... BASH and OpenSSL are more key infrastructure bits than Xen is. What I mean is that they are integrated into FAR more devices and systems making a silent patch nearly impossible.
Quite correct.
.
Just try to estimate the number of devices affected by Heartbleed and Shellshock. It's probably in the billions.
As a case in point, a single Zen installation can host hundreds, maybe even thousands, of vulnerable installations of Shellshock and Heartbleed.
When Bruce Perens was getting questions from slashdot, I asked whether Obamacare should have mandated the use of open source software....
Easy to ask, difficult to do.
.
Obamacare barely passed when Congress considered it. If such an open-source requirement were in the law, then lobbyists from EPIC-type companies would be all over Congress, and Obamacare would have never passed.
Companies pay lobbyists to make sure Congress passes laws that put money into the companies' coffers. Things like cost-efficiency are not part of that equation.
The iPhone 6 Plus, the iPhone 6, and the HTC one (M8) have abnormally low resistance for bending forces (less than 90 pounds).
.
While the iPhone 5, the LG G3, and the Samsung Galaxy Note 3 are much better in this regard (all >= 130 pounds), with the Samsung Galaxy Note 3 at the top of the tests with 150 pounds.
If you plan to develop for more than one platform, keep in mind that the greatest amount of effort will be expended as you port the single-platform app to the second platform.
.
So, as the parent suggests, start from the beginning targeting multi-platform in your design stages. A small amount of extra effort in the beginning will save you a large amount of work down the road. And your apps will be less buggy.
... "I like and believe very much that we should have to obtain a warrant from an independent judge to be able to take the contents," FBI Director James Comey told reporters....
Unfortunately his statement is not reflective of the government's behavior over the past few years.
.
If the government had obtained warrants when they wanted to browse through peoples' emails and conversations (on the phone, on the network, or in the datacenter), then I doubt if google and apple would have seen the need to take this step.
Outside of malicious HTTP headers landing in environment variable in CGI land, I'm hard pressed to think of another reasonable vector for this bug to be a problem...
This blog post mentions php, c++, python, et alia, as another attack vector.
This means that web apps written in languages such as PHP, Python, C++, or Java, are likely to be vulnerable if they ever use libcalls such as popen() or system(), all of which are backed by calls to/bin/sh -c '...'. There is also some added web-level exposure through #!/bin/sh CGI scripts, calls in SSI, and possibly more exotic vectors such as mod_ext_filter.
I've been noticing a trend in many of the articles that make it to the front page here. The trend is towards more inflammatory political-oriented articles that have little or only a marginal relation to technology.
.
Maybe after the failed site redesign, the new owners are trying to increase page hits by turning/. into a drudge-like site with lots of misleading headlines.
Good to see the udev functionality being removed. Not only was its functionality irrelevant to the purpose of the code that subsumed it, udev apparently introduced too many other issues inappropriate for a PID=1 process.
Don't forget temperature survival. Yeah, I mentioned EMP, but there are also other environmental attacks that must be diverted, such as temperature, and water. Shielding won't prevent something from melting.
.
It's the end of the world, how will you save your data?
The size of the IPO is bantered about in US$. Ten years ago, the IPOs were worth less in the US$ of that time.
.
It is the same reason that Hollywood always touts dollar amount of ticket sales and not the number of tickets sold. With the ever increasing ticket prices, ticket sales will always increase, even if the number of ticket sales remains the same. If you take into account inflation, Gone With The Wind (1939) is the largest grossing movie.
IPOs are subject to a similar inflationary hype. This is the same Wall Street that crashed the world economy a few years back. They want to make it appear as if everyone is farting sunshine and rainbows so Main Street will start sending money to Wall Street once again.
I sure am happy that I stopped using the Agnitum Outpost firewall on my PCs a few months back. I didn't like having Russian-developed software in such a critical spot on my PCs, especially with Mr. Putin's irrational sabre-rattling. Now, with the possibility of Russia being taken off the internet, my decision looks even better.
It appears that U2 and Apple are proposing an interactive album format that combines the music of a record album with the interactivity of a video game.
.
Or to phrase it differently, it appears that U2 and Apple are proposing to make music more prominent in video games.
Slashdot Mirror
... BASH and OpenSSL are more key infrastructure bits than Xen is. What I mean is that they are integrated into FAR more devices and systems making a silent patch nearly impossible.
Quite correct.
.
