Prima purchased and swallowed its biggest competitor, BradyGames
What they were doing wasn't working, so what does that suggest? Oh, yes, of course, let's buy someone else who is doing the same thing we are but obviously worse than we are in the hopes that we'll now be able to, ummmm, what exactly?
I'm sorry, but I have zero sympathy for them. Ten years ago I might have had a smidge. Just a smidge then. But today... if they hadn't realized before now that print strategy guides wasn't a sustainable business, then their "strategy" guides aren't something I want to read anyway. In fact, I'd just go ahead and flush anything they've done in the last decade in the vein of "strategy" at all, because they obviously aren't very good at that.
Actually, I take back what I originally wrote. Brady had to have been doing something right, because at least they managed to find someone willing to pay real money for them. I want to find one of/their/ old strategy guides.
I bought a Sim City 2000 strategy guide book years ago. I'm talking, well, nigh on 20 years ago. It was, I think, the last one I bought. I don't regret it, in fact I might now try and find it just for the nostalgia. But ya, even then the writing was on the wall.
Backdoors don't just magically appear on their own. Someone at Cisco had to put them there. Someone at Cisco had to be told to put them there. It is impossible that Cisco didn't know these backdoors were there.
Exactly. And as per Snowden's revelations years ago. Cisco was pointed to as purposefully backdooring its products at the behest of the NSA years ago, and today they are suddenly on the side of the angels because they have graciously patched out a few of them?
Meanwhile, what has the NSA already installed on those systems through those backdoors? If they are getting patched out now, it's only because Cisco's keepers don't need it any more.
VeraCrypt supports several different algorithms, including my favourite, Serpent, which is I believe one of the most secure ciphers ever designed. But it also supports disabling use of AES-NI instructions for AES. Its own native implementation is pretty damn fast too. Even if AES-NI is compromised, and I agree that the likelihood of that in the general population CPUs is less than one chance in ten, it would be intractably difficult to compromise a CPU's normal instruction path in a way to automatically detect and recover encryption keys. It is actually the difficulty involved in doing that that makes me distrust AES-NI a little. This is the type of thing the NSA has done in the past. Recovering keys can be hard, so compromise them from the beginning, say with a weak PRNG they caused to be inserted into a NIST standard. Getting at AES from the side, say by paying or forcing Intel to backdoor AES-NI, is just the sort of thing the NSA would do.
The problem with a threat assessment is you don't know, and likely can't know at the time you are putting in your safeguards, who the opponent will be. The issue with insecure SSDs, for example. Sure, that is likely not known to anyone outside serious hacker and state actor level circles. But who knows where my computer will end up, or if and when another release of state-actor-level penetration software will hit the streets like WannaCry? The fact that SSDs are today known to be vulnerable was certainly known to the NSA yesterday, and they certainly have rapid access tools. So even if I'm not trying to protect against state actors getting in, I need to also protect against their tools getting out. Which means I use the very best encryption I can without crippling my computer with computational overhead.
Well, you can, but it is a) one shot (it becomes worthless when discovered)
This is just a special case of the problem, how do you ever act on intelligence obtained covertly without giving away that you know it and how you know it. For example, the breaking of Enigma was, according to many, a "one shot" deal. How do you explain being in the exact spot where a naval attack was going to be without giving away we were reading their coded messages? Well, the allies found numerous inventive ways of doing just that.
This is literally the one thing that intelligence agencies have the most experience with.
b) causes extreme problems for the CPU manufacturer when discovered
Tell that to Cisco. They are still around and very much in business.
If you think that Cisco is the only one to ever have this done, you are hopelessly naive. On every side. Huawei has got themselves into trouble for it. Remember the digital photo-frame virus distribution of over a decade ago? That was just a proof-of-concept. Compromised chips are rampant.
Master passwords and faulty standards implementations [emphasis added]
This charitably assumes the "faults" are actual human error and not intentional.
what can possibly go wrong?
Indeed. The interesting thing isn't that there were master passwords and insecure implementations. The interesting part is that this was a surprise to literally anyone. I'm just waiting for the other shoe to drop and the AES-NI instruction set to be revealed to store decryption keys in some non-volatile and retrievable part of Intel CPUs. And/or something similar for other CPU families. I'd put money on there at the very least being special batches of CPUs already in circulation that do this.
I highly, highly recommend the VeraCrypt project. Open source whole-disk encryption that has been source-audited. You do have to be careful with this software when doing Windows upgrades, since Microsoft (purposefully) doesn't play well with it in those cases. But with just a little care and attention, this is by far your best bet for reliable secure encryption.
A five year heads up is a hell of a lot more notice than Slackware gave that it was dropping support for Gnome.
Slackware is great to learn Linux on, since it still forces you to get your hands dirty. I actually like that. But unfortunately, it's not a distribution for a production environment. On the plus side, capturing the output of a "make install" and turning that into a Slackware package that could then be uninstalled at will was great. But that ease of making a package was also its downfall. It's so easy to get caught in dependency hell with Slackware, I finally had to trade it in for something a little more grown up. Straight Debian for server, and Mint for desktop. It takes a lot to break Debian's package management - I have a Mint desktop continuously upgraded since version 16.something.
