FIPS is not a joke - it ensures that that your cryptographic algorithms are implemented correctly and meet the standard. So you don't generate matching private/public keys or all 0 keys and other preventable but non-obvious to people outside of crypto mistakes. FIPS does not guarantee that you use these algorithms intelligently, there are other certifications that do that.
I assume they have cert-only authentication enabled, in such case this would be not unlike having management interface with 'admin/admin' facing the world.
Yes, clearly what John Matherly did was by far more harmful than idiotic design decisions that resulted in such unforgivable "barn doors open" security holes. Because if he didn't disclose this vulnerability, nobody else would have found it and everyone would still be perfectly safe.
Government already demands product certification (e.g. FIPS), it is time corporate and individual consumers started doing the same. We expect our power supplies to not electrocute us, there is a certification program to ensure that is the case, why is when it comes to data security we are so lax?
Why do you assume "thousands M1 tanks" would be available? Even for advanced space-faring species there would be some logistical constrains. They will have to bring "thousands M1 tanks" along with them across the stars. Much better question would be, could a couple modern tanks, some drones, a helicopter or two, and maybe a nuke win WWI against BOTH sides? Clear answer is no, not unless one of the sides decides to ally with the invaders.
Yes, but GPP did not specify "a production desktop platform". My point was that blanket "X OS is the most insecure" statements are largely pointless. With enough effort and expertise you could secure any OS, or you could exploit any OS, even when airgaped. With enough ignorance you could misconfigure even the most secure OS. The devil is in the details.
Exactly. I don't know how you could complain that modern cars are not reliable after regularly doing this and still having it drive every day for well over 120,000 miles.
For people not mechanically inclined - redlining engine in neutral is fundamentally bad idea. Engines designed to operate under load, when you do this unloaded you are causing all kinds of internal bearing damage. More so, automatic transmissions are not designed to be repeatedly shifted into Neutral-Drive at highway speeds. When you shift back into Drive, the resulting torques will damage clutch disks, eventually resulting is slipping gears. Additionally, cars equipped with automatic transmissions are not generally equipped with flex disks, so the resulting shock of a N-D shift at speed will also put wear and tear on your differential, drive shaft (if RWD), CV joints and wheel bearings. Not unlike dropping clutch while high-revving with a manual car. Only you don't have flex disks absorbing most of the impact.
I ignored it as I knew from past experience, that this car had no major problems.
I am with you, the other day I was patching mission-critical server when I noticed SMART errors. I ignored it, as I know from past experiences that this server had no major problems.
At some point, at above 90% load the server started random kernel panics. Any lower load than that would be without any problems. I decided to have sysadmin check it out. He wanted $480 for a new hard disk. Without fixing, this "server would permanently lose data one day" he said.
Well, stubborn as I am, I ignored his advice. I added couple months on it without any problems at all. When it kernel panics, I would just reboot it...At one time, I thought my reset button may be dirty - it wasn't.
People like you is why I don't buy used cars. It is unsafe to ignore check engine light, if you don't trust the dealer, then get cheap OBDII reader and scan error codes yourself.
What you describe is unpleasant, but unlikely to have broad negative impact. Sure, you will hear about it on the new now and then.
What is more dangerous, is that with two way communication car makers will be able to implement DRM schemes. So no more aftermarket alternator for you, shell out for $1000 for a new part that will have to get authorized form headquarters.
This, as many other recent regrettable episodes, is a manifestation of misandry epidemic symptomatic of entrenched matriarchy unwilling to check its privilege. Propagating harmful learned gender stereotypes (boys don’t count) results in a society where disenfranchised young men are disempowered and prevented from reaching fulfillment and happiness.
If this works really well, then war and/or genocide will be the only way to keep population down. The alternative to death from the old age is much more uglier.
US politics, thanks to judicial rule-writing, is forever tainted with money. "Regular citizens" have absolutely no chance to get elected, unless they sell-out in exchange for campaign contributions.
If Jesus Christ returned and was running for congress today, we would probably see attack adds smearing his family, alleging connections to Romans, and questioning the time he spent on the cross.
You don't need a tachometer for standard gearbox, most of the drivers will shift by sound or speed and will never look at the tachometer.
Had a friend who drove a manual car without tachometer. Ford-something. It had "shift up" dash light that would come up above 4000ish rpms. Was only weird the first time you drove it.
Slashdot Mirror
FIPS is not a joke - it ensures that that your cryptographic algorithms are implemented correctly and meet the standard. So you don't generate matching private/public keys or all 0 keys and other preventable but non-obvious to people outside of crypto mistakes. FIPS does not guarantee that you use these algorithms intelligently, there are other certifications that do that.
I assume they have cert-only authentication enabled, in such case this would be not unlike having management interface with 'admin/admin' facing the world.
