Then 54% are ignorant about the operations of a modern commercial airliner.
I suppose the other 46% of airline passengers are aerospace engineers? Who knows anything about technical operation of commercial airliners?
The onboard computer systems already control the mechanical operation of the flaps, the rudder, ailerons, the stabalizers, the landing gear, the ventilation, hell, pretty much everything. A pilot's primary responsibility is managing and executing the decision-making. Yes, they can take manual control, but why, when the computer is much faster, more accurate, and more efficient?
Full automation has a very long tail. It's on a relative basis easy to get it right most of the time. The challenge is getting it right all the time. Few have the requisite knowledge and experience to even reason about what that might entail.
The maintainer explicitly acknowledges that a rollback may be necessary. But by making this change now, about two years before release, it will allow everyone to start thinking about what can break.
There is no reason to change it now or anytime in the foreseeable future. TLS 1.0 aint broke.
Having it compiled-in is a hard cutoff. One step back would be to have older stuff compiled in, but not negotiated by default--having the application asking the API for support explicitly. One step back from that would be not negotiating TLS 1.0 by default, but allowing 1.1.
As it stands currently it is extraordinarily difficult for applications to select the TLS version they want to use. Choosing to disable TLS 1 requires the following insanely complicated operation:
SSL_CTX_set_options(ctx,SSL_OP_NO_TLSv1);
Someone has to lead the charge though and this gives everyone a decent amount of notice.
Nobody has to lead anything. It's a choice which literally provides no benefit to anyone.
Aside from unnecessary compatibility headaches removal of versions and cipher suites for political rather than real world technical cause means they are no longer available to be selected with haste as backups should implementation or specification bugs be discovered in the future.
As someone who had to deal with all the bullshit of PCI Compliance, let me just tell ya. This is an absolute MUST. The current PCI spec strictly states that only TLS 1.2 is supported due to insecurities found in 1.0/1.1. Granted, the PCI group is also overly cautious, but it is good to see more and more software force this spec to make PCI compliance easier. Simply having 1.0/1.1 enabled on anything public facing will fail an audit.
There is nothing wrong with TLS 1.0 that would lead to any real world threats vs 1.2. Forcing people to do something without even bothering to present a rational justification is poor policy and poor governance.
There have been numerous actual exploitable threats created with the introduction of new features in TLS stacks.
Years ago, in mostly adoring interviews with Vint Cerf and Bob Metcalfe about security, I asked each of them how they screwed up so badly on security.
They didn't. Jonathan Postel screwed up when he wrote RFC 821.
By early 90's inaction to correct this was no longer Jon's fault. Today given 35 years of time having elapsed on a network with billions of users inaction is a "sin" anyone who can write a program that compiles is now on the hook for.
They both didn't think that mattered quite as much as I do. Thus, I feel that the lack of security design is the Original Sin of the Internet.
It really doesn't matter.
Most operators don't route packets over random anonymous physical links they know nothing about nor do they partake in BGP sessions in a similarly unqualified and unfiltered manner. Operators are not perfect. They can be influenced by error, indifference, poor judgment, saboteurs and governments just the same. A certain amount of trust and competence among operator community enables the Internet to function at all (e.g. Reasonably successful chance of global delivery of packets from peer A to peer B). It just isn't expressed in any field of any IP layer protocol header nor is it enabled by fancy algorithms. Security is enforced physically by professional relationships and aligned business interests.
I don't see that happening any time soon, what with IoT DDoS bots, increasingly massive data hacks and so on.
Blaming the Internet itself for these things is like blaming baseball bat manufacturers whenever someone decides to wield them as bludgeons.
My thought is that the Facebook CSO is wrong, in that end-to-end security requires eternal vigilance at all levels of the stack and through the system.
The point of end-end security is minimization of what is required to be in the trusted path and still have a system remain trustworthy. Trusting operators with unaligned interests is nonsensical. Attempting to secure everything means your wasting massive amounts of resources that can be better focused on shit that actually matters increasing likelihood of mission failure.
