You don't have to be nice, but be respectful. The problem is Linus has cultivated an environment where there is no respect for a person for just being a person. He only respects people that agree with him and think the way he does. Basically, it's an easy way to rationalize being an asshole and it being okay.
True, which is why you need to use a password that's long enough that it can't be brute forced. I use an 18 character password that includes non-ASCII characters. Good luck brute forcing that before I'm dead.
With automated cars, taxis will become much less expensive meaning that fewer people will buy cars so fewer people will need insurance. 20 years from now things are going to be VERY different...
Don't get cocky kid. In the RSA breach the hackers went after material used in SecurID (RSA's 2FA product). They're going after phones with the 2FA apps on them too.
Yeah 2FA is good security practice and its use will it make it significantly harder to breach a system using legitimate credentials, but the notion that it's full proof (or fool proof) is a myth.
It's better in that just because a component has a vuln doesn't mean that vuln is exploitable in all situations. Unfortunately, people are TERRIBLE at determining if a vulnerability is potentially exploitable or not.
It's worse in that the data in the NVD is often wrong and has lots of missing versions. For example, CVE-2013-5960 says "The... in the OWASP Enterprise Security API (ESAPI) for Java 2.x before 2.1.1 " and it lists the affected versions only as 2.0.1. The description is wrong (the issue was fixed in 2.1.0) and the list of versions is incomplete as there are more versions that are affected. Another example, CVE-2014-3604 says "Certificates.java in Not Yet Commons SSL before 0.3.15..." and then lists the affected versions as 0.3.15 - which is the version it was fixed in and it doesn't list the versions that were actually affected.
Sorry, but no, it's not that simple. Lots of vulnerabilities come into a project because of dependencies that are poorly managed. Project A depends upon project B which in turn depends upon project C and C has the vuln. All the unit testing of A in the world will not turn up that vuln. That requires system testing and that's a lot more involved.
"The new deterrence research has been discussed favorably and uncritically by national news outlets and has been declared persuasive in leading academic journals and by prominent scholars and jurists. Legal academics, such as Professors Cass Sunstein and Adrian Vermeule, both of the University of Chicago, find the new deterrence evidence "powerful" and "impressive." They couple it with "many decades of reliable data about [capital punishment's] deterrent effects" as the "foundation" of their argument, which holds that since "capital punishment powerfully deters killings," there is a moral imperative to aggressively prosecute capital crimes. Prof. Becker concurs, finding the evidence "persuasive," while Judge Richard Posner brushes aside worries about the possible execution of the innocent as we ramp up executions to achieve even greater deterrent effects. Twice, authors of some of the articles have appeared before the U.S. Congress, stating the case for deterrence."
"Google doesn't care about Microsoft's internal BS. Why should it?"
Because releasing that data two days before Microsoft releases a fix makes the world less secure, not more secure. The point of doing that security research is to make the world more secure, then Google does stupid shit and does the opposite.
Slashdot Mirror
Lobbyists
You don't have to be nice, but be respectful. The problem is Linus has cultivated an environment where there is no respect for a person for just being a person. He only respects people that agree with him and think the way he does. Basically, it's an easy way to rationalize being an asshole and it being okay.
There will always be "baddies" no matter how good the world is.
"Any proposed solution almost certainly would quickly become a focal point for attacks."
Glad someone realized that!
True, which is why you need to use a password that's long enough that it can't be brute forced. I use an 18 character password that includes non-ASCII characters. Good luck brute forcing that before I'm dead.
Then the Army should tell the Air Force to take a hike and fly them itself.
"Someone would have to deploy these certificates on a service that was either a Google property or was masquerading for a Google property"
No, they wouldn't. They could do on an internal network and test there.
Doesn't matter if they were encrypted if they decryption key(s) were also stolen...
With automated cars, taxis will become much less expensive meaning that fewer people will buy cars so fewer people will need insurance. 20 years from now things are going to be VERY different...
But not having enough room in the cockpit to turn your head is bad. Really bad.
But one set of injected code works everywhere with this. Not so with JavaScript.
Great... Just what we need... Another virtual machine for hackers to attack...
Air gapped is good - very good. But not full proof.
Don't get cocky kid. In the RSA breach the hackers went after material used in SecurID (RSA's 2FA product). They're going after phones with the 2FA apps on them too.
Yeah 2FA is good security practice and its use will it make it significantly harder to breach a system using legitimate credentials, but the notion that it's full proof (or fool proof) is a myth.
It's better in that just because a component has a vuln doesn't mean that vuln is exploitable in all situations. Unfortunately, people are TERRIBLE at determining if a vulnerability is potentially exploitable or not.
It's worse in that the data in the NVD is often wrong and has lots of missing versions. For example, CVE-2013-5960 says "The ... in the OWASP Enterprise Security API (ESAPI) for Java 2.x before 2.1.1 " and it lists the affected versions only as 2.0.1. The description is wrong (the issue was fixed in 2.1.0) and the list of versions is incomplete as there are more versions that are affected. Another example, CVE-2014-3604 says "Certificates.java in Not Yet Commons SSL before 0.3.15 ..." and then lists the affected versions as 0.3.15 - which is the version it was fixed in and it doesn't list the versions that were actually affected.
Sorry, but no, it's not that simple. Lots of vulnerabilities come into a project because of dependencies that are poorly managed. Project A depends upon project B which in turn depends upon project C and C has the vuln. All the unit testing of A in the world will not turn up that vuln. That requires system testing and that's a lot more involved.
Taxis become much more economical when you don't need a human to drive it any longer.
Imagine the social upheaval of all those now unemployed taxi drivers. And will people in the future understand Scorsese's film?
Losing it sucks. Not sure how to replace it.
After a five minute discussion the principal will be apologizing to the student and his family.
There is disagreement over that.
"The new deterrence research has been discussed favorably and uncritically by national news outlets and has been declared persuasive in leading academic journals and by prominent scholars and jurists. Legal academics, such as Professors Cass Sunstein and Adrian Vermeule, both of the University of Chicago, find the new deterrence evidence "powerful" and "impressive." They couple it with "many decades of reliable data about [capital punishment's] deterrent effects" as the "foundation" of their argument, which holds that since "capital punishment powerfully deters killings," there is a moral imperative to aggressively prosecute capital crimes. Prof. Becker concurs, finding the evidence "persuasive," while Judge Richard Posner brushes aside worries about the possible execution of the innocent as we ramp up executions to achieve even greater deterrent effects. Twice, authors of some of the articles have appeared before the U.S. Congress, stating the case for deterrence."
https://www.law.columbia.edu/l...
Because it's never been an issue before.
Great line from Sneakers!
"90 days is really long."
Cow manure.
It's short when fixing vulns in an OS and delivering a real product.
90 days is not a lot of time.
"Google doesn't care about Microsoft's internal BS. Why should it?"
Because releasing that data two days before Microsoft releases a fix makes the world less secure, not more secure. The point of doing that security research is to make the world more secure, then Google does stupid shit and does the opposite.