91 posts • joined 20 Oct 2007
Software that takes outside data is open to attacks. Software that uses other software in it's operations extends it's own attack surface. Repeat that cause that's what a plugin is. Anything non trivial?
No cookies to El Reg to have failed to notice "can only happen if you use uncommonly huge buffer sizes where you have to decompress more than 16 MiB (> 2^24 bytes) untrusted compressed bytes within a single function call" which kinda makes it obvious why a video app was chosen as target.
And some apps/distros didn't update in 11 days against a problem that might likely affect 0.00000001% of their users. How sloppy.
From reading up on it, seems "someone" got pissed that they got dismissed on the grounds of "not life or death" so decided to get his 15m by showcasing the potential while omitting the likelihood.
Re: "Encrypted" PSTN calls?
Quite right. Only can be given serious thought when the encrypt/decrypt part is made at the mobile/handset.
Quite an opportunity for any kit maker that decides to do cheap gear that fills that void... How hard can it be for them to do it...
Re: Today's Pro Tip
Not cold, just a sad side effect of keeping the activities she engaged in a criminal act. In (more civilized) countries that decriminalized both, she might have called for help and the poor sod might be alive.
As is, she just had to weight potential manslaughter + more vs certain conviction on prostitution and drug charges. Loss-loss anyway you look at it so taking uncertain vs certain becomes the rational choice when this version of fight-flight takes place.
Pretty much illustrates that, once more, the "war on x" only hurts people and helps no one. Well, might help the guys making billions out of dealing drugs, and maybe that's why it keeps being illegal...
One would think we'd remember how Prohibition only helped THE MOB and how the end of the world didn't come to pass when it was repealed...
This stops if it's made into law that if given software A wants to install a given software B on which software A is not directly dependent, the opt out option is made to be the default one and the maker of software A is directly responsible for any damages caused by software B installation/usage.
1000000:1 as no developer will take on those hot potatoes anymore.
I'll get flammed for this, but Google is seriously dumb for not jumping on this opportunity. They'd need so little work to add this to their revenue stream it's dumbfounding how they never managed to get it going (properly)... Alas, our great advertising overlords are not as omni as we make them out to be...
Was a mess waiting to happen from the go. No matter how it gets painted, it's censorship. Courts should deciding on whether something is factual/true or not (defamation). Relevancy is in the eye of the beholder, thus, let people themselves decide if it is or not.
On a side note, if i was Google, i'd fork out some $$$, setup a small "competing" search engine and link to their results. Being a "minor" search engine said operation wouldn't fall under these orwellian rulings and could thus link to whatever they wanted. Then i'd make sure Google's search algo was biased enough to make sure those links to links (not content) always came on top of searches. Give or take a few thousand "Streisand Effects" and people would give up trying to be forgotten on sheer fear of actually getting to be remembered.
They (owners of No-IP) should think of getting a class action suit started on behalf of all their affected customers (paying and otherwise).
I'd suck up if the judge had ordered said subdomains taken down and accounts blocked, but handing over the whole shebang to M$? Ludicrous at best, abuse at worst.
So, extra 22C and nearly double the power consumption for less than 25% overclock. I'm so not impressed... Quite betting no benchmark results were in cause they'd be less than impressive too.
Really, why don't we just nail this for what it is? That You Tube isn't really a "non profit" thing anymore and thus should NOT be under "loose" safe harbor provisions? After all, wasn't that always the crux of music IP violation suits? That not only they were doing it, but profiting from it? Google selling ads on top of blatant IP violations should make this a hook>line>sinker case.
And cut the bollocks. If Google wanted, they could just setup a department where artists/labels could send their works (ie music) along with the proper legal docs that proved who owned copyright of said works. Their content ID system would then automagically kick out blatant infringements and flag "dubious" ones for "human decision required". After that, was just a matter of filtering/flagging new content coming in via content/keyword matching. And artists/labels would just need an email like "video xyz violates our submited material abc### so please remove it" in case anything slipped by.
So, it's not really a tech issue, or even an operations issue, it's just that they have nothing at all to profit from cleaning up their act and got something to loose by doing so. This is (sadly) when you need policy makers to actually go kick ass because someone downright refuses to do the RightThingTM voluntarily.