On global scale there is simply no viable alternative to E2E nor is there a substitute for tools to practically enable users to create and manage their own trust relationships amongst themselves "for better or worse".
Apparently 18 U.S.C. 2512 amounts to a noun a verb and...
" manufactures, assembles, possesses, or sells any electronic, mechanical, or other device, knowing or having reason to know that the design of such device renders it primarily useful for the purpose of the surreptitious interception of wire, oral, or electronic communications, and that such device or any component thereof has been or will be sent through the mail or transported in interstate or foreign commerce; or "
Sure would love to know what "primarily useful" is supposed to mean.
Please. Tell us the scientifically proven health advantages of food which has been classified "organic" over food which has not been classified "organic".
It leaves consumers with less money to buy more food than they need.
Better question: Will any generation not insist their children are going to inevitable ruin for the technology they adopt?
Why is this a better question? What's the point of perusing non-falsifiable statements? Wouldn't it be better to ignore the "happens to every generation" noise and stick to merit based arguments for or against a position.
It may be easy to assert I see pattern x therefore I'll just assume it always holds... but if your going to do that at least admit that's what your doing.
Non-falsifiable statements such as "happens to every generation" convey no useful information.
Modern phones objectively allow folks to do things on the go, that they haven't ever been able to do before. Folks are still learning what NOT to do, but for the most part, they're safe, and much less dangerous than other similar disruptive technologies.
What information presented in the article do you specifically disagree with?
People have complaining about the youth having something wrong with them since before the trial of Socrates. There's always something to blame, be it a philosopher, books, video games, or smartphones.
I have been complaining about people constructing statements which cannot be falsified today as I have in previous lives since the middle ages.
Yawn. Used to be videogames. Before that it was TV. Before that it was miscegenation. There's always some old crank with too much time on his hands willing to grab onto whatever is shiny and proclaim it as evil.
If the title was a generation addicted to hunting old people with machetes would the above response be any more or less applicable?
It is not possible to erode states legitimacy by outlawing something tens of millions are willing to do anyway regardless of legality without society paying a heavy price in return.
Any politician concerned enough about enslaved and exploited people would seek to legalize and regulate prostitution rather than hopelessly whacking away at obvious predictable outcomes of a harmful policy.
The Internet is almost perfect. Restoring the Internet to a network of PEERS would make it perfect. Currently most credible path forward is continued deployment of IPv6.
Remainder of authors concerns can be fully addressed by a robust implementation of RFC3514.
Point being that large companies are actually capable of not violating anti-trust laws
I suppose after capturing lawmakers and regulators this could be a true statement.
there's nothing inherently wrong with being enormous conglomerates until they actually start violating the law.
It's not really about the law as it is but rather promoting structures that reinforce good behavior rather than betting against reality while incentivizing bad behavior. When you fail to do this you inevitably end up with Ajit Pai heading FCC, Scott Pruit at EPA and consumers with bills for telecom services that are multiples of what they cost in other countries with comparable standards of living.
The primary point of anti-trust laws is not to break up companies, but seek remedies against companies when they violate the laws
I agree they simply need to be enforced, and like any effective deterrent, they need to be enforced swiftly and with commensurate punishments.
This is a fools errand. It is not reasonable to expect government to prevent monopolies and massive corporations from "unfairly" leveraging their market positions. Regulators will either be captured or companies will find ways side step restrictions with same or similar outcomes.
What's the problem with wealth accumulation? Other than petty jealousy?
Currently in the US trillions of dollars of value are being "hoarded" and simply made to sit idle. Trillions more are being parked outside the US for tax purposes.
Think of a country where everyone owns a money vacuum. Those with more wealth have better vacuums able to more efficiently suck up cash. Those with less wealth can't suck up as much.
In a world where what is sucked up is spent there is always money in the system even for those with less efficient vacuums because those with more efficient suckers also happen to be blowing money out at the same rate there is a useful gradient allowing even the poorest of suckers to get ahead.