Slackware is a hobbyist's distro. Great to poke around with and learn on, but not one to use for serious work any more.
The reason it's going to die in a few years is that Patrick has always insisted on basically being a one-man show. He eschews a community, snaps at those who try and help, and insists on keeping Slackware as the SLS nostalgia distro it started as.
I want my darn headphone jack. And I'm keeping it until my phone is unrepairable.
The same feature loss is happening on Android phones too. My Samsung Galaxy S5 has both MHL (HDMI) and an IR transmitter. I can both connect it to a TV and control the TV with it. Fantastic for traveling, especially being in the Navy. I can connect my phone with my movies to a TV in the mess, or in barracks rooms when attach posted to a different city, or just when at a friend's house.
In the S6 they dropped support for both, In the S6 they even dropped a MicroSD slot. Of course with that abortion that Android KitKat was where they took away normal user write privileges onto the sd card, the writing was on the wall that they were going to try that. That was an obvious ploy to go the Apple route and make you pay hundreds and hundreds extra.
So it's not just Apple that drops really nice features. Android phones are falling over themselves to drop features. In fact, I've noticed there is this life cycle for all goods. You have three stages. Phase 1 is the prototype, phase 2 is the feature phase, and then the phase 3 mass market stage. The prototype phase is where it's new technology, and still working out the bugs. The feature phase is where they throw every feature they can think of at it to encourage wide adoption and because they aren't really sure all the things people will want. Then you have the mass market phase, where they zoom in on the center of the bell curve and getting anything outside that basically requires getting an older model.
I love my phase 2 Galaxy S5. I'll keep it until the oLed degrades beyond recognition.
The Space Shuttle Columbia disaster was caused by foam hitting the wing at high velocity. Though I suppose anyone younger than about 20 can be excused...
The destruction of Columbia was caused (as anyone actually reading the wikipedia entry you so thoughtfully linked will see) by reentry stress and super-heated plasma burning through a relatively small flaw in the heat shield. The cause of that damage was indeed foam, but trying to compare this to a drone strike on an aircraft traveling an order of magnitude slower and not experiencing reentry stress is just as much an exercise in sensationalism as the video currently in question is.
Also, it should be noted, since you place such an emphasis on the damaging item being foam (in a clear attempt to show that a seemingly dismissive substance can be extremely dangerous) that the kind of "foam" which caused the heat shield damage on Columbia was essentially the perfect item to cause the maximum damage. It was extremely strong foam, and very light. It's lower density meant that the air was able to decelerate it greatly causing a much higher velocity collision than something more dense would have, and its strength meant that it maintained cohesion long enough to cause damage.
And finally, your dismissive use of age and the assumption that the superior knowledge of someone older must surely validate your rather spurious comparison is a pretty great example, itself, of sophistry. Well done.
Nice. And do you trust the dev that wrote a library which accepted client assurance that it authenticated properly for 4 years to be professionally written in every other way?
That's not an iconic example of sophistry at all.
Ok, first of all, libssh didn't make any representations about its software properly authenticating. No one makes those assurances, at least, not in any realistic sense. The only assurances you'll get for software is by forking out (usually large amounts) of money for someone who will say the words, in which case all it really means is they have no better idea than any other programmer that there aren't door-crasher bugs, they are just willing to cover the liability suits out of moneys earned charging people exorbitant fees to say there aren't any bugs.
There are never assurances software (or, as we learned recently) hardware is doing what it's supposed to do. Open source has a better chance, though, since it has more eyes on it. Open source software is still ahead of the game for security.
In the scheme of things, this issue is embarrassing for the maintainers, but not even a registerable blip on the radar as far as impact is concerned. A few thousand sites out of the billion or so are vulnerable.
If you are going to try and find an open source security bug to slander, next time pick one that's a little more meaningful.
No web site has been "slashdotted" in a very long time. It takes a large user base to accomplish that. Something that Slashdot hasn't boasted for a while now.
Part of the reason, ironically, is articles like this. This is hardly news worthy. The only reason for it is to go "neener neener", and that's not the kind of thing that attracts new blood.
The lawyer who devised that nonsense clearly has some pals in the field who are looking forward to big lengthy but more importantly expensive legal discussions on the subject
This is nothing to do with open source values or promotion of open source software. This is about monetizing software. They want to have all the benefits of open source software, including a community of free contributors, and to monetize their work. This is very similar to MySQL when they changed the license of the client libraries from LGPL to GPL and then complained that anything that acted as a client or interfaced with MySQL DB data had to either itself be open source or get a commercial license.
Software as a service, and using open source software integrated to provide a commercial service isn't new. Software as a service is far older in the server market that MongoDB applies to than it is in the home market. People have been able to pay for LAMP stacks nicely set up with glossy front ends and control panels for more than a decade, certainly long before MongoDB existed. The fact they are just now, once they have a successful open source product that has a certain amount of industry adoption, taking this step shows this is all about getting themselves money and not standing up for principles.
They are using a so-called open source license as a weapon and I hope they get spanked for it in the marketplace.