Earlier on i learned to split The Powers That Be into two groups, A and B. A wants the job done FOR REAL. B wants something that sort of works so they can also show some work done. A is great to work with because though they want the real deal, they're willing to cut you some slack so you can get it done proper. B is great to make money from because they only want some half baked solutions that eventually needs more fixing and maintaining than it ever needed implementing :) Brownie points if you can sell them some "holy grail" features that can't be realistically achieved but will keep you working until it's scrapped as "can't be done".
p.s. There's a really small fringe C group that actually would like the real deal but are under time/budget constraints that won't allow for it. Very sad to work with those cause the poor sods actually know what they want/need but also know they can't get it and are stuck with "as good as possible".
While i agree that the workplace is not the place and time to crack jokes, you're making too much out of very little. Think like this, if you make a joke about snakes, guess what, you're discriminating the poor reptiles. Pretty soon you can't joke about anything because let's face it, if it's a joke, you're gonna end up making fun of something or someone.
But, if you're on a roll, gives your thoughts on reverse discrimination and quotas.
Re: voluntarily ???
Friend of mine used to send bits and pieces of leftover sheet metal, iron or lead, wrapped in "promotional" junkmail. Once was usually enough.
Re: yay. Overtime.
"Security through public reviewing" can be worse than "security through obscurity" depending on the scenario at hand.
If a given "package A" attracts more "many eyes" from miscreants than from white hats then you're in deep shit. Given that white hats will usually do it "on good will" and miscreants will usually do it "for the money", who do you think is more motivated?
And while closed source will force miscreants to try "what if" scenarios before landing a successful attack, with open source you can just point and say "look, there it is". No trial and error because the source itself will confirm it.
Now, that doesn't mean open source is necessarily worse, but does mean you have to do your best to make it airtight from the go, especially regarding security related software, because you can't, or shouldn't, depend on the first person to spot a bug being "a good guy".
p.s. on a side note, that might be the RightWayTM for M$ to kill XP for good. Release the source. Would we be running for the hills... Heck, even so much as release only source to things that they've already changed. Should pretty much bring in a steady stream of 0-days with world+dog searching for bugs and M$ not releasing fixes. But maybe it's so bad they're too embarrassed to show it.
Re: ...without the bagage of C
That's a simplistic view. Does it work? Certainly. Does it lend itself to pushing out applications real fast? Speedbump...
Apples thinking seems to be, and quite reasonably, that this day and age, what you REALLY need is a decent glue. The heavy lifting is going to be done by the OS/Middleware, be it 3rd party or even your own. Thus, what you need is a better glue that brings all those bits and pieces together to provide the fastest (and easiest) path to go from prototype to application.
And let's face it, that's precisely where most "conventional" languages don't really shine.
To be fair though, he shouldn't have pinpointed C "baggage", but "baggage" in general.
Re: smoke and mirrors
"it’s clear that no security-conscious users are going to feel comfortable trusting the software after this debacle"
No, your position is not naive, it's the opposite of the stupidity in the previous quote driven by the "stupid herd" and "cover thy but" mindsets.
Let's look at it logically. Either 7.1a (and previous) was safe or it wasn't. To believe either way needs "faith" as the first audit is still in the making. If you assume that it was safe, then it was safe before this and will be safe after this. If it isn't safe, it was unsafe before this and will be unsafe after this.
So, by sticking to your chosen horse, be it using TC or not, you are now no better or worse than before. Because you have no idea where you actually stand until the audit comes through.
And it goes on and on. Bruce Schneier is gonna switch to PGPDisk? Nice, and who's gonna say "that one isn't tainted"? Bitlocker? Diskcryptor? Pick your poison, you'll always be "on faith". Because... you didn't write it. And this holds true for any software. If you didn't write it (and that includes the compiler/assembler/toolchain) you have NO IDEA if it's safe. You ASSUME it is. FWIW, i'm going with you on this. Until it's proven unsafe, i'll keep assuming it's safe.
@Chris155 : Using TrueCrypt requires you to take a leap of faith that you can trust those anonymous individuals to be creating a quality product."
As opposed to trusting a (almost always) US based vendor to protect you instead of cooperating with 3 letter agencies. Yep, i see the logic in that line of thinking... wait... no i don't.
p.s. for the truly paranoid, think boxes inside boxes inside boxes. The more the more chances you have one will be secure, and "normal" data is usually quite small so the performance hit isn't that bad.
