It's like if your car wasn't acting right, and you took it to a mechanic, and he told you, "just read the fucking manual you idiot." Of course, that doesn't happen, because most-if-not-all mechanics aren't so arrogant they think everyone should know how to fix their own car.
You forgot the clause "for free" in there. Of course that doesn't happen because there's an expectation that if you bring the car in, the mechanic is going to get _paid_ to first figure out what's wrong with your car starting with the description of "Car no go". So the mechanic gets paid for the time that he takes just figuring out what's wrong first, and paid to then fix the problem (plus parts). (and eventually you find out that the person is trying to use the car to go driving up and down sand dunes in Oregon.... but they are trying to do it in an F1 race car with racing slicks)
Maybe it should, maybe it shouldn't. Why will the telcos push/carry this phone, and/or why will end-users demand this phone? Good answers to these questions will help determine whether it should be published. (And note end-users are the generic people, not the techy people. "It's more open source" isn't a good answer...)
So why is Amazon being specifically mentioned here? What makes this specific to Amazon? Is Google Compute Engine somehow immune to this? Or Azure, or any other hosting provider? Or self-hosted?
Better headline: "Servers compromised through known vulnerability, admins failed to update software to close vulnerability."
Because the people paying for ads to show on WABC7 in NY are expecting viewership in NY to be the ones consuming the ads. If the audience is now nationwide, then the value per eyeball goes way down since now a smaller percentage of the eyeballs matter. So actually both sides of the equation don't like it. The advertisers aren't advertising to the demographic they want, and since the demographic is now much wider, WABC7 can't charge as much per eyeball since many of them are useless to the advertiser.
That one's quite useful. You've declared a variable and now whomever is reading the code now has the additional cognitive load to try to figure out why that variable exists.
Yep. Compile with -Wall -Werror. All warnings are now errors. If the compiler is warning you about something, it is likely that you're not telling the compiler a consistent message. "Do not try to outsmart the compiler, it will get its revenge." Rework the code so that it doesn't warn. Also, gcc has a compiler flag to tell the compiler that certain directories are "system" includes, and not to warn about stuff in them.
Why? The cable modem will be able to figure out what traffic is coming from the home vs. coming via the public wifi, and can count those separately. (And can do different speed shaping and prioritization).
subscriber cancels service
Same question. If the cable modem is plugged in, they just need to block the ethernet and "personal" SSID, leaving the "public" SSID operational.
Yet again, another person who can't distinguish between the technology and a particular application of that technology. What you're complaining about has nothing to do with the implementation of OpenSSL (which is what this article is about), but has to do with the application of OpenSSL. OpenSSL is doing it's job by verifying the presented certificates against the list of trusted certificate authorities that you have configured. The fact that you're trusting too many people isn't a problem with OpenSSL. (It is also not OpenSSL's concern as to how you obtained your list of trusted CAs, only that you have one.)
Read Dragon's Egg by Robert L. Forward. (and the sequel, Starquake) Part of the story involves humans interacting with an alien species that is a lot faster. The alien's lifespan is about 15 minutes...
Not really... the cabs are being artificially hamstrung by regulation that was put into place precisely because private people were doing bad things and thus government was lobbied/decided upon that regulation was required in order to protect public safety. So now there are a bunch of cabs which are following said regulations (likely at a pretty significant cost), and now this other organization is setting up a de facto cab company, but doesn't have to follow the regulation. Now... if the cab companies no longer had to follow the regulations and _still_ couldn't compete with Uber, then so be it. But as it is now you're comparing the performance of two race horses, but one of them has its legs tied together.
I made no comment on the validity of the case itself (and had also mentioned the 5 minute thing). What I'm pointing out is that this article is inaccurate in it's headline ("Stop and _Search_ Based On Anonymous 911 Tips"), and many of the comments are making the same leap. The facts of the case didn't link the anonymous tip to the search. The facts of the case linked the anonymous tip to the _stop_. It was evidence gathered during the stop that lead to the search. The dissenting opinions were around whether the police had sufficient cause to stop the person in the first place since without the stop, the police wouldn't have had the additional evidence to provide cause for a search. So, much of the outrage here is misdirected. It should all be directed at whether or not the police had sufficient cause to stop the car. What we should be seeing is arguments along the lines of: "The police received an anonymous tip. Based on that they located the car and observed its behaviour over 5 minutes." Followed by either "Having seeing no signs of impaired driving we stopped observing the car and went on our way", or "We then pulled the vehicle over in order to have a discussion with the driver that a concerned citizen had observed the car behaving erratically, was there something wrong?" (Which then leads to the discovery of the other evidence)
You're missing a bunch of parts, and the headline of this article is similarly misguided (the original title is not). The 911 call did nothing regarding the _search_. What the 911 call did was focus the attention of the police on a vehicle that was allegedly driving dangerously. They then pulled over the vehicle that was allegedly driving dangerously under the suspicion that the driver was impaired (remember, driving impaired is illegal). During that interaction they discovered further indications that drugs were involved and based on _that_ evidence a search of the vehicle was conducted. Where the dispute comes from is whether the police had sufficient suspicion about the original "driving while impaired" problem (and thus sufficient cause to pull the vehicle over). They'd apparently followed the vehicle for "5 minutes" and didn't see any indication of poor driving. _That's_ where the dissenting court opinion comes from, not about the search. (I've made that 911 call myself. And in one case, I'd actually saw the vehicle that I was reporting clip someone else and tore the mirror off of their car. They'd pulled over, but I bet he was rather surprised as how fast a police cruiser arrived on the scene....)
