Sure, LastPass may do everything is done on the local device - but it's done with a non-open-source app that they distribute. So we can just trust them that they would never ever do anything with my passwords.
A fantastic solution, which works fantastically for me, is KeePass + Syncthing (or you can use KeePass + DropBox/Box/anything). My password database file is distributed across all the devices which use it by Syncthing. I happen to control the communication path end-to-end with a hosted virtual server (which I have anyway for my web site, mail, and DNS server), but even so I still use a password + key file with the KeePass database so that the database is essentially useless if it's intercepted. The key file is never ever transmitted over any network. KeePass is also great for storing all my bank account and credit card numbers and photo ID (since you can attach images to an entry in the database), so as long as I have my phone I have all my ID as well. If I were ever to lose my phone the database's password is strong enough to stand up to strenuous brute force long enough for me to change all my passwords. Getting my credit cards reissued would be a pain, but is a trade off I'm willing to accept for the convenience of easy access to everything in the few times I forget my wallet at home.
You and the other three grad students whose theses are, coincidentally, on various aspects of the use of TeX. Well, them and that one who is writing about Stockholm Syndrome. Incidentally, when that last paper is finished, you need to read it.
I often get grouped in with millennials
No you don't. No, really, you don't. Given the above quote it is evident to...well... everyone else that any use of the word millennial with you anywhere near the subject is either undetected sarcasm or attempts at comforting you.
For pity's sake, are you new? Hacking and phreaking (which is a word put together from phone hacking) were terms applied to radio, telegraphy, and telephony long before computers. Where do you think the term came from? It's from cutting into communications - sometimes it involved physically cutting into the wires, sometimes it involved cutting into signals. Hence the word "hack". One would find a myriad of ways to piggyback onto transcontinental radio and telegraphy.
Take your two minutes of rage and face it into a mirror.
They use "linked to" in the very broadest sense. There are less than a hundred major fossil fuel producers in the world, so of course it's "linked" to them. It's not like they are burning it though. It's not like we can just change 100 companies and remove more than half the greenhouse emissions. That's like saying because 70% of the world's greenhouse emissions are produced by 20 countries that it means 70% of the world's greenhouse emissions are linked to only 20 people (the current heads of state for those countries).
Is it just me, or is investing in a new used anything sale site, social media app, or anything tracker particularly risky? Seriously, anyone who hands over money to someone who says "I've got this great idea for a web site that'll kill Facebook", or (in this day and age) says "people are going to pay me money to put a device in their room that watches them sleep" deserves to flush that money down the toilet.
The genius of the startups certainly isn't in their ideas. Its in finding VC funders who have that much money and that little sense. That has to be a damn small window.
Yes. On most benchmarks nowadays you can publicly post your results. Part of those results is the hardware and software configuration of your system. Its not rigorously statistical, but benchmark programs that publicly post results have long been used for mining data on OS, CPU, and and computer manufacturer marketshare trends.
The fact that AMD is picking up marketshare so quickly isn't really surprising. Ever since the first Athlons beat the pants off of Intel, AMD has been the one the nerds root for. First of all Intel has a reputation for being microsoft-style predatory. Secondly, Athlon and then the AMD64 instruction set was innovative with an elegance that had a lot of nerd appeal. It looked for a while, though, that AMD weren't going to turn it around. I was worried they were destined to end up like Cyrix. I was excited to hear they had something in the pipeline that would make them competitive again, and even maybe market leaders. I'm pretty sure I'm not the only one who would like to see AMD take off.
openssl ca -cert ourcertificate.crt -keyfile ourkey.key -in request.csr -out issuedcertificate.crt
It's not magic. It's actually pretty easy. In fact, if anything, they will be ripping out functionality. Since openssl (which they are almost assuredly using on the back end) doesn't give a wet snap about wildcard domains, they will have had to make their UI filter them out. Any one of us could do the UI change in a day.
No, the lead-in time isn't technical, it's likely marketing. Wildcard certificates are the one thing we all want - I get mine from cacert, which is less than ideal considering they have been dragging their feet for years. They are using that demand to generate revenue (donations). So they give a six month lead in, increase the hype, gives time to get the word out and whet people's appetite.
