How exactly would that even solve the issue? As soon as the user hits "submit", the data is submitted. ZERO JavaScript required for this particular phishing attack as it is already.
Because we're a multitasking generation. The need to wear special equipment to watch TV, then to take it off to check messages on a phone, then put in on again, then take it off to go to a quick piss break during commercials then back on again to go back to the show... Plus, the need for the piece of equipment per person. Plus the amount of media that is more passively consumed vs active (think having a TV show running in the background while doing house chores).
Seriously, 3D missed the mark on pretty much every account of every day modern human life.
The top reasons why I personally still use the cmd shell in windows
1) ipconfig (verify if DHCP pulled an address, and if so, is it correct with proper default route and DNS servers) 2) ping 4.2.2.2 (verify connectivity to a known public server that will always respond to PING requests, that doesn't need to resolve a DNS name)
Once basic network connectivity issues are address though, in this day in age, most other things have decent 3rd party tools to diagnose and fix issues. I personally keep a shitton of said tools in a folder on my cell phone, so all I need to do is plug in the USB cable and BAM, most everything I need will be at my fingertips.
Certain bugs are the same bug in multiple products, so for a company total it is counted once but is also counted for each individual application. Think of this like a bug in a PNG decoder, using the exact same decoder in Photoshop and Illustrator. "Adobe" has 1 bug, but each application also has 1 bug each.
Security fixes are backported. Settings > About Device > Android Security Patch Level & Security Software Version. Plus individual APKs are patched automatically via the Play Store
Seriously, why? For a single home? I just picked up a bunch of 802.11n wireless routers for $10/ea brand new off of Amazon Prime. Disabled DHCP and all other routing services on each, so they all act as just access points and nothing more. *BAM*, great wireless coverage all throughout the house now, and was super freaggin cheap, too.
I guess I should have clarified. The "home" connection is allowed to run a home based business on it. I have an entire server rack at home connected to it and run several TB of data a month over said connection.
Very much this! I've personally looked into doing this in my neighborhood. For what ever reason, getting "business" gigabit internet where I live is in the range of $3000-10000/mo. But for what ever reason, the EXACT same company can provide "residential" gigabit internet for only $79/mo. It is literally the same wires going to the same data center in town. The only difference is the terms of service.
Facebook already did this with PHP. It was called HipHop. But it sucked. Too many issues, and it didnt solve enough issues. Luckily, Facebook started over from scratch, and just built of PHP virtual machine that does JIT compilation instead of needing to compile PHP into C then into machine language, and the result is actually a faster product, which supports more of the PHP language, and is a hell of a lot more stable (still not perfect though)
So, why bother cross-compiling to another language? Just build a LISP JIT VM system. Solve all your problems!:D
https://www.yubico.com/ - Yubico, the makers of Yubikeys, is the primary company and primary devices that Google, Facebook, Github, Dropbox, and others use. Reading the various comments here on Slashdot, I just want to quickly clear a few things up. Some think this is just a theoretical API. No, it is fully implemented, and the hardware has been on the market. I've been using my Yubikey for over a year now. The thing is fucking amazing. The key supports several different modes, so let's go through a few of them really quick to clear up concerns from above.
The type of authentication mentioned in TFA works by plugging in the USB key. After that, the browser makes a request to the key. The key then has an LED that starts blinking to indicate said request. The key does *NOT* process the request until the button on the key is pressed. The encryption key stored on the physical key also can NOT be read off of it at all, the device handles processing of the initial request. (yes, admittedly, this is slower than a normal CPU, it takes 1-2 seconds to process)
There are other modes, too. There is a mode which works exactly like Google Authenticator, where you can register 2-factor codes with it. The generated time based codes can then be read back either by USB or by NFC on a phone/tablet. This has the added advantage of the fact the seed for the time code is not retrievable from the device. The only thing the device will transmit out is the calculated time-based code. This has an advantage over Google Authenticator, where a compromised phone could easily leak the seed values and generate new time based codes. This calculation instead happens on the key, and only the final result is returned instead.
