I don't know about the other platforms, but when I look at the list of things on the security advisories issued for macOS they are pretty much entirely C/C++ code. None of this is latest fad language or framework, it's simply a function of complexity. I remember some old research from IBM that claimed that programmers produced five lines of bug-free code per day, independent of language. The difference now is that there are so many complex interconnected parts in a modern system that the probability of a bug being an exploitable security vulnerability is much, much higher.
WhatsApp was free for the first year to build network effects and then $1/year (which was more than enough for cover operating costs). Users signed up to this and moved a lot of their communication to the platform. Facebook then moved to make it 'free' on the assumption that they could violate the terms that they agreed to with the EU antitrust regulator which prohibited using it for data mining. As I understand it, users are no longer offered the option of paying for the service.
When WhatsApp launched, it made a big deal about privacy. They provided end-to-end encryption and a promise not to share your data with any other company, including a parent company if they were bought. The terms imposed by the EU regulator before permitting Facebook's acquisition of WhatsApp required that they honour this and not share data. People might be naive for expecting Facebook to obey this, but many of them previously voted with their wallets to avoid Facebook (WhatsApp was a paid service, free for the first year and then $1/year, not one supported by adverts).
The first is that, when WhatsApp launched, it made a big deal about privacy. It was founded by someone who grew up in the USSR and knew precisely how important it was to have a secure way of communicating that wasn't subject to interception. They provided end-to-end encryption and a privacy policy that explicitly prohibited sharing data with other companies or using it for advertising. They had a pretty reasonable business model: the service was free for the first year and then $1/year after that (the hosting costs were nowhere near that - they were using Erlang on FreeBSD on the server side and last I heard [a couple of years before Facebook bought them] could handle around a hundred thousand users per machine). At the very least, this should prevent them from sharing any data from users that signed up on the old T&Cs with Facebook and should require that Facebook provide them with a grace period to migrate to another service before changing the T&Cs.
That might be shaky, but the second point is a lot stronger: the EU antitrust regulator made not sharing data with Facebook an explicit requirement when allowing the purchase to go ahead. Facebook agreed to this before they bought WhatsApp and are now saying 'oh, actually, that's really hard so we don't want to do it'.
When I was a student, the engineering department gave us the VAX that they'd just decommissioned. The machine itself was the size of a small fridge, but the impressive thing was that the stack of manuals was even bigger.
The first time I went to Japan was about 15 years ago. I spent a few days in a fairly small town in the middle of nowhere. A short walk from where I was staying there was a drive-through shrine, where you could get your car blessed. This was, apparently, not unusual. I don't know what other drive-through services are offered by temples there, but this seems like a logical extension.
You might want to take a look at the list of companies that have been the subject of antitrust and data protection fines in the EU. Spoiler: Most of them are neither tech companies, nor based in the US. The US tech companies are the ones that make the news because the fines are typically in proportion to the company size and most people will both have heard of these companies and be impressed by the big number of the fine.
Exactly. This shouldn't be news. If the fine weren't intended to act as a deterrent then that would raise the question of precisely what it is intended for. Deterring companies from breaking the law is the reason that we have punishments for companies breaking the law.
Run a cell. Mobile phones don't do end-to-end encryption for calls, they are encrypted to the cell site, but are then not encrypted past that. This is how Stingray works: you run a small cell, phones connect to it, and you record the calls that they make. Do the same in prisons. You'll then be able to get complete records of all calls made by inmates.
For added fun, you can MITM all TLS connections over the data network and block anything that you can't MITM.
The Microsoft Visual C++ 5 documentation told me to not use DDE in new projects and to prefer OLE. I don't have a more recent reference, because I haven't run Windows for about 20 years.
The other down side is that it is often difficult to get a mortgage. You can't do this on a simple residential mortgage because you need permission to rent from your mortgage provider (if you don't have it and they decide that they don't like you then they can foreclose at any point). To make matters worse, mortgage providers that offer buy-to-let mortgages often have extra conditions if you're buying a property that can be combined with your own, because the conditions are different (they factor rental income into the affordability criteria for a buy-to-let property). If it's the house next door then you can easily combine the two into a single unit and people have got a pair of a residential mortgage and a buy-to-let mortgage and then converted the house into a single dwelling when they wouldn't have qualified for the residential mortgage. When interest rates went up, the bank foreclosed. Now, banks are much stricter to avoid being put in this position.
Buying a house is a pretty good (usually low risk) investment, but it has one significant down side: It ties your investment to your lifestyle. Pretty much any other form of sensible investment is decoupled from anything that you do on a daily basis and so doesn't affect your mobility.