Let's just hope this isn't just Apple backsliding into it's old ways and how headless chicken tat sellers go about when no smart person is at the helm... As pointed, 3b would go a long long way into them setting it up themselves and far better.
On the sound quality discussion, to each it's own. Might sound devastating to audiophiles but it's not really about what sound sounds like but about what YOU like sound to sound like. Music is pointless if you hate the sound of it (pardon the pun) when you listen to it. And this isn't even limited to listening devices. That live band you loved yesterday might sound like crap today just because they changed venues, thus acoustics. And maybe today they are closer to their "true sound", but to YOU it now sounds crappy and yesterday's "distortion" sounded a lot better.
Sad if true
And there's another quite dark avenue. If TC really has/had no backdoors, at maximum strength it would make spooks job if not outright impossible, at the very least immensely resource consuming.
Now, if i was the spooks, and kinda found myself between the rock and the hard place with nowhere to turn, would i be tempted to take the easy way out and turn the FUD dial up to eleven?
Leaning hard on someone to get the signing keys, lill site hijack, "bombastic news", and suddenly the "tabloid news" worshiping masses are running away from what we don't want them to use. Sounds like a decent plan with low resource usage...
Anyway, kinda non-event. After all, no tinfoil hat brigade member would ever take a TC volume after usage and NOT use another encryption layer on it, would they.
So, Microsoft is on a marketing exercise to try and determine how much crap they can throw at the users before their tablet market share not only hits rock bottom but actually starts digging...
Great idea methinks... If they can figure every reason their offer is failing or might fail, maybe they can come up with something that actually sells by the time W9 is ready.
I'd say it's not just money but generally saving of "resources". Money being just a "general resource" that can be easily traded for other resources. In the western world you're perpetually chasing the latest shinny instead of getting just what you actually need.
Reminds me of the cybercafe scene around here a decade or so ago. Anything that was "western owned" would open up in the best premises and best gear (borrowed) money could buy at the given time. The "non western owned", mostly Pakistani for some reason, would open in less than stellar premises with (mostly) 2nd hand gear that "nobody wanted anymore". So, while the former were struggling to cut back on their debt, the later were soon into making a profit. Unsurprisingly, when the scene went bust because of widespread cheap internet access, the former were mostly still paying back that debt or at best making pitiful earning while the later had been cashing in for a long time. Guess who is still in business today, even if the revenue stream has diminished tenfold.
The western world at large seems to have lost it's grip on the concept of sustainable and wholeheartedly embraced a "riches or bust" model. Which works only for casinos since they are the ones that get rich while everyone else goes bust. Or "web 2.0" ventures that get acquired for ludicrous amounts of money...
Re: Bring on the crypto-anarchy
"The only small snag with that is the people you do want to monitor are now protected too"
I'm pretty sure said "people" will have a far better grasp on the need to secure their comms than your Avg Joe does. Which would mean many are ALREADY doing it. Which would mean a said agency is getting even less out of them than before.
10000000:1 the spooks have more info on those politicians than they'd ever tell you, and said class being said class, probably far more than enough to coerce them into NOT doing anything that might change the status quo.
"Censorship is the suppression of speech or other public communication which may be considered objectionable, harmful, sensitive, politically incorrect or inconvenient as determined by a government, media outlet or other controlling body."
Emphasis on "inconvenient" for this case. By all means, contend all you want, but it IS censorship. Whether it's done by some dictators "blue pencil" office or by a court makes no difference. Note that, as in the ruling, the information being true/fact or not isn't a consideration. All that matters is that "someone" found it "bad" for some subjective reason.
And now it's not only republishing, linking to that which is already published also lands you in hot water it seems.
What's next? I link to some data and i get told to remove the link? I'm sure M$ would love all those links to the DoJ affair removed. Those past practices are so "irrelevant" these days. How about the NSA? All those links to their evil doing were "irrelevant and inconvenient" even before they existed.
Keep downplaying the importance of your freedom of speech and expression and you'll eventually find yourselves short of both...
"and that request will (usually) be decided in a court who will balance the right of the individual against other rights"
I'm hoping you do understand that this kind of selective "cherry picking" based not on truth/fact but on some arbitrary quantity by a select body is PRECISELY the definition of censorship...