This device also works with PuTTY for SSH authentication. This is by *FAR* my most favorite feature. TortouseGit on windows also uses PuTTY for authentication, so this includes source code. You can pull out the public key from the device, and use the device to authenticate yourself anywhere that supprts SSH. I personally use this to authenticate into a cluster of servers that I manage.
This device includes a static password, too. Not everything supports these newer modes. There are a couple services that I use which dont. A randomized password up to 32 characters can be stored on the device, and with a single press of the button will emulate a keyboard and type it in. This is much MUCH easier than trying to type in long complex passwords which use tons of extended characters. But again, this caps at only 2 passwords (the device has 2 "slots" total, and other things such as the method mentioned in the article takes up 1 of those slots as well)
But pretty much every concern I've seen in the comments on this page are all directly addressedon the Yubico web site. These guys have thought of pretty much thought of every possible scenario imaginable. This isn't just some weekend project. This is a serious security product help designed and implemented by some of the largest tech firms in the world who have a serious stake at securing their own networks. The price for the keys are really not bad, so yeah, I'd personally recommend them.
The sites give you 10 temporary one-time keys to use, designed to be printed out and stored in a lock box. These are used for emergency access when the physical device is unavailable.
The keys have a physical button on them an an LED. the LED starts flashing when the browser makes a request, and to authenticate, the user MUST press the button for the embedded circuit to process the encryption request.
I thought this idea too... until jQuery's official CDN went offline last week, rendering the entire site absolutely unusable.
Note: yes, I get the idea that "web pages" should historically be static documents. But in this case, the particular web site was a desktop application replacement. It was a very complex application which required custom UI controls to be made and real-time notifications between multiple users (think content sharing/locking scenarios).
You forgot the other major advantage of ASM code. Access to instructions other than basic logical program flow instructions, such as instructions for manipulating hardware or accessing memory mapped devices. One of my favorite things about writing a micro-kernel for an ARM platform over a decade ago was being able to drop in some inline ASM code into C/C++ libraries and manipulate the CPU in ways otherwise not possible, such as tweaking how instruction and data cache worked.
While I personally do no hold a Dropbox account, this decision pisses me off to no end just as much as it does their own users. When looking for rare content required for administering and managing legacy hardware and software, users have been hosting them on public Dropbox accounts. This includes PDF manuals, firmware updates (required for security!) and other useful shit that vendors either no longer provide, or have entirely gone out of business and have no way to get the content from. Yes, the people who host this content on Dropbox right now could move it, but there are thousands and thousands of forum links that will literally break over night and would need the authors to go back and edit said links to point to the new storage locations.
Cameras use ASIC chips. The "firmware" in question is simply there to tell the ASIC which functions to enable/disable from what is already available. Encryption would break the existing data chain of sensor > ASIC > storage. It would then need to go sensor > ASIC > CPU > storage. Think of the amount of CPU power required to handle data encryption in the first place, these CPUs simply could not keep up. So to add the functionality of encryption, it would have to be implemented in a new generation of their ASIC image processors.
Maybe I somehow absolutely missed it, but looking at both the summary and TFA, I cannot figure out just WHAT the hell these new "standards" even are.
And really, with manufacturers shoving tablets that "act as laptops" which are meant to be desktop replacements and can be charged over USB cable, is evenergy efficiency of new computers even a concern at all anymore?
Will Microsoft then FORCE driver developers to decouple the ACTUAL drive from the shit bloat software that comes with them? Who the fuck needs a 300MiB download just for a video driver? The hardware vendors do, which over 90% of that is bloatastical bullshit, mostly just "fancy" ads for other games, or optional (but a pain in the fucking ass to remove) graphics utilities nobody asked for or even wanted in the first place.
Slashdot Mirror
How exactly would that even solve the issue? As soon as the user hits "submit", the data is submitted. ZERO JavaScript required for this particular phishing attack as it is already.
"This video is unlisted. Be considerate and think twice before sharing." GG, howd ya find it?
