Since I pay my bills, that would be true, although I did have someone that apparently gave the wrong number out. I finally got through to a person that hung up on me, so I blocked them and reported their activity. Haven't heard a thing related to that since, and it's been a year, so apparently the scum can be controlled.
Apparently via some other method. For Linux, the Chikdos attack is via an ssh login bruteforce attack.... gee, if I can login via ssh and have root, I've already pwned the server, MySQL would be my toy, as would everything else on the machine.
It should have been shot down. However, my point was that it's already dead. No one would create a product with this standard, as it is meaningless. Imagine the negative PR about your product if you implemented this standard for anything other than a government product, and even then.
I agree, although I'll note that there are bad dealerships out there also. I tend to mostly do my own work for anything serious since the labor costs at my independents and dealerships are absolutely ridiculous.
Now we know that anything with PLAID insecurity (ISO/IEC 25185-1) should be automatically removed from consideration. I suspect as many new products will come out with this as there will be with MD5 and SHA-1 over the next few years. It's a dead standard before it was even published.
* For that matter, has moving the ephedrine (pseudo, or otherwise) behind the counter really put a significant dent on the availability of amphetamine? Based on what I follow of the topic on the news, it seems like it's just as prevalent as it ever was.
I don't think so, based on likely the same news sources you have seen. They're just making it out of nastier chemicals now with even worse side effects, like If your teeth falling out and skin sloughing off like a walking dead character aren't bad enough already.
Ah, but there's a fly in your ointment - FOSS doesn't sell you the software, so there's no implied contract and no basis to sue FOSS projects as compared to MS. This could actually help FOSS, because companies that use FOSS in their software would be covered by the law and thus would be encouraged to contribute back, in a world closer to perfect than the current one anyways.
The router botnets are primarily due to morons configuring the devices to have default public admin ports open. Who does that on an internet facing device? Why, apparently Asus, Linksys, D-Lionk, Micronet, Tenda, and TP-Link. Note that they tracked only 40,269 IP addresses belonging to 1,600 ISPs over 4 months. As compared to 100,000+ in windows botnets. (While Simda.AT is not a botnet per se, it can become one easily due to what it does, it was just the first windows action that showed up with a number of infected machines. Oh, and it has 128,000 new infections per month.)
Lastly, let's look at a list of known botnets. All the largest are windows based.
Wordpress is another extremely popular target, and guess what? You can run Wordpress under a whole bunch of different OSes.... on general-purpose computers it doesn't matter what the OS is if the vulnerabilities lie in the software that was installed on top of the OS.
IMNSHO, Wordpress is a pile of crap. However, Wordpress's primary reason for compromise is to infect large numbers of other computers, most of which are... MS machines.
On appliances, sure, but you can't blame MS for the shit the appliance-manufacturers pull.
If it is built on an MS OS and the OS is the problem, sure I can.
I'd have to agree with the AC here - MS should be held accountable for this issue, otherwise you are really arguing people should be held liable for running MS OSes. After all, MS is the (major) problem. Of course, if it wasn't MS, it'd be something else, but MS has the biggest footprint and also happens to be easiest target to compromise - perfect for botnets.
I don't have it handy, but there was a published report when Netflix was being asked to pay that stated that 80% of cross ISP traffic was Netflix streaming related. Also, an HD movie will generally have far more bandwidth requirements than a video call. If online gaming has that much bandwidth requirements, then perhaps that online game requires some re-architecting, because the only thing that should really matter is latency. The actual amount of data sent should be relatively small, or you have a horde of on line gamers on a dangerously oversubscribed network.
Because some applications are more sensitive to latency than others. Something happening in real time, such as gaming, a VOIP call, or streaming a video, will be more disrupted by frequent minor delays than a bulk data transfer like backing up 100G of data from office servers to an off-site location overnight.
Out of those, only 1 is a major user bandwidth in a common network and, amazingly, there's a solution for it. A true peering system and allowing caching for streaming will remove streaming's issues, allowing end users to essentially only tie up the last few hundred feet if done properly. How many people are watching House of Cards when it comes out? What if every one of them didn't have to stream from a central group of servers, but instead had effective peering? Of course, the DRM people would be running around with their hair on fire, not realizing that most video is watched only one time....
thought it wouldn't take long for the "Its not Java, its the browser plugin, Java is perfect and can do no wrong". posts to appear.
