According to the link (which is another Slashdot summary so ymmv), the original case wasn't a patent lawsuit, it was a copyright lawsuit, and a non-disclosure agreement violation. So it will be a looooong time before that runs out.
Also, if the US goal was to be "do a limited strike, but make it clear that if the DPRK attacks the ROK that the consequences for it will become much worse"
That's about the worst idea possible. If you're going to attack North Korea, you need to disable their military capability otherwise millions of innocent people will die.
You're trying to justify your preconceived notions rather than looking for the truth.
Look: you're the ignorant one here. You don't know where all the new jobs in the last 30 years came from. I'm giving you clues so you can figure it out. Seems your natural thought patterns prefer ignorance. That's your problem, not mine.
Nah, I avoided philosophical problem of blame allocation by spouting a truism:) if Microsoft hadn't made the flaw, the attack wouldn't have happened. Who knows who is 'primarily' to blame.
In reality, this is a bug that should have been avoided by Microsoft, because the compiler gives a warning when you make this mistake. It literally tells you that you did something stupid.
This is old code, and Microsoft's code from that era is rather horrifying. They have cleaned up their coding style a lot, and I believe they would not have made this bug in their modern code. This just hilights that they aren't spending enough effort to clean up (or remove) their ancient, buggy code.
From a procedural standpoint, they have 3000 security people working at the company: they should put some of them on task cleaning up these warnings (or at least looking at them).
The great problem with this argument is that nobody ever explains what those jobs are.
My god, you did it again. You literally made an argument from ignorance. Seriously, go look where all the new jobs came from for the last 30 years. You're embarrassing yourself.
A lot of security researchers recommended having your own small, private network that wasn't connected to the internet. I think a lot of them are switching to VMs, though. You can check here for work someone is doing to reproduce the current vulnerability in Metasploit.
Waiting to see your perfect code from a multi-million line code base you wrote.
I haven't made this particular mistake in nearly 20 years. Furthermore, if someone does make this mistake, they are either incompetent or a moron, and shouldn't be writing security sensitive code. Why? Because the compiler will literally give you a warning when you make this mistake. This is the kind of bug where you can be perfect. It's easier to have a memory leak in Java than to make this mistake.
Microsoft is at fault here. If they'd put one of their 3000 security engineers to work fixing (or at least looking at) warnings, then they could have caught this. But they didn't. It's yet another symbol of their incompetence.
We're automating driving vehicles as we talk, and swinging hammers has been automated ages ago
Nah, this is another expression of your ignorance. Carpenters still use hammers, it's one of the most important tools they have. I'm talking framers here, not cabinet makers.
Apparently in this case, it would have been worth it. What's the point of hiring 3000 security engineers if you don't do the known things that will give you good security?
Yeah, the EULA protects them against many kinds of lawsuits, but there are things the government can decide to do, capriciously. Like an anti-trust lawsuit, or make other new laws, for example.
And wasn't it their OpenSSH project that was full of interesting holes pretty recently?
No, that was OpenSSL.
As much as their proactive approach to security helps with an out-of-the-box, you're still screwed if you rely on things like Apache httpd, MySQL, Samba, Xorg, etc.
Again, if they had the resources of Microsoft, the openBSD team would be perfect.
Yeah, that old code from Microsoft in the 90s was rather terrifying (it's the reason cmd.exe is so outdated, people don't dare to work on it). Not surprising someone would turn off the warnings, they might be all over the place.
Could/you/ write a hundred million lines of code and not have a critical vulnerability?
Without a buffer overflow? Yes. Without an SQL injection? Yes.
Absolute security is hard, but there are some security mistakes that should never happen.
According to the link (which is another Slashdot summary so ymmv), the original case wasn't a patent lawsuit, it was a copyright lawsuit, and a non-disclosure agreement violation. So it will be a looooong time before that runs out.
Also, if the US goal was to be "do a limited strike, but make it clear that if the DPRK attacks the ROK that the consequences for it will become much worse"
That's about the worst idea possible. If you're going to attack North Korea, you need to disable their military capability otherwise millions of innocent people will die.
I've watched bricklayers work recently, but that's about it.
Yeah, but they're actually good. Unlike Microsoft. Demonstrably.
