Seriously fuck that guy. I'm sure that if it wasn't him, some other unscrupulous douche would be in his place doing basically the same shit but he's the one here and now so fuck him and his abuse of the powerless.
A few bad apples don't spoil the bunch, but when most of them are rotten, you throw it away right?`
You are not using that metaphor correctly, pretty much completely backwards. The saying is, âoeeven a few bad apples will quickly ruin the whole barrel.â
If you click on a PDF in your browser and the result is a compromised system it is a browser vulnerability.
Not sure if/when internet explorer stopped using an adobe plugin to handle PDFs - best I can tell ie10 still required a plugin. Java is definitely a plugin in all browsers, I haven't had it installed on my systems for years.
(A) plugin vulnerabilities are not browser vulnerabilities, being separate from the browser is the entire point of plugins - both java programs and pdf are functional without a browser (B) firefox's (and chrome's) native pdf viewers require javascript to work, if ie has a native viewer I expect it too requires javascript
Block javascript and you might not be able to reach the part of the site that includes the exploit but making a % of the internet unreachable will obviously also "protect" you from a similar % of the exploits.
That is misleading at best - blocking an arbitrary % of the web does not translate into blocking an equivalent number of exploits, they aren't evenly distributed. Similarly when practically all browser vulnerabilities require javascript to be exploitable then disabling javascript is a very narrow change with a very broad effect.
Could it be they're trying to cut pirating / abuse as a business entity to raise license sales? Nah, it's a conspiracy to spite the users.. ya that's it.
Of course they don't intend to spite the users - nobody running a company ever puts fucking over their users as a business goal. It's disingenuous to suggest otherwise.
The problem happens when they forget to include "not fucking over users" as a business goal and so they end up doing just that as a side-effect of otherwise well-intentioned decisions.
Those are not browser vulnerabilities, those are system-wide vulnerabilities.
Furthermore those are where the vulnerability exists but it doesnt anything about whether or not javascript is part of the attack vector - as in if you blocked javascript the exploit couldn't get to the vulnerable part of the system.
For example if there was a vulnerability in the cookie handling part of the browser that let it over-write arbitrary files but it required javascript to generate the correctly named cookies in order to exploit that vulnerability. Not technically a bug in javascript but blocking javascript prevents anyone from using that attack.
But I'm not going to build an Ajax-y interface AND a static HTML interface (for free) to coddle people with nothing more than a distrust of JavaScript.
Something like 95% of the browser vulnerabilities over the last decade have had a dependency on javascript and that trend shows no sign of stopping. Seems like what you are actually doing is coddling the people with nothing more than a naive trust of javascript.
Samsung's stock took a 6% hit, or $10B in market cap lost, when it was RUMORED they were losing Apple chip contract last year:
Are you seriously trying to imply that the stock market in the short term is an objective measure of, well, anything other than the emotions of the participants?
The leaks seem to be coming out in a clever order, starting with the most credible.
Depends on your definition of "credible" - the idea that the NSA spies on non-citizens was not a secret, the particular methods and specific targets were official secrets, but it was basically the official reason for the existence of the organization.
That the NSA spies on citizens is a whole different concept, one that has been officially denied anytime there was an undocumented leak and had to be internally justified by essentially redefining words like changing "collect" to no longer mean "gather up" but instead to access from a database full of information that had already been gathered up.
now we have government officials on record lying about the extent of surveillance, over and over, just before backtracking to defend it.
Other than Clapper who outright lied to Congress before any of the Snowden Files were made public, what are you talking about? Did somebody say "we don't spy on the UN" in the last week or two?
Before he got recruited, he was a long time volunteer of Wikileaks which means he was probably in trouble with the law.
Not in Iceland where he lived - they lurv wikileaks there.
Since then he's got himself in trouble with the law in Iceland for stealing computer equipment from a retailer via fraud and for embezzlement by setting up a fraudulent webstore selling wikileaks branded t-shirts.
They are not doing their own crypto.... they are using TLS. Again, please read the actual documents.
Come on man that is barely relevant to what I said. I can't believe you got +5 informative for that glib drivel. There is more to the infrastructure than just TLS. If TLS was all there is to it then they wouldn't be doing anything new, would they?
the specification is open, the wire specification is open, the whole thing is open. If you don't trust Google's implementation then roll your own.
While I appreciate the sentiment, I think you are missing an important point - the specification itself could be deliberately flawed. Crypto is hard, and not just the math itself but all the infrastructure details. The number of people able to recognize a weak design (deliberate or not) is quite small. Probably a couple of orders smaller than the number of people able to re-implement a network protocol from specs.
Can't speak to the wine thing, does sound bogus, but the MLS in each city is essentially OWNED by the realtors, it is a private database. Hell the name "realtor" is a trademark of NAR - national association of realtors.