One of the big problems with globalisation is that it is far easier to move capital than labour and so it disproportionately benefits the individuals whose net work is primarily capital and not their own labour. If we had a functioning labour market, then those people complaining about long commutes and poor salaries for unskilled jobs in Silicon Valley wouldn't complain: they'd move to places with lower cost of living for similar jobs and companies like Google would find that they needed to pay $50/hour to have someone clean their floors and empty their bins. And then they'd move somewhere cheaper and bring their workforce along with them.
The Texas house has 95 republicans and 55 dems while the senate has 20 republicans and 11 dems.
That can be explained by either a huge majority of Republicans or, as the grandparent asserts, by gerrymandering. In the 2016 Presidential elections, Clinton got 43.2%, Trump 52.2% of the vote. That doesn't sound like a huge majority for the red team, but maybe Trump was just unpopular so let's see how that differed in previous elections. 2012, Red: 57.17%, Blue 41.38%. 2008, Red 55.39%, Blue 43.63%. Sounds like it's been around 43%ish for a while.
To put that in perspective, California voted 61.73% Blue, 31.62% Red, so is a lot more Blue than Texas is Red. In fact, of the 34 states or districts that voted Red in 2016, only 9 voted Red by a lower margin than Texas. The six reddest states (Idaho, North Dakota, Oklahoma, West Virginia, and Wyoming) all voted red by a margin of 30% or more (46.30% in Wyoming). Of the red states, Texas is one of the least red.
That said, a Texas Democrat typically has more in common with a Texas Republican than a California Democrat.
You realise DDE originated in 1987 and predates VBA by six years? What software did you write in 1987 that considered a world in which most computers were networked and exchanged untrusted documents?
DDE was introduced in Windows 2.0 (in 1987), which also introduced such exciting features as overlapping windows. Computers that ran Windows 2.0 mostly didn't exchange files, but if they did it was most commonly on a 5.25" floppy disk or very occasionally via a serial link. The threat model for these machines largely related to someone breaking into your office and stealing them. Attacking this on most Windows 2.0 machines would have usually involved persuading a random person to accept a floppy disk and then run a program that you gave them (at which point, given the lack of memory protection, you already have complete control over their system and so there's no need for you to use a vulnerability in DDE).
Microsoft has kept this archaic technology for compatibility, because people much like you swear at them whenever the break old and insecure APIs and say that they're just doing it to inconvenience their competitors.
DDE was deprecated with win32. It was an old Win16 interface that was superseded by OLE (which has gone through a few iterations itself). The only reason to use DDE is for compatibility with legacy 16-bit applications, most of which won't even run on 64-bit Windows.
The man command is short for manual. Back in the day, when you bought something it came with a book that explained it, known as a manual. Many young people these days don't remember this era and so the notion of a manual doesn't help them remember the command. Instead, I tell them that 'man' is short for 'mansplain'.
Some things about x86 are fun. If you read Intel's assembly reference, the first instruction is AAA, which shows that the designers had a sense of humour, in two ways.
The first is that the mnemonic of the instruction is the noise of the only sane reaction to x86.
The second can only be understood by reading what the instruction actually does.
The ones, obviously. Zeroes either pass through your body or are blocked by the cell membranes and bounce harmlessly off. Ones are pointy and so can penetrate not just the cell membrane, but also the nucleus and cause cancer.
Unfortunately, pretty much everything in California is labelled with 'may cause cancer'. I thought this was a joke until I visited for the first time. When one thing has a 2% chance of causing cancer and one thing has a 0.0001% risk, but both have the same label, how does that help anyone?
Part of the problem is that it makes it less likely that people will complain about media that they can't play, which reduces the likelihood of media companies backing down on limiting what people can do with their legally purchased media. For example, under fair use rights, you are allowed to take screen captures of a film and include them in an article about the film, or use small extracts from it for a variety of purposes. With HDCP working, these are not possible.
That said, you can bet that, once this is in the kernel, there will be a virtual HDCP driver that performs the decryption in software and just requires you to provide the keys, and it won't be long before you start seeing decryption keys leaked...
I don't remember those, but I do remember that AIM and ICQ at the time exposed IP addresses and most MODEMs back then were vulnerable to the ping of death (a ping packet can contain any payload and most MODEMs used in-band signalling, so if you embedded the AT command sequence for hangup in the ping then when the target echoed it back their MODEM would hang up).
The closest thing I've seen recently is Tox: decentralised, end-to-end encryption, supported clients for Windows, Mac, Linux, FreeBSD, Android and iOS. The one key feature that it's currently missing is multiple-device support, though that's allegedly coming soon.