What would you have AC do, spend an hour or two coming up with examples and quotes from long-buried Wikipedia discussion pages?
If he wants to elicit credibility, then I would have him give the page. No hours of examples required. Then it's trivial to see the edits he did and the discussions on why they were reverted.
Did your own experience include getting IP banned? I suspect your behaviour didn't descend into the equivalent of Wikipedia civil disobedience.
I've never had sourced quality content reverted without recourse. There is only your assertion that the content was valuable. If it was repeatedly reverted, and if it was sourced and relevant, then there is recourse where you can force a community vote on the dispute. If your IP was banned, then it was for violation of a Wikipedia rule. Sounds like you got into a reversion war with someone.
I am relatively happy with Wikipedia's model. It's not perfect, but it's good and it's effective enough to have lasted. It has scaled very well and has survived the age of rampant vandalism, special interest group abuse, and trolls. I have far more confidence that the Wikipedia system worked correctly in your case, than in your (ironically, unsourced and unverified) assertions.
The right thing for Microsoft to do...shame that it took them so long
NO! Emphatically no. Thinking that this was the right thing to do is akin to thinking it's nice when a bank robber, who after taking hostages and shooting one, then graciously allowing a doctor that happens to be among the hostages to treat someone that he shot.
Microsoft has put into place a draconian mandatory update scheme that attempts to take away from every user the ability to vet updates and choose which ones to apply. Not only that, but with every "upgrade" Microsoft attempts to block ways of disabling automatic updates. To the extent that there are now two different protected services and a whole host of task scheduler entries who's sole purpose is to ensure that if the windows update service is disabled, that it is re-enabled. They haven't made the Windows Update service protected. They are ok with you thinking that you can disable that one. It's the other "police" services that are protected.
This is exactly the kind of fiasco that vetting one's updates prevents. Problems like this, like the terrible premature patches for Spectre & Meltdown that bricked some computers, and left others lobotomized. Not to mention the host of problems every upgrade with Windows just updating silently in the night and people who use pre-boot authentication encryption systems or preboot raid drivers finding their computer can no longer boot into Windows.
Windows Update Blocker (WUB) in concert with Windows Update Mini Tool are essential tools for every computer right now. I highly recommend any user to educate themselves on how to prevent automatic windows updates and deploy a solution. And also a good sector-level disk image backup weekly or monthly to give yourself a fallback in case you find a bad update makes it through.
Cue the flood of Russian trolls denying it in 3... 2... 1...
In this case it's a Canadian troll denying it. The idea that Russians care about American reactions to a movie in order to spur discord fails the sniff test on a few counts.
1) Americans are already tearing themselves apart quite handily on their own. The bi-party system is just fundamentally broken. What "your" party does is always ok, and what the other party does is demonized even when they are the same thing. The Republicans can block a democratic supreme court nominee by using control of the senate to block discussion on it, and for Republican supporters that is justified and the Democrats all cry fowl. The Democrats can demand an investigation into criminal allegations of a Republican nominee and the Republicans all cry fowl. If things continue like they are going, US elections will devolve into something like UK football match on a country-wide scale. There will be violence in the streets. At best.
2) The Last Jedi was patently awful all on its own, Russian trolls weren't needed. JJ Abrams' movies and their follow-ons have done what JJ Abrams' have always done throughout the Star Trek and Star Wars movies he's done, which is take all the old story lines, toss them in a blender, hit frappe, and pour out regurgitated Sci Fi shakes with sprinkles of new FX on top. They really are Star Wars for millennials.
Americans just take themselves waaayyyyy too seriously. Sure, a healthy ego is not necessarily a bad thing, but seriously.... listen to yourselves. "Russians are trolling our movie reviews in order to make us hate each other".
The question is not about why did matter win, but why there is a winner at all.
But this has always been the question. The question has never actually been why, out of the two, that the one we call matter won. If what we now call antimatter had won, then in that universe we would still have called that matter and its opposite antimatter. So "why did matter win" is how it's spoken of, but really no one has ever really cared why the winner was what we call "matter". The question has only ever been why was there an imbalance and "why did matter win" is just the way a lot of people articulate that question.
CP violation is a current favourite to explain this and is being investigated. I personally think antimatter falling "up" is so unlikely as to be a waste of money to look at. The quantum butterfly idea is actually quite true, I suspect. Where something like the already known CP violations set a process into motion that continued to favour one over the other.
Actually, the Republicans will love it and want to invest. After all, increased solar output is responsible for global warming, and that makes this a great investment.
Everybody complained that windows had bad security practices, so microsoft improved them, and now everybody complains about -that-.
I don't have any problem with Windows updates. I do have a problem when they are all mandatory. I don't even have a problem with Microsoft making Windows updates automatic by default. I have a significant problem with not being able to turn them off, and an even bigger problem when Microsoft makes significant efforts to force updates on those who have clearly disabled the automation.