Take a look at the list of affected products - scroll down a fair bit to the Java specific vulnerability list, particularly those marked with note 2:
So, just to count - there's 5 entries with note 2, and CVE-2015-4902 is not one of those. So the major pwnage in question in TFS is browser/JWS based. Of those 5 that are server based, 3 are in JAXP, 1 in security, and 1 in Java8 only. So if you don't use JAXP and are stuck below Java8, guess how vulnerable your server is? Now granted, a security bug sounds pretty major, but without further details and a rating of 5, how can you evaluate whether you're even affected by this one? And my last comment is that most servers only run with vetted URLs, so the possibility that a server will be affected by a URL exploit is pretty darn low.
If you read the article, you'll see that the bug described is actually in the Java code. But carry on.
Actually, if you read the article, you would have read that the bug is actually in the Java browser plugin.
The Java vulnerability can be used to bypass the user confirmation requirement before a Web-based Java application is executed by the Java browser plug-in.
No plug-in, no exploit. In fact, 99% of the CVEs are related to the browser plugins. But don't let that stop you.
If publicly funded research being public domain is true, which I believe it is, then providing such articles on a website is legal, regardless of the journal's wishes or contract clauses.
Perhaps equating Wood with Edison is quite appropriate. After all, Edison employed 100s of workers that did the leg work for the bulk of the patents he claimed. After all "Genius is one per cent inspiration and ninety-nine per cent perspiration. Accordingly, a 'genius' is often merely a talented person who has done all of his or her homework." and Edison outsourced his perspiration. TL;DR, but Wood appears to be in a similar position.
Slashdot Mirror
Since I pay my bills, that would be true, although I did have someone that apparently gave the wrong number out. I finally got through to a person that hung up on me, so I blocked them and reported their activity. Haven't heard a thing related to that since, and it's been a year, so apparently the scum can be controlled.
Anyone with a submarine?
Apparently via some other method. For Linux, the Chikdos attack is via an ssh login bruteforce attack.... gee, if I can login via ssh and have root, I've already pwned the server, MySQL would be my toy, as would everything else on the machine.
It should have been shot down. However, my point was that it's already dead. No one would create a product with this standard, as it is meaningless. Imagine the negative PR about your product if you implemented this standard for anything other than a government product, and even then.
Nope, I blacklist them after the first call - automatic VM with no ring. Problem solved.
That's not how collect calls work, no wonder you're AC.
I agree, although I'll note that there are bad dealerships out there also. I tend to mostly do my own work for anything serious since the labor costs at my independents and dealerships are absolutely ridiculous.
Now we know that anything with PLAID insecurity (ISO/IEC 25185-1) should be automatically removed from consideration. I suspect as many new products will come out with this as there will be with MD5 and SHA-1 over the next few years. It's a dead standard before it was even published.
* For that matter, has moving the ephedrine (pseudo, or otherwise) behind the counter really put a significant dent on the availability of amphetamine? Based on what I follow of the topic on the news, it seems like it's just as prevalent as it ever was.
I don't think so, based on likely the same news sources you have seen. They're just making it out of nastier chemicals now with even worse side effects, like If your teeth falling out and skin sloughing off like a walking dead character aren't bad enough already.
We already have that problem with MS in many places.
Ah, but there's a fly in your ointment - FOSS doesn't sell you the software, so there's no implied contract and no basis to sue FOSS projects as compared to MS. This could actually help FOSS, because companies that use FOSS in their software would be covered by the law and thus would be encouraged to contribute back, in a world closer to perfect than the current one anyways.
That's bullshit.
Absolutely true, regarding your statement.
The router botnets are primarily due to morons configuring the devices to have default public admin ports open. Who does that on an internet facing device? Why, apparently Asus, Linksys, D-Lionk, Micronet, Tenda, and TP-Link. Note that they tracked only 40,269 IP addresses belonging to 1,600 ISPs over 4 months. As compared to 100,000+ in windows botnets. (While Simda.AT is not a botnet per se, it can become one easily due to what it does, it was just the first windows action that showed up with a number of infected machines. Oh, and it has 128,000 new infections per month.)
