He's right in the next 20 years, probably the next 50 years. But in a hundred years? Two hundred? I'm not so sure.
A couple of hundred of years ago people would have said going to the moon was a crazy idea. Or flying faster than sound was nuts. But we can do it today.
The whole thing about being held while a drug dog was brought to search the car would violate the SCOTUS decision in Rodriguez (2015). IF this description is accurate (big IF) then it seems as though the guy should be set free on that alone.
It's pure BS. Yeah, you *can* look at the code, but how many do? And how many have the requisite knowledge to recognize it when something is wrong?
As noted on Slashdot over 10 years ago (https://it.slashdot.org/story/08/05/11/1339228/the-25-year-old-bsd-bug) it took 25 years to fix a bug in some commonly used open source. My understanding is that the Samba team even coded around the bug instead of looking at the code and getting it fixed.
Is open source security better than closed source? Sometimes yes; sometimes no. Depends on the developers, the projects and the companies involved. Security is about process and there's a lot more to the process than having access to the source code.
"Symantec needs to share the Norton Core Router's code with the world."
1. Not the world, but with customers, though practically speaking, might as well be the world.
2. Not all of the code, but all of the GPL and LGPL code and anything linked to the GPL code and strictly speaking, if they statically linked LGPL code, then at a minimum the object files needed to recreate the executables.
While I don't doubt it could happen (just witness what Russia has been doing around the world), I think any alien race with the technology to do such a thing could easily be much more forceful and simply impose their will on us or destroy us.
He should have known better than to wade into a political debate. My guess is that he did know better, but wanted to curry favor with the Trump administration.
Sure, it'd be a useful feature for a small number of people, but the vast majority of users of high end cameras (and there aren't that many) wouldn't need it. And doing it this would either require a special encryption chip, increasing the cost for all users, or would be so terribly so that it would make the camera effectively unusable.
I'd venture that the small number of commits for security issues is because many developers 1) don't mark issues as security issues (security not being foremost in their mind) and 2) many developers can't recognize issues as affecting security (which is even scarier).
They are bugs, but there are particular kind of bug that allow bad people to do bad things to your computer or your data. There's a huge difference between a graph displaying text in the wrong sized font and a bad guy being able to steal your spreadsheet with all of your company's confidential data.
All companies do get breached, but not because of sheer incompetence due to not patching a widely publicized vulnerability. The day after publication we told our product teams to update and the teams that had it did so in weeks, not months - and that was in on-prem products. Yet, Equifax couldn't patch their website in three months? That's incompetence.
They don't care - it's taxpayer money. As long as they don't suffer any serious consequences they'll keep doing it. If judges start throwing people in jail for refusing to turn over records then things will change. It's called accountability. Without something like that, this will continue.
We need more info to come to any conclusions. I've seen it claimed that Equifax wasn't using the latest version of Struts and some have thought that meant that they didn't patch to deal with the RCE from earlier this year. BUT, is it possible that what really happened is that Equifax was using Struts 1, not Struts 2? Struts 1 is EOL by the way. That wouldn't surprise me in the least.
Some bad guy programs his car to give out false information causing lots of accidents. Would be a great way for a bank robber or other bad guy to slow pursuing authorities.
1. It's more applicable to once a bug is known than to finding new bugs.
2. Even then it still fails though, as there was a bug in BSD readdir for nearly 25 years. Samba developers had coded around the bug rather than try to fix it. See http://www.osnews.com/story/19...
Slashdot Mirror
He's right in the next 20 years, probably the next 50 years. But in a hundred years? Two hundred? I'm not so sure.
A couple of hundred of years ago people would have said going to the moon was a crazy idea. Or flying faster than sound was nuts. But we can do it today.
Sure it can. AV churns your disk and slows down your system.
I hope someone files a lawsuit and wins. Florida state government is a continual disgrace under Rick Scott.
