people. Mobile apps are now the area inexperienced people will start writing their first public code. Before that it was web design and before that it was writing Windows desktop applications.
Some of those people will then grow up and most likely leave that field, just as the mobile app environments are as shitty as the web design environments or the Windows desktop application ones.
The most complex single pieces of code are of course web browsers. Those have grown so large that only a few corporations can just barely manage their development. However that's not really sophistication, given saner standards to implement, you could do exactly the same with a tiny fraction of code.
It's easy to just pile code on top of code, what's hard is to find sensible abstractions you can use to make the code simpler and easier to maintain.
... that those vulnerable parts of the router firmware typically aren't made by the router manufacturer. The manufacturer usually just reskins the web interface. That's why it's now common to have cross-model attacks on large percentages of the routers.
So you'd probably end up running virtually the same firmware as 90% of the rest. Price is no indication, BTW, as I've seen even expensive routers doing just that.
There's a German brand of routers/ATA/IAD/DECT-base/WLAN combined boxes called Fritz!Box. They don't use the web frontend provided by the chipset manufacturer so they use their own, which means that the bugs in 99% of other routers don't work there. Firmware updates regarding features are available for a few years, bugfixes even longer. Costs start at 30 Euros for a refurbished middle model and go up to >200 Euros for the top of the line models.
Other than that, use some Linux computer to build your own router.
The main bug in Thunderbird is that it supports HTML-Mail.
Looking though the linked article, I can say for sure that none of the GUIs in the screenshots would do it for me, as they apparently all support HTML.
Essentially you need to keep a separation between code and data. Data is something you can get from any source as dubious data will never be able to breach the security.
Code on the other hand are commands for your computer. Every new code you get onto your computer is a risk you take as it can be malevolent. Therefore you shouldn't take executing foreign code lightly. Ideally you only have your fixed set of programs which you can combine to use with data you get from everywhere.
Things like AppStores pervert that safety precaution. They act as if it was possible to have a secure system, yet download software written by dubious developers. Sadly, we as a society seem to fall into the same trap over and over again, from Javascript to Active X. From Visual Basic for Applications to Appstores.
Which is even lower depending on the subjects, chances are high that if you just walk towards the gate, it'll open for you. After all that system will be optimized towards letting people through even if the match is not very accurate.
... at the current diplomatic climate, none of that data could hurt me. The far bigger problem is that that data is likely also stored at Facebook servers where administrations that could actually hurt me, can access it.
I mean most companies just waste money in IT. Usually companies just follow dogmas which have little to do with reality. That's why they spend lots of money on worthless security products... or software products claiming to improve productivity, but wasting more for most people.
I mean if I was trying to make a joke about a C++ developer making shell scripts, I'd have used something like that.
I mean seriously, you don't write built-in commands for that. You create a specialized language and write an interpreter for it. Once you have that, you can easily access it from the shell.
This is off-topic, because you don't learn much from using a library or framework, except for perhaps that most of them are utterly useless. Essentially if you follow that argument you'll get something like Web developers who often have no idea what they are doing, but do a lot of it. I've once asked the developer of a web app with a particularly anoying bug (you cannot copy text field, every time you select something, the selection will be empty again) why that bug even exists, after all web browsers allow that by default. He openly answered that he had no idea, he was just using a framework.
Yes, you can now easily click something together simpler than in the 1980s, but what have you learned then?
We have learned that in Germany, where we went from one of the most modern data networks before we sold our phone company, down to something that's worse than in most eastern European countries.
However in the interest of balance. Here's a counter point claiming that private enterprise means competition and therefore democracy. And obviously the oil industry in the US is a prime example for this.
Good "Open Source" funding leads to companies like Mozilla who, instead of trying to make the web better, mostly work on keeping the browser engine oligopoly alive.
A far better solution would be to have actual FOSS with the additional rule of being as simple as humanly possible. Simple code is shorter and therefore likely contains less errors. Less errors lead to less security critical errors. Also it's easier to maintain a 1k line program than a 20 Megaline program.
Considering that most things companies do are rather trivial, the far better way is to punish them for using overly complex solutions to their trivial problems.