I do think we should have some sort of open MLS, I bet craigslist could make a dent there if they just beefed up the sophistication of their real-estate listings.
And people like Boeing, Raytheon, LockMart and the rest all love former military because of the domain knowledge.
They also love hiring former military because it plays well with the politicians that ultimately control their budgets.
I've worked a few defense gigs as a contractor and they were always sucking up - running food drives for military families and equipment collections for deployed soldiers - sending stuff like DVDs, insect repellent, socks, etc.
I thought it insulting - these billion dollar corps that exist almost purely to suck at the government teat running food drives for military families just to look like they "support the troops" -- how about using some of that lobbying power to lobby for better pay for the soldiers in the first place? Sorry, got a little off-topic - it was a pet peeve of mine while working at those places.
It's a new usage due to ignorance of the traditional usage. When a new usage is due to true novelty, that's one thing. When it's due to ignorance, as in this case, it should simply be corrected.
Nice in theory, but just as much tilting at windmills as complaining about any other new definition. Words change meaning whenever enough people use them to indicate the new meaning. The relationship of the new meaning to the old doesn't matter, what matters is how widespread the usage is.
Really, I'm right there with you on this modern usage, I find it particularly irritating because it is not just a new usage it is basically the exact opposite of the historical meaning. But language changes no matter how much we might wish it to stay the same.
Just remember that every time you press the "Preview" button before posting, you're using Javascript screwing around in the DOM.
Not those of us who use noscript. Admittedly, slashdot has made some very anti-noscript design decisions in recent years - in some cases instead of employing graceful degradation they've opted for "screw you" degradation - but it's stil mostly usable without javascript.
Slashdot Mirror
Seriously fuck that guy. I'm sure that if it wasn't him, some other unscrupulous douche would be in his place doing basically the same shit but he's the one here and now so fuck him and his abuse of the powerless.
A few bad apples don't spoil the bunch, but when most of them are rotten, you throw it away right?`
You are not using that metaphor correctly, pretty much completely backwards.
The saying is, âoeeven a few bad apples will quickly ruin the whole barrel.â
If you click on a PDF in your browser and the result is a compromised system it is a browser vulnerability.
Not sure if/when internet explorer stopped using an adobe plugin to handle PDFs - best I can tell ie10 still required a plugin. Java is definitely a plugin in all browsers, I haven't had it installed on my systems for years.
(A) plugin vulnerabilities are not browser vulnerabilities, being separate from the browser is the entire point of plugins - both java programs and pdf are functional without a browser
(B) firefox's (and chrome's) native pdf viewers require javascript to work, if ie has a native viewer I expect it too requires javascript
Block javascript and you might not be able to reach the part of the site that includes the exploit but making a % of the internet unreachable will obviously also "protect" you from a similar % of the exploits.
That is misleading at best - blocking an arbitrary % of the web does not translate into blocking an equivalent number of exploits, they aren't evenly distributed. Similarly when practically all browser vulnerabilities require javascript to be exploitable then disabling javascript is a very narrow change with a very broad effect.
Could it be they're trying to cut pirating / abuse as a business entity to raise license sales? Nah, it's a conspiracy to spite the users.. ya that's it.
Of course they don't intend to spite the users - nobody running a company ever puts fucking over their users as a business goal. It's disingenuous to suggest otherwise.
The problem happens when they forget to include "not fucking over users" as a business goal and so they end up doing just that as a side-effect of otherwise well-intentioned decisions.
Actually *several* orders of magnitude would make it at least $199,000 or $299,000.
This is slashdot, we use base 2, not base 10.
Those are not browser vulnerabilities, those are system-wide vulnerabilities.
Furthermore those are where the vulnerability exists but it doesnt anything about whether or not javascript is part of the attack vector - as in if you blocked javascript the exploit couldn't get to the vulnerable part of the system.
For example if there was a vulnerability in the cookie handling part of the browser that let it over-write arbitrary files but it required javascript to generate the correctly named cookies in order to exploit that vulnerability. Not technically a bug in javascript but blocking javascript prevents anyone from using that attack.
But I'm not going to build an Ajax-y interface AND a static HTML interface (for free) to coddle people with nothing more than a distrust of JavaScript.
Something like 95% of the browser vulnerabilities over the last decade have had a dependency on javascript and that trend shows no sign of stopping. Seems like what you are actually doing is coddling the people with nothing more than a naive trust of javascript.
ActiveX was actually smart in the way that it executed fast native code instead of slow interpreted Javascript.
Yeah, smart like in the way it is smart to give a gun to the guy mugging you with a his bare hands.
I'm sure the cash you're holding is just a bunch of emotions too. Let me guess, you love it so much that you wouldn't want to give them to me.
