I don't think so. Look at what they do today: They still only have search and ads, the rest is just toy projects, or failed or a massive nightmare like Android due to bad management practices. They will hire problem solvers, but as soon as you also bring experience and larger insights to the table, their process fails. I did not get hired by them in 2008, (apparently partly due to economic reasons, as I had applied on the request of a friend that wanted me for his team) and in retrospect, I think that was a good thing. They kept pestering me for a few years afterwards, until I told them that sure, I would interview with them again and that my daily rate for that was $1500. That finally got the message across.
You must be one of those nil-whits that think harsher penalties, putting everybody in prison that does not agree with your world-view. etc. actually works. It does not. Ignoring reality is a sure way to make things worse though.
Or maybe not so smart, because then they pay nothing. This way the pay for the content. Partitioning the world for the purpose of selling content separately is just artificial scarcity and, at best, an anti-capitalist thing to do.
As long as the old ones are working well because security costs money and hence universally sucks...
Do not forget that DDoS is only possible because so many people run poorly secured computers. If it were expensive to hack computers, DDoS-based extortion would not pay off. These people are like the flea that settle in when hygiene is poor. They are a symptom, not the real problem.
Not when there is no way to make a living at that "safe" place. And once on the move, it is far easier to keep running. Also remember that the politicos need to stop them at the outer EU border. Stopping them at the German or Swedish border makes things even worse.
The real problem is that unless you want mine-fields and are prepared to gun down people en-mass, there is no effective way of stopping this. Just look at what these people are running from.
This must be a combination of somebody really messing up (allowing experimental and enabled code into a production release) and somebody asking for it, either because of stupidity or because of malicious intent.
No reason to dump OpenSSH, the project has an excellent security track record. And they found this and patched it very fast. But they have some explaining to do and they need to make sure something like this does not happen again.
Only two options: 1. extreme stupidity coupled with completely unprofessional behavior or 2. malicious intent. This is just far too nice and works too well with the recently discovered backdoors in Firewalls (which are devices you would use SSH to log into) to be an accident IMO. Finger-pointing with evidence is pretty much a must at this point.
I.e. as an intentional attack against the OpenSSH project. First, nobody in any halfway professionally run project deploys experimental code to to production, especially when said code does nothing because the server-side implementation is missing. Activating it per default is also extremely suspicious. And second, the last backdoors found in firewalls are in devices that you typically would use SSH to log in to, i.e. these devices could attack their users, extract the users private keys and then check for password-less SSH being possible to other devices these users control.
What the OpenSSH project needs to be doing now is explain in detail who put that code in there, how it came to be deployed and how it came to be on by default despite it clearly being an experimental feature. They need to identify at least one person or one contributing entity of either extreme stupidity or of malicious intent. And then they need to take steps to make sure this does not happen again.
OpenSSH has an excellent security track record, lets hope this is an isolated incident. Because if OpenSSH falls, most of the Internet infrastructure falls right after it.
Most people that find vulnerabilities want to tell the manufacturer. But after a long history of being ignored or even being threatened, many have reverted to giving the corporations responsible a fixed, short time to fix things, because otherwise nothing happens. Giving time more time just makes them drag their feet, because fixing vulnerabilities costs money. Those complaining here are at the very root of the problem. I should also point out that this corporate fuck-up has been going on for a few decades now.
Quite a few people are not on Facebook, Twitter, etc. It would also be _hugely_ unprofessional to do any job-related communication over such a venue.
This is just the usual bullshit from people that get starry-eyes when fantasizing how the future will be, but have no clue how reality actually works. Basically the only old global communication channel that has vanished is the telegram. And there are services in many countries that will print out an email and deliver it to the target address for a fee. So, really, complete nonsense.
Seriously, any actual security expert has been expecting things like this for a long time. The only explanation that makes sense for so few of these being found is that most vendors do not go looking in the first place...
And then they are out of a job and purpose in life. Made obsolete by technology. I feel sad for them.
Yes, that is about the level of respect that idea deserves. Sure, somebody will do it eventually, but the danger here is "car", not "self driving" and society has decided to accept it a long, long time ago.
The concentrated stupid of your posting is the only danger here. From the document you link:
Orally, potassium chloride is toxic in excess; the LD50 is around 2.5 g/kg (meaning that a lethal dose for 50% of people weighing 75 kg (165 lb) is about 190 g (6.7 ounces)). The oral toxicity of sodium chloride (table salt) is about the same, 3.75 g/kg. Thus potassium chloride is harmless for alimentation (and even good for health, see previous paragraph). But intravenously, without the step of digestive absorption, this is reduced to just over 30 mg/kg.