Lastly, let's look at a list of known botnets. All the largest are windows based.
Wordpress is another extremely popular target, and guess what? You can run Wordpress under a whole bunch of different OSes. ... on general-purpose computers it doesn't matter what the OS is if the vulnerabilities lie in the software that was installed on top of the OS.
IMNSHO, Wordpress is a pile of crap. However, Wordpress's primary reason for compromise is to infect large numbers of other computers, most of which are... MS machines.
On appliances, sure, but you can't blame MS for the shit the appliance-manufacturers pull.
If it is built on an MS OS and the OS is the problem, sure I can.
I'd have to agree with the AC here - MS should be held accountable for this issue, otherwise you are really arguing people should be held liable for running MS OSes. After all, MS is the (major) problem. Of course, if it wasn't MS, it'd be something else, but MS has the biggest footprint and also happens to be easiest target to compromise - perfect for botnets.
Fifty miles per hour seems like a lot until you realize that means winds are still up to 150mph.
It's like driving with the top down on the autobahn.
I don't have it handy, but there was a published report when Netflix was being asked to pay that stated that 80% of cross ISP traffic was Netflix streaming related. Also, an HD movie will generally have far more bandwidth requirements than a video call. If online gaming has that much bandwidth requirements, then perhaps that online game requires some re-architecting, because the only thing that should really matter is latency. The actual amount of data sent should be relatively small, or you have a horde of on line gamers on a dangerously oversubscribed network.
Because some applications are more sensitive to latency than others. Something happening in real time, such as gaming, a VOIP call, or streaming a video, will be more disrupted by frequent minor delays than a bulk data transfer like backing up 100G of data from office servers to an off-site location overnight.
Out of those, only 1 is a major user bandwidth in a common network and, amazingly, there's a solution for it. A true peering system and allowing caching for streaming will remove streaming's issues, allowing end users to essentially only tie up the last few hundred feet if done properly. How many people are watching House of Cards when it comes out? What if every one of them didn't have to stream from a central group of servers, but instead had effective peering? Of course, the DRM people would be running around with their hair on fire, not realizing that most video is watched only one time....
That's true, but I figured by this point everyone realized that already.
If you read some of the comments, you'll see that's not true. BTW, the java browser plugin is written in C code, AFAIK.
thought it wouldn't take long for the "Its not Java, its the browser plugin, Java is perfect and can do no wrong". posts to appear.
Take a look at the list of affected products - scroll down a fair bit to the Java specific vulnerability list, particularly those marked with note 2:
So, just to count - there's 5 entries with note 2, and CVE-2015-4902 is not one of those. So the major pwnage in question in TFS is browser/JWS based. Of those 5 that are server based, 3 are in JAXP, 1 in security, and 1 in Java8 only. So if you don't use JAXP and are stuck below Java8, guess how vulnerable your server is? Now granted, a security bug sounds pretty major, but without further details and a rating of 5, how can you evaluate whether you're even affected by this one? And my last comment is that most servers only run with vetted URLs, so the possibility that a server will be affected by a URL exploit is pretty darn low.
If you read the article, you'll see that the bug described is actually in the Java code. But carry on.
Actually, if you read the article, you would have read that the bug is actually in the Java browser plugin.
The Java vulnerability can be used to bypass the user confirmation requirement before a Web-based Java application is executed by the Java browser plug-in.
No plug-in, no exploit. In fact, 99% of the CVEs are related to the browser plugins. But don't let that stop you.
Even if that observer is us, in the future, moving backwards.
If publicly funded research being public domain is true, which I believe it is, then providing such articles on a website is legal, regardless of the journal's wishes or contract clauses.
Perhaps equating Wood with Edison is quite appropriate. After all, Edison employed 100s of workers that did the leg work for the bulk of the patents he claimed. After all "Genius is one per cent inspiration and ninety-nine per cent perspiration. Accordingly, a 'genius' is often merely a talented person who has done all of his or her homework." and Edison outsourced his perspiration. TL;DR, but Wood appears to be in a similar position.
So longer is better (higher score)?
Detroit wasn't the only place in the list, and it's not in my bucket list in any case.
Because I can't walk down a clean sidewalk to the corner store and pick up my standard groceries without being accosted or worse?