"Mr Anderson.........."
You're trying to justify your preconceived notions rather than looking for the truth.
Look: you're the ignorant one here. You don't know where all the new jobs in the last 30 years came from. I'm giving you clues so you can figure it out. Seems your natural thought patterns prefer ignorance. That's your problem, not mine.
Yeah, I like that way of looking at it better, no reason to worry about 'primary' blame. Blaming is kind of counter-productive, though fun.
Nah, I avoided philosophical problem of blame allocation by spouting a truism :) if Microsoft hadn't made the flaw, the attack wouldn't have happened. Who knows who is 'primarily' to blame.
In reality, this is a bug that should have been avoided by Microsoft, because the compiler gives a warning when you make this mistake. It literally tells you that you did something stupid.
This is old code, and Microsoft's code from that era is rather horrifying. They have cleaned up their coding style a lot, and I believe they would not have made this bug in their modern code. This just hilights that they aren't spending enough effort to clean up (or remove) their ancient, buggy code.
From a procedural standpoint, they have 3000 security people working at the company: they should put some of them on task cleaning up these warnings (or at least looking at them).
The great problem with this argument is that nobody ever explains what those jobs are.
My god, you did it again. You literally made an argument from ignorance. Seriously, go look where all the new jobs came from for the last 30 years. You're embarrassing yourself.
A lot of security researchers recommended having your own small, private network that wasn't connected to the internet. I think a lot of them are switching to VMs, though. You can check here for work someone is doing to reproduce the current vulnerability in Metasploit.
Waiting to see your perfect code from a multi-million line code base you wrote.
I haven't made this particular mistake in nearly 20 years. Furthermore, if someone does make this mistake, they are either incompetent or a moron, and shouldn't be writing security sensitive code. Why? Because the compiler will literally give you a warning when you make this mistake. This is the kind of bug where you can be perfect. It's easier to have a memory leak in Java than to make this mistake.
Microsoft is at fault here. If they'd put one of their 3000 security engineers to work fixing (or at least looking at) warnings, then they could have caught this. But they didn't. It's yet another symbol of their incompetence.
We're automating driving vehicles as we talk, and swinging hammers has been automated ages ago
Nah, this is another expression of your ignorance. Carpenters still use hammers, it's one of the most important tools they have. I'm talking framers here, not cabinet makers.
Apparently in this case, it would have been worth it. What's the point of hiring 3000 security engineers if you don't do the known things that will give you good security?
Yeah, the EULA protects them against many kinds of lawsuits, but there are things the government can decide to do, capriciously. Like an anti-trust lawsuit, or make other new laws, for example.
And wasn't it their OpenSSH project that was full of interesting holes pretty recently?
No, that was OpenSSL.
As much as their proactive approach to security helps with an out-of-the-box, you're still screwed if you rely on things like Apache httpd, MySQL, Samba, Xorg, etc.
Again, if they had the resources of Microsoft, the openBSD team would be perfect.
And your bug-free 100% secure multi-user OS w/ flawless network stack is where, exactly?
Here you go. They have exploits occasionally, but they're rare. Not bad for a scrappy team of programmers, showing the world what is possible.
If they had Microsoft's resources, they would be perfect.
Do you want me to school you boy? I'm not your teacher, go get yourself a teacher. You're ignorant.
Is that code available anywhere?
Yeah, that old code from Microsoft in the 90s was rather terrifying (it's the reason cmd.exe is so outdated, people don't dare to work on it). Not surprising someone would turn off the warnings, they might be all over the place.
Yeah, ones that involve the phrase "Want fries with that?"
Those jobs are being automated, 'n case yu didn't notice.
Yeah, it's the Star Trek dream of technology.
Shit, I better trim my beard now that I made that simple mistake!
Independent security audits......they are expensive & time consuming.
Most importantly, they don't make you secure. They're consultants who find a few bugs, then send you a big bill.
Could /you/ write a hundred million lines of code and not have a critical vulnerability?
Without a buffer overflow? Yes. Without an SQL injection? Yes.
Absolute security is hard, but there are some security mistakes that should never happen.
Can you give a summary of the main points? I have reddit set in my hosts file to 0.0.0.0