That still means you have to pump a 75kg person (not large) full of 2.25g (almost all 10ccs in solution) to get a 50% death rate and that is without medical attention and you have to hit a vein (because that is what "intravenously" means). Not a credible threat. I also would also very much expect the target to indeed start screaming and panic if stuck with a large needle without warning. The countermeasure is simple though: Just rip out the needle immediately.
I disagree. The purpose of this "war" obviously was never to be won (because it cannot, just like the now over 100 years of the "war on drugs"), but to keep the fear in the US population and the west in general alive. This serves several purposed. For one, a population in fear is easy to govern. It also serves to blow up the budget for organizations like the DHS, the TSA, the NSA, etc. All these organizations are primarily in love with power and money, their actual duty, namely to server the US population, comes a distant second if they remember it at all. And the "war on terror" has one other desired effect: It keeps validation for the actual terrorists up. It keeps them motivated, it allows for easy recruitment (David vs. Goliath Effect, nobody likes a bully) and it keeps them funded. Because the worst thing you can do to a terrorist organization is to not take them seriously and the absolute, unmitigated best thing for them is to style them as some sort of great threat. That makes them feel really important and bad-ass.
Now I submit that the people that orchestrate this "war" on terror do not all know this, but they will either be dumb or they will understand very well what they are doing. Both kinds are a serious danger to western values, as exemplified by, for example, universal snooping and reduction of freedoms. In comparison to the severe damage these people have done and continue to do, all the things the terrorists have managed look puny and unimportant.
And that is exactly what reality looks like: Terrorism is not a relevant threat in the west, unless a power-hungry political class, a press serving them and a population that does not get it makes it one. The mechanism at work here is that a population in fear is easy to rule, as a population in fear is dumb.
Ah, yes. Classical social-Darwinism. Still as repulsive and despicable as ever. You probably also think anybody who smokes, drinks alcohol and eats fat or sugar should be barred from medical care.
Nice side-fact: Driving to the doctor for any reason has death as a possible side-effect. The question is always about the probabilities and 95% or so of the population is not able to estimate them. If the start do to amateur medical statistics, chances are they will do much more harm than good.
Baseless insults that ignore reality will not make you systemd-fanatics any friends. Even though ignoring reality is how you have operated the whole time, others may actually have some real understanding of what is going on.
I don't think so. Look at what they do today: They still only have search and ads, the rest is just toy projects, or failed or a massive nightmare like Android due to bad management practices. They will hire problem solvers, but as soon as you also bring experience and larger insights to the table, their process fails. I did not get hired by them in 2008, (apparently partly due to economic reasons, as I had applied on the request of a friend that wanted me for his team) and in retrospect, I think that was a good thing. They kept pestering me for a few years afterwards, until I told them that sure, I would interview with them again and that my daily rate for that was $1500. That finally got the message across.
You must be one of those nil-whits that think harsher penalties, putting everybody in prison that does not agree with your world-view. etc. actually works. It does not. Ignoring reality is a sure way to make things worse though.
Or maybe not so smart, because then they pay nothing. This way the pay for the content. Partitioning the world for the purpose of selling content separately is just artificial scarcity and, at best, an anti-capitalist thing to do.
As long as the old ones are working well because security costs money and hence universally sucks...
Do not forget that DDoS is only possible because so many people run poorly secured computers. If it were expensive to hack computers, DDoS-based extortion would not pay off. These people are like the flea that settle in when hygiene is poor. They are a symptom, not the real problem.
Not when there is no way to make a living at that "safe" place. And once on the move, it is far easier to keep running. Also remember that the politicos need to stop them at the outer EU border. Stopping them at the German or Swedish border makes things even worse.
The real problem is that unless you want mine-fields and are prepared to gun down people en-mass, there is no effective way of stopping this. Just look at what these people are running from.
This must be a combination of somebody really messing up (allowing experimental and enabled code into a production release) and somebody asking for it, either because of stupidity or because of malicious intent.
No reason to dump OpenSSH, the project has an excellent security track record. And they found this and patched it very fast. But they have some explaining to do and they need to make sure something like this does not happen again.
Not comparable.
Only two options: 1. extreme stupidity coupled with completely unprofessional behavior or 2. malicious intent. This is just far too nice and works too well with the recently discovered backdoors in Firewalls (which are devices you would use SSH to log into) to be an accident IMO. Finger-pointing with evidence is pretty much a must at this point.
I.e. as an intentional attack against the OpenSSH project. First, nobody in any halfway professionally run project deploys experimental code to to production, especially when said code does nothing because the server-side implementation is missing. Activating it per default is also extremely suspicious. And second, the last backdoors found in firewalls are in devices that you typically would use SSH to log in to, i.e. these devices could attack their users, extract the users private keys and then check for password-less SSH being possible to other devices these users control.