You're thinking of MetroPCS
Well, all the recalled Note 7s need to go SOMEWHERE, don't they?
Because we're a multitasking generation. The need to wear special equipment to watch TV, then to take it off to check messages on a phone, then put in on again, then take it off to go to a quick piss break during commercials then back on again to go back to the show... Plus, the need for the piece of equipment per person. Plus the amount of media that is more passively consumed vs active (think having a TV show running in the background while doing house chores).
Seriously, 3D missed the mark on pretty much every account of every day modern human life.
1) In soviet russia, trope slashdots you! ...?
2)
3) PROFIT!!
The top reasons why I personally still use the cmd shell in windows
1) ipconfig (verify if DHCP pulled an address, and if so, is it correct with proper default route and DNS servers)
2) ping 4.2.2.2 (verify connectivity to a known public server that will always respond to PING requests, that doesn't need to resolve a DNS name)
Once basic network connectivity issues are address though, in this day in age, most other things have decent 3rd party tools to diagnose and fix issues. I personally keep a shitton of said tools in a folder on my cell phone, so all I need to do is plug in the USB cable and BAM, most everything I need will be at my fingertips.
A MILLION 80 P !?!? https://www.youtube.com/watch?...
Certain bugs are the same bug in multiple products, so for a company total it is counted once but is also counted for each individual application. Think of this like a bug in a PNG decoder, using the exact same decoder in Photoshop and Illustrator. "Adobe" has 1 bug, but each application also has 1 bug each.
Security fixes are backported. Settings > About Device > Android Security Patch Level & Security Software Version. Plus individual APKs are patched automatically via the Play Store
Seriously, why? For a single home? I just picked up a bunch of 802.11n wireless routers for $10/ea brand new off of Amazon Prime. Disabled DHCP and all other routing services on each, so they all act as just access points and nothing more. *BAM*, great wireless coverage all throughout the house now, and was super freaggin cheap, too.
Well, let's simplify... 12,000 / 4 = 3000... Holyshit, I just figured out their entire study!
I prefer PURPLE thank you very much! https://www.google.com/search?...
I guess I should have clarified. The "home" connection is allowed to run a home based business on it. I have an entire server rack at home connected to it and run several TB of data a month over said connection.
Very much this! I've personally looked into doing this in my neighborhood. For what ever reason, getting "business" gigabit internet where I live is in the range of $3000-10000/mo. But for what ever reason, the EXACT same company can provide "residential" gigabit internet for only $79/mo. It is literally the same wires going to the same data center in town. The only difference is the terms of service.
Facebook already did this with PHP. It was called HipHop. But it sucked. Too many issues, and it didnt solve enough issues. Luckily, Facebook started over from scratch, and just built of PHP virtual machine that does JIT compilation instead of needing to compile PHP into C then into machine language, and the result is actually a faster product, which supports more of the PHP language, and is a hell of a lot more stable (still not perfect though)
So, why bother cross-compiling to another language? Just build a LISP JIT VM system. Solve all your problems! :D
https://www.yubico.com/ - Yubico, the makers of Yubikeys, is the primary company and primary devices that Google, Facebook, Github, Dropbox, and others use. Reading the various comments here on Slashdot, I just want to quickly clear a few things up. Some think this is just a theoretical API. No, it is fully implemented, and the hardware has been on the market. I've been using my Yubikey for over a year now. The thing is fucking amazing. The key supports several different modes, so let's go through a few of them really quick to clear up concerns from above.
The type of authentication mentioned in TFA works by plugging in the USB key. After that, the browser makes a request to the key. The key then has an LED that starts blinking to indicate said request. The key does *NOT* process the request until the button on the key is pressed. The encryption key stored on the physical key also can NOT be read off of it at all, the device handles processing of the initial request. (yes, admittedly, this is slower than a normal CPU, it takes 1-2 seconds to process)
There are other modes, too. There is a mode which works exactly like Google Authenticator, where you can register 2-factor codes with it. The generated time based codes can then be read back either by USB or by NFC on a phone/tablet. This has the added advantage of the fact the seed for the time code is not retrievable from the device. The only thing the device will transmit out is the calculated time-based code. This has an advantage over Google Authenticator, where a compromised phone could easily leak the seed values and generate new time based codes. This calculation instead happens on the key, and only the final result is returned instead.