In a world where what is sucked up is disproportionately hoarded by the rich each cycle of sucking and blowing means less and less is available to be sucked by those will less efficient suckers... people who themselves have less or no choice but to blow at the same rate as they suck simply to continue to exist.
This is a gross oversimplification. The real world is much more complex, importantly more value is created with each cycle yet underlying dynamics are still applicable.
Being rich isn't a problem. Being rich while failing to spend your riches on consumption and or useful "means of production" is hurting everyone who isn't rich.
What matters is the average quality of life and whether or not the average person is content.
There are about 15 million food insecure households in this country.
Hey, at least someone here acknowledges the actual market leader in speech technology: Nuance.
TVs, the first generation of Siri (you know, of Apple that they mention here), most car systems ( BMW, Audi, Jaguar, Mercedes, Porsche, Volkswagen, Fiat, Peugeot, Citroen, Ford,...), call centers
Holy shit, my shill meter has gone to plaid.
The only point I was making is Nuance is a terrible company. They either bought out or sued their competition to the point where there is no longer a functioning market leaving Nuance as a defacto monopoly. My remarks were never intended to assign praise or acknowledge the "greatness" of Nuance.
I strongly believe the world would be in a much better place in terms of current commercially available voice recognition capabilities had Nuance never existed.
Who said anything about offline?! You mean like i.e. their Wifi-location-base that you are free to contibute, but can only so single queries.... Mozilla is no better then the rest of the Data-Vampires, they just don't pay taxes...
Nobody, there is zilch on Mozilla voice recognizer itself and an open question how it will work. The only bit of hope this would be available was inferred from their site:
"People donate their voices to a massive database that will let anyone quickly and easily train voice-enabled apps. All voice data will be available to developers."
Welcome to 2017! You must be from the past. Turn on airplane mode on your Android device and try voice recognition. Notice how it still works!!!
Running Google play services is simply not an option. There are literally no third party offline voice recognition apps available for Android without literally compiling your own from an open source library.
Offline voice recognition has been here for quite some time actually.
I used offline recognition on my old blackberry and windows mobile smartphone. It worked good enough for little I wanted it for (offline voice dialing and screwing with playlists)
Today I find myself missing capabilities existing in devices I owned over a dozen years ago on devices 30x less capable than my current mobile.
Now has anyone tried to hack Google's voice models out of Android?
Google's TTS is quite nice, not locked down in any way and uses standard Android interface.
Thanks to Nuance voice recognition industry is effectively dead. If Mozilla can make this work in offline mode it would be awesome. Not requiring your every word to be recorded shipped off to third parties would be very useful.
I ended up converting last year and it is actually a better deal all around. If you work in the business world you inevitably have to deal with MS Word documents and MS Excel spreadsheets and MS Powerpoint sludge.
No it isn't. It's just stupid. You can buy Office 2010 on ebay for what... $60 and own it forever. This is substantially less than one year rental cost of Office 365.
What of any meaningful value does Office 2010 not do that your 365 subscription can?
Although it is an annual rent which is going to turn off a lot of people I now consider it a regular business related sense such as dry cleaning or a commute-capable car or for that matter taxes on income. If you want to be a grown up there are things you have to pay for.
If you want to be a grown up you have to be able to do basic math. Paying more over time isn't smart or intelligent. It doesn't make you a grown up. It doesn't improve cash flow. It is simply throwing money away for no reason.
The same basic advice has been peddled and widely ignored by end users who know better across all major mobile platforms. The reality is this is only true for apps don't take advantage of facilities to sidestep background execution restrictions.
Many app intentionally seek to run continuously in the background to enable persistent stalking and download ads as these activities yield profits for app vendors. It should go without saying facilities exist across all major platforms to accommodate.
What I think Microsoft should do is continuously ping a master list of hardware. The second any hardware is no longer supported by the manufacturer Windows should bluescreen or greenscreen or whatever color it is these days with stop error DEVICE_TREADMILL_VIOLATION.