I can't tell you how many problems I have circumvented by vetting each update that goes on my computer. Driver issues, mutually incompatible updates, DirectX problems, and most especially the large number of updates that don't play well with pre-boot authentication systems and/or pre-boot drivers required for RAID systems. Windows used to play very well with pre-boot drivers, but lately it has been getting worse and worse as Microsoft makes concerted efforts to not play nicely with systems like VeraCrypt. I also avoided the entire Windows 8 -> Windows 10 upgrade fiasco, where people were treated a series of increasingly invasive notices that they "can" upgrade, that progressed to "should" then "shall" and were essentially forced to, or where it happened silently at night and untold data was lost. Microsoft is still getting dinged for that little gem. Most recently it's been the incomplete, wrong, and competing updates to provide meltdown/spectre "patches". Poorly tested fixes which caused problems with hosts of drivers and caused performance issues for millions of people needlessly, since the early versions didn't actually fix the problem. I'm all for rapid deployment of a fix, but it should actually be a "fix" and should be tested. The meltdown/spectre fiasco has been a lesson on what not to do.
The thing is, no one can say "hey, don't apply KB123blahblah, it causes a freeze on computers with _______ hardware" any more, because normal people can't stop it. So instead of a dozen or a hundred computers getting bricked and having to restore from recovery partitions with the resulting loss of data, it's thousands with each bad patch.
So don't talk about this being Microsoft's "improved" security. It is not improved security. It is improved control.
And for anyone with the time and knowledge to do it properly, I still highly recommend taking control back of Windows update and making sure each patch that gets applied is well tested before using on your own computer.
I honestly don't understand the issue at all. While the automatic Windows updates were a big problem for me, a problem which resurfaced a few times, I have never had an issue with the app store. I do not even have a Microsoft app store login. My Windows 10 has never tried to automatically install any apps.
Since buying this laptop a year and a half ago, I've done two Windows upgrades on it. Both times Cortana, Edge, and a few other built-in bits that are hard to remove showed back up, requiring install_wim_tweak to remove. But no app store programs have ever appeared.
Windows Update, though, was a huge problem for me. Microsoft doesn't get free reign to put updates on my computer, I vet each one and apply them. Microsoft has been pushing hard, especially with its last two "upgrades" to prevent people from disabling automatic updates. And I mean they have gone to heroics. Two "protected" windows services which have no other real duty except to look out for if the Windows Update service is disabled and undisable it. Also a whole host of task scheduler settings are doing the same thing. For those wanting control of Windows Update back, I highly recommend Windows Update Blocker in concert with Windows Update Mini Tool. There are several forum threads that speak toward how to do this relatively easily.
This attack does not defeat full disk encryption. It allows access to your encryption keys if and only if the hard drive is already unlocked.
Saying this is a vulnerability is like saying that all safes have a vulnerability that when they are unlocked, anyone with physical access to it can get everything that's inside and, moreover, they can also with special equipment get access to the tumblers to determine what the combination was and even change it.
This is not a "simple" attack. It requires basically physically stealing the computer after it has been booted up and the encryption key password entered. So it's really a special case of rubber hose cryptography (threatening the person until they give up a password).
To protect yourself from this "vulnerability" you simply need to ensure that when you stop using the safe that you close it and lock it. Or, in other words, turn off your computer. Modern RAM will be degraded to the point where the key is unusable after about five seconds.
They originally came with an analog dongle as a transition. You don't assert control overnight. The first step is always to remove the technology they can't possibly control in favour of technologies they can control. But in that first step, you can't go all the way to "you will only use our equipment and nothing else", or else no one will adopt the new system. So, as I said, it's one half step at a time.
New phones don't come with an adapter any more. And it is completely Apple's discretion as to when and if adapters will even work. As far as bluetooth goes, that is also completely at their discretion. An update can cause your phone to cease to work with any bluetooth adapter at any time. They can selectively shut down support for a particular adapter, or even shut down all support for any adapter that isn't theirs. This was something that was originally intended for HDMI and SPDIF, the ability to have it so they would only output signals to "blessed" hardware that was guaranteed not to record. This was when they thought DVD and Blu-Ray encryption wouldn't get cracked and they didn't want people re-recording off the TV/Audio signal. Cracking disc encryption and then streaming overtook that vector and that fell to the wayside. This is just one step in that revival. Control the hardware you can hook it up to, control what you can do with your signal.
Apple's removal of the 1/8" headphone jack isn't about headphone jacks, nor is it about updating to new technology. It's about control and is just one small front in the war to erode the user controlling their own data. Headphone jacks are completely audio, analog, and offer no form of DRM. They are something Apple can't control once the signal is on the jack. You can do anything with it. Re-digitize it (this isn't the 80's where duping a cassette tape lead to rapid quality degradation), or pipe it to any device. The sound was yours once it got to that jack. Apple really doesn't like that, and they are basically tossing an invite to the entire industry to follow along and start down a more restrictive path. Follow us and you can get in on the action too. Erode what you can do with your audio one tiny tenth of a step at a time.
If anyone thinks that it's about device jack real estate, upgrading with the times, or innovation, they are hopelessly naive.
The key is "efficient". Sugar crops as a whole generally only yield...
But it's not as if space is at a premium on Mars, though, is it? Far more useful than an efficient way of turning CO into glucose is an efficient way of turning CO into PE or polycarbonate. Once you can make the domes in situ, the rest is pretty darn easy.