Slashdot Mirror
I don't know about the other platforms, but when I look at the list of things on the security advisories issued for macOS they are pretty much entirely C/C++ code. None of this is latest fad language or framework, it's simply a function of complexity. I remember some old research from IBM that claimed that programmers produced five lines of bug-free code per day, independent of language. The difference now is that there are so many complex interconnected parts in a modern system that the probability of a bug being an exploitable security vulnerability is much, much higher.
If it's free, you're the product
WhatsApp was free for the first year to build network effects and then $1/year (which was more than enough for cover operating costs). Users signed up to this and moved a lot of their communication to the platform. Facebook then moved to make it 'free' on the assumption that they could violate the terms that they agreed to with the EU antitrust regulator which prohibited using it for data mining. As I understand it, users are no longer offered the option of paying for the service.
When WhatsApp launched, it made a big deal about privacy. They provided end-to-end encryption and a promise not to share your data with any other company, including a parent company if they were bought. The terms imposed by the EU regulator before permitting Facebook's acquisition of WhatsApp required that they honour this and not share data. People might be naive for expecting Facebook to obey this, but many of them previously voted with their wallets to avoid Facebook (WhatsApp was a paid service, free for the first year and then $1/year, not one supported by adverts).
The first is that, when WhatsApp launched, it made a big deal about privacy. It was founded by someone who grew up in the USSR and knew precisely how important it was to have a secure way of communicating that wasn't subject to interception. They provided end-to-end encryption and a privacy policy that explicitly prohibited sharing data with other companies or using it for advertising. They had a pretty reasonable business model: the service was free for the first year and then $1/year after that (the hosting costs were nowhere near that - they were using Erlang on FreeBSD on the server side and last I heard [a couple of years before Facebook bought them] could handle around a hundred thousand users per machine). At the very least, this should prevent them from sharing any data from users that signed up on the old T&Cs with Facebook and should require that Facebook provide them with a grace period to migrate to another service before changing the T&Cs.
That might be shaky, but the second point is a lot stronger: the EU antitrust regulator made not sharing data with Facebook an explicit requirement when allowing the purchase to go ahead. Facebook agreed to this before they bought WhatsApp and are now saying 'oh, actually, that's really hard so we don't want to do it'.
When I was a student, the engineering department gave us the VAX that they'd just decommissioned. The machine itself was the size of a small fridge, but the impressive thing was that the stack of manuals was even bigger.
The first time I went to Japan was about 15 years ago. I spent a few days in a fairly small town in the middle of nowhere. A short walk from where I was staying there was a drive-through shrine, where you could get your car blessed. This was, apparently, not unusual. I don't know what other drive-through services are offered by temples there, but this seems like a logical extension.
You might want to take a look at the list of companies that have been the subject of antitrust and data protection fines in the EU. Spoiler: Most of them are neither tech companies, nor based in the US. The US tech companies are the ones that make the news because the fines are typically in proportion to the company size and most people will both have heard of these companies and be impressed by the big number of the fine.
Exactly. This shouldn't be news. If the fine weren't intended to act as a deterrent then that would raise the question of precisely what it is intended for. Deterring companies from breaking the law is the reason that we have punishments for companies breaking the law.
Run a cell. Mobile phones don't do end-to-end encryption for calls, they are encrypted to the cell site, but are then not encrypted past that. This is how Stingray works: you run a small cell, phones connect to it, and you record the calls that they make. Do the same in prisons. You'll then be able to get complete records of all calls made by inmates.
For added fun, you can MITM all TLS connections over the data network and block anything that you can't MITM.
The Microsoft Visual C++ 5 documentation told me to not use DDE in new projects and to prefer OLE. I don't have a more recent reference, because I haven't run Windows for about 20 years.
The other down side is that it is often difficult to get a mortgage. You can't do this on a simple residential mortgage because you need permission to rent from your mortgage provider (if you don't have it and they decide that they don't like you then they can foreclose at any point). To make matters worse, mortgage providers that offer buy-to-let mortgages often have extra conditions if you're buying a property that can be combined with your own, because the conditions are different (they factor rental income into the affordability criteria for a buy-to-let property). If it's the house next door then you can easily combine the two into a single unit and people have got a pair of a residential mortgage and a buy-to-let mortgage and then converted the house into a single dwelling when they wouldn't have qualified for the residential mortgage. When interest rates went up, the bank foreclosed. Now, banks are much stricter to avoid being put in this position.
Buying a house is a pretty good (usually low risk) investment, but it has one significant down side: It ties your investment to your lifestyle. Pretty much any other form of sensible investment is decoupled from anything that you do on a daily basis and so doesn't affect your mobility.