Can't wait for this to be exported? China's surveillance? Good Lord, have you seen the number of cameras in the UK? There are more cameras per capita and square meter there than anywhere else in the world. Between that and ANPR, you can't move without the government knowing about it. It's absolutely frightening.
He wasn't mucking about with prod, per se. He was following the instructions he was given for creating a sandbox copy of prod, and those instructions at one point had an example login he was supposed to replace, and that example login was a valid admin login for prod. He used the example login, admitedly by mistake, and ran the scripts that were supposed to scrub the database and give him an empty sandbox copy of the prod db structure to play with. Those scripts, however, because of that bad example login, ended up running on the real prod with actual admin access. Small mistake on his part. Huge mistake on the documentation's part.
Despite the number of catastrophic failures of the system, they fired him. Likely so the CTO could go and claim it was malice or vandalism on the part of the new hire, instead of owning that they had documentation that included admin prod access as their example.
What I find is interesting, is that despite what this company has done to him, he has never once named them. This is an example in loyalty, professionalism and discretion that is rare today. I would hire him in a heartbeat. I want that kind of professionalism.
Some software just won't run in a 64 bit environment, regardless of WoW64 and thunking. Most of the software that is the most rigidly tied to a 32 bit environment is the kind of software that is also the most mission critical. The kind of software that operates radar ARPAs, hospital respirators, navigation systems, and MRIs. Apple, as pretty as it is, just doesn't have the presence in the industrial side of things that Microsoft does - in fact they don't have any industrial presence to speak of. As a desktop only computer, they are more free to adopt new OS features that render old software incompatible. Many beloved programs from the past have been rendered inoperable by a MacOS upgrade. While inconvenient for the user, it is hardly catastrophic.
Now, no one is going to perform an OS upgrade on an existing MRI of course. But there are many reasons why an MRI vendor would want to bring out a new model with a new (perhaps more secure) version of Windows, but where the software is still tied to 32 bit. Industrial software is far less agile. You just can't recompile for 64 bit, it has to go through very strict verification and rigid change control. That kind of process takes years, and costs far more than most software porting. What about that 80 year old who has had a forgotten metal bit in his shoulder for 40 years who is put into an MRI to have that bit forcibly ripped out of his body by because the magnetic flux feedback detection didn't work properly when the 32-bit driver for it was mis-ported to 64 bit?
So while Microsoft is hardly a company I regularly defend, in this case you just can't compare a company that only puts out pretty ergonomic desktop machines and keeps draconian control of hardware to the extent that you really can't use the OS anywhere else, and a company that produces OSes for everyone's hardware that ranges from embedded microcontrollers, to warship navigation systems, to tablets.
If you think that checking laptops is about aircraft security, then I'm sorry but you are new.
It doesn't matter what actual reasoning they give for the proposed rule. Taking the batteries out of your laptop will not help. It's not about batteries. It's not about bombs. It's about US authorities having unfettered access to your laptop for the X amount of hours between when you check it and when you collect it. I'd highly recommend people start putting security tape on their laptops when they fly anywhere, not just the US. The kind that can't be removed and put back on without being visually obvious. Whole-disk-encryption is also a great idea, but can only help by denying them access to your data, it can't prevent them from installing malware.
Things you can do to mitigate an adversary having physical access to your computer: - Separate your hard drive from your laptop and take the hard drive as carry on. This will be easier if it's an SSD drive. - Use whole-disk-encryption like VeraCrypt. When you get your laptop back, DO NOT boot from the hard drive. Instead boot from a VeraCrypt rescue disk that was previously burned and preferable carried with you in carry on. When you do, ensure you replace the bootloader with one that is from the previously burned disc. - If you use Linux and whole-disk-encryption, then make sure you have an image of the unencrypted boot partitions and/or boot loaders. Again, this must be taken with you in carry on. - If you cannot do any of the above, at the VERY least take the time to boot into a live CD version of Linux and take a hash of your hard drive. Make sure that none of the filesystems on your drive are mounted when you do this. This will take some time, and you cannot boot your computer normally between the time you take the hash and the time you verify the hash. However, this will tell you if anything has been changed on your hard drive between when you checked it and collected it. It won't tell you what has changed, but it will at least give you a heads up that you can't trust your laptop any more.