Re: Actually I'm quite impressed
People all have a past, a present and a future. You can't change what you did, but you can change what you're doing and will do. Your kids chances won't be ruined by what they did, but by what they kept on doing, are still doing and will do.
"Those who cannot remember the past are condemned to repeat it." It's the fact that you do have a past that drives you to change in bad cases. If you can sweep it under the rug, you have no drive for improvement at all. It also drives you to have an interest in keeping one you're proud of, lest it comes back to bite you in the proverbial.
And another step on the slippery slope of (selective) censorship.
What next? Right to force newspapers to "erase" past events that you no longer consider "relevant"? Just one step removed from 1984 where the Gov would actually rewrite history...
Because that's what this is about in the end isn't it? If some info, somewhere, was libel, you already have the ways to get it removed though maybe not the money to pursue said endeavor.
The spanish guy example is a great case in point. It was a fact. No libel. The PoS just didn't find it "relevant" (read: it's inconvenient) anymore.
In the headlines tomorrow : Google erases all links to publicly available court decisions since all the people found guilty feel it's no longer relevant.
Or we might just stop being sheep, declare the EU ruling bodies as a) morons b) unfit for (any) purpose c) a waste of oxygen and be done with the sod load of them.
Foot, meet (another) bullet...
Seem to be that they are making an already strong case for preemptive (read: before cloud) data encryption even stronger.
If the world at large goes into strong encryption as default, then will the NSA and likes really be in a s**thole as there won't be enough processing power to make sense out of the digital noise, thus, then will their funding shrink back to "normal spy agency" level as throwing more funds into it would just be a case of throwing good money after bad.
So, just as XP is declared "unsafe", the first chicken that comes home to roost is a IE flaw that hits across all the OS's. Nice thing then that M$ is showing us how much safer we would be with their new supported OS rather than their old unsupported OS as they probably won't be issuing a fix for IE versions that still work on their old unsupported OS.
Then again, we could just dump IE, fixes a lot of exploits, current and future, as it goes out the door ...
Reminds me of my old boss, who is a PC repair shop owner, temporarily loosing his higher brain functions and putting his mobile number in a site that "had" a "crack" for an app he wanted. Then he confirmed the SMS.... In one fell swoop he had €20 less in the mobile and a zombified PC.
Can't see what the fuss is about. The big boys quite surely already have servers in European space, it's just a matter of them making sure no Euro<>Euro comms ever leave the Euro part. Why would Uncle NSA be so pissed about Euro data not crossing over to any place they can tap it? Oh wait...
Then again, maybe people should just start using encryption instead of believing someone's (and insert whatever you want here) good intentions.
Heck, if everyone started using proper encryption, the noise would be so bad Uncle NSA would be driven to fallback into time honored targeted spying tactics instead of just slurping ludicrous amounts of data in the hope they catch something remotely useful.
(Congress might be happier too since targeted black ops must surely cost less than running their datacenters...)
Bug in Word. Haven't used since... Check!
Bug in Internet Explorer. Haven't since even before i haven't used... Check!
Bug in Publisher. Haven't used, period. Check!
If these are the kind of "vulnerabilities" XP is gonna have from now on, man, keep'em coming.
p.s. If you have a) still use Word b) still use IE and c) allow crap like Publisher on the boxes, you had it coming didn't you?
That someone got (subtly) forced out of his job/position not for his competence or lack of, but because of what beliefs he espouses is beyond the pale...
What amazes me is that the same lobby crying intolerance and throwing stones at the man are themselves (by logic reasoning) intolerant, since they can't accept the fact that he doesn't share their view. Tolerance goes both ways not just one.
Guess it's time for the devs to say fork it (bad pun) and head off to some new place more concerned about their products than what some lobby thinks of them.
Mozilla, a place where everyone's views are welcome, unless your views are different than ours (or some lobby, or some flavour of the week PC'ness, or anything not related to web browsers).
While everybody loves hating Windows, true point is, a USB port? And the ATM is configured to boot from it as default? What could possible be wrong with that line of thought...
Even keeping the USB port, a much better idea would have been to have a custom BIOS that checked for existence of a flash drive connected to said USB port and then, if one existed, read a key from it and used it to decrypt a boot image off a hidden partition into the system partition. Right key? ATM back to a clean start state. Wrong key? Bricked ATM in need of hauling to repair shop. Assumes a tamper proof HD/SSD setup.
