A methodology that relies on GH and SO posts is likely to be strongly biased toward new web-based and open source development.
Indeed. Back when langpop.com was still around, they collected data from as many different places as possible. Google search, the equivalent of Github at the time, book sales, job search sites, etc. The different sources had drastically different results, enough to say that selecting from any one of them (especially Github) is not representative.
Check your bill every month, if you see anything weird, let your credit card company know that it wasn't you. Numbers can be stolen by waiters, or over the internet......in numerous ways. So it's not really worth worrying about.
lol.
A Tibetan monk once recommended: "when the leeches attach to your body, do not pull them off, let them fill with blood and fall off on their own. Doing so will purify your soul and help you endure pain."
That wired story reads like fiction, and doesn't really explain anything.
I posted it because it shows how the company, VMWare, responds to vulnerabilities. Wired has a crappy tone and I hate it (which is what you were complaining about when you said it "reads like fiction"), but on the other hand, they do a relatively good job with fact checking. Which isn't the same as doing a good job fact-checking, I guess.
The first link is interesting - it's not a "bug" in VMware code
Microsoft sees themselves as less and less of an OS company, and more of a business services company, especially with the cloud. Windows is only a small portion of Microsoft revenue now, so they don't feel such a need to support it. It's possible that within the next decade, they may become to view it as a cost center, rather than a profit center.
COM - a great architecture that was buried under one of the most miserable APIs in existence. It was so bad, Microsoft created a macro library to make things easier, but even that didn't help much. It took me years of using COM before I realized there was anything good in it at all.
Then, someone (I'm looking at you, Allen Bradley) decided it'd be a great idea to make the PLCs require a live fucking internet connection to activate with some remote server.
They should be publicly shamed and plastered against the wall.
We can do much, much, much better than we are doing now.
There is no reason that our lower-level systems (at least) can't be secure. You write them once (in the djb style), then don't change them, because they don't need to change.
The problem now is that there is very little motivation for programmers to even care about security. You can't see it, and no manager ever asks at a sprint, "is the code you wrote secure?"
What I find funny is everyone is calling Trump a traitor,
Not everyone, half of them, and the other half is calling Hillary a traitor (and both halves are idiotic nincompoops, who haven't the foggiest idea what treason actually is)
They are nothing more or less than an examination of the correlation between two populations we believe to be predictive of future use
That sounds like an attempt to say "these are representative of general usage more broadly" without actually saying that.
A methodology that relies on GH and SO posts is likely to be strongly biased toward new web-based and open source development.
Indeed. Back when langpop.com was still around, they collected data from as many different places as possible. Google search, the equivalent of Github at the time, book sales, job search sites, etc. The different sources had drastically different results, enough to say that selecting from any one of them (especially Github) is not representative.
Check your bill every month, if you see anything weird, let your credit card company know that it wasn't you. Numbers can be stolen by waiters, or over the internet......in numerous ways. So it's not really worth worrying about.
Of course you're right, but I can't figure out how what you said relates to the current context.
lol.
A Tibetan monk once recommended: "when the leeches attach to your body, do not pull them off, let them fill with blood and fall off on their own. Doing so will purify your soul and help you endure pain."
That wired story reads like fiction, and doesn't really explain anything.
I posted it because it shows how the company, VMWare, responds to vulnerabilities. Wired has a crappy tone and I hate it (which is what you were complaining about when you said it "reads like fiction"), but on the other hand, they do a relatively good job with fact checking. Which isn't the same as doing a good job fact-checking, I guess.
The first link is interesting - it's not a "bug" in VMware code
Was the fix in VMWare code or in Microsoft code?
Microsoft sees themselves as less and less of an OS company, and more of a business services company, especially with the cloud. Windows is only a small portion of Microsoft revenue now, so they don't feel such a need to support it. It's possible that within the next decade, they may become to view it as a cost center, rather than a profit center.
Does anyone use lsd anymore?
I think some people have tried to prove that it's not possible to prove the correctness of a non-trivial OS.
It's been done. You can get a fully verified OS. Incidentally, they didn't trust the compiler, so they also formally verified the assembly output.
COM - a great architecture that was buried under one of the most miserable APIs in existence. It was so bad, Microsoft created a macro library to make things easier, but even that didn't help much. It took me years of using COM before I realized there was anything good in it at all.
Then, someone (I'm looking at you, Allen Bradley) decided it'd be a great idea to make the PLCs require a live fucking internet connection to activate with some remote server.
They should be publicly shamed and plastered against the wall.
Best part of Mudge's wikipedia page is where it describes L0pht as a "hacker think tank." rotfl way to sell yourself.
That's a very sophisticated argument. I'm impressed.
Russian security teams also use typewriters to avoid this very problem
NSA hacked a lot of countries before this hack. Even allies.
How do you even know this? Are you guessing?
Base your code on libraries that have been proven correct.
Even I can assure you there is always a way in.
Unplug the computer.
Sorry, it's "cat and mouse" all the way down. The treadmill is infinite.
No it's not, you can prove that your code is correct.
Android Stagefright Bug Required 115 Patches....
.....so far. Where there 115 patches, there is one more un-patched bug.
If it's not a zero-day it's not a problem.
You don't know about zero-days. They haven't hit the news yet: but they're being used by hackers.
Real computer security is impossible.
We can do much, much, much better than we are doing now.
There is no reason that our lower-level systems (at least) can't be secure. You write them once (in the djb style), then don't change them, because they don't need to change.
The problem now is that there is very little motivation for programmers to even care about security. You can't see it, and no manager ever asks at a sprint, "is the code you wrote secure?"
Show me this type of vulnerability in VMware, any version
Here's one example.
Here's a story showing that VMWare tries to hide their vulnerabilities.
Has Xen been written by competent developers?
Strictly speaking the answer is no, but they are definitely as good as the VMWare guys, who've had plenty of vulns.
If they aren't making backups, then they are lucky, because a hard drive failure often won't allow you to recover your data.
What I find funny is everyone is calling Trump a traitor,
Not everyone, half of them, and the other half is calling Hillary a traitor (and both halves are idiotic nincompoops, who haven't the foggiest idea what treason actually is)