The problem wasn't trading technical merit for moral high ground. Or at least not just that. Mozilla was quite content to simply shed technical merit for any reason at all. They saw Chrome beginning to become successful, and immediately decided to emulate the development environment. They adopted Google's rapid release and versioning method on a project that was neither technically nor culturally suited for it. They broke extensions by the truck load with that little gem, and instead of slowing down and letting the extension system catch up, their solution was to write a script that automatically scanned their extensions and just disabled the ones which hadn't caught up yet. They then went hell bent on adopting major UI changes that were demonstrably unpopular by the majority of its user base. And if alienating the extensions authors wasn't enough, many of the UI changes destroyed themes on back-to-back-to-back releases.
All of this was in an attempt at emulating Chrome's burgeoning success. The problem is, they never figured out... you simply cannot surpass someone else by playing copycat on their methods. All they did was alienate their existing user base in favour of a product that could never be quite as good at being Chrome as Chrome was.
Mozilla had a great browser, and a great community. Someone spooked at Chrome's early success and decided that change for change's sake was necessary, Better shoot for the stars and miss than shoot for a pile of shit and hit it, so the saying goes. From the smell of Firefox, Mozilla has been aiming low in every area for some time.
The NSA wrote the attack vector code. That is, by all accounts, high quality code. The other code, the stuff that takes the attack vector and glues it into a worm and ransomeware encryptor, that was written by what is alleged now to be North Koreans.
It's akin to someone stealing a nuclear warhead from the United States and then gluing it to a 1970 volkswagen bug with a simple radio control steering mechanism.
Really, are you forgetting the turmoil that people with pre-Windows 10 versions were put through when Windows updates first started inviting them to upgrade to Windows 10? First it was hey do you wanna? Then it was hey, we're just going to go ahead and "upgrade" you unless you say no. Then it was we're just going to upgrade you. That's what automatic windows update buys you.
No one should give Microsoft unfettered access to their computer. With Windows update turned on, Microsoft deletes features, they take away options and control, they upgrade drivers you don't want to have upgraded, they break things. More problems have been caused by bad updates than by any malware I've ever had, which has been exactly none. A good firewall will protect you better than Windows update will.
I vet each and every update that goes into my computer. I look every one up, which is increasingly hard because all they want to tell you is "this is an update that addresses an issue in your computer." I avoided all the Windows 10 upgrade nag nonsense pain. When I finally had to buy a computer with Windows 10 on it, I immediately disabled Microsoft's automatic update mechanism and installed Windows Update Mini Tool, which lets me choose which updates to install again. As such, I have drivers that work, a computer that is stable, and a platform I can trust to be there when I want it.
Do you think the NSA needed that vulnerability to get into computers? They only needed that vulnerability to get into pre-Windows-10 computers, because after Windows 10's auto-update nonsense, any other computer they want to get into just gets pushed an auto-update the user can't stop.
The very last thing anyone should have is a computer that just blindly installs whatever Microsoft decides.
This exploit exists in an old protocol no one uses any more. Is any vulnerability avoidable? Sure. Should this one have been fixed, or the code deprecated earlier, absolutely. Could/you/ write a hundred million lines of code and not have a critical vulnerability? In case it's not obvious (to you), that was a rhetorical question.
I am no fan of Microsoft. I never have been. But in this case, the real evil was perpetrated (and there is no other word for it) by the NSA. An agency of the United States government, one specifically tasked with the protection of US citizens, learned of a vulnerability in an operating system used in critical applications throughout the country, used by the majority of its citizens, and not even accidentally sat on it - they purposefully, with consideration and intent, sat on that information. Not only that, but they then developed a weapon to exploit it, lost control of that weapon, and it is now in the wild where it can do the most damage.
This is a combination of willful dereliction of duty, and gross negligence. This shouldn't be Microsoft complaining, this should be the director of the NSA hauled in handcuffs before congress.
The real question is why isn't the NSA getting its feet nailed to the floor for this? They discovered (or engineered) a critical weakness in a major operating system, and rather than report it to make sure we are actually safe from this threat, they used it to make malicious software which then got released into the wild and is being used against the world.
This is the largest breach of trust of any US government agency that I know of, and yet people are just ignoring that aspect of it.