After all if the vendor doesn't support something.. it may not work right or may not be secure or similar specious drivel so crashing is the safest most responsible course of action.
Forget the fact most of the things myself and everyone I know own are long since out of warranty and no longer produced or supported by the original manufacturer in any way.
At this point anything Microsoft can do to hasten the inevitable rise of not Windows should be encouraged. Only takes a few percent of overall market share to sustain and reinforce alternatives.
He's suggesting that when you refactor a critical piece of C code - in other words you're already going to change it
How does this actually work in practice? Are people really going to tolerate random portions of code written in different languages? How do you manage and debug that? This thing here jumps into that other language and then back out... and back again... For many projects such advice would seem as a practical matter to devolve into rewrite it all or don't do it at all.
in other words you're already going to change it and potentially add brand new C/C++ security issues - you instead use a language with some form of god damn formal verification and some fucking way of validating that you're not opening a new exploitable vulnerability that will bring down half the damn internet.
General purpose language selection is mostly irrelevant syntactic noise.
All Rust does is impose constraints... not even that noting it still allows access to "unsafe" operations. Nothing prevents imposition of the very same constraints in C/C++ with very same result as "rewriting in rust". It's all a syntactic shell game.
People who care about buffer overflow vulnerabilities will spend their time improving analysis algorithms, allow developers to enable enforcement of voluntary constraints and correct deficiencies in poorly designed base libraries. Tree huggers go around telling people to write shit in different languages in order to solve a specific problem.
Slashdot Mirror
Then 54% are ignorant about the operations of a modern commercial airliner.
I suppose the other 46% of airline passengers are aerospace engineers? Who knows anything about technical operation of commercial airliners?
The onboard computer systems already control the mechanical operation of the flaps, the rudder, ailerons, the stabalizers, the landing gear, the ventilation, hell, pretty much everything. A pilot's primary responsibility is managing and executing the decision-making. Yes, they can take manual control, but why, when the computer is much faster, more accurate, and more efficient?
Full automation has a very long tail. It's on a relative basis easy to get it right most of the time. The challenge is getting it right all the time. Few have the requisite knowledge and experience to even reason about what that might entail.
The maintainer explicitly acknowledges that a rollback may be necessary. But by making this change now, about two years before release, it will allow everyone to start thinking about what can break.
There is no reason to change it now or anytime in the foreseeable future. TLS 1.0 aint broke.
Having it compiled-in is a hard cutoff. One step back would be to have older stuff compiled in, but not negotiated by default--having the application asking the API for support explicitly. One step back from that would be not negotiating TLS 1.0 by default, but allowing 1.1.
As it stands currently it is extraordinarily difficult for applications to select the TLS version they want to use. Choosing to disable TLS 1 requires the following insanely complicated operation:
SSL_CTX_set_options(ctx,SSL_OP_NO_TLSv1);
Someone has to lead the charge though and this gives everyone a decent amount of notice.
Nobody has to lead anything. It's a choice which literally provides no benefit to anyone.
Aside from unnecessary compatibility headaches removal of versions and cipher suites for political rather than real world technical cause means they are no longer available to be selected with haste as backups should implementation or specification bugs be discovered in the future.
It is deliberately removing broken things.
TLS 1.0 is not broken.
As someone who had to deal with all the bullshit of PCI Compliance, let me just tell ya. This is an absolute MUST. The current PCI spec strictly states that only TLS 1.2 is supported due to insecurities found in 1.0/1.1. Granted, the PCI group is also overly cautious, but it is good to see more and more software force this spec to make PCI compliance easier. Simply having 1.0/1.1 enabled on anything public facing will fail an audit.
There is nothing wrong with TLS 1.0 that would lead to any real world threats vs 1.2. Forcing people to do something without even bothering to present a rational justification is poor policy and poor governance.
There have been numerous actual exploitable threats created with the introduction of new features in TLS stacks.