The proposal doesn't say a whole lot about why one would want to do it. So I can attach a date to a link. How does this guarantee that _those_ links won't die?
Not really. That means every application that wants to talk securely would have to add the noise, vs the library that they use adds the noise behind the scenes and the multitude of applications can concern themselves with what they need to do. And if the noise generation needed to be changed for some reason, then you only have to update the library and not the multitudes of applications (some of which may never be updated....).
Yep, you don't have to pay capital gains on the appreciation of your property. Not the same thing as property tax. Property tax is dealing with the property's "current value". Since you are still holding the property, no capital gains (or losses) have occurred (yet).
Suppose a 10 year old walks up to a cashier at a Walmart, dumps 50 candy bars on the belt, and hands the cashier a credit card with no adult in sight. The cashier rings it up and charges the card. The kid opens all the candy and gives it away to friends, eats it, whatever. Later the adult discovers that the kid took his card out of his wallet when he wasn't looking and complains to his credit card company.
Not quite. Your analogy is missing the part where the adult walked up with the 10 year old and told the cashier that the child was allowed to use the credit card, and then left. That's not to say that Android should probably have multiuser capabilities across all devices, a device administrator designation, and an account setting about "auth once" vs. "auth for 30 mins" on wallet access.
Slashdot Mirror
Uh, have you seen the stuff that Andrei Alexandrescu does with templates?
It's like if your car wasn't acting right, and you took it to a mechanic, and he told you, "just read the fucking manual you idiot." Of course, that doesn't happen, because most-if-not-all mechanics aren't so arrogant they think everyone should know how to fix their own car.
You forgot the clause "for free" in there. Of course that doesn't happen because there's an expectation that if you bring the car in, the mechanic is going to get _paid_ to first figure out what's wrong with your car starting with the description of "Car no go". So the mechanic gets paid for the time that he takes just figuring out what's wrong first, and paid to then fix the problem (plus parts). (and eventually you find out that the person is trying to use the car to go driving up and down sand dunes in Oregon.... but they are trying to do it in an F1 race car with racing slicks)
How about starting with perjury and treason charges?
Maybe it should, maybe it shouldn't. Why will the telcos push/carry this phone, and/or why will end-users demand this phone? Good answers to these questions will help determine whether it should be published. (And note end-users are the generic people, not the techy people. "It's more open source" isn't a good answer...)
So why is Amazon being specifically mentioned here? What makes this specific to Amazon? Is Google Compute Engine somehow immune to this? Or Azure, or any other hosting provider? Or self-hosted? Better headline: "Servers compromised through known vulnerability, admins failed to update software to close vulnerability."
Because the people paying for ads to show on WABC7 in NY are expecting viewership in NY to be the ones consuming the ads. If the audience is now nationwide, then the value per eyeball goes way down since now a smaller percentage of the eyeballs matter. So actually both sides of the equation don't like it. The advertisers aren't advertising to the demographic they want, and since the demographic is now much wider, WABC7 can't charge as much per eyeball since many of them are useless to the advertiser.
Unfortunately your analogy is also flawed... the mail _was_ addressed to the recipient. GS "wrote" the wrong address on the envelope.
That one's quite useful. You've declared a variable and now whomever is reading the code now has the additional cognitive load to try to figure out why that variable exists.
Yep. Compile with -Wall -Werror. All warnings are now errors. If the compiler is warning you about something, it is likely that you're not telling the compiler a consistent message. "Do not try to outsmart the compiler, it will get its revenge." Rework the code so that it doesn't warn. Also, gcc has a compiler flag to tell the compiler that certain directories are "system" includes, and not to warn about stuff in them.
no more data cap
Why? The cable modem will be able to figure out what traffic is coming from the home vs. coming via the public wifi, and can count those separately. (And can do different speed shaping and prioritization).
subscriber cancels service
Same question. If the cable modem is plugged in, they just need to block the ethernet and "personal" SSID, leaving the "public" SSID operational.
Yet again, another person who can't distinguish between the technology and a particular application of that technology. What you're complaining about has nothing to do with the implementation of OpenSSL (which is what this article is about), but has to do with the application of OpenSSL. OpenSSL is doing it's job by verifying the presented certificates against the list of trusted certificate authorities that you have configured. The fact that you're trusting too many people isn't a problem with OpenSSL. (It is also not OpenSSL's concern as to how you obtained your list of trusted CAs, only that you have one.)