I mean, sure, it's not quite as easy as that. You want to, at the same time, breed plants to operate at as high an altitude as possible and/or breed lichens to grow faster and/or produce more sugar. But overall, I think we'll find that adapting what works now is better and easier than trying to come up with whole new ways of doing things.
I get it now. It's ok for the US (or, in this case, the US president - I sort of hope he doesn't speak for your whole government) to threaten, that's you being big boys. Rawr! Go get 'em tigers! It's just not ok for, well, literally anyone else. That's belligerence, or felony behaviour.
Slashdot Mirror
What they were doing wasn't working, so what does that suggest? Oh, yes, of course, let's buy someone else who is doing the same thing we are but obviously worse than we are in the hopes that we'll now be able to, ummmm, what exactly?
I'm sorry, but I have zero sympathy for them. Ten years ago I might have had a smidge. Just a smidge then. But today... if they hadn't realized before now that print strategy guides wasn't a sustainable business, then their "strategy" guides aren't something I want to read anyway. In fact, I'd just go ahead and flush anything they've done in the last decade in the vein of "strategy" at all, because they obviously aren't very good at that.
Actually, I take back what I originally wrote. Brady had to have been doing something right, because at least they managed to find someone willing to pay real money for them. I want to find one of /their/ old strategy guides.
I bought a Sim City 2000 strategy guide book years ago. I'm talking, well, nigh on 20 years ago. It was, I think, the last one I bought. I don't regret it, in fact I might now try and find it just for the nostalgia. But ya, even then the writing was on the wall.
I-D-10-T error.
Exactly. And as per Snowden's revelations years ago. Cisco was pointed to as purposefully backdooring its products at the behest of the NSA years ago, and today they are suddenly on the side of the angels because they have graciously patched out a few of them?
Meanwhile, what has the NSA already installed on those systems through those backdoors? If they are getting patched out now, it's only because Cisco's keepers don't need it any more.
VeraCrypt supports several different algorithms, including my favourite, Serpent, which is I believe one of the most secure ciphers ever designed. But it also supports disabling use of AES-NI instructions for AES. Its own native implementation is pretty damn fast too. Even if AES-NI is compromised, and I agree that the likelihood of that in the general population CPUs is less than one chance in ten, it would be intractably difficult to compromise a CPU's normal instruction path in a way to automatically detect and recover encryption keys. It is actually the difficulty involved in doing that that makes me distrust AES-NI a little. This is the type of thing the NSA has done in the past. Recovering keys can be hard, so compromise them from the beginning, say with a weak PRNG they caused to be inserted into a NIST standard. Getting at AES from the side, say by paying or forcing Intel to backdoor AES-NI, is just the sort of thing the NSA would do.
The problem with a threat assessment is you don't know, and likely can't know at the time you are putting in your safeguards, who the opponent will be. The issue with insecure SSDs, for example. Sure, that is likely not known to anyone outside serious hacker and state actor level circles. But who knows where my computer will end up, or if and when another release of state-actor-level penetration software will hit the streets like WannaCry? The fact that SSDs are today known to be vulnerable was certainly known to the NSA yesterday, and they certainly have rapid access tools. So even if I'm not trying to protect against state actors getting in, I need to also protect against their tools getting out. Which means I use the very best encryption I can without crippling my computer with computational overhead.
This is just a special case of the problem, how do you ever act on intelligence obtained covertly without giving away that you know it and how you know it. For example, the breaking of Enigma was, according to many, a "one shot" deal. How do you explain being in the exact spot where a naval attack was going to be without giving away we were reading their coded messages? Well, the allies found numerous inventive ways of doing just that.
This is literally the one thing that intelligence agencies have the most experience with.
Tell that to Cisco. They are still around and very much in business.
If you think that Cisco is the only one to ever have this done, you are hopelessly naive. On every side. Huawei has got themselves into trouble for it. Remember the digital photo-frame virus distribution of over a decade ago? That was just a proof-of-concept. Compromised chips are rampant.
From the article:
This charitably assumes the "faults" are actual human error and not intentional.
Indeed. The interesting thing isn't that there were master passwords and insecure implementations. The interesting part is that this was a surprise to literally anyone. I'm just waiting for the other shoe to drop and the AES-NI instruction set to be revealed to store decryption keys in some non-volatile and retrievable part of Intel CPUs. And/or something similar for other CPU families. I'd put money on there at the very least being special batches of CPUs already in circulation that do this.
I highly, highly recommend the VeraCrypt project. Open source whole-disk encryption that has been source-audited. You do have to be careful with this software when doing Windows upgrades, since Microsoft (purposefully) doesn't play well with it in those cases. But with just a little care and attention, this is by far your best bet for reliable secure encryption.
A five year heads up is a hell of a lot more notice than Slackware gave that it was dropping support for Gnome.
Slackware is great to learn Linux on, since it still forces you to get your hands dirty. I actually like that. But unfortunately, it's not a distribution for a production environment. On the plus side, capturing the output of a "make install" and turning that into a Slackware package that could then be uninstalled at will was great. But that ease of making a package was also its downfall. It's so easy to get caught in dependency hell with Slackware, I finally had to trade it in for something a little more grown up. Straight Debian for server, and Mint for desktop. It takes a lot to break Debian's package management - I have a Mint desktop continuously upgraded since version 16.something.