This device also works with PuTTY for SSH authentication. This is by *FAR* my most favorite feature. TortouseGit on windows also uses PuTTY for authentication, so this includes source code. You can pull out the public key from the device, and use the device to authenticate yourself anywhere that supprts SSH. I personally use this to authenticate into a cluster of servers that I manage.
This device includes a static password, too. Not everything supports these newer modes. There are a couple services that I use which dont. A randomized password up to 32 characters can be stored on the device, and with a single press of the button will emulate a keyboard and type it in. This is much MUCH easier than trying to type in long complex passwords which use tons of extended characters. But again, this caps at only 2 passwords (the device has 2 "slots" total, and other things such as the method mentioned in the article takes up 1 of those slots as well)
But pretty much every concern I've seen in the comments on this page are all directly addressedon the Yubico web site. These guys have thought of pretty much thought of every possible scenario imaginable. This isn't just some weekend project. This is a serious security product help designed and implemented by some of the largest tech firms in the world who have a serious stake at securing their own networks. The price for the keys are really not bad, so yeah, I'd personally recommend them.
The sites give you 10 temporary one-time keys to use, designed to be printed out and stored in a lock box. These are used for emergency access when the physical device is unavailable.
The keys have a physical button on them an an LED. the LED starts flashing when the browser makes a request, and to authenticate, the user MUST press the button for the embedded circuit to process the encryption request.
I thought this idea too... until jQuery's official CDN went offline last week, rendering the entire site absolutely unusable.
Note: yes, I get the idea that "web pages" should historically be static documents. But in this case, the particular web site was a desktop application replacement. It was a very complex application which required custom UI controls to be made and real-time notifications between multiple users (think content sharing/locking scenarios).
You forgot the other major advantage of ASM code. Access to instructions other than basic logical program flow instructions, such as instructions for manipulating hardware or accessing memory mapped devices. One of my favorite things about writing a micro-kernel for an ARM platform over a decade ago was being able to drop in some inline ASM code into C/C++ libraries and manipulate the CPU in ways otherwise not possible, such as tweaking how instruction and data cache worked.
While I personally do no hold a Dropbox account, this decision pisses me off to no end just as much as it does their own users. When looking for rare content required for administering and managing legacy hardware and software, users have been hosting them on public Dropbox accounts. This includes PDF manuals, firmware updates (required for security!) and other useful shit that vendors either no longer provide, or have entirely gone out of business and have no way to get the content from. Yes, the people who host this content on Dropbox right now could move it, but there are thousands and thousands of forum links that will literally break over night and would need the authors to go back and edit said links to point to the new storage locations.
Cameras use ASIC chips. The "firmware" in question is simply there to tell the ASIC which functions to enable/disable from what is already available. Encryption would break the existing data chain of sensor > ASIC > storage. It would then need to go sensor > ASIC > CPU > storage. Think of the amount of CPU power required to handle data encryption in the first place, these CPUs simply could not keep up. So to add the functionality of encryption, it would have to be implemented in a new generation of their ASIC image processors.
Maybe I somehow absolutely missed it, but looking at both the summary and TFA, I cannot figure out just WHAT the hell these new "standards" even are.
And really, with manufacturers shoving tablets that "act as laptops" which are meant to be desktop replacements and can be charged over USB cable, is evenergy efficiency of new computers even a concern at all anymore?
Will Microsoft then FORCE driver developers to decouple the ACTUAL drive from the shit bloat software that comes with them? Who the fuck needs a 300MiB download just for a video driver? The hardware vendors do, which over 90% of that is bloatastical bullshit, mostly just "fancy" ads for other games, or optional (but a pain in the fucking ass to remove) graphics utilities nobody asked for or even wanted in the first place.