One of the big problems with globalisation is that it is far easier to move capital than labour and so it disproportionately benefits the individuals whose net work is primarily capital and not their own labour. If we had a functioning labour market, then those people complaining about long commutes and poor salaries for unskilled jobs in Silicon Valley wouldn't complain: they'd move to places with lower cost of living for similar jobs and companies like Google would find that they needed to pay $50/hour to have someone clean their floors and empty their bins. And then they'd move somewhere cheaper and bring their workforce along with them.
The Texas house has 95 republicans and 55 dems while the senate has 20 republicans and 11 dems.
That can be explained by either a huge majority of Republicans or, as the grandparent asserts, by gerrymandering. In the 2016 Presidential elections, Clinton got 43.2%, Trump 52.2% of the vote. That doesn't sound like a huge majority for the red team, but maybe Trump was just unpopular so let's see how that differed in previous elections. 2012, Red: 57.17%, Blue 41.38%. 2008, Red 55.39%, Blue 43.63%. Sounds like it's been around 43%ish for a while.
To put that in perspective, California voted 61.73% Blue, 31.62% Red, so is a lot more Blue than Texas is Red. In fact, of the 34 states or districts that voted Red in 2016, only 9 voted Red by a lower margin than Texas. The six reddest states (Idaho, North Dakota, Oklahoma, West Virginia, and Wyoming) all voted red by a margin of 30% or more (46.30% in Wyoming). Of the red states, Texas is one of the least red.
That said, a Texas Democrat typically has more in common with a Texas Republican than a California Democrat.
You realise DDE originated in 1987 and predates VBA by six years? What software did you write in 1987 that considered a world in which most computers were networked and exchanged untrusted documents?
DDE was introduced in Windows 2.0 (in 1987), which also introduced such exciting features as overlapping windows. Computers that ran Windows 2.0 mostly didn't exchange files, but if they did it was most commonly on a 5.25" floppy disk or very occasionally via a serial link. The threat model for these machines largely related to someone breaking into your office and stealing them. Attacking this on most Windows 2.0 machines would have usually involved persuading a random person to accept a floppy disk and then run a program that you gave them (at which point, given the lack of memory protection, you already have complete control over their system and so there's no need for you to use a vulnerability in DDE).
Microsoft has kept this archaic technology for compatibility, because people much like you swear at them whenever the break old and insecure APIs and say that they're just doing it to inconvenience their competitors.
DDE was deprecated with win32. It was an old Win16 interface that was superseded by OLE (which has gone through a few iterations itself). The only reason to use DDE is for compatibility with legacy 16-bit applications, most of which won't even run on 64-bit Windows.
I'm obviously too old, because I remember the punchline as 'ADD 1 TO COBOL RETURNING COBOL' (C++ adds one to C and returns C).
The man command is short for manual. Back in the day, when you bought something it came with a book that explained it, known as a manual. Many young people these days don't remember this era and so the notion of a manual doesn't help them remember the command. Instead, I tell them that 'man' is short for 'mansplain'.
Wow. Spot the person so young that he doesn't realise that his joke is about a CPU three generations earlier than the one that he remembers.
The first is that the mnemonic of the instruction is the noise of the only sane reaction to x86.
The second can only be understood by reading what the instruction actually does.
The ones, obviously. Zeroes either pass through your body or are blocked by the cell membranes and bounce harmlessly off. Ones are pointy and so can penetrate not just the cell membrane, but also the nucleus and cause cancer.
Unfortunately, pretty much everything in California is labelled with 'may cause cancer'. I thought this was a joke until I visited for the first time. When one thing has a 2% chance of causing cancer and one thing has a 0.0001% risk, but both have the same label, how does that help anyone?
Part of the problem is that it makes it less likely that people will complain about media that they can't play, which reduces the likelihood of media companies backing down on limiting what people can do with their legally purchased media. For example, under fair use rights, you are allowed to take screen captures of a film and include them in an article about the film, or use small extracts from it for a variety of purposes. With HDCP working, these are not possible.
That said, you can bet that, once this is in the kernel, there will be a virtual HDCP driver that performs the decryption in software and just requires you to provide the keys, and it won't be long before you start seeing decryption keys leaked...
I don't remember those, but I do remember that AIM and ICQ at the time exposed IP addresses and most MODEMs back then were vulnerable to the ping of death (a ping packet can contain any payload and most MODEMs used in-band signalling, so if you embedded the AT command sequence for hangup in the ping then when the target echoed it back their MODEM would hang up).
The closest thing I've seen recently is Tox: decentralised, end-to-end encryption, supported clients for Windows, Mac, Linux, FreeBSD, Android and iOS. The one key feature that it's currently missing is multiple-device support, though that's allegedly coming soon.