The whole thing about being held while a drug dog was brought to search the car would violate the SCOTUS decision in Rodriguez (2015). IF this description is accurate (big IF) then it seems as though the guy should be set free on that alone.
What's the probably cause to get a warrant to search his phone?
It's pure BS. Yeah, you *can* look at the code, but how many do? And how many have the requisite knowledge to recognize it when something is wrong?
As noted on Slashdot over 10 years ago (https://it.slashdot.org/story/08/05/11/1339228/the-25-year-old-bsd-bug) it took 25 years to fix a bug in some commonly used open source. My understanding is that the Samba team even coded around the bug instead of looking at the code and getting it fixed.
Is open source security better than closed source? Sometimes yes; sometimes no. Depends on the developers, the projects and the companies involved. Security is about process and there's a lot more to the process than having access to the source code.
"and only 4% report that agile practices are enabling greater adaptability to market conditions..."
"The three most significant challenges to agile adoption and scaling are reported as organizational culture at odds with agile values (53%) ..."
"The researchers also note "the recognized necessity of accelerating the speed of delivery of high-quality software ..."
If it's anything like my company, it's because schedules are sacrosanct. Anything will be sacrificed to hit schedule. It sucks.
"Symantec needs to share the Norton Core Router's code with the world."
1. Not the world, but with customers, though practically speaking, might as well be the world.
2. Not all of the code, but all of the GPL and LGPL code and anything linked to the GPL code and strictly speaking, if they statically linked LGPL code, then at a minimum the object files needed to recreate the executables.
While I don't doubt it could happen (just witness what Russia has been doing around the world), I think any alien race with the technology to do such a thing could easily be much more forceful and simply impose their will on us or destroy us.
He should have known better than to wade into a political debate. My guess is that he did know better, but wanted to curry favor with the Trump administration.
Sure, it'd be a useful feature for a small number of people, but the vast majority of users of high end cameras (and there aren't that many) wouldn't need it. And doing it this would either require a special encryption chip, increasing the cost for all users, or would be so terribly so that it would make the camera effectively unusable.
I'd venture that the small number of commits for security issues is because many developers 1) don't mark issues as security issues (security not being foremost in their mind) and 2) many developers can't recognize issues as affecting security (which is even scarier).
By the time it's true, desktops will be irrelevant.
They are bugs, but there are particular kind of bug that allow bad people to do bad things to your computer or your data. There's a huge difference between a graph displaying text in the wrong sized font and a bad guy being able to steal your spreadsheet with all of your company's confidential data.
Trying to distract the world from his crimes and other bad behavior.
All companies do get breached, but not because of sheer incompetence due to not patching a widely publicized vulnerability. The day after publication we told our product teams to update and the teams that had it did so in weeks, not months - and that was in on-prem products. Yet, Equifax couldn't patch their website in three months? That's incompetence.
They don't care - it's taxpayer money. As long as they don't suffer any serious consequences they'll keep doing it. If judges start throwing people in jail for refusing to turn over records then things will change. It's called accountability. Without something like that, this will continue.
We need more info to come to any conclusions. I've seen it claimed that Equifax wasn't using the latest version of Struts and some have thought that meant that they didn't patch to deal with the RCE from earlier this year. BUT, is it possible that what really happened is that Equifax was using Struts 1, not Struts 2? Struts 1 is EOL by the way. That wouldn't surprise me in the least.
In those federal circuits a claim of qualified immunity ain't gonna work anymore.
Some bad guy programs his car to give out false information causing lots of accidents. Would be a great way for a bank robber or other bad guy to slow pursuing authorities.
Two things here:
1. It's more applicable to once a bug is known than to finding new bugs.
2. Even then it still fails though, as there was a bug in BSD readdir for nearly 25 years. Samba developers had coded around the bug rather than try to fix it. See http://www.osnews.com/story/19...
That will have an effect
All the time
But within 20 years? Yeah, could happen.
If there's no place for terrorists to hide then there's no place for anyone to hide.