Yeah, that pretty much sums it up. You got some other interpretation?
But to suggest that it's 100% emotions is just silly.
I do believe it is 100% emotions - economics itself is just a branch of psychology.
However, not all emotions are wrong, I just think they aren't an accurate tool, one way or the other, to evaluate the fundamentals of a company.
Samsung's stock took a 6% hit, or $10B in market cap lost, when it was RUMORED they were losing Apple chip contract last year:
Are you seriously trying to imply that the stock market in the short term is an objective measure of, well, anything other than the emotions of the participants?
The leaks seem to be coming out in a clever order, starting with the most credible.
Depends on your definition of "credible" - the idea that the NSA spies on non-citizens was not a secret, the particular methods and specific targets were official secrets, but it was basically the official reason for the existence of the organization.
That the NSA spies on citizens is a whole different concept, one that has been officially denied anytime there was an undocumented leak and had to be internally justified by essentially redefining words like changing "collect" to no longer mean "gather up" but instead to access from a database full of information that had already been gathered up.
now we have government officials on record lying about the extent of surveillance, over and over, just before backtracking to defend it.
Other than Clapper who outright lied to Congress before any of the Snowden Files were made public, what are you talking about? Did somebody say "we don't spy on the UN" in the last week or two?
You seem to have redacted the Kardashians. No-one of intelligence cares what they have to say.
That's because they are actually spooks fulfilling the role of "circus" as in "bread and circuses."
Alta la vista Baby!
Or something like that...
Before he got recruited, he was a long time volunteer of Wikileaks which means he was probably in trouble with the law.
Not in Iceland where he lived - they lurv wikileaks there.
Since then he's got himself in trouble with the law in Iceland for stealing computer equipment from a retailer via fraud and for embezzlement by setting up a fraudulent webstore selling wikileaks branded t-shirts.
We move to three biological genders: male, female, and unaffiliated
Hijra?
They are not doing their own crypto.... they are using TLS. Again, please read the actual documents.
Come on man that is barely relevant to what I said. I can't believe you got +5 informative for that glib drivel. There is more to the infrastructure than just TLS. If TLS was all there is to it then they wouldn't be doing anything new, would they?
the specification is open, the wire specification is open, the whole thing is open. If you don't trust Google's implementation then roll your own.
While I appreciate the sentiment, I think you are missing an important point - the specification itself could be deliberately flawed. Crypto is hard, and not just the math itself but all the infrastructure details. The number of people able to recognize a weak design (deliberate or not) is quite small. Probably a couple of orders smaller than the number of people able to re-implement a network protocol from specs.
Can't speak to the wine thing, does sound bogus, but the MLS in each city is essentially OWNED by the realtors, it is a private database. Hell the name "realtor" is a trademark of NAR - national association of realtors.
I do think we should have some sort of open MLS, I bet craigslist could make a dent there if they just beefed up the sophistication of their real-estate listings.
And people like Boeing, Raytheon, LockMart and the rest all love former military because of the domain knowledge.
They also love hiring former military because it plays well with the politicians that ultimately control their budgets.
I've worked a few defense gigs as a contractor and they were always sucking up - running food drives for military families and equipment collections for deployed soldiers - sending stuff like DVDs, insect repellent, socks, etc.
I thought it insulting - these billion dollar corps that exist almost purely to suck at the government teat running food drives for military families just to look like they "support the troops" -- how about using some of that lobbying power to lobby for better pay for the soldiers in the first place? Sorry, got a little off-topic - it was a pet peeve of mine while working at those places.
Does this really signal a growing shift?
The shift already happened a few years back when all RSA SecureID tokens were compromised.
What happened here with Opera is small potatoes compared to the SecureID fiasco.
It's a new usage due to ignorance of the traditional usage. When a new usage is due to true novelty, that's one thing. When it's due to ignorance, as in this case, it should simply be corrected.
Nice in theory, but just as much tilting at windmills as complaining about any other new definition. Words change meaning whenever enough people use them to indicate the new meaning. The relationship of the new meaning to the old doesn't matter, what matters is how widespread the usage is.
Not So Fast.
Really, I'm right there with you on this modern usage, I find it particularly irritating because it is not just a new usage it is basically the exact opposite of the historical meaning. But language changes no matter how much we might wish it to stay the same.
Just remember that every time you press the "Preview" button before posting, you're using Javascript screwing around in the DOM.
Not those of us who use noscript. Admittedly, slashdot has made some very anti-noscript design decisions in recent years - in some cases instead of employing graceful degradation they've opted for "screw you" degradation - but it's stil mostly usable without javascript.
So, is Smith & Wesson responsible for people in certain areas using guns as a currency?
Forget guns, how about holding Proctor & Gamble responsible Tide Detergent being a drug currency!