There just is no mathematical model that can predict this. There is no algorithm. This is not AI. I can't say this often or strenuously enough. This is not even a failed AI, it's a never was AI. For AI to be AI there has to be I and we are nowhere near that. Nowhere near hard AI. We are nowhere near soft AI. We have some "expert systems" which are basically just large databases with a sort of dichotomous key on when to select different outcomes, that will likely be able to interact with natural language soon. This isn't even close to AI. Robots and AI are huge buzzwords today. You have every no name researcher out there trying to get noticed by inventing moral dilemmas involving AI then proposing solutions. You have stupid companies willing to risk money on betting prediction AI, which is nowhere near even as good as what a person and a spreadsheet can do. Both of these things make uninformed people start to think, oh, AI is right around the corner. It's not. We are a century away from hard AI, if ever.
As I have said before, I wish Slashdot would stop with the whole daily (more than daily) AI story thing, but given the buzz and their need to incite dialog, it's easy to see why this is becoming more prevalent. I just feel kind of sad, though. This place used to be a real nerd hangout, by and for those who were technically enlightened, and most real nerds know better than to think real AI is about to dawn upon us. This place has become more of a Big Bang Theory, nerdism for the masses, kind of spot. Stories are thrown in that are intended to "stir the pot" and incite trolls more than the stories that are actually news for nerds.
Like most modern aggressive business strategies, the cable companies' policies work in the short to medium term - but trading your customers' good will for profit isn't sustainable. It doesn't matter what barrel you think you have your customers over, sooner or later an alternative will come up and then the customers you have been bending over will feel not a lick of loyalty.
However, that being said, there is zero chance they are going to suddenly admit they were wrong and try and actually win customers back. No, what has (and will continue) to happen is they will continue the aggressive policies and blame the customer. They will blame piracy for the loss of business. They will try and scare people into not downloading shows, and they will become a more and more vocal lobby for more draconian measures to stem what they call piracy.
I have zero sympathy for them. I just wish so many of them weren't also internet providers and in a position to continue the upward trend on those prices.
Slashdot Mirror
Sure, LastPass may do everything is done on the local device - but it's done with a non-open-source app that they distribute. So we can just trust them that they would never ever do anything with my passwords.
A fantastic solution, which works fantastically for me, is KeePass + Syncthing (or you can use KeePass + DropBox/Box/anything). My password database file is distributed across all the devices which use it by Syncthing. I happen to control the communication path end-to-end with a hosted virtual server (which I have anyway for my web site, mail, and DNS server), but even so I still use a password + key file with the KeePass database so that the database is essentially useless if it's intercepted. The key file is never ever transmitted over any network. KeePass is also great for storing all my bank account and credit card numbers and photo ID (since you can attach images to an entry in the database), so as long as I have my phone I have all my ID as well. If I were ever to lose my phone the database's password is strong enough to stand up to strenuous brute force long enough for me to change all my passwords. Getting my credit cards reissued would be a pain, but is a trade off I'm willing to accept for the convenience of easy access to everything in the few times I forget my wallet at home.
Millennials have a 6 second attention span for anything. Including writi
You and the other three grad students whose theses are, coincidentally, on various aspects of the use of TeX. Well, them and that one who is writing about Stockholm Syndrome. Incidentally, when that last paper is finished, you need to read it.
No you don't. No, really, you don't. Given the above quote it is evident to...well... everyone else that any use of the word millennial with you anywhere near the subject is either undetected sarcasm or attempts at comforting you.
For pity's sake, are you new? Hacking and phreaking (which is a word put together from phone hacking) were terms applied to radio, telegraphy, and telephony long before computers. Where do you think the term came from? It's from cutting into communications - sometimes it involved physically cutting into the wires, sometimes it involved cutting into signals. Hence the word "hack". One would find a myriad of ways to piggyback onto transcontinental radio and telegraphy.
Take your two minutes of rage and face it into a mirror.
They use "linked to" in the very broadest sense. There are less than a hundred major fossil fuel producers in the world, so of course it's "linked" to them. It's not like they are burning it though. It's not like we can just change 100 companies and remove more than half the greenhouse emissions. That's like saying because 70% of the world's greenhouse emissions are produced by 20 countries that it means 70% of the world's greenhouse emissions are linked to only 20 people (the current heads of state for those countries).
Is it just me, or is investing in a new used anything sale site, social media app, or anything tracker particularly risky? Seriously, anyone who hands over money to someone who says "I've got this great idea for a web site that'll kill Facebook", or (in this day and age) says "people are going to pay me money to put a device in their room that watches them sleep" deserves to flush that money down the toilet.