Slackware is a hobbyist's distro. Great to poke around with and learn on, but not one to use for serious work any more.
The reason it's going to die in a few years is that Patrick has always insisted on basically being a one-man show. He eschews a community, snaps at those who try and help, and insists on keeping Slackware as the SLS nostalgia distro it started as.
The same feature loss is happening on Android phones too. My Samsung Galaxy S5 has both MHL (HDMI) and an IR transmitter. I can both connect it to a TV and control the TV with it. Fantastic for traveling, especially being in the Navy. I can connect my phone with my movies to a TV in the mess, or in barracks rooms when attach posted to a different city, or just when at a friend's house.
In the S6 they dropped support for both, In the S6 they even dropped a MicroSD slot. Of course with that abortion that Android KitKat was where they took away normal user write privileges onto the sd card, the writing was on the wall that they were going to try that. That was an obvious ploy to go the Apple route and make you pay hundreds and hundreds extra.
So it's not just Apple that drops really nice features. Android phones are falling over themselves to drop features. In fact, I've noticed there is this life cycle for all goods. You have three stages. Phase 1 is the prototype, phase 2 is the feature phase, and then the phase 3 mass market stage. The prototype phase is where it's new technology, and still working out the bugs. The feature phase is where they throw every feature they can think of at it to encourage wide adoption and because they aren't really sure all the things people will want. Then you have the mass market phase, where they zoom in on the center of the bell curve and getting anything outside that basically requires getting an older model.
I love my phase 2 Galaxy S5. I'll keep it until the oLed degrades beyond recognition.
The destruction of Columbia was caused (as anyone actually reading the wikipedia entry you so thoughtfully linked will see) by reentry stress and super-heated plasma burning through a relatively small flaw in the heat shield. The cause of that damage was indeed foam, but trying to compare this to a drone strike on an aircraft traveling an order of magnitude slower and not experiencing reentry stress is just as much an exercise in sensationalism as the video currently in question is.
Also, it should be noted, since you place such an emphasis on the damaging item being foam (in a clear attempt to show that a seemingly dismissive substance can be extremely dangerous) that the kind of "foam" which caused the heat shield damage on Columbia was essentially the perfect item to cause the maximum damage. It was extremely strong foam, and very light. It's lower density meant that the air was able to decelerate it greatly causing a much higher velocity collision than something more dense would have, and its strength meant that it maintained cohesion long enough to cause damage.
And finally, your dismissive use of age and the assumption that the superior knowledge of someone older must surely validate your rather spurious comparison is a pretty great example, itself, of sophistry. Well done.
That's not an iconic example of sophistry at all.
Ok, first of all, libssh didn't make any representations about its software properly authenticating. No one makes those assurances, at least, not in any realistic sense. The only assurances you'll get for software is by forking out (usually large amounts) of money for someone who will say the words, in which case all it really means is they have no better idea than any other programmer that there aren't door-crasher bugs, they are just willing to cover the liability suits out of moneys earned charging people exorbitant fees to say there aren't any bugs.
There are never assurances software (or, as we learned recently) hardware is doing what it's supposed to do. Open source has a better chance, though, since it has more eyes on it. Open source software is still ahead of the game for security.
In the scheme of things, this issue is embarrassing for the maintainers, but not even a registerable blip on the radar as far as impact is concerned. A few thousand sites out of the billion or so are vulnerable.
If you are going to try and find an open source security bug to slander, next time pick one that's a little more meaningful.
No web site has been "slashdotted" in a very long time. It takes a large user base to accomplish that. Something that Slashdot hasn't boasted for a while now.
Part of the reason, ironically, is articles like this. This is hardly news worthy. The only reason for it is to go "neener neener", and that's not the kind of thing that attracts new blood.
Keep it up.
p.s. Youtube works just fine for me.
This is nothing to do with open source values or promotion of open source software. This is about monetizing software. They want to have all the benefits of open source software, including a community of free contributors, and to monetize their work. This is very similar to MySQL when they changed the license of the client libraries from LGPL to GPL and then complained that anything that acted as a client or interfaced with MySQL DB data had to either itself be open source or get a commercial license.
Software as a service, and using open source software integrated to provide a commercial service isn't new. Software as a service is far older in the server market that MongoDB applies to than it is in the home market. People have been able to pay for LAMP stacks nicely set up with glossy front ends and control panels for more than a decade, certainly long before MongoDB existed. The fact they are just now, once they have a successful open source product that has a certain amount of industry adoption, taking this step shows this is all about getting themselves money and not standing up for principles.
They are using a so-called open source license as a weapon and I hope they get spanked for it in the marketplace.
If he wants to elicit credibility, then I would have him give the page. No hours of examples required. Then it's trivial to see the edits he did and the discussions on why they were reverted.
Did your own experience include getting IP banned? I suspect your behaviour didn't descend into the equivalent of Wikipedia civil disobedience.