The cynical in me thinks this is just a setup for plausible denial. Whomever did the ATM's was probably "persuaded" (at point blank) to make them "somewhat insecure", not bad enough they'd look guilty, just clueless. Eventually loosing face is far better than immediately loosing (parts of) head...
Ye know... Imaging (and restoring said images) is pretty old hat. So why is it that M$ couldn't get it right and ended up with the PoS named System Restore? Oh right, since most users have a one disk one partition setup, you couldn't go nuclear on that and plain restore the image or you'd nuke the user data too... So instead of forcing a os+apps/data split, they "developed" a new system that only seems to work when it comes to restoring malware back into the system.
M$ could sometimes GetItRightTM just by not trying so hard to come up with a revolutionary non round wheel...
Re: It may not be illegal
People in need aren't Apple's primary, secondary or even tertiary market targets. So, any wonder they don't give two woots about them?
Don't be pissed that Apple does what it legally can do, be pissed that you (and mine) government(s) gave them the tools to do it. Be doubly pissed that they allow it to keep happening. And end up asking yourself WHY don't they just close the loopholes.
Same FUD again from people with a too obvious agenda, ie market drones...
If OS XYZ stops getting support at day x, it wont make it more vulnerable than it was at day x-1, just that nothing will be fixed by the manufacturer after that date. On a similar note, OS ZYX, the successor to XYZ, doesn't become more secure after day x either.
Given that both XYZ and ZYX have been through several rounds of "fixing", one might argue that neither is really more (in)secure than the other. OTOH, XYZ been around (and abused) for a while longer, and it's "pool" of (exploitable) vulnerabilities has shrunk quite a bit. While ZYX's attack surface is quite "virgin" in comparison.
Malware writers also like to hunt "big game" as profit is directly proportional to numbers. OS FREEBIE and OS FRUITY have benefited from this for ages. Now, if a significant amount of punters move from XYZ to ZYX (or FRUITY or FREEBIE or CAKEY or something), said miscreants change targets, they always do and do it real fast.
Point in case, was there any 0day for 3.1 making the headlines these last, say... 10 years? You might just get away by being with something nobody gives two tweets about anymore..
Here we go again... Who gives a tweet? How many of the W7/W8 patches will translate to a all-Winblows landscape vulnerability? It's quite likely a small number. Of that small number, how many will allow rooting the box? Quite likely an even smaller number. And of those, how many will have impossible to close attack vectors that make patches a must and not a "if available"? Think you get the idea...
This whole "XP gonna die an horrible death" hammering is just driving the point home. The point that MS f'ed up badly with every OS since then and now they're getting desperate with a userbase that just WON'T "upgrade". It's not XP's fault for being too good as it isn't, it's just better than the crap they churned out to replace it...
p.s. to the *nix crowd, give up. That you might have a (technological) edge on the OS wars is debatable. That you aren't even a runner up on the application wars is a fact. Until you loose that delusional mindset that GIMP can replace PS and app XYZ can replace it's win/osx established industry standard replacement, you're going nowhere and doing the community a disservice...
Get me a supported OS/distro that didn't get patches/fixes. Now get me one that didn't need patches/fixes by it's EOL. Failed? Of course you did...
Thus, logic implies that whether old or new it's gonna have flaws. It's not whether or not it has them that matters, it's whether or not it's a particular show stopper for your setup.
IF XP reaches EOL, i won't be any worse than i was the day before, because it either worked the day before or it didn't. EOL didn't bring anything new, just means there won't be more patches/fixes henceforth.
And me, like many others, won't go jumping through hoops just to have the "latest bling" for fashion's sake, time better spent using/maintaining our established app/hardware base.
Give me a critical/killer app that the old OS can't run and i'll start upgrading. Can't find one? Sod luck...
If this was some form of say UPX, then you'd have a small benefit on storage space saved, but your memory "energy footprint" would be the same as the executable would still take the same space once uncompressed.
But... if the exec is compressed once as it leaves storage>RAM and then dynamically uncompressed/compressed as the CPU fetches it (and maybe changes it), you'd have a smaller memory "energy footprint" than the original, assuming code would compress enough that the lower memory energy usage outweighed the energy the compression/decompression unit used.