The Smartwatch market essentially is as dead as the smartphone market. Everyone is building more or less exactly the same device. The mass market hates innovation because it means risks.
Meanwhile there's some actual innovation in the field of home made smart watches. For example Travid Goodspeed's "GoodWatch" https://github.com/travisgoods... It runs for years with a single battery and has way better functionality than any commercial smartwatch. You even have a keyboard.
Because some people claim that there is some vague energy saving aspect to it.... which has never actually materialized.
France was the first EU country to introduce it in 1976 and Swiss was the last one in 1981. There were earlier attempts at it, but those were luckily only short lived.
People have much less ethical concerns to fool machines then they have with people. So people are going to try to trick the system much more often than they would with people there.
The obvious reason why rich people are doing it, is to blame poor people for being stupid. It's the only way they can bear with the fact that most, if not all, rich people are rich by pure chance or inheritance.
and typically such advice ends up saying that you only need to save $50 a day, then invest it at an interest rate of only 10% and you'll be a millionaire within a couple of decades, ignoring that interest rates are low and $50 a day is a lot of money for most people.
... as good software is simple enough to be written by a single person in their spare time. If your software projects require more and more people to join, just to keep up with fixing the bugs, you're doing something wrong.
This is the reasons why most Free Software operating systems are unixoid. The guidelines of the UNIX Philosophy allow you to get most "bang for the buck", so you can reach the most with the least effort.
So you have people building things like Pulseaudio or Wayland, which attempt to solve simple problems in a hard way, instead of, for example, extending the terminal standard to be able to make GUIs and audio. That way you could have remote audio and GUI without modifying ssh.
Slashdot Mirror
people. Mobile apps are now the area inexperienced people will start writing their first public code. Before that it was web design and before that it was writing Windows desktop applications.
Some of those people will then grow up and most likely leave that field, just as the mobile app environments are as shitty as the web design environments or the Windows desktop application ones.
They have a subsidiary named "Element Six" in which they produce and sell "artificial" diamonds for scientific purposes.
The most complex single pieces of code are of course web browsers. Those have grown so large that only a few corporations can just barely manage their development. However that's not really sophistication, given saner standards to implement, you could do exactly the same with a tiny fraction of code.
It's easy to just pile code on top of code, what's hard is to find sensible abstractions you can use to make the code simpler and easier to maintain.
... that those vulnerable parts of the router firmware typically aren't made by the router manufacturer. The manufacturer usually just reskins the web interface. That's why it's now common to have cross-model attacks on large percentages of the routers.
So you'd probably end up running virtually the same firmware as 90% of the rest. Price is no indication, BTW, as I've seen even expensive routers doing just that.
There's a German brand of routers/ATA/IAD/DECT-base/WLAN combined boxes called Fritz!Box. They don't use the web frontend provided by the chipset manufacturer so they use their own, which means that the bugs in 99% of other routers don't work there. Firmware updates regarding features are available for a few years, bugfixes even longer. Costs start at 30 Euros for a refurbished middle model and go up to >200 Euros for the top of the line models.
Other than that, use some Linux computer to build your own router.
The main bug in Thunderbird is that it supports HTML-Mail.
Looking though the linked article, I can say for sure that none of the GUIs in the screenshots would do it for me, as they apparently all support HTML.
Essentially you need to keep a separation between code and data. Data is something you can get from any source as dubious data will never be able to breach the security.
Code on the other hand are commands for your computer. Every new code you get onto your computer is a risk you take as it can be malevolent. Therefore you shouldn't take executing foreign code lightly. Ideally you only have your fixed set of programs which you can combine to use with data you get from everywhere.
Things like AppStores pervert that safety precaution. They act as if it was possible to have a secure system, yet download software written by dubious developers.
Sadly, we as a society seem to fall into the same trap over and over again, from Javascript to Active X. From Visual Basic for Applications to Appstores.
Which is even lower depending on the subjects, chances are high that if you just walk towards the gate, it'll open for you. After all that system will be optimized towards letting people through even if the match is not very accurate.