Years ago, in mostly adoring interviews with Vint Cerf and Bob Metcalfe about security, I asked each of them how they screwed up so badly on security.
They didn't. Jonathan Postel screwed up when he wrote RFC 821.
By early 90's inaction to correct this was no longer Jon's fault. Today given 35 years of time having elapsed on a network with billions of users inaction is a "sin" anyone who can write a program that compiles is now on the hook for.
They both didn't think that mattered quite as much as I do. Thus, I feel that the lack of security design is the Original Sin of the Internet.
It really doesn't matter.
Most operators don't route packets over random anonymous physical links they know nothing about nor do they partake in BGP sessions in a similarly unqualified and unfiltered manner. Operators are not perfect. They can be influenced by error, indifference, poor judgment, saboteurs and governments just the same. A certain amount of trust and competence among operator community enables the Internet to function at all (e.g. Reasonably successful chance of global delivery of packets from peer A to peer B). It just isn't expressed in any field of any IP layer protocol header nor is it enabled by fancy algorithms. Security is enforced physically by professional relationships and aligned business interests.
I don't see that happening any time soon, what with IoT DDoS bots, increasingly massive data hacks and so on.
Blaming the Internet itself for these things is like blaming baseball bat manufacturers whenever someone decides to wield them as bludgeons.
My thought is that the Facebook CSO is wrong, in that end-to-end security requires eternal vigilance at all levels of the stack and through the system.
The point of end-end security is minimization of what is required to be in the trusted path and still have a system remain trustworthy. Trusting operators with unaligned interests is nonsensical. Attempting to secure everything means your wasting massive amounts of resources that can be better focused on shit that actually matters increasing likelihood of mission failure.
On global scale there is simply no viable alternative to E2E nor is there a substitute for tools to practically enable users to create and manage their own trust relationships amongst themselves "for better or worse".
Apparently 18 U.S.C. 2512 amounts to a noun a verb and...
" manufactures, assembles, possesses, or sells any electronic, mechanical, or other device, knowing or having reason to know that the design of such device renders it primarily useful for the purpose of the surreptitious interception of wire, oral, or electronic communications, and that such device or any component thereof has been or will be sent through the mail or transported in interstate or foreign commerce; or "
Sure would love to know what "primarily useful" is supposed to mean.
Please. Tell us the scientifically proven health advantages of food which has been classified "organic" over food which has not been classified "organic".
It leaves consumers with less money to buy more food than they need.
Except nobody has ever died from glyphosate.
This is an untestable claim.
The company tries to kill negative press about "glyphosate causing cancer" because it's bullshit that has been debunked again and again.
Ends don't justify means.
Those that cling to "glyphosate causes cancer" and "Monsatan is the devil"
They are the devil.
Sure, Monsanto is a business and they want to protect their image
That train left station many many years ago.
We all were probably right. Smoking doesn't cause cancer; it increases the risk of cancer.
Translation: It sometimes causes cancer.
Better question: Will any generation not insist their children are going to inevitable ruin for the technology they adopt?
Why is this a better question? What's the point of perusing non-falsifiable statements? Wouldn't it be better to ignore the "happens to every generation" noise and stick to merit based arguments for or against a position.
It may be easy to assert I see pattern x therefore I'll just assume it always holds... but if your going to do that at least admit that's what your doing.
Non-falsifiable statements such as "happens to every generation" convey no useful information.
Modern phones objectively allow folks to do things on the go, that they haven't ever been able to do before. Folks are still learning what NOT to do, but for the most part, they're safe, and much less dangerous than other similar disruptive technologies.
What information presented in the article do you specifically disagree with?
People have complaining about the youth having something wrong with them since before the trial of Socrates. There's always something to blame, be it a philosopher, books, video games, or smartphones.
I have been complaining about people constructing statements which cannot be falsified today as I have in previous lives since the middle ages.