As for blaming compilers, well, there are many a part of code a compiler simply can't take a guess at rewriting/optimizing. For example code that might never execute but that the compiler can't ignore because it might execute sometimes. A unit such as this actually works in that case because it doesn't need to make assumptions, it just packs/unpacks as needed.
Certainly not deserving of a patent either, maybe?
In case you can't grep it, making a UI element respond to an event is by no means an innovation. What's next, patent rounded icons? Oh, wait...
The sad part is that while Apple touts itself as an innovator, it amusingly overindulges itself on petty squabbles over trivialities that they patented not so much to protect same said "innovation" but for the leverage and chill effect it might have on it's competition.
Anyone still defending the patent system as it exists must be either the government or a lawyer. Both having an unspoken interest ($$$) in keeping the mess just as it is.
Wish that for once the zealots would step off their high horses and remembered that while Winblows is by and large the ultimate security hole, they also have by and far the largest userbase. Move everyone off Wintel land and start watching *nix get the beating from catering to (l)users.
No matter how secure your OS/apps is, it won't stop pbcak, thus, will ultimately also fail.
Dully remember, just because you have thousands of eyes on the source doesn't mean the flaw didn't go unnoticed. "Prior art" of existing *nix exploits proves this to be correct.
Win, by being ubiquitous, has a target painted in it's forehead. Are you sure you wanna borrow that?
p.s. bad security practices are NOT OS dependent. If we all move to "system z", you can expect the "clowns in control" to mess that one too.
Just another fine example of why (single) common words should never be allowed as trademarks/names.
It's 2013, one would have thought that by now it would be common sense that "blanket type" trademarks/patents was the root of all issues and that it's applicants should be thrown out the door (and fined) far faster than they managed to sneak in...
Re: But seriously
Ever had to draw, as in "painting" in a graphics app as opposed to "drawing" in AutoCAD/etc with a mouse? Not fun, not intuitive, not functional. And given tablets potential as a drawing tablet, Samsung might be wanting to cash in on that for digital artists instead of assuming they'll find fingerpainting in Photoshop either amusing or productive.
On the UI matter, deliberately designing it so that it accommodates fat fingered people and "touch with fingers" is fair design, but it's also a waste of potential. Give users a choice between "lame ui for fingers" and "slick 4x+ more functional ui for stylus" and watch them pick up the pen like thingy.
Then again, might be that Apple is still buthurt over Palm given they got it oh so right were Apple royally messed. Palm had stylus>stylus is bad. Newblown had stylus too>stylus must be evil incarnated.
Beer salute to my late III. 2 AA's lasted a month+. Monochrome, ugly and 100% reliable until the touchscreen went south...
If memory serves me right, i've read about an ancient exploit that cracked passwords by timing how long it took the OS to reject them (they had to be checking char by char and rejecting at first bad).
One would think guys working on such up and above stuff like heavy crypto would consider reasonably measurable right/wrong response time as an attack vector...
Or maybe they thought faster message processing for BoastingRightsTM was more important than adding artificial jitter to make it safer...
Re: can't resist
Dear sir, you have just made me spill my coffee...
I hereby salute you ^^
Don't need 'em either...
Think main problem is that we already have too much as is. My E7400 is old news, and i have it running at stock 2.8. That's a real change since it's the first time i've run stock on any box since my 1998 Cel300A@450.
If i think "upgrade", the image in my mind is HD's+RAM. And for that i can buy parts, no need to shift boxes.
Besides, where i live you fork out an extra €100-150 for a "name box" built out of lesser parts than you'd get built in a mom'n'pop store...
That 1st tier builders also like to install every lame PoS software they think you "might" want and then having to spend hours cleaning that crap out is just another good reason NOT to buy their wares.
Re: Platter size
You don't have 5 1/4 bays in your desktop? It's not even "news" as Quantum was doing it way back when.
They did it just because of the opposite thing, to provide the same storage space at lower density, but if you kept the density the same, the larger area would instantly translate to larger storage space. Given that the things were quite slim, at least those i had were just 1 platter 1/2 height, i'm quite willing to bet they could use at least a 2 platter full 5 1/4 height and squeeze a bit of storage space from the extra space.
Make it a 5.4k RPM one with 2/4TB and you have a willing buyer here, as i need more medium term storage without the cost of SSD and/or the power consumption and heating of the 7.2k+ jobbies.