Just try to estimate the number of devices affected by Heartbleed and Shellshock. It's probably in the billions.
As a case in point, a single Zen installation can host hundreds, maybe even thousands, of vulnerable installations of Shellshock and Heartbleed.
It is truly an apples and oranges comparison.
When Bruce Perens was getting questions from slashdot, I asked whether Obamacare should have mandated the use of open source software....
Easy to ask, difficult to do.
.
Obamacare barely passed when Congress considered it. If such an open-source requirement were in the law, then lobbyists from EPIC-type companies would be all over Congress, and Obamacare would have never passed.
Companies pay lobbyists to make sure Congress passes laws that put money into the companies' coffers. Things like cost-efficiency are not part of that equation.
... that the gravitational constant is not a constant!?!?!?
.
Microsoft will be the sole collector and interpreter of the data.
Microsoft will release information about the data collected only when such information justifies what Microsoft had wanted to do anyway.
Why would Tor want to work with a browser whose market share is in decline?
... For all we know 20lbs is fine.
Apparently, 20 pounds is not fine.
.
While the iPhone 5, the LG G3, and the Samsung Galaxy Note 3 are much better in this regard (all >= 130 pounds), with the Samsung Galaxy Note 3 at the top of the tests with 150 pounds.
.
So, as the parent suggests, start from the beginning targeting multi-platform in your design stages. A small amount of extra effort in the beginning will save you a large amount of work down the road. And your apps will be less buggy.
.
It looks like me as little more than fanboi cheerleading.
What's going on here?
... a pronounceable name for the PostgreSQL software, one that does not require a FAQ entry to instruct in the correct pronunciation.
... "I like and believe very much that we should have to obtain a warrant from an independent judge to be able to take the contents," FBI Director James Comey told reporters. ...
Unfortunately his statement is not reflective of the government's behavior over the past few years.
.
If the government had obtained warrants when they wanted to browse through peoples' emails and conversations (on the phone, on the network, or in the datacenter), then I doubt if google and apple would have seen the need to take this step.
Outside of malicious HTTP headers landing in environment variable in CGI land, I'm hard pressed to think of another reasonable vector for this bug to be a problem...
This blog post mentions php, c++, python, et alia, as another attack vector.
This means that web apps written in languages such as PHP, Python, C++, or Java, are likely to be vulnerable if they ever use libcalls such as popen() or system(), all of which are backed by calls to /bin/sh -c '...'. There is also some added web-level exposure through #!/bin/sh CGI scripts, calls in SSI, and possibly more exotic vectors such as mod_ext_filter.
I've already seen a few of these scans so far today.
...And what does it have to do with technology?
I've been noticing a trend in many of the articles that make it to the front page here. The trend is towards more inflammatory political-oriented articles that have little or only a marginal relation to technology.
. /. into a drudge-like site with lots of misleading headlines.
Maybe after the failed site redesign, the new owners are trying to increase page hits by turning
Good to see the udev functionality being removed. Not only was its functionality irrelevant to the purpose of the code that subsumed it, udev apparently introduced too many other issues inappropriate for a PID=1 process.
.
It's the end of the world, how will you save your data?
.
Will a CD-ROM survive at 400 degrees Fahrenheit? Punch cards and rocks will.
What other storage medium, besides rock carving, can survive an EMP blast?
.
It is the same reason that Hollywood always touts dollar amount of ticket sales and not the number of tickets sold. With the ever increasing ticket prices, ticket sales will always increase, even if the number of ticket sales remains the same. If you take into account inflation, Gone With The Wind (1939) is the largest grossing movie.
IPOs are subject to a similar inflationary hype. This is the same Wall Street that crashed the world economy a few years back. They want to make it appear as if everyone is farting sunshine and rainbows so Main Street will start sending money to Wall Street once again.
Be afraid, be very afraid.
... and doubleclick in particular, do not get past my firewall. Among the reasons I block 'em is this malware distribution issue.
.
Don't fight it. Look at it as growing in a different direction.
Institute a low cap on monthly data consumption, then watch who hits the cap.
I sure am happy that I stopped using the Agnitum Outpost firewall on my PCs a few months back. I didn't like having Russian-developed software in such a critical spot on my PCs, especially with Mr. Putin's irrational sabre-rattling. Now, with the possibility of Russia being taken off the internet, my decision looks even better.
.
Or to phrase it differently, it appears that U2 and Apple are proposing to make music more prominent in video games.