Yawn. Used to be videogames. Before that it was TV. Before that it was miscegenation. There's always some old crank with too much time on his hands willing to grab onto whatever is shiny and proclaim it as evil.
If the title was a generation addicted to hunting old people with machetes would the above response be any more or less applicable?
It is not possible to erode states legitimacy by outlawing something tens of millions are willing to do anyway regardless of legality without society paying a heavy price in return.
Any politician concerned enough about enslaved and exploited people would seek to legalize and regulate prostitution rather than hopelessly whacking away at obvious predictable outcomes of a harmful policy.
Hire someone to get rid of people (Priebus, Spicer) and then fire them. Seen it done twice at companies I've worked previously.
The Internet is almost perfect. Restoring the Internet to a network of PEERS would make it perfect. Currently most credible path forward is continued deployment of IPv6.
Remainder of authors concerns can be fully addressed by a robust implementation of RFC3514.
Point being that large companies are actually capable of not violating anti-trust laws
I suppose after capturing lawmakers and regulators this could be a true statement.
there's nothing inherently wrong with being enormous conglomerates until they actually start violating the law.
It's not really about the law as it is but rather promoting structures that reinforce good behavior rather than betting against reality while incentivizing bad behavior. When you fail to do this you inevitably end up with Ajit Pai heading FCC, Scott Pruit at EPA and consumers with bills for telecom services that are multiples of what they cost in other countries with comparable standards of living.
The primary point of anti-trust laws is not to break up companies, but seek remedies against companies when they violate the laws
I agree they simply need to be enforced, and like any effective deterrent, they need to be enforced swiftly and with commensurate punishments.
This is a fools errand. It is not reasonable to expect government to prevent monopolies and massive corporations from "unfairly" leveraging their market positions. Regulators will either be captured or companies will find ways side step restrictions with same or similar outcomes.
What's the problem with wealth accumulation? Other than petty jealousy?
Currently in the US trillions of dollars of value are being "hoarded" and simply made to sit idle. Trillions more are being parked outside the US for tax purposes.
Think of a country where everyone owns a money vacuum. Those with more wealth have better vacuums able to more efficiently suck up cash. Those with less wealth can't suck up as much.
In a world where what is sucked up is spent there is always money in the system even for those with less efficient vacuums because those with more efficient suckers also happen to be blowing money out at the same rate there is a useful gradient allowing even the poorest of suckers to get ahead.
In a world where what is sucked up is disproportionately hoarded by the rich each cycle of sucking and blowing means less and less is available to be sucked by those will less efficient suckers... people who themselves have less or no choice but to blow at the same rate as they suck simply to continue to exist.
This is a gross oversimplification. The real world is much more complex, importantly more value is created with each cycle yet underlying dynamics are still applicable.
Being rich isn't a problem. Being rich while failing to spend your riches on consumption and or useful "means of production" is hurting everyone who isn't rich.
What matters is the average quality of life and whether or not the average person is content.
There are about 15 million food insecure households in this country.
Hey, at least someone here acknowledges the actual market leader in speech technology: Nuance.
TVs, the first generation of Siri (you know, of Apple that they mention here), most car systems ( BMW, Audi, Jaguar, Mercedes, Porsche, Volkswagen, Fiat, Peugeot, Citroen, Ford, ...), call centers
Holy shit, my shill meter has gone to plaid.
The only point I was making is Nuance is a terrible company. They either bought out or sued their competition to the point where there is no longer a functioning market leaving Nuance as a defacto monopoly. My remarks were never intended to assign praise or acknowledge the "greatness" of Nuance.
I strongly believe the world would be in a much better place in terms of current commercially available voice recognition capabilities had Nuance never existed.
Who said anything about offline?! You mean like i.e. their Wifi-location-base that you are free to contibute, but can only so single queries.... Mozilla is no better then the rest of the Data-Vampires, they just don't pay taxes...
Nobody, there is zilch on Mozilla voice recognizer itself and an open question how it will work. The only bit of hope this would be available was inferred from their site:
"People donate their voices to a massive database that will let anyone quickly and easily train voice-enabled apps. All voice data will be available to developers."