I've never had sourced quality content reverted without recourse. There is only your assertion that the content was valuable. If it was repeatedly reverted, and if it was sourced and relevant, then there is recourse where you can force a community vote on the dispute. If your IP was banned, then it was for violation of a Wikipedia rule. Sounds like you got into a reversion war with someone.
I am relatively happy with Wikipedia's model. It's not perfect, but it's good and it's effective enough to have lasted. It has scaled very well and has survived the age of rampant vandalism, special interest group abuse, and trolls. I have far more confidence that the Wikipedia system worked correctly in your case, than in your (ironically, unsourced and unverified) assertions.
NO! Emphatically no. Thinking that this was the right thing to do is akin to thinking it's nice when a bank robber, who after taking hostages and shooting one, then graciously allowing a doctor that happens to be among the hostages to treat someone that he shot.
Microsoft has put into place a draconian mandatory update scheme that attempts to take away from every user the ability to vet updates and choose which ones to apply. Not only that, but with every "upgrade" Microsoft attempts to block ways of disabling automatic updates. To the extent that there are now two different protected services and a whole host of task scheduler entries who's sole purpose is to ensure that if the windows update service is disabled, that it is re-enabled. They haven't made the Windows Update service protected. They are ok with you thinking that you can disable that one. It's the other "police" services that are protected.
This is exactly the kind of fiasco that vetting one's updates prevents. Problems like this, like the terrible premature patches for Spectre & Meltdown that bricked some computers, and left others lobotomized. Not to mention the host of problems every upgrade with Windows just updating silently in the night and people who use pre-boot authentication encryption systems or preboot raid drivers finding their computer can no longer boot into Windows.
Windows Update Blocker (WUB) in concert with Windows Update Mini Tool are essential tools for every computer right now. I highly recommend any user to educate themselves on how to prevent automatic windows updates and deploy a solution. And also a good sector-level disk image backup weekly or monthly to give yourself a fallback in case you find a bad update makes it through.
In this case it's a Canadian troll denying it. The idea that Russians care about American reactions to a movie in order to spur discord fails the sniff test on a few counts.
1) Americans are already tearing themselves apart quite handily on their own. The bi-party system is just fundamentally broken. What "your" party does is always ok, and what the other party does is demonized even when they are the same thing. The Republicans can block a democratic supreme court nominee by using control of the senate to block discussion on it, and for Republican supporters that is justified and the Democrats all cry fowl. The Democrats can demand an investigation into criminal allegations of a Republican nominee and the Republicans all cry fowl. If things continue like they are going, US elections will devolve into something like UK football match on a country-wide scale. There will be violence in the streets. At best.
2) The Last Jedi was patently awful all on its own, Russian trolls weren't needed. JJ Abrams' movies and their follow-ons have done what JJ Abrams' have always done throughout the Star Trek and Star Wars movies he's done, which is take all the old story lines, toss them in a blender, hit frappe, and pour out regurgitated Sci Fi shakes with sprinkles of new FX on top. They really are Star Wars for millennials.
Americans just take themselves waaayyyyy too seriously. Sure, a healthy ego is not necessarily a bad thing, but seriously.... listen to yourselves. "Russians are trolling our movie reviews in order to make us hate each other".
But this has always been the question. The question has never actually been why, out of the two, that the one we call matter won. If what we now call antimatter had won, then in that universe we would still have called that matter and its opposite antimatter. So "why did matter win" is how it's spoken of, but really no one has ever really cared why the winner was what we call "matter". The question has only ever been why was there an imbalance and "why did matter win" is just the way a lot of people articulate that question.
CP violation is a current favourite to explain this and is being investigated. I personally think antimatter falling "up" is so unlikely as to be a waste of money to look at. The quantum butterfly idea is actually quite true, I suspect. Where something like the already known CP violations set a process into motion that continued to favour one over the other.
Actually, the Republicans will love it and want to invest. After all, increased solar output is responsible for global warming, and that makes this a great investment.
I don't have any problem with Windows updates. I do have a problem when they are all mandatory. I don't even have a problem with Microsoft making Windows updates automatic by default. I have a significant problem with not being able to turn them off, and an even bigger problem when Microsoft makes significant efforts to force updates on those who have clearly disabled the automation.
I can't tell you how many problems I have circumvented by vetting each update that goes on my computer. Driver issues, mutually incompatible updates, DirectX problems, and most especially the large number of updates that don't play well with pre-boot authentication systems and/or pre-boot drivers required for RAID systems. Windows used to play very well with pre-boot drivers, but lately it has been getting worse and worse as Microsoft makes concerted efforts to not play nicely with systems like VeraCrypt. I also avoided the entire Windows 8 -> Windows 10 upgrade fiasco, where people were treated a series of increasingly invasive notices that they "can" upgrade, that progressed to "should" then "shall" and were essentially forced to, or where it happened silently at night and untold data was lost. Microsoft is still getting dinged for that little gem. Most recently it's been the incomplete, wrong, and competing updates to provide meltdown/spectre "patches". Poorly tested fixes which caused problems with hosts of drivers and caused performance issues for millions of people needlessly, since the early versions didn't actually fix the problem. I'm all for rapid deployment of a fix, but it should actually be a "fix" and should be tested. The meltdown/spectre fiasco has been a lesson on what not to do.