Cookie tracking means you're getting spammed with ads you DO want, instead of the ads you don't want.
If only they weren't lying. I don't want _any_ of the ads.
Or, set an acceptable price to you. $1 per play (or whatever). No negotiation. Look at all of the time you just saved.
Read Dragon's Egg by Robert L. Forward. (and the sequel, Starquake) Part of the story involves humans interacting with an alien species that is a lot faster. The alien's lifespan is about 15 minutes...
but why shouldn't I get to make that decision
Because your "reasoned" decision apparently doesn't take into account the threat you now represent to everybody else.
Not really... the cabs are being artificially hamstrung by regulation that was put into place precisely because private people were doing bad things and thus government was lobbied/decided upon that regulation was required in order to protect public safety. So now there are a bunch of cabs which are following said regulations (likely at a pretty significant cost), and now this other organization is setting up a de facto cab company, but doesn't have to follow the regulation. Now... if the cab companies no longer had to follow the regulations and _still_ couldn't compete with Uber, then so be it. But as it is now you're comparing the performance of two race horses, but one of them has its legs tied together.
I made no comment on the validity of the case itself (and had also mentioned the 5 minute thing). What I'm pointing out is that this article is inaccurate in it's headline ("Stop and _Search_ Based On Anonymous 911 Tips"), and many of the comments are making the same leap. The facts of the case didn't link the anonymous tip to the search. The facts of the case linked the anonymous tip to the _stop_. It was evidence gathered during the stop that lead to the search. The dissenting opinions were around whether the police had sufficient cause to stop the person in the first place since without the stop, the police wouldn't have had the additional evidence to provide cause for a search. So, much of the outrage here is misdirected. It should all be directed at whether or not the police had sufficient cause to stop the car. What we should be seeing is arguments along the lines of: "The police received an anonymous tip. Based on that they located the car and observed its behaviour over 5 minutes." Followed by either "Having seeing no signs of impaired driving we stopped observing the car and went on our way", or "We then pulled the vehicle over in order to have a discussion with the driver that a concerned citizen had observed the car behaving erratically, was there something wrong?" (Which then leads to the discovery of the other evidence)
You're missing a bunch of parts, and the headline of this article is similarly misguided (the original title is not). The 911 call did nothing regarding the _search_. What the 911 call did was focus the attention of the police on a vehicle that was allegedly driving dangerously. They then pulled over the vehicle that was allegedly driving dangerously under the suspicion that the driver was impaired (remember, driving impaired is illegal). During that interaction they discovered further indications that drugs were involved and based on _that_ evidence a search of the vehicle was conducted. Where the dispute comes from is whether the police had sufficient suspicion about the original "driving while impaired" problem (and thus sufficient cause to pull the vehicle over). They'd apparently followed the vehicle for "5 minutes" and didn't see any indication of poor driving. _That's_ where the dissenting court opinion comes from, not about the search. (I've made that 911 call myself. And in one case, I'd actually saw the vehicle that I was reporting clip someone else and tore the mirror off of their car. They'd pulled over, but I bet he was rather surprised as how fast a police cruiser arrived on the scene....)
That's not security (well, not the security that the rest of this thread is posting about). That's resiliency.
The proposal doesn't say a whole lot about why one would want to do it. So I can attach a date to a link. How does this guarantee that _those_ links won't die?
Not really. That means every application that wants to talk securely would have to add the noise, vs the library that they use adds the noise behind the scenes and the multitude of applications can concern themselves with what they need to do. And if the noise generation needed to be changed for some reason, then you only have to update the library and not the multitudes of applications (some of which may never be updated....).
communicating with their product support folks via twitter. It literally saves hours waiting for email responses
Then the vendor is literally incompetent. There is _no_ reason why email should take hours to get a response.
Yep, you don't have to pay capital gains on the appreciation of your property. Not the same thing as property tax. Property tax is dealing with the property's "current value". Since you are still holding the property, no capital gains (or losses) have occurred (yet).
Thus why the first thing I do in a new apartment is change the locks.
In certain jurisdictions this is illegal without a court order.
Suppose a 10 year old walks up to a cashier at a Walmart, dumps 50 candy bars on the belt, and hands the cashier a credit card with no adult in sight. The cashier rings it up and charges the card. The kid opens all the candy and gives it away to friends, eats it, whatever. Later the adult discovers that the kid took his card out of his wallet when he wasn't looking and complains to his credit card company.
Not quite. Your analogy is missing the part where the adult walked up with the 10 year old and told the cashier that the child was allowed to use the credit card, and then left. That's not to say that Android should probably have multiuser capabilities across all devices, a device administrator designation, and an account setting about "auth once" vs. "auth for 30 mins" on wallet access.