The genius of the startups certainly isn't in their ideas. Its in finding VC funders who have that much money and that little sense. That has to be a damn small window.
Yes. On most benchmarks nowadays you can publicly post your results. Part of those results is the hardware and software configuration of your system. Its not rigorously statistical, but benchmark programs that publicly post results have long been used for mining data on OS, CPU, and and computer manufacturer marketshare trends.
The fact that AMD is picking up marketshare so quickly isn't really surprising. Ever since the first Athlons beat the pants off of Intel, AMD has been the one the nerds root for. First of all Intel has a reputation for being microsoft-style predatory. Secondly, Athlon and then the AMD64 instruction set was innovative with an elegance that had a lot of nerd appeal. It looked for a while, though, that AMD weren't going to turn it around. I was worried they were destined to end up like Cyrix. I was excited to hear they had something in the pipeline that would make them competitive again, and even maybe market leaders. I'm pretty sure I'm not the only one who would like to see AMD take off.
openssl ca -cert ourcertificate.crt -keyfile ourkey.key -in request.csr -out issuedcertificate.crt
It's not magic. It's actually pretty easy. In fact, if anything, they will be ripping out functionality. Since openssl (which they are almost assuredly using on the back end) doesn't give a wet snap about wildcard domains, they will have had to make their UI filter them out. Any one of us could do the UI change in a day.
No, the lead-in time isn't technical, it's likely marketing. Wildcard certificates are the one thing we all want - I get mine from cacert, which is less than ideal considering they have been dragging their feet for years. They are using that demand to generate revenue (donations). So they give a six month lead in, increase the hype, gives time to get the word out and whet people's appetite.
I had thought it was self evident, I see I should have been more explicit. I meant Go Sci-Hub.
Go them!
Can't wait for this to be exported? China's surveillance? Good Lord, have you seen the number of cameras in the UK? There are more cameras per capita and square meter there than anywhere else in the world. Between that and ANPR, you can't move without the government knowing about it. It's absolutely frightening.
For free? As in, there is some expectation that one would have to pay for Musk's position paper?
Assess slashvertisement due to artificial inducement through unwarranted use of "for free".
The interwebz is so lucky to have you, who are so wize in the wayz of the webz.
He wasn't mucking about with prod, per se. He was following the instructions he was given for creating a sandbox copy of prod, and those instructions at one point had an example login he was supposed to replace, and that example login was a valid admin login for prod. He used the example login, admitedly by mistake, and ran the scripts that were supposed to scrub the database and give him an empty sandbox copy of the prod db structure to play with. Those scripts, however, because of that bad example login, ended up running on the real prod with actual admin access. Small mistake on his part. Huge mistake on the documentation's part.
Despite the number of catastrophic failures of the system, they fired him. Likely so the CTO could go and claim it was malice or vandalism on the part of the new hire, instead of owning that they had documentation that included admin prod access as their example.
What I find is interesting, is that despite what this company has done to him, he has never once named them. This is an example in loyalty, professionalism and discretion that is rare today. I would hire him in a heartbeat. I want that kind of professionalism.
Some software just won't run in a 64 bit environment, regardless of WoW64 and thunking. Most of the software that is the most rigidly tied to a 32 bit environment is the kind of software that is also the most mission critical. The kind of software that operates radar ARPAs, hospital respirators, navigation systems, and MRIs. Apple, as pretty as it is, just doesn't have the presence in the industrial side of things that Microsoft does - in fact they don't have any industrial presence to speak of. As a desktop only computer, they are more free to adopt new OS features that render old software incompatible. Many beloved programs from the past have been rendered inoperable by a MacOS upgrade. While inconvenient for the user, it is hardly catastrophic.
Now, no one is going to perform an OS upgrade on an existing MRI of course. But there are many reasons why an MRI vendor would want to bring out a new model with a new (perhaps more secure) version of Windows, but where the software is still tied to 32 bit. Industrial software is far less agile. You just can't recompile for 64 bit, it has to go through very strict verification and rigid change control. That kind of process takes years, and costs far more than most software porting. What about that 80 year old who has had a forgotten metal bit in his shoulder for 40 years who is put into an MRI to have that bit forcibly ripped out of his body by because the magnetic flux feedback detection didn't work properly when the 32-bit driver for it was mis-ported to 64 bit?