Yes, clearly what John Matherly did was by far more harmful than idiotic design decisions that resulted in such unforgivable "barn doors open" security holes. Because if he didn't disclose this vulnerability, nobody else would have found it and everyone would still be perfectly safe.
/sarcasm
Government already demands product certification (e.g. FIPS), it is time corporate and individual consumers started doing the same. We expect our power supplies to not electrocute us, there is a certification program to ensure that is the case, why is when it comes to data security we are so lax?
Why do you assume "thousands M1 tanks" would be available? Even for advanced space-faring species there would be some logistical constrains. They will have to bring "thousands M1 tanks" along with them across the stars. Much better question would be, could a couple modern tanks, some drones, a helicopter or two, and maybe a nuke win WWI against BOTH sides? Clear answer is no, not unless one of the sides decides to ally with the invaders.
Very soon we will completely cure AIDS and Cancer in monkeys.
When Internet revolution arrives, they will be first up against the wall.
Yes, but GPP did not specify "a production desktop platform". My point was that blanket "X OS is the most insecure" statements are largely pointless. With enough effort and expertise you could secure any OS, or you could exploit any OS, even when airgaped. With enough ignorance you could misconfigure even the most secure OS. The devil is in the details.
Please, the most insecure OS in the world is Linux (Damn Vulnerable Linux)
Thank you good sir, this is how I know I succeeded at sarcasm.
Why all this garbage? What we want is General Computing Device that we can configure and fully control. The rest will come.
So sooner phone manufacturers get out of software business, sooner we will get over walled garden's walls.
Exactly. I don't know how you could complain that modern cars are not reliable after regularly doing this and still having it drive every day for well over 120,000 miles.
For people not mechanically inclined - redlining engine in neutral is fundamentally bad idea. Engines designed to operate under load, when you do this unloaded you are causing all kinds of internal bearing damage. More so, automatic transmissions are not designed to be repeatedly shifted into Neutral-Drive at highway speeds. When you shift back into Drive, the resulting torques will damage clutch disks, eventually resulting is slipping gears. Additionally, cars equipped with automatic transmissions are not generally equipped with flex disks, so the resulting shock of a N-D shift at speed will also put wear and tear on your differential, drive shaft (if RWD), CV joints and wheel bearings. Not unlike dropping clutch while high-revving with a manual car. Only you don't have flex disks absorbing most of the impact.
I am with you, the other day I was patching mission-critical server when I noticed SMART errors. I ignored it, as I know from past experiences that this server had no major problems.
At some point, at above 90% load the server started random kernel panics. Any lower load than that would be without any problems. I decided to have sysadmin check it out. He wanted $480 for a new hard disk. Without fixing, this "server would permanently lose data one day" he said.
Well, stubborn as I am, I ignored his advice. I added couple months on it without any problems at all. When it kernel panics, I would just reboot it...At one time, I thought my reset button may be dirty - it wasn't.
People like you is why I don't buy used cars. It is unsafe to ignore check engine light, if you don't trust the dealer, then get cheap OBDII reader and scan error codes yourself.
If BG was a bit more realistic, all other ships would have been parked in orbit and used to send out spam.
What you describe is unpleasant, but unlikely to have broad negative impact. Sure, you will hear about it on the new now and then.
What is more dangerous, is that with two way communication car makers will be able to implement DRM schemes. So no more aftermarket alternator for you, shell out for $1000 for a new part that will have to get authorized form headquarters.
This, as many other recent regrettable episodes, is a manifestation of misandry epidemic symptomatic of entrenched matriarchy unwilling to check its privilege. Propagating harmful learned gender stereotypes (boys don’t count) results in a society where disenfranchised young men are disempowered and prevented from reaching fulfillment and happiness.
If this works really well, then war and/or genocide will be the only way to keep population down. The alternative to death from the old age is much more uglier.
..what is this, I don't even.
I made a lowbrow joke, deal with it people. (or not, as indicated by most responses)
Now I understand why most UIs are so awful, they must have been coded by blind programmer on the team.
No additional development is required, just reuse the code that was written for NSA backdoors.
Valve sale on Greece debt! 75% off! Limited time only, until insolvency supplies last.
We will always have car analogies.
US politics, thanks to judicial rule-writing, is forever tainted with money. "Regular citizens" have absolutely no chance to get elected, unless they sell-out in exchange for campaign contributions.
If Jesus Christ returned and was running for congress today, we would probably see attack adds smearing his family, alleging connections to Romans, and questioning the time he spent on the cross.
You don't need a tachometer for standard gearbox, most of the drivers will shift by sound or speed and will never look at the tachometer.
Had a friend who drove a manual car without tachometer. Ford-something. It had "shift up" dash light that would come up above 4000ish rpms. Was only weird the first time you drove it.