Re: No they don't
Not smart to say the least. If your coder doesn't have a clue about security, he's not a coder, just a liability.
Not sure about your corner of the world, but where i'm at, it usually starts with user input not even being sanitized/validated, never mind exotic exploits...
A WAF does have it's merits, but if the whole web app was built from the ground up on idiotic assumptions and dimwit designs, it's about as good as steel plating your front door while leaving the windows wide open.
Manage to get bosses help into evaluating Win8's "user readiness". Wait for the hissy fit and the "will NOT roll this out". Pat your yourself in your BOFH back and tick another item on the todo list.
@someguy that said IT people are awkward in that we hate change, dig head out. We just hate change that bring no benefits at all and instead brings (more) problems. Fixing what wasn't broken and finding solutions for problems that didn't exist is a waste of two resources already in short supply, time and money.
Time to bring Gates back and to show "the monkey" the door, me thinks...
Sure, it's not one size fits all, but it's a damn good argument for forcing world+dog to run their "real environments" on a virtual with the underlying host being something safe that just serves as a launcher to said virtual.
Push comes to shove, you bring the sucker down, mount it's drives on a clean (and loaded with "heavy artillery") special purpose virtual and proceed to happily clean the bugger.
Worst case scenario, you already have your backup (the old HD image files) and can just start transferring data files from the compromised virtual to a new clean one.
Back in the NT4 days, making ppl use virtuals for "daily use" would have been torture. Nowadays, any halfway recent box will handle it just fine.
Happy, cause that's what a small investment in extra RAM and HD's made me...
Re: Hang on a tick...
Hmmm hmmm... Let me give you a small heads up.
If i wanted a car, i'd have searched for "car" and looked at the results. Same for everything else. So, if sitexyz doesn't have shit worth of content to show in real searches, the only thing your clients get from me is.... nothing.
Brain is trained to totally ignore any ad that slips through the blocks. And even if i notice it, 2nd stage kicks in telling me "ad, not important". That's what you people managed, a really epic achievement. Now people IGNORE ads. Even the important and meaningful ones.
So, all your client money is getting him is fattening YOUR wallet. It's doing next to nothing for him, well, except making him less wealthy of course.
If/when people do come around and not only start denying you referer data, but also start supplying you with JUNK referer data, your value will come down to what it really is, next to nothing.
Maybe then some of the advertising victims, i mean, clients, can stop squandering their greens and instead use it to top up what they constantly neglect, their sites real content.
Web will go on, it's just that you're gonna have to start doing some real work for your clients instead of just being a near zero value leech.
Re: Did a 10-year old think of this FAIL?
As name implies, they're not hardcore hacktivists. It's for the lulz. Thus, it was a fair target, as it's bound to provide LOTS of pissed up people and proportional amount of lulz.
While the attitude might fall in better with the usual trolls, they both operate on the same basic principle. Pissing you off. And guess what. They scored again, by the amount of "i took the piss" comments.
I'd go for the "nasty" dating sites next. Boy, i'm sure THAT would get MILLIONS of pissed people worth of lulz worldwide :)
Re: Gave up reading at
Almost same here. Next time reviewer wants to take stabs at iconic things, at least get freaking facts straight.
The last REAL Amiga is the A4000 circa 1992. Apple hardware of said time would have been a Quadra 900.
As far as OS goes, comparing AOS3x to System 7, sigh, you'd have had to use both to understand how vastly inferior Apples junk was...
As far as HW goes, Amiga did get 060's from 3rd party that made the 040's in Quadras look like snails on valium. That's why many a "Mac lover" back then bought Amigas and jammed Shapeshifter/Fusion on them. That was virtualization beeing done back in the days... Also cheaper to buy a fully kitted Amiga and a "dead Mac to nick ROM from" than to buy Apples overpriced stuff.
So, get your facts straight. The junk you're reviewing is some PC of sorts, whether it's good or bad is of no relevance to the Amiga line. Just slapping the brand on a box makes not said box an Amiga...
- Just TWO climate committee MPs contradict IPCC: The two with SCIENCE degrees
- 14 antivirus apps found to have security problems
- Feature Scotland's BIG question: Will independence cost me my broadband?
- FTC to mobile carriers: If you could stop text scammers being jerks that'd be just great
- Apple winks at parents: C'mon, get your kid a tweaked Macbook Pro