Trickle-down is bullshit, but still a favorite of politicians etc because - surprise - they benefit from it.
Add a bunch of money at the top and it gets hoarded, wasted, and maybe a little bit falls down here and there.
Invest in raising the floor, many of the benefits flow upward. People with more money will patronize businesses more. Better access to counselling/detox means less addicts, which reduces homelessness/crime. When people have a roof over their heads, they can better avoid certain issues than when on the streets, and better contribute to society.
More people in the lower/mid end = more taxpayers. Upper end means more loopholes. etc
Freedom of speech is between you and your government. Private entities on private platforms need not apply the same rules.
Even if there were $120 in movies worth seeing... those with young kids etc might have a hard problem taking advantage of this.
Still, it's a neat idea, and one that likely would increase viewership of movies. For those that *do* like theatre movies it may be worthwhile, especially the types that re-watch the same flick a few times when a good one comes out.
Blizzard actually seems to do pretty well for having strong female characters in their games.
Kerrigan (Starcraft) was bad-ass, and Overwatch has some pretty awesome characters as well. Plus SC2 had a nice switch-up from Raynor saving Kerrigan and to vise-versa.
Having female characters that people can *play* seems a good step towards getting females interested in playing games, which is a step towards increase interest in making games.
Yup. I know a lot of people that use Kodi plugins to watch "pirate" streams. For myself I just take any new disc that I've purchase and transcode it for my personal library, then archive the disc.
That means the kiddo can watch Frozen as many times as she wants, easily, without scratching/losing the disc.
I'm just amazed that there's something as specific as a study comparing in-utero testosterone expose and fricking Java programming.
It seems that a lot of media reports stripped those out...
Damn, those actually seem quite useful (especially the volume thing, kinda like how chrome has it as a per-tab mute option). It's quite possible that they would be abused/over-used though.
It seems that some of that stuff (such as progress bars) is moving to the taskbar lately, either as a small applet or within the task-manager section for the given application.
That was my first thought. Also, on many window-managers those decorations are determined by the active theme and can be on either side of the window, split among both, and/or even with custom icons.
I haven't used Ubuntu's gnome flavor in awhile, so assume it's just referring to the default settings for that (it says shipping-with, so it's entirely possible it's something that can be changed and this is just the default).
I love how you like to jump around trying to avoid any responsibility on the part of the devs. It's not a new bug, it's a broken fix to the original bug. But I think that now we're coming full-circle because aardvarkjoe has already pretty much captured this:
they still haven't fixed the problem that systemd won't accept valid usernames. As far as I can tell, that is 100% an ego thing -- they won't admit that having systemd have its own username validation rules is a mistake.
After which it delved into:
* SystemD does accept valid usernames, useradd(8) is distribution-specific (conveniently ignores the fact that even the distribution of the company which employees the lead SystemD dev - RedHat - allows the number)
* Topic switch: but just because it works for you doesn't mean it's the same as others (but again, RedHat per above and also Ubuntu and derivatives, some of the most common desktop and enterprise Linux distributions)
* Topic switch: well your version might not be the same as other versions (except, again, the behavior per the common distributions regardless of version has been accepting of numerics)
* Topic switch: Well, those distributions don't come with services that run with users starting with numbers (regardless the usernames are still completely valid on those systems, and thus the application is disregarding valid OS users)
* Topic switch: Well, nobody really needs this (aka I don't know anybody who gives a f***, so why should I) so it's not really an issue
* Topic switch: Yeah, maybe it's a bug, but the old root-privilege issue was a different bug, this is a new one and not severe
Looking forward to 6 months from now where some similar issue comes up with a crafted username being used as a hidden attack vector but "hey, it wasn't our fault for trying to rewrite the entire stack - ignoring existing standards - and introducing ugly bugs in the process".
Care to switch it up again?
Actually, I'm happy with "yes it's (finally admitted to be) a bug" and agreeing that in the current state it's not of high severity. However low severity is not no severity, and we've happily obscured the underlying issue of the devs continually creating dangerously broken shit by redoing everything under the sun, being caustic towards legitimate user feedback, and generally turning deaf ear at the "good enough, IDGAF" point....