So while Microsoft is hardly a company I regularly defend, in this case you just can't compare a company that only puts out pretty ergonomic desktop machines and keeps draconian control of hardware to the extent that you really can't use the OS anywhere else, and a company that produces OSes for everyone's hardware that ranges from embedded microcontrollers, to warship navigation systems, to tablets.
It's called a lost leader, and it gets feet into the door. No one wants to walk into an empty store.
The change isn't about people abusing it. That's just the excuse. It's about dollars, and only ever will be.
If you think that checking laptops is about aircraft security, then I'm sorry but you are new.
It doesn't matter what actual reasoning they give for the proposed rule. Taking the batteries out of your laptop will not help. It's not about batteries. It's not about bombs. It's about US authorities having unfettered access to your laptop for the X amount of hours between when you check it and when you collect it. I'd highly recommend people start putting security tape on their laptops when they fly anywhere, not just the US. The kind that can't be removed and put back on without being visually obvious. Whole-disk-encryption is also a great idea, but can only help by denying them access to your data, it can't prevent them from installing malware.
Things you can do to mitigate an adversary having physical access to your computer:
- Separate your hard drive from your laptop and take the hard drive as carry on. This will be easier if it's an SSD drive.
- Use whole-disk-encryption like VeraCrypt. When you get your laptop back, DO NOT boot from the hard drive. Instead boot from a VeraCrypt rescue disk that was previously burned and preferable carried with you in carry on. When you do, ensure you replace the bootloader with one that is from the previously burned disc.
- If you use Linux and whole-disk-encryption, then make sure you have an image of the unencrypted boot partitions and/or boot loaders. Again, this must be taken with you in carry on.
- If you cannot do any of the above, at the VERY least take the time to boot into a live CD version of Linux and take a hash of your hard drive. Make sure that none of the filesystems on your drive are mounted when you do this. This will take some time, and you cannot boot your computer normally between the time you take the hash and the time you verify the hash. However, this will tell you if anything has been changed on your hard drive between when you checked it and collected it. It won't tell you what has changed, but it will at least give you a heads up that you can't trust your laptop any more.
The problem wasn't trading technical merit for moral high ground. Or at least not just that. Mozilla was quite content to simply shed technical merit for any reason at all. They saw Chrome beginning to become successful, and immediately decided to emulate the development environment. They adopted Google's rapid release and versioning method on a project that was neither technically nor culturally suited for it. They broke extensions by the truck load with that little gem, and instead of slowing down and letting the extension system catch up, their solution was to write a script that automatically scanned their extensions and just disabled the ones which hadn't caught up yet. They then went hell bent on adopting major UI changes that were demonstrably unpopular by the majority of its user base. And if alienating the extensions authors wasn't enough, many of the UI changes destroyed themes on back-to-back-to-back releases.
All of this was in an attempt at emulating Chrome's burgeoning success. The problem is, they never figured out... you simply cannot surpass someone else by playing copycat on their methods. All they did was alienate their existing user base in favour of a product that could never be quite as good at being Chrome as Chrome was.
Mozilla had a great browser, and a great community. Someone spooked at Chrome's early success and decided that change for change's sake was necessary, Better shoot for the stars and miss than shoot for a pile of shit and hit it, so the saying goes. From the smell of Firefox, Mozilla has been aiming low in every area for some time.
The NSA wrote the attack vector code. That is, by all accounts, high quality code. The other code, the stuff that takes the attack vector and glues it into a worm and ransomeware encryptor, that was written by what is alleged now to be North Koreans.
It's akin to someone stealing a nuclear warhead from the United States and then gluing it to a 1970 volkswagen bug with a simple radio control steering mechanism.
Really, are you forgetting the turmoil that people with pre-Windows 10 versions were put through when Windows updates first started inviting them to upgrade to Windows 10? First it was hey do you wanna? Then it was hey, we're just going to go ahead and "upgrade" you unless you say no. Then it was we're just going to upgrade you. That's what automatic windows update buys you.
No one should give Microsoft unfettered access to their computer. With Windows update turned on, Microsoft deletes features, they take away options and control, they upgrade drivers you don't want to have upgraded, they break things. More problems have been caused by bad updates than by any malware I've ever had, which has been exactly none. A good firewall will protect you better than Windows update will.