What the OpenSSH project needs to be doing now is explain in detail who put that code in there, how it came to be deployed and how it came to be on by default despite it clearly being an experimental feature. They need to identify at least one person or one contributing entity of either extreme stupidity or of malicious intent. And then they need to take steps to make sure this does not happen again.
OpenSSH has an excellent security track record, lets hope this is an isolated incident. Because if OpenSSH falls, most of the Internet infrastructure falls right after it.
Most people that find vulnerabilities want to tell the manufacturer. But after a long history of being ignored or even being threatened, many have reverted to giving the corporations responsible a fixed, short time to fix things, because otherwise nothing happens. Giving time more time just makes them drag their feet, because fixing vulnerabilities costs money. Those complaining here are at the very root of the problem. I should also point out that this corporate fuck-up has been going on for a few decades now.
Quite a few people are not on Facebook, Twitter, etc. It would also be _hugely_ unprofessional to do any job-related communication over such a venue.
This is just the usual bullshit from people that get starry-eyes when fantasizing how the future will be, but have no clue how reality actually works. Basically the only old global communication channel that has vanished is the telegram. And there are services in many countries that will print out an email and deliver it to the target address for a fee. So, really, complete nonsense.
Seriously, any actual security expert has been expecting things like this for a long time. The only explanation that makes sense for so few of these being found is that most vendors do not go looking in the first place...
And then they are out of a job and purpose in life. Made obsolete by technology. I feel sad for them.
Yes, that is about the level of respect that idea deserves. Sure, somebody will do it eventually, but the danger here is "car", not "self driving" and society has decided to accept it a long, long time ago.
The concentrated stupid of your posting is the only danger here. From the document you link:
Orally, potassium chloride is toxic in excess; the LD50 is around 2.5 g/kg (meaning that a lethal dose for 50% of people weighing 75 kg (165 lb) is about 190 g (6.7 ounces)). The oral toxicity of sodium chloride (table salt) is about the same, 3.75 g/kg. Thus potassium chloride is harmless for alimentation (and even good for health, see previous paragraph). But intravenously, without the step of digestive absorption, this is reduced to just over 30 mg/kg.
That still means you have to pump a 75kg person (not large) full of 2.25g (almost all 10ccs in solution) to get a 50% death rate and that is without medical attention and you have to hit a vein (because that is what "intravenously" means). Not a credible threat. I also would also very much expect the target to indeed start screaming and panic if stuck with a large needle without warning. The countermeasure is simple though: Just rip out the needle immediately.
Our war on terror has been a fiasco.
I disagree. The purpose of this "war" obviously was never to be won (because it cannot, just like the now over 100 years of the "war on drugs"), but to keep the fear in the US population and the west in general alive. This serves several purposed. For one, a population in fear is easy to govern. It also serves to blow up the budget for organizations like the DHS, the TSA, the NSA, etc. All these organizations are primarily in love with power and money, their actual duty, namely to server the US population, comes a distant second if they remember it at all. And the "war on terror" has one other desired effect: It keeps validation for the actual terrorists up. It keeps them motivated, it allows for easy recruitment (David vs. Goliath Effect, nobody likes a bully) and it keeps them funded. Because the worst thing you can do to a terrorist organization is to not take them seriously and the absolute, unmitigated best thing for them is to style them as some sort of great threat. That makes them feel really important and bad-ass.
Now I submit that the people that orchestrate this "war" on terror do not all know this, but they will either be dumb or they will understand very well what they are doing. Both kinds are a serious danger to western values, as exemplified by, for example, universal snooping and reduction of freedoms. In comparison to the severe damage these people have done and continue to do, all the things the terrorists have managed look puny and unimportant.
And that is exactly what reality looks like: Terrorism is not a relevant threat in the west, unless a power-hungry political class, a press serving them and a population that does not get it makes it one. The mechanism at work here is that a population in fear is easy to rule, as a population in fear is dumb.
Ah, yes. Classical social-Darwinism. Still as repulsive and despicable as ever. You probably also think anybody who smokes, drinks alcohol and eats fat or sugar should be barred from medical care.
The root cause is people having sex. If you think you can stop that, then you are utterly retarded.
Nice side-fact: Driving to the doctor for any reason has death as a possible side-effect. The question is always about the probabilities and 95% or so of the population is not able to estimate them. If the start do to amateur medical statistics, chances are they will do much more harm than good.
I suggest you stop eating and breathing as well. That will make the rest of us much, much safer.
Because you are not very smart and have overlooked a couple of important drawbacks of Win10?
You forget that you are the product. The Win10 downgrade being free made that amply clear.
Baseless insults that ignore reality will not make you systemd-fanatics any friends. Even though ignoring reality is how you have operated the whole time, others may actually have some real understanding of what is going on.
"Self stealing", indeed. Nice! I predict that it will take far longer than 10 years to make this sufficiently secure.