Welcome to 2017! You must be from the past. Turn on airplane mode on your Android device and try voice recognition. Notice how it still works!!!
Running Google play services is simply not an option. There are literally no third party offline voice recognition apps available for Android without literally compiling your own from an open source library.
Offline voice recognition has been here for quite some time actually.
I used offline recognition on my old blackberry and windows mobile smartphone. It worked good enough for little I wanted it for (offline voice dialing and screwing with playlists)
Today I find myself missing capabilities existing in devices I owned over a dozen years ago on devices 30x less capable than my current mobile.
Now has anyone tried to hack Google's voice models out of Android?
Google's TTS is quite nice, not locked down in any way and uses standard Android interface.
Thanks to Nuance voice recognition industry is effectively dead. If Mozilla can make this work in offline mode it would be awesome. Not requiring your every word to be recorded shipped off to third parties would be very useful.
I ended up converting last year and it is actually a better deal all around. If you work in the business world you inevitably have to deal with MS Word documents and MS Excel spreadsheets and MS Powerpoint sludge.
No it isn't. It's just stupid. You can buy Office 2010 on ebay for what... $60 and own it forever. This is substantially less than one year rental cost of Office 365.
What of any meaningful value does Office 2010 not do that your 365 subscription can?
Although it is an annual rent which is going to turn off a lot of people I now consider it a regular business related sense such as dry cleaning or a commute-capable car or for that matter taxes on income. If you want to be a grown up there are things you have to pay for.
If you want to be a grown up you have to be able to do basic math. Paying more over time isn't smart or intelligent. It doesn't make you a grown up. It doesn't improve cash flow. It is simply throwing money away for no reason.
The same basic advice has been peddled and widely ignored by end users who know better across all major mobile platforms. The reality is this is only true for apps don't take advantage of facilities to sidestep background execution restrictions.
Many app intentionally seek to run continuously in the background to enable persistent stalking and download ads as these activities yield profits for app vendors. It should go without saying facilities exist across all major platforms to accommodate.
https://developer.apple.com/li...
What I think Microsoft should do is continuously ping a master list of hardware. The second any hardware is no longer supported by the manufacturer Windows should bluescreen or greenscreen or whatever color it is these days with stop error DEVICE_TREADMILL_VIOLATION.
After all if the vendor doesn't support something.. it may not work right or may not be secure or similar specious drivel so crashing is the safest most responsible course of action.
Forget the fact most of the things myself and everyone I know own are long since out of warranty and no longer produced or supported by the original manufacturer in any way.
Forget the fact Microsoft pretends to care about protecting the environment: https://www.microsoft.com/en-u...
At this point anything Microsoft can do to hasten the inevitable rise of not Windows should be encouraged. Only takes a few percent of overall market share to sustain and reinforce alternatives.
He's suggesting that when you refactor a critical piece of C code - in other words you're already going to change it
How does this actually work in practice? Are people really going to tolerate random portions of code written in different languages? How do you manage and debug that? This thing here jumps into that other language and then back out... and back again... For many projects such advice would seem as a practical matter to devolve into rewrite it all or don't do it at all.
in other words you're already going to change it and potentially add brand new C/C++ security issues - you instead use a language with some form of god damn formal verification and some fucking way of validating that you're not opening a new exploitable vulnerability that will bring down half the damn internet.
General purpose language selection is mostly irrelevant syntactic noise.
All Rust does is impose constraints... not even that noting it still allows access to "unsafe" operations. Nothing prevents imposition of the very same constraints in C/C++ with very same result as "rewriting in rust". It's all a syntactic shell game.
People who care about buffer overflow vulnerabilities will spend their time improving analysis algorithms, allow developers to enable enforcement of voluntary constraints and correct deficiencies in poorly designed base libraries. Tree huggers go around telling people to write shit in different languages in order to solve a specific problem.