I vet each and every update that goes into my computer. I look every one up, which is increasingly hard because all they want to tell you is "this is an update that addresses an issue in your computer." I avoided all the Windows 10 upgrade nag nonsense pain. When I finally had to buy a computer with Windows 10 on it, I immediately disabled Microsoft's automatic update mechanism and installed Windows Update Mini Tool, which lets me choose which updates to install again. As such, I have drivers that work, a computer that is stable, and a platform I can trust to be there when I want it.
Do you think the NSA needed that vulnerability to get into computers? They only needed that vulnerability to get into pre-Windows-10 computers, because after Windows 10's auto-update nonsense, any other computer they want to get into just gets pushed an auto-update the user can't stop.
The very last thing anyone should have is a computer that just blindly installs whatever Microsoft decides.
This exploit exists in an old protocol no one uses any more. Is any vulnerability avoidable? Sure. Should this one have been fixed, or the code deprecated earlier, absolutely. Could /you/ write a hundred million lines of code and not have a critical vulnerability? In case it's not obvious (to you), that was a rhetorical question.
I am no fan of Microsoft. I never have been. But in this case, the real evil was perpetrated (and there is no other word for it) by the NSA. An agency of the United States government, one specifically tasked with the protection of US citizens, learned of a vulnerability in an operating system used in critical applications throughout the country, used by the majority of its citizens, and not even accidentally sat on it - they purposefully, with consideration and intent, sat on that information. Not only that, but they then developed a weapon to exploit it, lost control of that weapon, and it is now in the wild where it can do the most damage.
This is a combination of willful dereliction of duty, and gross negligence. This shouldn't be Microsoft complaining, this should be the director of the NSA hauled in handcuffs before congress.
The real question is why isn't the NSA getting its feet nailed to the floor for this? They discovered (or engineered) a critical weakness in a major operating system, and rather than report it to make sure we are actually safe from this threat, they used it to make malicious software which then got released into the wild and is being used against the world.
This is the largest breach of trust of any US government agency that I know of, and yet people are just ignoring that aspect of it.
There just is no mathematical model that can predict this. There is no algorithm. This is not AI. I can't say this often or strenuously enough. This is not even a failed AI, it's a never was AI. For AI to be AI there has to be I and we are nowhere near that. Nowhere near hard AI. We are nowhere near soft AI. We have some "expert systems" which are basically just large databases with a sort of dichotomous key on when to select different outcomes, that will likely be able to interact with natural language soon. This isn't even close to AI. Robots and AI are huge buzzwords today. You have every no name researcher out there trying to get noticed by inventing moral dilemmas involving AI then proposing solutions. You have stupid companies willing to risk money on betting prediction AI, which is nowhere near even as good as what a person and a spreadsheet can do. Both of these things make uninformed people start to think, oh, AI is right around the corner. It's not. We are a century away from hard AI, if ever.
As I have said before, I wish Slashdot would stop with the whole daily (more than daily) AI story thing, but given the buzz and their need to incite dialog, it's easy to see why this is becoming more prevalent. I just feel kind of sad, though. This place used to be a real nerd hangout, by and for those who were technically enlightened, and most real nerds know better than to think real AI is about to dawn upon us. This place has become more of a Big Bang Theory, nerdism for the masses, kind of spot. Stories are thrown in that are intended to "stir the pot" and incite trolls more than the stories that are actually news for nerds.
Like most modern aggressive business strategies, the cable companies' policies work in the short to medium term - but trading your customers' good will for profit isn't sustainable. It doesn't matter what barrel you think you have your customers over, sooner or later an alternative will come up and then the customers you have been bending over will feel not a lick of loyalty.
However, that being said, there is zero chance they are going to suddenly admit they were wrong and try and actually win customers back. No, what has (and will continue) to happen is they will continue the aggressive policies and blame the customer. They will blame piracy for the loss of business. They will try and scare people into not downloading shows, and they will become a more and more vocal lobby for more draconian measures to stem what they call piracy.
I have zero sympathy for them. I just wish so many of them weren't also internet providers and in a position to continue the upward trend on those prices.
The affected LMS service is enabled and run at startup by default in Windows 10.