The thing is, no one can say "hey, don't apply KB123blahblah, it causes a freeze on computers with _______ hardware" any more, because normal people can't stop it. So instead of a dozen or a hundred computers getting bricked and having to restore from recovery partitions with the resulting loss of data, it's thousands with each bad patch.
So don't talk about this being Microsoft's "improved" security. It is not improved security. It is improved control.
And for anyone with the time and knowledge to do it properly, I still highly recommend taking control back of Windows update and making sure each patch that gets applied is well tested before using on your own computer.
I honestly don't understand the issue at all. While the automatic Windows updates were a big problem for me, a problem which resurfaced a few times, I have never had an issue with the app store. I do not even have a Microsoft app store login. My Windows 10 has never tried to automatically install any apps.
Since buying this laptop a year and a half ago, I've done two Windows upgrades on it. Both times Cortana, Edge, and a few other built-in bits that are hard to remove showed back up, requiring install_wim_tweak to remove. But no app store programs have ever appeared.
Windows Update, though, was a huge problem for me. Microsoft doesn't get free reign to put updates on my computer, I vet each one and apply them. Microsoft has been pushing hard, especially with its last two "upgrades" to prevent people from disabling automatic updates. And I mean they have gone to heroics. Two "protected" windows services which have no other real duty except to look out for if the Windows Update service is disabled and undisable it. Also a whole host of task scheduler settings are doing the same thing. For those wanting control of Windows Update back, I highly recommend Windows Update Blocker in concert with Windows Update Mini Tool. There are several forum threads that speak toward how to do this relatively easily.
I have to have a separate battery powered device because Apple can't be bothered to put a half cent jack on their phone? It's moronic.
This attack does not defeat full disk encryption. It allows access to your encryption keys if and only if the hard drive is already unlocked.
Saying this is a vulnerability is like saying that all safes have a vulnerability that when they are unlocked, anyone with physical access to it can get everything that's inside and, moreover, they can also with special equipment get access to the tumblers to determine what the combination was and even change it.
This is not a "simple" attack. It requires basically physically stealing the computer after it has been booted up and the encryption key password entered. So it's really a special case of rubber hose cryptography (threatening the person until they give up a password).
To protect yourself from this "vulnerability" you simply need to ensure that when you stop using the safe that you close it and lock it. Or, in other words, turn off your computer. Modern RAM will be degraded to the point where the key is unusable after about five seconds.
They originally came with an analog dongle as a transition. You don't assert control overnight. The first step is always to remove the technology they can't possibly control in favour of technologies they can control. But in that first step, you can't go all the way to "you will only use our equipment and nothing else", or else no one will adopt the new system. So, as I said, it's one half step at a time.
New phones don't come with an adapter any more. And it is completely Apple's discretion as to when and if adapters will even work. As far as bluetooth goes, that is also completely at their discretion. An update can cause your phone to cease to work with any bluetooth adapter at any time. They can selectively shut down support for a particular adapter, or even shut down all support for any adapter that isn't theirs. This was something that was originally intended for HDMI and SPDIF, the ability to have it so they would only output signals to "blessed" hardware that was guaranteed not to record. This was when they thought DVD and Blu-Ray encryption wouldn't get cracked and they didn't want people re-recording off the TV/Audio signal. Cracking disc encryption and then streaming overtook that vector and that fell to the wayside. This is just one step in that revival. Control the hardware you can hook it up to, control what you can do with your signal.
Apple's removal of the 1/8" headphone jack isn't about headphone jacks, nor is it about updating to new technology. It's about control and is just one small front in the war to erode the user controlling their own data. Headphone jacks are completely audio, analog, and offer no form of DRM. They are something Apple can't control once the signal is on the jack. You can do anything with it. Re-digitize it (this isn't the 80's where duping a cassette tape lead to rapid quality degradation), or pipe it to any device. The sound was yours once it got to that jack. Apple really doesn't like that, and they are basically tossing an invite to the entire industry to follow along and start down a more restrictive path. Follow us and you can get in on the action too. Erode what you can do with your audio one tiny tenth of a step at a time.
If anyone thinks that it's about device jack real estate, upgrading with the times, or innovation, they are hopelessly naive.
But it's not as if space is at a premium on Mars, though, is it? Far more useful than an efficient way of turning CO into glucose is an efficient way of turning CO into PE or polycarbonate. Once you can make the domes in situ, the rest is pretty darn easy.
I mean, sure, it's not quite as easy as that. You want to, at the same time, breed plants to operate at as high an altitude as possible and/or breed lichens to grow faster and/or produce more sugar. But overall, I think we'll find that adapting what works now is better and easier than trying to come up with whole new ways of doing things.
I get it now. It's ok for the US (or, in this case, the US president - I sort of hope he doesn't speak for your whole government) to threaten, that's you being big boys. Rawr! Go get 'em tigers! It's just not ok for, well, literally anyone else. That's belligerence, or felony behaviour.
Thank you, that was truly enlightening.