... at the current diplomatic climate, none of that data could hurt me. The far bigger problem is that that data is likely also stored at Facebook servers where administrations that could actually hurt me, can access it.
I mean most companies just waste money in IT. Usually companies just follow dogmas which have little to do with reality. That's why they spend lots of money on worthless security products... or software products claiming to improve productivity, but wasting more for most people.
I mean if I was trying to make a joke about a C++ developer making shell scripts, I'd have used something like that.
I mean seriously, you don't write built-in commands for that. You create a specialized language and write an interpreter for it. Once you have that, you can easily access it from the shell.
If those are the only limitations, 99,999% of all legacy Windows software will work on ARM.
This is off-topic, because you don't learn much from using a library or framework, except for perhaps that most of them are utterly useless.
Essentially if you follow that argument you'll get something like Web developers who often have no idea what they are doing, but do a lot of it. I've once asked the developer of a web app with a particularly anoying bug (you cannot copy text field, every time you select something, the selection will be empty again) why that bug even exists, after all web browsers allow that by default. He openly answered that he had no idea, he was just using a framework.
Yes, you can now easily click something together simpler than in the 1980s, but what have you learned then?
I mean seriously why do they even have their smartphones at work? Doesn't that go against virtually all sane rules on corporate security?
there are already agreements on that for decades, that wouldn't really make a difference.
We have learned that in Germany, where we went from one of the most modern data networks before we sold our phone company, down to something that's worse than in most eastern European countries.
However in the interest of balance. Here's a counter point claiming that private enterprise means competition and therefore democracy. And obviously the oil industry in the US is a prime example for this.
https://www.youtube.com/watch?...
... when you don't have the FreeDesktop or SystemD crowd, solving trivial projects in the most complex way to deal with weird use cases nobody has.
The Unix philosophy was meant to achieve a lot with little effort, and that's gradually getting lost on Linux.
Good "Open Source" funding leads to companies like Mozilla who, instead of trying to make the web better, mostly work on keeping the browser engine oligopoly alive.
A far better solution would be to have actual FOSS with the additional rule of being as simple as humanly possible. Simple code is shorter and therefore likely contains less errors. Less errors lead to less security critical errors. Also it's easier to maintain a 1k line program than a 20 Megaline program.
Considering that most things companies do are rather trivial, the far better way is to punish them for using overly complex solutions to their trivial problems.
I mean there are some simple and easy ways to increase security at any company. It boils down to not doing stupid things.
However many people have been trained to do stupid things like using Office Software, which is one of the main dangers at any company.
The Smartwatch market essentially is as dead as the smartphone market. Everyone is building more or less exactly the same device. The mass market hates innovation because it means risks.
Meanwhile there's some actual innovation in the field of home made smart watches. For example Travid Goodspeed's "GoodWatch"
https://github.com/travisgoods...
It runs for years with a single battery and has way better functionality than any commercial smartwatch. You even have a keyboard.
Because some people claim that there is some vague energy saving aspect to it.... which has never actually materialized.
France was the first EU country to introduce it in 1976 and Swiss was the last one in 1981. There were earlier attempts at it, but those were luckily only short lived.
People have much less ethical concerns to fool machines then they have with people. So people are going to try to trick the system much more often than they would with people there.
The obvious reason why rich people are doing it, is to blame poor people for being stupid. It's the only way they can bear with the fact that most, if not all, rich people are rich by pure chance or inheritance.
and typically such advice ends up saying that you only need to save $50 a day, then invest it at an interest rate of only 10% and you'll be a millionaire within a couple of decades, ignoring that interest rates are low and $50 a day is a lot of money for most people.
... as good software is simple enough to be written by a single person in their spare time. If your software projects require more and more people to join, just to keep up with fixing the bugs, you're doing something wrong.
This is the reasons why most Free Software operating systems are unixoid. The guidelines of the UNIX Philosophy allow you to get most "bang for the buck", so you can reach the most with the least effort.
So you have people building things like Pulseaudio or Wayland, which attempt to solve simple problems in a hard way, instead of, for example, extending the terminal standard to be able to make GUIs and audio. That way you could have remote audio and GUI without modifying ssh.